Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Olivier Berger]

merge 494993 468159
thanks

Sven Dowideit a écrit :
> how would this would be different from ?
> 
> Debian Bug report logs - #468159
> twiki: Redirect after Template Login failes
> 

Oops. Damn, I forgot to check if that it had been found already. I was
so sure it would have been fixed by the time if such thing would have
been reported already Sorry for duplicate.

In any case I guess this redirect will be solved soon now it has your
attention.

Merging both tickets, then.

> 
> Olivier Berger wrote:
>> On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
>>> the best irony of this bug, is :
>>>
 I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files
>>> in tmp are written by CGI::Session, that takes care of things.
 I also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point
>>> wrt to filling /var
>>>
>> By coincidence (testing authentication through CAS servers for TWiki, and 
>> tracing what happens in TemplateLogin), I happend to run into that O_EXCL 
>> permission on "passthru" files (dunno what they are, btw), and notice that 
>> apparently #444982 wasn't fixed the right way it seems.
>>
>> See more details in newly filed #494993.
>>
>> Sad irony ;-)
>>
>> Best regards,
> 
> 
> 


-- 
Olivier BERGER <[EMAIL PROTECTED]> - OpenPGP: 6B829EEC
Ingénieur Recherche - Dept INF - INT Evry (http://www.int-edu.eu)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#495031: workrave_1.9.0-1(sparc/unstable): FTBFS, missing build-depend on intltool

[Martin Zobel-Helas]

Package: workrave
Version: 1.9.0-1
Severity: serious

There was an error while trying to autobuild your package:

> Automatic build of workrave_1.9.0-1 on lebrun by sbuild/sparc 98
> Build started at 20080814-0812

[...]

> ** Using build dependencies supplied by package:
> Build-Depends: debhelper (>= 6), libgnet-dev, libgnomeuimm-2.6-dev, 
> libpanel-applet2-dev, libxi-dev, libxmu-dev, libxtst-dev, autotools-dev, 
> libxml-parser-perl, libdbus-glib-1-dev, libgdome2-dev, libgstreamer0.10-dev

[...]

> checking whether getc_unlocked is declared... yes
> checking for nl_langinfo and CODESET... yes
> checking for LC_MESSAGES... yes
> checking for CFPreferencesCopyAppValue... (cached) no
> checking for CFLocaleCopyCurrent... (cached) no
> checking whether included gettext is requested... no
> checking for GNU gettext in libc... yes
> checking whether to use NLS... yes
> checking where the gettext function comes from... libc
> checking for intltool-update... no
> checking for intltool-merge... no
> checking for intltool-extract... no
> configure: error: The intltool scripts were not found. Please install 
> intltool.
> make: *** [config.status] Error 1
> dpkg-buildpackage: failure: debian/rules build gave error exit status 2

A full build log can be found at:
http://buildd.debian.org/build.php?arch=sparc&pkg=workrave&ver=1.9.0-1




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#495032: yelp_2.22.1-4(sparc/unstable): FTBFS, configure: No such file or directory

[Martin Zobel-Helas]

Package: yelp
Version: 2.22.1-4
Severity: serious

There was an error while trying to autobuild your package:

> Automatic build of yelp_2.22.1-4 on lebrun by sbuild/sparc 98
> Build started at 20080813-1615

[...]

> ** Using build dependencies supplied by package:
> Build-Depends: debhelper (>= 5), gnome-pkg-tools (>= 0.10), cdbs (>= 0.4.41), 
> quilt, docbook-to-man, intltool (>= 0.35.0), libgnome2-dev (>= 2.14.0), 
> libgtk2.0-dev (>= 2.10.0), libgnomeui-dev (>= 2.16.0-2), libxslt1-dev (>= 
> 1.1.4), gnome-doc-utils (>= 0.11.1), xulrunner-dev (>= 1.9~rc1), libbz2-dev, 
> libgconf2-dev, libgnomevfs2-dev, libglade2-dev, libxml2-dev (>= 2.6.5), 
> libstartup-notification0-dev (>= 0.8), libdbus-glib-1-dev, zlib1g-dev, 
> libxt-dev, librarian-dev (>= 0.7.0)

[...]

>   mv $i $i.cdbs-orig ; \
>   cp --remove-destination 
> /usr/share/misc/config.sub $i ; \
>   fi ; \
>   done ; \
>   fi
> touch debian/stamp-autotools-files
> GCONF_DISABLE_MAKEFILE_SCHEMA_INSTALL=1 /usr/bin/make -C . 
> make[1]: Entering directory `/build/buildd/yelp-2.22.1'
> /bin/sh ./config.status --recheck
> running CONFIG_SHELL=/bin/sh /bin/sh /tmp/buildd/yelp-2.22.1/./configure  
> --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include 
> --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc 
> --localstatedir=/var --libexecdir=${prefix}/lib/yelp 
> --disable-maintainer-mode --disable-dependency-tracking --srcdir=. 
> --enable-info --enable-man --with-gecko=libxul-embedding 
> build_alias=x86_64-linux-gnu CC=cc CFLAGS=-g -O2 -g -Wall -O2 LDFLAGS= 
> -Wl,-z,defs -Wl,-O1 -Wl,--as-needed CPPFLAGS= CXX=g++ CXXFLAGS=-g -O2 -g 
> -Wall -O2 FFLAGS=-g -O2  --no-create --no-recursion
> /bin/sh: /tmp/buildd/yelp-2.22.1/./configure: No such file or directory
> make[1]: *** [config.status] Error 127
> make[1]: Leaving directory `/build/buildd/yelp-2.22.1'
> make: *** [debian/stamp-makefile-build] Error 2
> dpkg-buildpackage: failure: debian/rules build gave error exit status 2

A full build log can be found at:
http://buildd.debian.org/build.php?arch=sparc&pkg=yelp&ver=2.22.1-4




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494929: /usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample

[Fabian Greffrath]

Jaime Alberto Silva schrieb:
Anyway I can't see my files with the official Debian codecs :( I have 
DIVX and all that stuff.


Those files should play flawlessly, please clean your plugin cache:
rm ~/.vlc/cache/plugins*.dat

Cheers,
Fabian

--
Dipl.-Phys. Fabian Greffrath

Ruhr-Universität Bochum
Lehrstuhl für Energieanlagen und Energieprozesstechnik (LEAT)
Universitätsstr. 150, IB 3/134
D-44780 Bochum

Telefon: +49 (0)234 / 32-26334
Fax: +49 (0)234 / 32-14227
E-Mail:  [EMAIL PROTECTED]



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity of 493108 is important, severity of 494168 is important

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.26ubuntu8
> severity 493108 important
Bug#493108: cups: sends document raw to the printer
Severity set to `important' from `grave'

> severity 494168 important
Bug#494168: cupsd process exits after serving one request
Severity set to `important' from `grave'

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#479970: marked as done (ski: FTBFS: linux/syscall-linux.c:75:22: error: asm/page.h: No such file or directory)

[Debian Bug Tracking System]

Your message dated Thu, 14 Aug 2008 05:47:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#479970: fixed in ski 1.3.2-3
has caused the Debian Bug report #479970,
regarding ski: FTBFS: linux/syscall-linux.c:75:22: error: asm/page.h: No such 
file or directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
479970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479970
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ski
Version: 1.3.2-2.1
Severity: serious
User: [EMAIL PROTECTED]
Usertags: qa-ftbfs-20080506 qa-ftbfs
Justification: FTBFS on i386

Hi,

During a rebuild of all packages in sid, your package failed to build on
i386.

See #479898: linux-libc-dev: please re-add /usr/include/asm/page.h

This rebuild was done with gcc 4.3 instead of gcc 4.2, because gcc 4.3
is now the default on most architectures (even if it's not the case on
i386 yet).  Consequently, many failures are caused by the switch to gcc
4.3.
If you determine that this failure is caused by gcc 4.3, feel free to
downgrade this bug to 'important' if your package is only built on i386,
and this bug is specific to gcc 4.3 (i.e the package builds fine with
gcc 4.2).

Relevant part:
>  gcc -DHAVE_CONFIG_H -I. -I. -I.. -I./decoder -I./encoder -I../src/encoder 
> -I../src/decoder -DORBIT2=1 -pthread -I/usr/include/libglade-2.0 
> -I/usr/include/gtk-2.0 -I/usr/include/libxml2 -I/usr/lib/gtk-2.0/include 
> -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 
> -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/freetype2 
> -I/usr/include/libpng12 -I/usr/include/pixman-1 -I/usr/include/libgnomeui-2.0 
> -I/usr/include/libart-2.0 -I/usr/include/gconf/2 
> -I/usr/include/gnome-keyring-1 -I/usr/include/libgnome-2.0 
> -I/usr/include/libbonoboui-2.0 -I/usr/include/libgnomecanvas-2.0 
> -I/usr/include/gnome-vfs-2.0 -I/usr/lib/gnome-vfs-2.0/include 
> -I/usr/include/orbit-2.0 -I/usr/include/libbonobo-2.0 
> -I/usr/include/bonobo-activation-2.0 -I/usr/include/gail-1.0 
> -DSKI_DATA_DIR=\"/usr/share/ski\" -g -O2 -g -Wall -O2 -DLINUX -D_GNU_SOURCE 
> -D__norcsid -fno-strict-aliasing -Wall -Wunused -c linux/syscall-linux.c -o 
> syscall-linux.o
> linux/syscall-linux.c:75:22: error: asm/page.h: No such file or directory
> In file included from linux/syscall-linux.c:87:
> ./float.h:43: warning: conflicting types for built-in function 'fma'
> ./float.h:69: warning: conflicting types for built-in function 'fmax'
> ./float.h:70: warning: conflicting types for built-in function 'fmin'
> linux/syscall-linux.c: In function 'signal_invoke_handler':
> linux/syscall-linux.c:654: warning: cast from pointer to integer of different 
> size
> linux/syscall-linux.c:673: warning: cast from pointer to integer of different 
> size
> linux/syscall-linux.c: In function 'doSyscall':
> linux/syscall-linux.c:1693: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:1733: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:1943: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:1944: warning: pointer targets in passing argument 1 of 
> 'access' differ in signedness
> linux/syscall-linux.c:2668: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:2978: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:2990: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:3002: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:3014: warning: pointer targets in passing argument 2 of 
> 'simroot' differ in signedness
> linux/syscall-linux.c:3683: warning: cast from pointer to integer of 
> different size
> linux/syscall-linux.c:3683: warning: cast from pointer to integer of 
> different size
> make[5]: *** [syscall-linux.lo] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2008/05/06

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot containing a sid i386
environment.  Internet was not accessible from the build systems.

-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussba

Bug#494572: marked as done (/etc/init.d/ski: bashism (use of "function") in /bin/sh script)

[Debian Bug Tracking System]

Your message dated Thu, 14 Aug 2008 05:47:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494572: fixed in ski 1.3.2-3
has caused the Debian Bug report #494572,
regarding /etc/init.d/ski: bashism (use of "function") in /bin/sh script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494572: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494572
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ski
Version: 1.3.2-2.1
Severity: serious
File: /etc/init.d/ski
Justification: Policy 10.4

Despite specifying /bin/sh as its interpreter, /etc/init.d/ski makes
use of the bashism "function" when defining verify_binfmt_mnt.  Could
you please fix it to use portable function-definition syntax?:

verify_binfmt_mnt () {
# ...
}

Thanks!

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ski depends on:
ii  less   418-1 Pager program similar to more
ii  libart-2.0-2   2.3.20-2  Library of functions for 2D graphi
ii  libatk1.0-01.22.0-1  The ATK accessibility toolkit
ii  libbonobo2-0   2.22.0-1  Bonobo CORBA interfaces library
ii  libbonoboui2-0 2.22.0-1  The Bonobo UI library
ii  libc6  2.7-13GNU C Library: Shared libraries
ii  libcairo2  1.6.4-6   The Cairo 2D vector graphics libra
ii  libelfg0   0.8.10-2  an ELF object file access library
ii  libfontconfig1 2.6.0-1   generic font configuration library
ii  libfreetype6   2.3.7-1   FreeType 2 font engine, shared lib
ii  libgconf2-42.22.0-1  GNOME configuration database syste
ii  libglade2-01:2.6.2-1 library to load .glade files at ru
ii  libglib2.0-0   2.16.5-1  The GLib library of C routines
ii  libgnome2-02.20.1.1-1The GNOME 2 library - runtime file
ii  libgnomecanvas2-0  2.20.1.1-1A powerful object-oriented display
ii  libgnomeui-0   2.20.1.1-1The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0 1:2.22.0-4GNOME Virtual File System (runtime
ii  libgtk2.0-02.12.11-3 The GTK+ graphical user interface 
ii  libice62:1.0.4-1 X11 Inter-Client Exchange library
ii  libncurses55.6+20080804-1shared libraries for terminal hand
ii  liborbit2  1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0  1.20.5-1  Layout and rendering of internatio
ii  libpng12-0 1.2.27-1  PNG library - runtime
ii  libpopt0   1.14-4lib for parsing cmdline parameters
ii  libsm6 2:1.0.3-2 X11 Session Management library
ii  libx11-6   2:1.1.4-2 X11 client-side library
ii  libxml22.6.32.dfsg-2 GNOME XML library
ii  libxrender11:0.9.4-2 X Rendering Extension client libra
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

ski recommends no packages.

ski suggests no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: ski
Source-Version: 1.3.2-3

We believe that the bug you reported is fixed in the latest version of
ski, which is due to be installed in the Debian FTP archive:

ski_1.3.2-3.diff.gz
  to pool/main/s/ski/ski_1.3.2-3.diff.gz
ski_1.3.2-3.dsc
  to pool/main/s/ski/ski_1.3.2-3.dsc
ski_1.3.2-3_i386.deb
  to pool/main/s/ski/ski_1.3.2-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Wienand <[EMAIL PROTECTED]> (supplier of updated ski package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 22:29:35 -0700
Source: ski
Binary: ski
Architecture: source i386
Version: 1.3.2-3
Distribution: unsta

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

how would this would be different from ?

Debian Bug report logs - #468159
twiki: Redirect after Template Login failes


Olivier Berger wrote:
> On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
>> the best irony of this bug, is :
>>
>>> I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files
>> in tmp are written by CGI::Session, that takes care of things.
>>> I also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point
>> wrt to filling /var
>>
> 
> By coincidence (testing authentication through CAS servers for TWiki, and 
> tracing what happens in TemplateLogin), I happend to run into that O_EXCL 
> permission on "passthru" files (dunno what they are, btw), and notice that 
> apparently #444982 wasn't fixed the right way it seems.
> 
> See more details in newly filed #494993.
> 
> Sad irony ;-)
> 
> Best regards,



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494949: else but US-ASCII

[Juhapekka Tolvanen]

On Thu, 14 Aug 2008, +02:02:34 EEST (UTC +0300),
Rene Engelhard <[EMAIL PROTECTED]> pressed some keys:

> Hi,
> 
> Juhapekka Tolvanen wrote:
> > Package: muttprint
> > Version: 0.72d-9
> > Severity: grave
> 
> No.
> 
> > Whenever I try to print any E-Mail that uses some other charset than
> > US-ASCII, it shows just this text in dialog:
> 
> [...]
> > "Sain" is actually the first word in body of that E-Mail. Headers of that
> > E-Mail include these:
> > 
> >  MIME-Version: 1.0
> >  Content-Type: text/plain; charset=iso-8859-1
> >  Content-Disposition: inline
> >  Content-Transfer-Encoding: 8bit
> 
> Content-type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> prints fine if I had a printer here (contains german umlauts).
> 
> So I guess the problem is that you got 8bit instead of quoted printable
> mails?

When I read that file with less, it does not look like quote printable
at all.  My E-Mail is perfectly readable, if I do like this:

iconv -f ISO-8859-1 -t UTF-8 < 1218622904.25382_58.juhtolv:2,S | less

Therefore that E-Mail really is normal 8bit E-Mail and not quoted
printable.


-- 
Juhapekka "naula" Tolvanen * http colon slash slash iki dot fi slash juhtolv
"Boku wa ongakuka dentaku katate ni. Tashitari. Hiitari. Sousa shite.
Sakkyoku suru. Kono botan oseba ongaku kanaderu."  Kraftwerk



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494268: atd: "/etc/init.d/atd stop" kills itself

[Chris Lawrence]

On Wed, Aug 13, 2008 at 8:39 PM, Rob Browning <[EMAIL PROTECTED]> wrote:
> "Chris Lawrence" <[EMAIL PROTECTED]> writes:
>
>>> I suppose this should probably be serious, since it prevents
>>> /etc/init.d/at from stopping the server.  I think it may also kill an
>>> attempt to run "/etc/init.d/atd restart".
>>>
>>> I'm also cc'ing this to lsb-base, since as I mentioned, I'm not sure
>>> which package is actually at fault.
>>
>> Looks like it might be a problem with start-stop-daemon when a pidfile
>> isn't specified... it matches on --name and your init script is named
>> "atd".
>
> If that's the case (and if I understand the situation), I wonder if
> Debian policy should forbid packages from using --name.  Otherwise it
> seems like the init.d start stop scripts, package control scripts,
> etc. could end up killing random, unrelated user-created executables
> -- not a particularly appealing result.

start-stop-daemon uses /proc/$$/stat; this gives the script name as
name of the executable (instead of *sh, which is what you'd expect
would happen from ps output).

I think using --exec instead of --name would work (change line 116 of
/lib/lsb/init-functions), but that might break other packages,
particularly daemons that are written in interpreted languages.  I
could hack something with pidof like in the status_of_proc function
which might work better in the general case.


Chris



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#486017: Acknowledgement (iceowl-extension does not work in icedove)

[H. S.]

Hello Richar,

Just checking if you were able to do something about this bug. It has been
quite a while since last activity on this bug.

Regards,
->HS

Bug#494495: marked as done (python-xlib: debian/copyright missing verbatim distribution license)

[Debian Bug Tracking System]

Your message dated Thu, 14 Aug 2008 02:32:02 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494495: fixed in python-xlib 0.14-2
has caused the Debian Bug report #494495,
regarding python-xlib: debian/copyright missing verbatim distribution license
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494495
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: python-xlib
Severity: serious
Justification: Policy 4.5

Currently python-xlib's debian/copyright is unclear; it has a licence
statement for the packaging (GPLv2 only) but this does not match the upstream
code (GPLv2 or later, I believe).

Having searched the source of the current version, the licence statement in
debian/copyright is not there, so a verbatim copy of the upstream distribution
licence is definitely lacking.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


--- End Message ---
--- Begin Message ---
Source: python-xlib
Source-Version: 0.14-2

We believe that the bug you reported is fixed in the latest version of
python-xlib, which is due to be installed in the Debian FTP archive:

python-xlib_0.14-2.diff.gz
  to pool/main/p/python-xlib/python-xlib_0.14-2.diff.gz
python-xlib_0.14-2.dsc
  to pool/main/p/python-xlib/python-xlib_0.14-2.dsc
python-xlib_0.14-2_all.deb
  to pool/main/p/python-xlib/python-xlib_0.14-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike O'Connor <[EMAIL PROTECTED]> (supplier of updated python-xlib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 22:04:53 -0400
Source: python-xlib
Binary: python-xlib
Architecture: source all
Version: 0.14-2
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team <[EMAIL PROTECTED]>
Changed-By: Mike O'Connor <[EMAIL PROTECTED]>
Description: 
 python-xlib - Interface for Python to the X11 Protocol
Closes: 494495
Changes: 
 python-xlib (0.14-2) unstable; urgency=low
 .
   [ Sandro Tosi ]
   * debian/control
 - uniforming Vcs-Browser field
 .
   [ Mike O'Connor ]
   * clarify debian/copyright (Thanks: Moritz Muehlenhoff) (Closes: 494495)
   * update standards version to 3.8.0 (no changes needed)
Checksums-Sha1: 
 9c454863fed4d30a90345247cb1b147edfd84c5b 1364 python-xlib_0.14-2.dsc
 ea258d056adc15bb65956068821dc845e0557de5 4960 python-xlib_0.14-2.diff.gz
 97c929e8f79b68a83470960de2c8088a037b29ea 155198 python-xlib_0.14-2_all.deb
Checksums-Sha256: 
 a7259f31eb0b7ff9e53de7b12744d5382a434a3d174eb5bb4a5f046cabb4ca53 1364 
python-xlib_0.14-2.dsc
 4688b36536b52464484331ec657929efb5abaaf4443a940222b255c5c0733600 4960 
python-xlib_0.14-2.diff.gz
 f54398cffe155eab97c6150528e6bdf775aec49d157211e1074ad03171a43788 155198 
python-xlib_0.14-2_all.deb
Files: 
 fd9f0296daf3a3a4402ea88d332a2259 1364 python extra python-xlib_0.14-2.dsc
 2668d4710487623f35b431b7955d6408 4960 python extra python-xlib_0.14-2.diff.gz
 bfc8abdec22323a3e4c345d034ea9245 155198 python extra python-xlib_0.14-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkijll0ACgkQ9Cbhsr6b+NqXuQCgmAvOmMb77+zCwmKICrITlusJ
NqEAn2jtEPTZZwbjrr9OyTE6x/jQgiw8
=WKTv
-END PGP SIGNATURE-


--- End Message ---

Bug#494268: atd: "/etc/init.d/atd stop" kills itself

[Rob Browning]

"Chris Lawrence" <[EMAIL PROTECTED]> writes:

>> I suppose this should probably be serious, since it prevents
>> /etc/init.d/at from stopping the server.  I think it may also kill an
>> attempt to run "/etc/init.d/atd restart".
>>
>> I'm also cc'ing this to lsb-base, since as I mentioned, I'm not sure
>> which package is actually at fault.
>
> Looks like it might be a problem with start-stop-daemon when a pidfile
> isn't specified... it matches on --name and your init script is named
> "atd".

If that's the case (and if I understand the situation), I wonder if
Debian policy should forbid packages from using --name.  Otherwise it
seems like the init.d start stop scripts, package control scripts,
etc. could end up killing random, unrelated user-created executables
-- not a particularly appealing result.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494216: shaperd: FTBFS: packet.hpp:10:21: error: libipq.h: No such file or directory

[peter green]

oops forgot to actually push the patch out to a file and attatch it to 
the mail


peter green wrote:

tags 494216 +patch
thanks

the following patch fixes the ftbfs, I haven't tested if the resulting 
package actually works or not though.






diff -ur shaperd-0.2.1/debian/control shaperd-0.2.1.new/debian/control
--- shaperd-0.2.1/debian/control	2008-08-14 02:16:50.0 +0100
+++ shaperd-0.2.1.new/debian/control	2008-08-14 02:16:01.0 +0100
@@ -2,7 +2,7 @@
 Section: admin
 Priority: optional
 Maintainer: RISKO Gergely <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>> 2.0.0), iptables-dev
+Build-Depends: debhelper (>> 2.0.0), iptables-dev, libnetfilter-queue-dev
 Standards-Version: 3.5.8.0
 
 Package: shaperd
diff -ur shaperd-0.2.1/src/main.cpp shaperd-0.2.1.new/src/main.cpp
--- shaperd-0.2.1/src/main.cpp	2008-08-14 02:16:50.0 +0100
+++ shaperd-0.2.1.new/src/main.cpp	2008-08-14 02:15:24.0 +0100
@@ -26,6 +26,7 @@
 	#ifdef WITH_IPQ
 	#include 
 	#include 
+	#include 
 	#endif //WITH_IPQ
 }
 
@@ -638,7 +639,7 @@
 		goto __err_ipq_mode;
 	}
 
-	kernel_sock = ipq_h->fd;
+	kernel_sock = nfq_fd(ipq_h->nfqnlh);
 	log_info(LL_DEBUG1, "using netlink socket %d {%s:%d}",
 		kernel_sock, __FILE__, __LINE__);
 
diff -ur shaperd-0.2.1/src/makefile shaperd-0.2.1.new/src/makefile
--- shaperd-0.2.1/src/makefile	2008-08-14 02:16:50.0 +0100
+++ shaperd-0.2.1.new/src/makefile	2008-08-14 02:03:51.0 +0100
@@ -9,8 +9,8 @@
 objs = classifier.o bwadm.o classdef.o config.o packet.o main.o sched.o log.o
 deps = $(objs:.o=.d)
 libs =
-dopt = -I/usr/src/linux/include -I/usr/include/libipq
-copt = -Wall -O2 -I/usr/src/linux/include -I/usr/include/libipq
+dopt = -I/usr/src/linux/include -I/usr/include/libnetfilter_queue
+copt = -Wall -O2 -I/usr/src/linux/include -I/usr/include/libnetfilter_queue
 lopt = -Wall -O2
 GCC  = gcc
 G++  = g++
@@ -29,7 +29,7 @@
 ifeq ($(with_ipq), yes)
   dopt += -DWITH_IPQ
   copt += -DWITH_IPQ
-  libs += -lipq
+  libs += -lnetfilter_queue -lnetfilter_queue_libipq
   ifneq ($(MAKECMDGOALS), clean)
 -include $(deps)
   endif

Processed: re: shaperd: FTBFS: packet.hpp:10:21: error: libipq.h: No such file or directory

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tags 494216 +patch
Bug#494216: shaperd: FTBFS: packet.hpp:10:21: error: libipq.h: No such file or 
directory
There were no tags set.
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494216: shaperd: FTBFS: packet.hpp:10:21: error: libipq.h: No such file or directory

[peter green]

tags 494216 +patch
thanks

the following patch fixes the ftbfs, I haven't tested if the resulting 
package actually works or not though.






--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494225: sugar-hulahop: FTBFS: ld: cannot find -lpyxpcom

[peter green]

tags 494225 +patch
thanks

add

LDFLAGS += -L/usr/lib/xulrunner-1.9

to debian/rules (I put it just below the block of comments at the start) 
to make this package build.






--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: re: sugar-hulahop: FTBFS: ld: cannot find -lpyxpcom

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tags 494225 +patch
Bug#494225: sugar-hulahop: FTBFS: ld: cannot find -lpyxpcom
There were no tags set.
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494931: marked as done (libnet-cups-perl_0.57-1(sparc/unstable): FTBFS, fails in testcases)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 23:17:02 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494931: fixed in libnet-cups-perl 0.57-2
has caused the Debian Bug report #494931,
regarding libnet-cups-perl_0.57-1(sparc/unstable): FTBFS, fails in testcases
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494931: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494931
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libnet-cups-perl
Version: 0.57-1
Severity: serious

There was an error while trying to autobuild your package:

> Automatic build of libnet-cups-perl_0.57-1 on lebrun by sbuild/sparc 98
> Build started at 20080812-2130

[...]

> ** Using build dependencies supplied by package:
> Build-Depends: perl, debhelper (>= 6), libcups2-dev (>= 1.3.7-3), 
> libcupsimage2-dev, quilt

[...]

> #   Failed test at t/03_destination.t line 32.
> # Looks like you failed 3 tests of 7.
> dubious
>   Test returned status 3 (wstat 768, 0x300)
> DIED. FAILED tests 5-7
>   Failed 3/7 tests, 57.14% okay
> Failed TestStat Wstat Total Fail  List of Failed
> t/03_destination.t3   768 73  5-7
> Failed 1/3 test scripts. 3/19 subtests failed.
> Files=3, Tests=19,  1 wallclock secs ( 0.82 cusr +  0.08 csys =  0.90 CPU)
> Failed 1/3 test programs. 3/19 subtests failed.
> make[1]: *** [test_dynamic] Error 3
> make[1]: Leaving directory `/build/buildd/libnet-cups-perl-0.57'
> make: *** [build-stamp] Error 2
> dpkg-buildpackage: failure: debian/rules build gave error exit status 2

A full build log can be found at:
http://buildd.debian.org/build.php?arch=sparc&pkg=libnet-cups-perl&ver=0.57-1



--- End Message ---
--- Begin Message ---
Source: libnet-cups-perl
Source-Version: 0.57-2

We believe that the bug you reported is fixed in the latest version of
libnet-cups-perl, which is due to be installed in the Debian FTP archive:

libnet-cups-perl_0.57-2.diff.gz
  to pool/main/libn/libnet-cups-perl/libnet-cups-perl_0.57-2.diff.gz
libnet-cups-perl_0.57-2.dsc
  to pool/main/libn/libnet-cups-perl/libnet-cups-perl_0.57-2.dsc
libnet-cups-perl_0.57-2_i386.deb
  to pool/main/libn/libnet-cups-perl/libnet-cups-perl_0.57-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <[EMAIL PROTECTED]> (supplier of updated libnet-cups-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 20:05:58 -0300
Source: libnet-cups-perl
Binary: libnet-cups-perl
Architecture: source i386
Version: 0.57-2
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <[EMAIL PROTECTED]>
Changed-By: gregor herrmann <[EMAIL PROTECTED]>
Description: 
 libnet-cups-perl - Provides an interface for printing with CUPS
Closes: 494931
Changes: 
 libnet-cups-perl (0.57-2) unstable; urgency=low
 .
   * Don't run test t/03_destination.t, it requires a cups daemon at localhost
 (closes: #494931).
   * Remove the patch against the test, as we don't run it any more. Remove
 quilt fragments.
Checksums-Sha1: 
 6aaf0fa50b5c5fc1404de59fa05326a0e3ce5f89 1457 libnet-cups-perl_0.57-2.dsc
 8a2c1eee36136bf1ed2d23acc678120d1a7749ea 3233 libnet-cups-perl_0.57-2.diff.gz
 ee72bd380ff84ac14304d838c8d7e39a7b10a92c 63850 libnet-cups-perl_0.57-2_i386.deb
Checksums-Sha256: 
 385cf802cab377306c4aeaabe505c9cdae7194fbe5bdff9567645d4b26303864 1457 
libnet-cups-perl_0.57-2.dsc
 87220a0fafdf0d450459bd1e35fc5c69c74791846836ea44cb0f72eae45dce69 3233 
libnet-cups-perl_0.57-2.diff.gz
 a987787616c4f1fa7f832cb77a8b93b5622fa00b96b053e814674fb24082cc57 63850 
libnet-cups-perl_0.57-2_i386.deb
Files: 
 9f0d70bbad046711861c614eb9fe1e18 1457 perl optional libnet-cups-perl_0.57-2.dsc
 f354c989d477bce1ace906c88ef5a960 3233 perl optional 
libnet-cups-perl_0.57-2.diff.gz
 c60b8c36cd236d8f445bff7aa9a867ce 63850 perl optional 
libnet-cups-perl_0.57-2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkijaSAACgkQOzKYnQDzz+TR1QCeOUyZtS7+44EgPF33LpYV2EDI
di4An14d0pOVF3zGFt97iixvBupVI/Sn
=jCKw
-END PGP SIGNATURE-


--- End Message ---

Bug#491916: qmail: Preinst fails if /etc/inetd.conf does not exist

[Jon Marler]

On Aug 13, 2008, at 4:41 PM, Moritz Muehlenhoff wrote:


Jon Marler wrote:

All of that inetd.conf stuff is old legacy code from a migration long
long ago before update-inetd was available.  I believe I will just
remove it all together as it is no longer necessary, and probably  
never

was in the first place.

I have a release that I am preparing to clean out some other bugs,  
and

will get this in there.


Hi Jon,
what's the status? Lenny release is getting closer...

Cheers,
   Moritz





It's coming.  I don't have much free time, and my test machine  
recently died.  I should have it out in the next week or so.


Cheers!

Jon



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Bug in libnet-cups-perl fixed in revision 24244

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tag 494931 + pending
Bug#494931: libnet-cups-perl_0.57-1(sparc/unstable): FTBFS, fails in testcases
There were no tags set.
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494931: Bug in libnet-cups-perl fixed in revision 24244

[pkg-perl-maintainers]

tag 494931 + pending
thanks

Some bugs are closed in revision 24244
by Gregor Herrmann (gregoa)

Commit message:

* Don't run test t/03_destination.t, it requires a cups daemon at localhost
  (closes: #494931).
* Remove the patch against the test, as we don't run it any more. Remove
  quilt fragments.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494929: /usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample

[Jaime Alberto Silva]

yes, that's the problem, I'm using the libraries from
www.debian-multimedia.org.

Anyway I can't see my files with the official Debian codecs :( I have DIVX
and all that stuff.

On Wed, Aug 13, 2008 at 4:50 PM, Loïc Minier <[EMAIL PROTECTED]> wrote:

> On Wed, Aug 13, 2008, Jaime Alberto Silva wrote:
> > Well, I'm using the package from the mirror:
>
>  Check the package name I kept in my reply:
>
> > On Wed, Aug 13, 2008 at 4:55 AM, Loïc Minier <[EMAIL PROTECTED]> wrote:
> >
> > > On Wed, Aug 13, 2008, Jaime Alberto Silva wrote:
> > > > (/usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol:
> img_resample)
> > > > [0001] main private debug: module bank initialized, found 222
> > > > ii  libavcodec51   3:20080706-0.2library to encode decode
> > >
> > >  Where did you get this package from?
> > >
> > >  I'm sure you'll see the problem is solved if you use only Debian
> > >  packages; closing this bug.
>
> --
> Loïc Minier
>



-- 
Jaime Alberto Silva
Ingeniero Electricista
http://jaimealbertosilva.blogspot.com/

Bug#494949: Fails charset conversion, if E-Mail uses anything else but US-ASCII

[Rene Engelhard]

Hi,

Juhapekka Tolvanen wrote:
> Package: muttprint
> Version: 0.72d-9
> Severity: grave

No.

> Whenever I try to print any E-Mail that uses some other charset than
> US-ASCII, it shows just this text in dialog:

[...]
> "Sain" is actually the first word in body of that E-Mail. Headers of that
> E-Mail include these:
> 
>  MIME-Version: 1.0
>  Content-Type: text/plain; charset=iso-8859-1
>  Content-Disposition: inline
>  Content-Transfer-Encoding: 8bit

Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

prints fine if I had a printer here (contains german umlauts).

So I guess the problem is that you got 8bit instead of quoted printable
mails?

Regards,

Rene



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494949: More info

[Rene Engelhard]

Hi,

Juhapekka Tolvanen wrote:
> I suggest you start to create Debian-packages out of Subversion-sources.
> In homepage of muttprint they show things like these:

i've another suggestion: Get the new maintainer actually do what he
should do and release a new version.

Regards,

Rene



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494929: Info received (Bug#494929: /usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample)

[Jaime Alberto Silva]

I know what the problem is! I'm using the libav* (ffmpeg libraries) from
www.debian-multimedia.org.

I tried downgrading the libraries to use the official ones but it didn't
solved my problem since those libraries doesn't have the codecs I need :(

All I can do is wait until the libraries from debian-multimedia get fixed.

On Wed, Aug 13, 2008 at 4:54 PM, Debian Bug Tracking System <
[EMAIL PROTECTED]> wrote:

>
> Thank you for the additional information you have supplied regarding
> this Bug report.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
>  Debian multimedia packages maintainers <
> [EMAIL PROTECTED]>
>
> If you wish to submit further information on this problem, please
> send it to [EMAIL PROTECTED], as before.
>
> Please do not send mail to [EMAIL PROTECTED] unless you wish
> to report a problem with the Bug-tracking system.
>
>
> --
> 494929: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494929
> Debian Bug Tracking System
> Contact [EMAIL PROTECTED] with problems
>



-- 
Jaime Alberto Silva
Ingeniero Electricista
http://jaimealbertosilva.blogspot.com/

Bug#494929: /usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample

[Loïc Minier]

On Wed, Aug 13, 2008, Jaime Alberto Silva wrote:
> Well, I'm using the package from the mirror:

 Check the package name I kept in my reply:

> On Wed, Aug 13, 2008 at 4:55 AM, Loïc Minier <[EMAIL PROTECTED]> wrote:
> 
> > On Wed, Aug 13, 2008, Jaime Alberto Silva wrote:
> > > (/usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample)
> > > [0001] main private debug: module bank initialized, found 222
> > > ii  libavcodec51   3:20080706-0.2library to encode decode
> >
> >  Where did you get this package from?
> >
> >  I'm sure you'll see the problem is solved if you use only Debian
> >  packages; closing this bug.

-- 
Loïc Minier



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494929: /usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample

[Jaime Alberto Silva]

Well, I'm using the package from the mirror:

[EMAIL PROTECTED]:~$ apt-cache madison vlc
   vlc |  0.8.6.h-1 | http://debian.mirror.rafal.ca testing/main
Packages
   vlc |  0.8.6.h-1 | http://debian.mirror.rafal.ca unstable/main
Packages
   vlc | 0.8.6.e-2.3+lenny1 |
http://security.debian.orgtesting/updates/main Packages
[EMAIL PROTECTED]:~$ dpkg -S $(which vlc)
vlc-nox: /usr/bin/vlc
[EMAIL PROTECTED]:~$ apt-cache madison vlc-nox
   vlc-nox |  0.8.6.h-1 | http://debian.mirror.rafal.ca testing/main
Packages
   vlc-nox |  0.8.6.h-1 | http://debian.mirror.rafal.ca unstable/main
Packages
   vlc-nox | 0.8.6.e-2.3+lenny1 |
http://security.debian.orgtesting/updates/main Packages


On Wed, Aug 13, 2008 at 4:55 AM, Loïc Minier <[EMAIL PROTECTED]> wrote:

> On Wed, Aug 13, 2008, Jaime Alberto Silva wrote:
> > (/usr/lib/vlc/codec/libffmpeg_plugin.so: undefined symbol: img_resample)
> > [0001] main private debug: module bank initialized, found 222
> > ii  libavcodec51   3:20080706-0.2library to encode decode
>
>  Where did you get this package from?
>
>  I'm sure you'll see the problem is solved if you use only Debian
>  packages; closing this bug.
>
> --
> Loïc Minier
>



-- 
Jaime Alberto Silva
Ingeniero Electricista
http://jaimealbertosilva.blogspot.com/

Bug#491916: qmail: Preinst fails if /etc/inetd.conf does not exist

[Moritz Muehlenhoff]

Jon Marler wrote:
> All of that inetd.conf stuff is old legacy code from a migration long  
> long ago before update-inetd was available.  I believe I will just  
> remove it all together as it is no longer necessary, and probably never 
> was in the first place.
>
> I have a release that I am preparing to clean out some other bugs, and  
> will get this in there.

Hi Jon,
what's the status? Lenny release is getting closer...

Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494495: python-xlib: debian/copyright missing verbatim distribution license

[Moritz Muehlenhoff]

Tim Retout wrote:
 
> Currently python-xlib's debian/copyright is unclear; it has a licence
> statement for the packaging (GPLv2 only) but this does not match the upstream
> code (GPLv2 or later, I believe).
> 
> Having searched the source of the current version, the licence statement in
> debian/copyright is not there, so a verbatim copy of the upstream distribution
> licence is definitely lacking.

I've checked the source code and all source files are indeed licensed
with the "or later version" clause. Attached patch fixes debian/copyright.
If you're busy I can NMU.

Cheers,
Moritz
--- python-xlib-0.14/debian/copyright.orig	2008-08-13 23:29:40.0 +0200
+++ python-xlib-0.14/debian/copyright	2008-08-13 23:30:04.0 +0200
@@ -18,19 +18,20 @@
 
 License:
 
-   This package is free software; you can redistribute it and/or modify
+
+   This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; version 2 dated June, 1991.
- 
-   This package is distributed in the hope that it will be useful,
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
- 
+
You should have received a copy of the GNU General Public License
-   along with this package; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
-   MA 02110-1301, USA.
- 
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
 On Debian systems, the complete text of the GNU General
 Public License can be found in `/usr/share/common-licenses/GPL'.

Bug#493726: marked as done (manpages-ed: Unclear licensing)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 20:47:07 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493730: fixed in manpages-de 0.5-4.1
has caused the Debian Bug report #493730,
regarding manpages-ed: Unclear licensing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
493730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493730
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: manpages-de
Severity: serious
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu

Hello,

I've noticed that the copyright file for manpages-de doesn't include
any information about who the copyright holders are and under which
license each file is released (beside the "look at the files"),
although the Debian policy says that "Every package must be
accompanied by a verbatim copy of its copyright and distribution
license in the file /usr/share/doc/package/copyright".

Furthermore, running "egrep -r GPL *" shows that there are some files
released under the GNU General Public License, but the source doesn't
include a copy of it.

Kind regards,

--
Siegfried-Angel Gevatter Pujals (RainCT)
GNU/Linux User #438657. Ubuntu User #11680.


--- End Message ---
--- Begin Message ---
Source: manpages-de
Source-Version: 0.5-4.1

We believe that the bug you reported is fixed in the latest version of
manpages-de, which is due to be installed in the Debian FTP archive:

manpages-de-dev_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de-dev_0.5-4.1_all.deb
manpages-de_0.5-4.1.diff.gz
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.diff.gz
manpages-de_0.5-4.1.dsc
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.dsc
manpages-de_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de_0.5-4.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[EMAIL PROTECTED]> (supplier of updated manpages-de package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 21:31:05 +0200
Source: manpages-de
Binary: manpages-de manpages-de-dev
Architecture: source all
Version: 0.5-4.1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Description: 
 manpages-de - German manpages
 manpages-de-dev - German development manpages
Closes: 493726 493730
Changes: 
 manpages-de (0.5-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Provide a proper copyright file. (Closes: #493726, #493730)
Checksums-Sha1: 
 dfe0bc401b5eb6a4b80a1eb6a4d290e5c006eaf1 989 manpages-de_0.5-4.1.dsc
 05820ad998ab8a32be88393f120552dbc6d047c6 49211 manpages-de_0.5-4.1.diff.gz
 f146a3dac826d82b14d446f9d9dc27c0f91dc819 364154 manpages-de_0.5-4.1_all.deb
 ac3653004766f956377c94c7ec70c4f34d060a20 531814 manpages-de-dev_0.5-4.1_all.deb
Checksums-Sha256: 
 dd4999cea326e10645d078fe0bdd65d3ad88e23ffd14772957e526ed7e5688f8 989 
manpages-de_0.5-4.1.dsc
 99d4f80eb93a653abf95e53ad3c1d16ea046b5f3ba248c94da2006cae5229837 49211 
manpages-de_0.5-4.1.diff.gz
 4595d7865a290322cff0b5501735cadd694a3d844a1bec87389bbaeda8ae0310 364154 
manpages-de_0.5-4.1_all.deb
 687df9bd6673a85606ac7e999b95f494ed3d7223b703fcba981cecd8a5b7db1b 531814 
manpages-de-dev_0.5-4.1_all.deb
Files: 
 62cfc1cf9cbba419c1073b9ef22b5f2b 989 doc optional manpages-de_0.5-4.1.dsc
 0716662b16d7c61433c768bc738b52f4 49211 doc optional manpages-de_0.5-4.1.diff.gz
 8af73f76aa1614ab3fb2d759afe12f72 364154 doc optional 
manpages-de_0.5-4.1_all.deb
 17071a0d1566a121e32d8bd175c05988 531814 doc optional 
manpages-de-dev_0.5-4.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkijOWUACgkQXm3vHE4uylq1PACgnRjqy9UiHIUeRfHg01TdpltF
BGcAn1KQqhJhkUCcZ1BjC28x1+Wir3t2
=EAUO
-END PGP SIGNATURE-


--- End Message ---

Bug#493730: marked as done (manpages-de: Unclear licensing)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 20:47:07 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493730: fixed in manpages-de 0.5-4.1
has caused the Debian Bug report #493730,
regarding manpages-de: Unclear licensing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
493730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493730
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: manpages-de
Severity: serious
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu

Hello,

I've noticed that the copyright file for manpages-de doesn't include
any information about who the copyright holders are and under which
license each file is released (beside the "look at the files"),
although the Debian policy says that "Every package must be
accompanied by a verbatim copy of its copyright and distribution
license in the file /usr/share/doc/package/copyright".

Furthermore, running "egrep -r GPL *" shows that there are some files
released under the GNU General Public License, but the source doesn't
include a copy of it.

Kind regards,

--
Siegfried-Angel Gevatter Pujals (RainCT)
Ubuntu Developer. Debian Contributor.


--- End Message ---
--- Begin Message ---
Source: manpages-de
Source-Version: 0.5-4.1

We believe that the bug you reported is fixed in the latest version of
manpages-de, which is due to be installed in the Debian FTP archive:

manpages-de-dev_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de-dev_0.5-4.1_all.deb
manpages-de_0.5-4.1.diff.gz
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.diff.gz
manpages-de_0.5-4.1.dsc
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.dsc
manpages-de_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de_0.5-4.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[EMAIL PROTECTED]> (supplier of updated manpages-de package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 21:31:05 +0200
Source: manpages-de
Binary: manpages-de manpages-de-dev
Architecture: source all
Version: 0.5-4.1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Description: 
 manpages-de - German manpages
 manpages-de-dev - German development manpages
Closes: 493726 493730
Changes: 
 manpages-de (0.5-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Provide a proper copyright file. (Closes: #493726, #493730)
Checksums-Sha1: 
 dfe0bc401b5eb6a4b80a1eb6a4d290e5c006eaf1 989 manpages-de_0.5-4.1.dsc
 05820ad998ab8a32be88393f120552dbc6d047c6 49211 manpages-de_0.5-4.1.diff.gz
 f146a3dac826d82b14d446f9d9dc27c0f91dc819 364154 manpages-de_0.5-4.1_all.deb
 ac3653004766f956377c94c7ec70c4f34d060a20 531814 manpages-de-dev_0.5-4.1_all.deb
Checksums-Sha256: 
 dd4999cea326e10645d078fe0bdd65d3ad88e23ffd14772957e526ed7e5688f8 989 
manpages-de_0.5-4.1.dsc
 99d4f80eb93a653abf95e53ad3c1d16ea046b5f3ba248c94da2006cae5229837 49211 
manpages-de_0.5-4.1.diff.gz
 4595d7865a290322cff0b5501735cadd694a3d844a1bec87389bbaeda8ae0310 364154 
manpages-de_0.5-4.1_all.deb
 687df9bd6673a85606ac7e999b95f494ed3d7223b703fcba981cecd8a5b7db1b 531814 
manpages-de-dev_0.5-4.1_all.deb
Files: 
 62cfc1cf9cbba419c1073b9ef22b5f2b 989 doc optional manpages-de_0.5-4.1.dsc
 0716662b16d7c61433c768bc738b52f4 49211 doc optional manpages-de_0.5-4.1.diff.gz
 8af73f76aa1614ab3fb2d759afe12f72 364154 doc optional 
manpages-de_0.5-4.1_all.deb
 17071a0d1566a121e32d8bd175c05988 531814 doc optional 
manpages-de-dev_0.5-4.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkijOWUACgkQXm3vHE4uylq1PACgnRjqy9UiHIUeRfHg01TdpltF
BGcAn1KQqhJhkUCcZ1BjC28x1+Wir3t2
=EAUO
-END PGP SIGNATURE-


--- End Message ---

Bug#493726: marked as done (manpages-ed: Unclear licensing)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 20:47:07 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493726: fixed in manpages-de 0.5-4.1
has caused the Debian Bug report #493726,
regarding manpages-ed: Unclear licensing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
493726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493726
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: manpages-de
Severity: serious
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu

Hello,

I've noticed that the copyright file for manpages-de doesn't include
any information about who the copyright holders are and under which
license each file is released (beside the "look at the files"),
although the Debian policy says that "Every package must be
accompanied by a verbatim copy of its copyright and distribution
license in the file /usr/share/doc/package/copyright".

Furthermore, running "egrep -r GPL *" shows that there are some files
released under the GNU General Public License, but the source doesn't
include a copy of it.

Kind regards,

--
Siegfried-Angel Gevatter Pujals (RainCT)
GNU/Linux User #438657. Ubuntu User #11680.


--- End Message ---
--- Begin Message ---
Source: manpages-de
Source-Version: 0.5-4.1

We believe that the bug you reported is fixed in the latest version of
manpages-de, which is due to be installed in the Debian FTP archive:

manpages-de-dev_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de-dev_0.5-4.1_all.deb
manpages-de_0.5-4.1.diff.gz
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.diff.gz
manpages-de_0.5-4.1.dsc
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.dsc
manpages-de_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de_0.5-4.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[EMAIL PROTECTED]> (supplier of updated manpages-de package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 21:31:05 +0200
Source: manpages-de
Binary: manpages-de manpages-de-dev
Architecture: source all
Version: 0.5-4.1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Description: 
 manpages-de - German manpages
 manpages-de-dev - German development manpages
Closes: 493726 493730
Changes: 
 manpages-de (0.5-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Provide a proper copyright file. (Closes: #493726, #493730)
Checksums-Sha1: 
 dfe0bc401b5eb6a4b80a1eb6a4d290e5c006eaf1 989 manpages-de_0.5-4.1.dsc
 05820ad998ab8a32be88393f120552dbc6d047c6 49211 manpages-de_0.5-4.1.diff.gz
 f146a3dac826d82b14d446f9d9dc27c0f91dc819 364154 manpages-de_0.5-4.1_all.deb
 ac3653004766f956377c94c7ec70c4f34d060a20 531814 manpages-de-dev_0.5-4.1_all.deb
Checksums-Sha256: 
 dd4999cea326e10645d078fe0bdd65d3ad88e23ffd14772957e526ed7e5688f8 989 
manpages-de_0.5-4.1.dsc
 99d4f80eb93a653abf95e53ad3c1d16ea046b5f3ba248c94da2006cae5229837 49211 
manpages-de_0.5-4.1.diff.gz
 4595d7865a290322cff0b5501735cadd694a3d844a1bec87389bbaeda8ae0310 364154 
manpages-de_0.5-4.1_all.deb
 687df9bd6673a85606ac7e999b95f494ed3d7223b703fcba981cecd8a5b7db1b 531814 
manpages-de-dev_0.5-4.1_all.deb
Files: 
 62cfc1cf9cbba419c1073b9ef22b5f2b 989 doc optional manpages-de_0.5-4.1.dsc
 0716662b16d7c61433c768bc738b52f4 49211 doc optional manpages-de_0.5-4.1.diff.gz
 8af73f76aa1614ab3fb2d759afe12f72 364154 doc optional 
manpages-de_0.5-4.1_all.deb
 17071a0d1566a121e32d8bd175c05988 531814 doc optional 
manpages-de-dev_0.5-4.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkijOWUACgkQXm3vHE4uylq1PACgnRjqy9UiHIUeRfHg01TdpltF
BGcAn1KQqhJhkUCcZ1BjC28x1+Wir3t2
=EAUO
-END PGP SIGNATURE-


--- End Message ---

Bug#493730: marked as done (manpages-de: Unclear licensing)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 20:47:07 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493726: fixed in manpages-de 0.5-4.1
has caused the Debian Bug report #493726,
regarding manpages-de: Unclear licensing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
493726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493726
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: manpages-de
Severity: serious
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu

Hello,

I've noticed that the copyright file for manpages-de doesn't include
any information about who the copyright holders are and under which
license each file is released (beside the "look at the files"),
although the Debian policy says that "Every package must be
accompanied by a verbatim copy of its copyright and distribution
license in the file /usr/share/doc/package/copyright".

Furthermore, running "egrep -r GPL *" shows that there are some files
released under the GNU General Public License, but the source doesn't
include a copy of it.

Kind regards,

--
Siegfried-Angel Gevatter Pujals (RainCT)
Ubuntu Developer. Debian Contributor.


--- End Message ---
--- Begin Message ---
Source: manpages-de
Source-Version: 0.5-4.1

We believe that the bug you reported is fixed in the latest version of
manpages-de, which is due to be installed in the Debian FTP archive:

manpages-de-dev_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de-dev_0.5-4.1_all.deb
manpages-de_0.5-4.1.diff.gz
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.diff.gz
manpages-de_0.5-4.1.dsc
  to pool/main/m/manpages-de/manpages-de_0.5-4.1.dsc
manpages-de_0.5-4.1_all.deb
  to pool/main/m/manpages-de/manpages-de_0.5-4.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <[EMAIL PROTECTED]> (supplier of updated manpages-de package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 21:31:05 +0200
Source: manpages-de
Binary: manpages-de manpages-de-dev
Architecture: source all
Version: 0.5-4.1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kobras <[EMAIL PROTECTED]>
Changed-By: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Description: 
 manpages-de - German manpages
 manpages-de-dev - German development manpages
Closes: 493726 493730
Changes: 
 manpages-de (0.5-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Provide a proper copyright file. (Closes: #493726, #493730)
Checksums-Sha1: 
 dfe0bc401b5eb6a4b80a1eb6a4d290e5c006eaf1 989 manpages-de_0.5-4.1.dsc
 05820ad998ab8a32be88393f120552dbc6d047c6 49211 manpages-de_0.5-4.1.diff.gz
 f146a3dac826d82b14d446f9d9dc27c0f91dc819 364154 manpages-de_0.5-4.1_all.deb
 ac3653004766f956377c94c7ec70c4f34d060a20 531814 manpages-de-dev_0.5-4.1_all.deb
Checksums-Sha256: 
 dd4999cea326e10645d078fe0bdd65d3ad88e23ffd14772957e526ed7e5688f8 989 
manpages-de_0.5-4.1.dsc
 99d4f80eb93a653abf95e53ad3c1d16ea046b5f3ba248c94da2006cae5229837 49211 
manpages-de_0.5-4.1.diff.gz
 4595d7865a290322cff0b5501735cadd694a3d844a1bec87389bbaeda8ae0310 364154 
manpages-de_0.5-4.1_all.deb
 687df9bd6673a85606ac7e999b95f494ed3d7223b703fcba981cecd8a5b7db1b 531814 
manpages-de-dev_0.5-4.1_all.deb
Files: 
 62cfc1cf9cbba419c1073b9ef22b5f2b 989 doc optional manpages-de_0.5-4.1.dsc
 0716662b16d7c61433c768bc738b52f4 49211 doc optional manpages-de_0.5-4.1.diff.gz
 8af73f76aa1614ab3fb2d759afe12f72 364154 doc optional 
manpages-de_0.5-4.1_all.deb
 17071a0d1566a121e32d8bd175c05988 531814 doc optional 
manpages-de-dev_0.5-4.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkijOWUACgkQXm3vHE4uylq1PACgnRjqy9UiHIUeRfHg01TdpltF
BGcAn1KQqhJhkUCcZ1BjC28x1+Wir3t2
=EAUO
-END PGP SIGNATURE-


--- End Message ---

Bug#489208: bug #489208: fml incompatible with perl 5.10

[Stefan Fritsch]

fml has a rather low popcon count and the maintainer doesn't seem to 
be active anymore. Maybe it would make sense to remove the package?



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#488924: dspam-webfrontend and apache2-suexec

[Stefan Fritsch]

On Wednesday 16 July 2008, Kurt B. Kaiser wrote:
> tags 488924 + pending
> thanks
>
> The reversion in apache2 is going into testing today (2.2.9-5), so
> the UID issue is gone.
>
> However, we need to add apache2-suexec as a dependency for
> dspam-webfrontend.


dspam-webfrontend does not depend on apache2, it just suggests it (via 
mod-perl). It should also suggest apache2-suexec. Will there be an 
upload soon or should I do a NMU?

OTOH, a missing suggests is probably not RC. Downgrading this bug 
would be fine with me, too.

Cheers,
Stefan



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#492870: marked as done (CVE-2008-3231: DoS via crafted OGG file)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 19:17:06 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#492870: fixed in xine-lib 1.1.14-2
has caused the Debian Bug report #492870,
regarding CVE-2008-3231: DoS via crafted OGG file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
492870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492870
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libxine1-ffmpeg
Version: 1.1.14-1
Severity: important
Tags: security

Hi,
as discussed on IRC, here it goes.
The following CVE (Common Vulnerabilities & Exposures) id was
published for libxine1-ffmpeg.

CVE-2008-3231[0]:
| xine allows user-assisted attackers to cause a denial of service
| (application crash) via a crafted OGG file, as demonstrated by
| lol-ffplay.ogg.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231
http://security-tracker.debian.net/tracker/CVE-2008-3231


--- End Message ---
--- Begin Message ---
Source: xine-lib
Source-Version: 1.1.14-2

We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:

libxine-dev_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine-dev_1.1.14-2_amd64.deb
libxine1-all-plugins_1.1.14-2_all.deb
  to pool/main/x/xine-lib/libxine1-all-plugins_1.1.14-2_all.deb
libxine1-bin_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-bin_1.1.14-2_amd64.deb
libxine1-console_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-console_1.1.14-2_amd64.deb
libxine1-dbg_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-dbg_1.1.14-2_amd64.deb
libxine1-doc_1.1.14-2_all.deb
  to pool/main/x/xine-lib/libxine1-doc_1.1.14-2_all.deb
libxine1-ffmpeg_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-ffmpeg_1.1.14-2_amd64.deb
libxine1-gnome_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-gnome_1.1.14-2_amd64.deb
libxine1-misc-plugins_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-misc-plugins_1.1.14-2_amd64.deb
libxine1-plugins_1.1.14-2_all.deb
  to pool/main/x/xine-lib/libxine1-plugins_1.1.14-2_all.deb
libxine1-x_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1-x_1.1.14-2_amd64.deb
libxine1_1.1.14-2_amd64.deb
  to pool/main/x/xine-lib/libxine1_1.1.14-2_amd64.deb
xine-lib_1.1.14-2.diff.gz
  to pool/main/x/xine-lib/xine-lib_1.1.14-2.diff.gz
xine-lib_1.1.14-2.dsc
  to pool/main/x/xine-lib/xine-lib_1.1.14-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Darren Salt <[EMAIL PROTECTED]> (supplier of updated xine-lib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 19:17:10 +0100
Source: xine-lib
Binary: libxine1-doc libxine1 libxine1-bin libxine-dev libxine1-ffmpeg 
libxine1-gnome libxine1-console libxine1-x libxine1-misc-plugins libxine1-dbg 
libxine1-plugins libxine1-all-plugins
Architecture: source all amd64
Version: 1.1.14-2
Distribution: unstable
Urgency: high
Maintainer: [EMAIL PROTECTED]
Changed-By: Darren Salt <[EMAIL PROTECTED]>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, meta-package
 libxine1-all-plugins - the xine video/media player library, meta package
 libxine1-bin - the xine video/media player library, binary files
 libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for 
libxine1
 libxine1-dbg - debug symbols for libxine1
 libxine1-doc - the xine video player library, documentation files
 libxine1-ffmpeg - MPEG-related plugins for libxine1
 libxine1-gnome - GNOME-related plugins for libxine1
 libxine1-misc-plugins - Input, audio output and post plugins for libxine1
 libxine1-plugins - the xine video/media player library, meta package
 libxine1-x - X desktop video output plugins for libxine1
Closes: 491671 492870
Changes: 
 xine-lib (1.1.14-2) unstable; urgency=high
 .
   * Fixes from upstream hg:
 - CVE-2008-3231: denial of service (application crash) via a crafted OGG
   file. (Closes: #492870)
 - DoS (app

Processed: tagging 489773

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.6~etch1
> tags 489773 + pending
Bug#489773: freeradius listening on wrong port
There were no tags set.
Tags added: pending

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#495011: [snowballz] crashes with TypeError

[Simon Wenner]

Package: snowballz
Version: 0.9.5.1-1
Severity: serious

I played several levels (with default settings) and all of them crash
after about one minute of playing with the following Python Type Error:

File "rabbyt._anims.pyx", line 230, in rabbyt._anims.AnimSlot.anim.__set__
TypeError: Cannot convert float to rabbyt._anims.Anim

See file for the full console output.


--- System information. ---
Architecture: i386
Kernel: Linux 2.6.25-2-686

Debian Release: lenny/sid
900 testing security.debian.org
900 testing mirror.switch.ch
900 testing debian.netcologne.de
500 stable mirror.switch.ch

--- Package information. ---
Depends (Version) | Installed
==-+-===
python (>= 2.4) | 2.5.2-1
python-imaging | 1.1.6-3
python-numeric | 24.2-9
python-opengl | 3.0.0~b3-1
python-pygame | 1.7.1release-4.2
python-rabbyt | 0.8.1-1
ttf-tamil-fonts | 1:0.5.4


[EMAIL PROTECTED]:~$ snowballz 
/usr/share/games/snowballz/font.py:3: UserWarning: 
***
The rabbyt.fonts module is deprecated and will be removed in a future version
of rabbyt.  I recommend using pyglet for font rendering.

If you still want to use pygame fonts, check out the ``pygame_font.py`` example
included with rabbyt.
***

  import rabbyt.fonts
/usr/share/games/snowballz/font.py:3: UserWarning: 
The rabbyt.vertexarrays module is deprecated and will be removed in a future
version of rabbyt.

  import rabbyt.fonts
/usr/share/games/snowballz/font.py:35: UserWarning: set_gl_color is deprecated.  Use glColor4f instead.
  self.sprite.render()
/usr/share/games/snowballz/font.py:24: UserWarning: set_gl_color is deprecated.  Use glColor4f instead.
  def render(self, x, y, string, color=(1,1,1)):
Traceback (most recent call last):
  File "snowballz.py", line 648, in 
main.lobby(mapname)
  File "snowballz.py", line 79, in lobby
self.run()
  File "snowballz.py", line 201, in run
self.run_loop()
  File "snowballz.py", line 208, in run_loop
self.loop()
  File "snowballz.py", line 363, in loop
display.draw(self, dt)
  File "/usr/share/games/snowballz/display.py", line 261, in draw
data.snowflakes.run(True)
  File "/usr/share/games/snowballz/data.py", line 311, in run
self.add_flake()
  File "/usr/share/games/snowballz/data.py", line 322, in add_flake
f = Flake(self.bounds)
  File "/usr/share/games/snowballz/data.py", line 290, in __init__
self.x = rabbyt.wrap(bounds[0], x, static=False)
  File "/var/lib/python-support/python2.5/rabbyt/anims.py", line 579, in wrap
return AnimWrap(bounds, parent, static)
  File "rabbyt._anims.pyx", line 693, in rabbyt._anims.AnimWrap.__init__
  File "rabbyt._anims.pyx", line 230, in rabbyt._anims.AnimSlot.anim.__set__
TypeError: Cannot convert float to rabbyt._anims.Anim
[EMAIL PROTECTED]:~$


signature.asc
Description: OpenPGP digital signature

Bug#495010: linux-patch-grsecurity2: Doesn't apply against Lenny kernel

[Moritz Muehlenhoff]

Package: linux-patch-grsecurity2
Severity: grave
Justification: renders package unusable

Both the pax-linux and the grsecurity-2.1.11 patch don't apply
against 2.6.25 and 2.6.26. Since Lenny will mostly likely ship
with 2.6.26, please update the patch to it.

Cheers,
Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#491621:

[Rince]

I have 0.8.0 in git locally - I seem to have typoed my password too
many times in a short period, so I've temporarily been timed out of
pushing things to git. I'll push it when I get home (~4 hours), and
then I'll submit the package for review and inclusion in unstable.

- Rich

On Tue, Aug 12, 2008 at 2:47 AM, Luca Bruno <[EMAIL PROTECTED]> wrote:
> Rince scrisse:
>
>> I'll submit the 0.7.0 version of the package for inspection "shortly".
>
> Any news on this? I've seen no change in our repo recently.
> I you don't proceed and object, I'll take care of this in a few days...
>
> Ciao, Luca
>
> --
>  .''`.  ** Debian GNU/Linux **  | Luca Bruno
> : :'  :   The Universal O.S.| lucab (AT) debian.org
> `. `'`  | GPG Key ID: 3BFB9FB3
>  `- http://www.debian.org  | Debian GNU/Linux Developer
>
> ___
> forensics-devel mailing list
> [EMAIL PROTECTED]
> http://lists.alioth.debian.org/mailman/listinfo/forensics-devel
>
>



-- 

BOFH excuse #158: Defunct processes



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494982: marked as done (offlineimap: crashes on reusing an open connection)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 19:02:03 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494982: fixed in offlineimap 6.0.3
has caused the Debian Bug report #494982,
regarding offlineimap: crashes on reusing an open connection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494982: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494982
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: offlineimap
Version: 6.0.2
Severity: grave
Tags: patch
Justification: renders package unusable

OfflineIMAP crashes with backtrace, I think when it tries to reuse an already
open connection. Here is the backtrace, that is rather self-explaining:
> Main program terminated with exception:
> Traceback (most recent call last):
>   File "/var/lib/python-support/python2.4/offlineimap/init.py", line 198, in 
> startup
> threadutil.exitnotifymonitorloop(threadutil.threadexited)
>   File "/var/lib/python-support/python2.4/offlineimap/threadutil.py", line 
> 116, in exitnotifymonitorloop
> exitthreads.task_done()
> AttributeError: Queue instance has no attribute 'task_done'

It seems that Queue.task_done() is new in Python 2.5. On my Debian "Etch with
some testing and unstable packages", I have both Python 2.4 and 2.5 installed,
but /usr/bin/python still points to python2.4, no idea why.

So, running offlineimap with "/usr/bin/env python2.5" instead of "/usr/bin/env
python" solves that problem, but I do not know if that is the clean way to do
it.

Regards,

-- 
Tanguy

-- System Information:
Debian Release: lenny/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-k7
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages offlineimap depends on:
ii  python2.4.4-2An interactive high-level object-o
ii  python-support0.7.7  automated rebuilding support for P

offlineimap recommends no packages.

-- no debconf information
--- offlineimap.py.old  2008-08-13 17:25:41.0 +0200
+++ offlineimap.py  2008-08-13 17:25:56.0 +0200
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.5
 # Startup from single-user installation
 # Copyright (C) 2002 - 2008 John Goerzen
 # <[EMAIL PROTECTED]>
--- End Message ---
--- Begin Message ---
Source: offlineimap
Source-Version: 6.0.3

We believe that the bug you reported is fixed in the latest version of
offlineimap, which is due to be installed in the Debian FTP archive:

offlineimap_6.0.3.dsc
  to pool/main/o/offlineimap/offlineimap_6.0.3.dsc
offlineimap_6.0.3.tar.gz
  to pool/main/o/offlineimap/offlineimap_6.0.3.tar.gz
offlineimap_6.0.3_all.deb
  to pool/main/o/offlineimap/offlineimap_6.0.3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Goerzen <[EMAIL PROTECTED]> (supplier of updated offlineimap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 13:51:54 -0500
Source: offlineimap
Binary: offlineimap
Architecture: source all
Version: 6.0.3
Distribution: unstable
Urgency: low
Maintainer: John Goerzen <[EMAIL PROTECTED]>
Changed-By: John Goerzen <[EMAIL PROTECTED]>
Description: 
 offlineimap - IMAP/Maildir synchronization and reader support
Closes: 494982
Changes: 
 offlineimap (6.0.3) unstable; urgency=low
 .
   * Removed call to task_done, which required Python 2.5.  Closes: #494982.
   * Make GMail trash and spam folder names configurable -- German Google
 Mail uses different folder names.  Patch from Henning Glawe.
Checksums-Sha1: 
 caa3cf649ca35bb535b6bbc26cc61e795bf2287f 1034 offlineimap_6.0.3.dsc
 12f8d21b90943728d15ab1e76568bd53e5a8610d 97537 offlineimap_6.0.3.tar.gz
 d7410cfe663819e67c9ce4cbba56107f84f87dab 150076 offlineimap_6.0.3_all.deb
Checksums-Sha256: 
 9fff958d785ae08618c804903d1f31c7f8eed192b1d783b324c7d21099c5d7b9 1034 
offlineimap_6.0.3.dsc
 e2d15e78db06539459ffb8df97ff30ef3f6885ad7ec1f4e0dc56f2ca59f004ad 97537 
offlineimap_6.0.3.tar.gz
 575efe5bba3f0dc61e5446a70917ac3ee7f9aa64d9679f4011e6ed7173527b3a 150076 
off

Processed: Re: Bug#495005: xsane segfaults

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reassign 495005 libsane 1.0.19-15
Bug#495005: xsane segfaults
Bug reassigned from package `libsane' to `libsane'.

> severity 495005 normal
Bug#495005: xsane segfaults
Severity set to `normal' from `serious'

> retitle 495005 [net] segfault with hpaio as the remote backend
Bug#495005: xsane segfaults
Changed Bug title to `[net] segfault with hpaio as the remote backend' from 
`xsane segfaults'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#495005: xsane segfaults

[Julien BLACHE]

reassign 495005 libsane 1.0.19-15
severity 495005 normal
retitle 495005 [net] segfault with hpaio as the remote backend
thanks

Julien Danjou <[EMAIL PROTECTED]> wrote:

Hi,

> Run xsane with only a hostname in net.conf to access remotely the
> scanner.
> Press scan. It ask for user/password (?), I just click ok or cancel, and a 
> couple
> of seconds later it happens:

That kind of segfault in the net protocol stack is usually due to a
standard violation by the remote backend.

The saned and net backend debug logs may help in tracking this
down. I'd take a corresponding network capture too, if possible.

JB.

-- 
 Julien BLACHE - Debian & GNU/Linux Developer - <[EMAIL PROTECTED]> 
 
 Public key available on  - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: reassign 495005 to libsane

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.35
> reassign 495005 libsane
Bug#495005: xsane segfaults
Bug reassigned from package `xsane' to `libsane'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#495005: xsane segfaults

[Julien Danjou]

Package: xsane
Version: 0.995-4
Severity: serious

Run xsane with only a hostname in net.conf to access remotely the
scanner.
Press scan. It ask for user/password (?), I just click ok or cancel, and a 
couple
of seconds later it happens:

(gdb) bt full 
#0  0x7f23f312ea43 in free () from /lib/libc.so.6
No symbol table info available.
#1  0x7f23e63e89ec in sanei_w_array (w=0x23a96b8, len_ptr=0x7f3c4364, 
v=0x7f3c4410, w_element=0x7f23e63e7710 , element_size=1) at 
sanei_wire.c:181
len = 
val = 0x7f23f6fa7baa ""
i = 2
#2  0x7f23e63e7618 in bin_w_string (w=0x23a96b8, v=0x7f3c4410) at 
sanei_codec_bin.c:87
len = 2
#3  0x7f23e63e7d53 in sanei_w_string (w=0x23a96b8, v=0x7f3c4410) at 
sanei_wire.c:350
No locals.
#4  0x7f23e63e7ccb in sanei_w_free (w=0x23a96b8, w_reply=0x7f23e63e77d0 
, reply=0x7f3c4400) at sanei_wire.c:647
saved_dir = WIRE_DECODE
#5  0x7f23e63e42ca in sane_net_start (handle=) at 
net.c:1942
s = (Net_Scanner *) 0x2310240
reply = {status = 1886547811, port = 1702064928, byte_order = 
842085168, resource_to_authorize = 0x7f23f6fa7ba8 "�"}
sin = {sin_family = 2, sin_port = 42521, sin_addr = {s_addr =
117614784}, 
  sin_zero = "\000\000\000\000\000\000\000"}
sa = (struct sockaddr *) 0x7f3c4420
sin6 = {sin6_family = 28672, sin6_port = 63226, sin6_flowinfo = 32547, 
sin6_addr = {in6_u = { u6_addr8 = 
"��\033�\177\000\000\005\000\000\000\000\000\000", u6_addr16 = {41402, 63259, 
32547, 0, 5, 0, 0, 0}, u6_addr32 = {4145783226, 32547, 5, 0}}}, sin6_scope_id = 
0}
status = 1886547811
fd = 23
len = 16
port = 
#6  0x0046234c in ?? ()
No symbol table info available.
#7  0x004645eb in ?? ()
No symbol table info available.
#8  0x7f23f45d2ebd in g_closure_invoke () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#9  0x7f23f45e5c2d in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#10 0x7f23f45e7116 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#11 0x7f23f45e7623 in g_signal_emit () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#12 0x7f23f58add9d in gtk_real_button_released
(button=0x7f23f6fa7ba8)
at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtkbutton.c:1484
No locals.
#13 0x7f23f45d2ebd in g_closure_invoke () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#14 0x7f23f45e5538 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0x7f23f45e7116 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0x7f23f45e7623 in g_signal_emit () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0x7f23f58acf3d in gtk_button_button_release
(widget=0x7f23f6fa7ba8, event=0x0)
at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtkbutton.c:1377
No locals.
#18 0x7f23f597b688 in _gtk_marshal_BOOLEAN__BOXED
(closure=0x22d7530, return_value=0x7f3c66e0, 
n_param_values=, param_values=0x7f3c67a0, 
invocation_hint=, marshal_data=0x7f23f58acf20)
at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtkmarshalers.c:84
data1 = (gpointer) 0x23e5b80
data2 = (gpointer) 0x7f23f400
v_return = 
__PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
#19 0x7f23f45d2ebd in g_closure_invoke () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x7f23f45e58fc in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#21 0x7f23f45e6f99 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#22 0x7f23f45e7623 in g_signal_emit () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#23 0x7f23f5a9019e in gtk_widget_event_internal (widget=0x23e5b80,
event=0x25b94b0)
at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtkwidget.c:4678
signal_num = 
return_val = 0
#24 0x7f23f5974203 in IA__gtk_propagate_event (widget=0x23e5b80,
event=0x25b94b0)
at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtkmain.c:2336
tmp = (GtkWidget *) 0x234c720
handled_event = 39556272
__PRETTY_FUNCTION__ = "IA__gtk_propagate_event"
#25 0x7f23f597524b in IA__gtk_main_do_event (event=0x25b94b0)
at /scratch/build-area/gtk+2.0-2.12.11/gtk/gtkmain.c:1556
event_widget = (GtkWidget *) 0x23e5b80
grab_widget = (GtkWidget *) 0x23e5b80
window_group = (GtkWindowGroup *) 0x234c720
rewritten_event = (GdkEvent *) 0x0
tmp_list = 
__PRETTY_FUNCTION__ = "IA__gtk_main_do_event"
#26 0x7f23f55d6f8c in gdk_event_dispatch (source=, 
callback=, user_data=)
at /scratch/build-area/gtk+2.0-2.12.11/gdk/x11/gdkevents-x11.c:2351
display = 
event = 
#27 0x7f23f3f36892 in g_main_context_dispatch () from
/usr/lib/libglib-2.

Bug#495006: listadmin: 2.40 update broke it against Mailman-2.1.9/etch

[Johannes Stezenbach]

Package: listadmin
Version: 2.40-2.1
Severity: grave
Tags: patch
Justification: renders package unusable

2.32-1 worked, but after update to 2.40-2.1 listadmin only displays
"fetching data for foo ... nothing in queue".

This patch fixes it for me:


--- /usr/bin/listadmin  2008-08-11 23:47:17.0 +0200
+++ listadmin   2008-08-13 20:41:47.0 +0200
@@ -779,6 +779,11 @@
} else {
parse_approvals ($mmver, $config, $parse_appr, \%data);
}
+} else {
+   $parse_appr->get_tag ("hr");
+   if ($parse_appr->get_tag ("h2")) {
+   parse_approvals ($mmver, $config, $parse_appr, \%data);
+   }
 }
 return (\%data);
 }


(The $parse_subs->get_tag ("hr") call eats the whole document
if no  is present, making the following $parse_subs->get_tag ("h2")
call fail.)


Johannes

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=de_DE.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages listadmin depends on:
ii  libcrypt-ssleay-perl  0.57-1+b1  Support for https protocol in LWP
ii  libtext-reform-perl   1.12.2-1   Perl module for manual text wrappi
ii  libwww-perl   5.813-1WWW client/server library for Perl

listadmin recommends no packages.

listadmin suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494982: offlineimap: crashes on reusing an open connection

[John Goerzen]

severotu 494982 normal
thanks

Tanguy Ortolo wrote:
> Package: offlineimap
> Version: 6.0.2
> Severity: grave
> Tags: patch
> Justification: renders package unusable

I will be uploading a fix shortly.  Python in etch and sid both are 2.5,
so dropping severity.

-- John



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494268: atd: "/etc/init.d/atd stop" kills itself

[Chris Lawrence]

On Tue, Aug 12, 2008 at 10:56 PM, Rob Browning <[EMAIL PROTECTED]> wrote:
>
> severity 494268 serious
> thanks
>
> I suppose this should probably be serious, since it prevents
> /etc/init.d/at from stopping the server.  I think it may also kill an
> attempt to run "/etc/init.d/atd restart".
>
> I'm also cc'ing this to lsb-base, since as I mentioned, I'm not sure
> which package is actually at fault.

Looks like it might be a problem with start-stop-daemon when a pidfile
isn't specified... it matches on --name and your init script is named
"atd".


Chris



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: FTBFS: libtool: link: `/usr/lib/libct.la' is not a valid libtool archive

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reassign 494215 libgda2-dev
Bug#494215: libgdamm1.3: FTBFS: libtool: link: `/usr/lib/libct.la' is not a 
valid libtool archive
Bug reassigned from package `libgdamm1.3' to `libgda2-dev'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494215: FTBFS: libtool: link: `/usr/lib/libct.la' is not a valid libtool archive

[Riku Voipio]

reassign 494215 libgda2-dev
thanks

The .la files of libgda2-dev refer to .la file but libgda2-dev has no
depends freetds-dev. Alternatively /usr/lib/libct.la should be dropped from
the .la files provided by libgda2-dev, but that might be trickier..

This breaks building of libgdamm1.3, possibly others.

grep libct.la /usr/lib/*.la
/usr/lib/libgda-2.la:dependency_libs=' /usr/lib/libgdasql.la 
/usr/lib/libgobject-2.0.la /usr/lib/libgthread-2.0.la 
/usr/lib/libgmodule-2.0.la -ldl /usr/lib/libglib-2.0.la /usr/lib/libxslt.la 
/usr/lib/libxml2.la -lm /usr/lib/libxml2.la -L/usr/lib /usr/lib/libct.la -lrt'
/usr/lib/libgda-report-2.la:dependency_libs=' /usr/lib/libgda-2.la 
/usr/lib/libgdasql.la /usr/lib/libgobject-2.0.la /usr/lib/libgthread-2.0.la 
/usr/lib/libgmodule-2.0.la -ldl /usr/lib/libglib-2.0.la /usr/lib/libxslt.la 
/usr/lib/libxml2.la -lm /usr/lib/libxml2.la -L/usr/lib /usr/lib/libct.la -lrt'
/usr/lib/libgdasql.la:dependency_libs=' /usr/lib/libgobject-2.0.la 
/usr/lib/libgthread-2.0.la /usr/lib/libgmodule-2.0.la -ldl 
/usr/lib/libglib-2.0.la /usr/lib/libxslt.la /usr/lib/libxml2.la -lm 
/usr/lib/libxml2.la /usr/lib/libct.la -L/usr/lib -lrt'

-- 
"rm -rf" only sounds scary if you don't have backups



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Olivier Berger]

On Wed, Aug 13, 2008 at 10:12:29PM +1000, Sven Dowideit wrote:
> 
> the best irony of this bug, is :
> 
> > I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files
> in tmp are written by CGI::Session, that takes care of things.
> >
> > I also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point
> wrt to filling /var
> 

By coincidence (testing authentication through CAS servers for TWiki, and 
tracing what happens in TemplateLogin), I happend to run into that O_EXCL 
permission on "passthru" files (dunno what they are, btw), and notice that 
apparently #444982 wasn't fixed the right way it seems.

See more details in newly filed #494993.

Sad irony ;-)

Best regards,



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

SD>> On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD>>> No, I was told by Nico or Joey that web apps should not be filling up
SD>>> the /var filesystem with session files.
SD>> 
SD>>> this is apparently also _not_ a solution.
SD>> 
SD>>> /tmp was determined in October 2007 as the best place
SD>> 
SD>> Ok, Yoy can do it (in your postinst):
SD>> 
SD>> twiki_session_dir=`mktemp -d /tmp/twiki.XX`
SD>> chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data
SD>> chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data
SD>> perl -pi -e "s/(TempfileDir).*/$1} = '$twiki_session_dir';" \
SD>> /etc/twiki/LocalSite.cfg
SD>> 
SD>> attributes must be 0750 or 0770 or 0700 if owner==www-data
SD>> or 1770 if owner != www-data ($TWIKI_OWNER)
SD>> 
SD> and then on upgrade, create another one because the user selected to
SD> overwrite the cfg, and so on - sounds like its less of a solution than
SD> to use a predictable dir, with a more appropriate attempt to make sure
SD> its safe.

SD> it worries me that you appear to be contradicting the permissions I was
SD> required to set up for #444982 - I'm not quite sure who's advice should
SD> get priority - Joey's or yours.

SD> Perhaps I should set up a google fight.

Full algorithm:

1. You change debian/LocalSite.cfg: s{/tmp/wiki}{#UNDEFINED_TEMP_DIR#};

2. in postinst You do:

2.1 

if grep -q #UNDEFINED_TEMP_DIR# /etc/twiki/LocalSite.cfg; then
twiki_session_dir=`mktemp -d /tmp/twiki.XX`
perl -pi -e \
"s/(TempfileDir).*/$1} = '$twiki_session_dir';/" \
/etc/twiki/LocalSite.cfg
chown $TWIKI_OWNER:www-data $twiki_session_dir
else
twiki_session_dir=`grep TempfileDir /etc/twiki/LocalSite.cfg \
| sed "s/=[[:space:]]*'//"|sed "s/'.*//"`
fi

# [1]
chmod 1770 $twiki_session_dir


in [1] you can insert the verification code, for example:

if test -d $twiki_session_dir; then
# $twiki_session_dir is directory and exists
found_owner=`ls -l $twiki_session_dir|awk '{ print $3 }'`
found_group=`ls -l $twiki_session_dir|awk '{ print $4 }'`

if test $found_owner = $TWIKI_OWNER -a \
$found_group = www-data; then
# previous install is ok (owner:group)
else
# unknown owner
fi
else
#   $twiki_session_dir is not directory
# you can recreate it with new path
fi

3. You can show errors with help of debhelper's dialogs.


--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494677: libapache2-mod-perl2: FTBFS: dpkg-checkbuilddeps: Unmet build dependencies: libcgi-pm-perl (>= 3.33)

[Adeodato Simó]

* Niko Tyni [Wed, 13 Aug 2008 19:11:12 +0300]:

> It will take at least a week to get the fix in unstable, as we
> want 5.10.0-13 in testing first. We could either let the unbuildable
> libapache2-mod-perl2/2.0.4-2 stay in sid until then,

That sounds fine from a release management point of view.

> or upload an
> intermediate version in between.

Thanks,

-- 
Adeodato Simó



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494677: libapache2-mod-perl2: FTBFS: dpkg-checkbuilddeps: Unmet build dependencies: libcgi-pm-perl (>= 3.33)

[Niko Tyni]

On Mon, Aug 11, 2008 at 03:10:17PM +0300, Niko Tyni wrote:
> Package: libapache2-mod-perl2
> Version: 2.0.4-2
> Severity: serious
> 
> As explained in 
> 
>  http://lists.debian.org/debian-release/2008/08/msg00557.html
> 
> 2.0.4-2 is failing on all autobuilders because of an sbuild bug.
> We'll have to remove the libcgi-pm-perl build-dependency and come up
> with something else for now.
> 
> I think the next best thing is to remove the TMPDIR setting in
> t/conf/extra.conf.in . This means the temporary files won't stay in the
> build directory, but that's what /tmp is for.

Update: as agreed with the release team, I'm going to fix the CGI.pm bug
in perl-modules (filed as #494679) for lenny. 

Assuming it'll be in 5.10.0-14, I think the best fix is to change the
build-dependencies at that point to something like

 Build-Depends: perl-modules (>= 5.10.0-14) | libcgi-pm-perl (>= 3.33)

so as to be nice to backporters too.

It will take at least a week to get the fix in unstable, as we
want 5.10.0-13 in testing first. We could either let the unbuildable
libapache2-mod-perl2/2.0.4-2 stay in sid until then, or upload an
intermediate version in between.
-- 
Niko Tyni   [EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#493446: marked as done (gpmudmon-applet: FTBFS: Could not find gtkdatabox_marker.h)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 15:32:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#493446: fixed in gpmudmon-applet 0.4.4-1
has caused the Debian Bug report #493446,
regarding gpmudmon-applet: FTBFS: Could not find gtkdatabox_marker.h
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
493446: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493446
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: gpmudmon-applet
Version: 0.4.3-1
Severity: serious

From my pbuilder build log:

...
Making all in src 
make[3]: Entering directory `/tmp/buildd/gpmudmon-applet-0.4.3/src'
gcc -DHAVE_CONFIG_H -I. -I. -I.. -DORBIT2=1 -pthread -I/usr/include/gtk-2.0 
-I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -
I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 
-I/usr/lib/glib-2.0/include -I/usr/include/freetype2 -
I/usr/include/libpng12 -I/usr/include/pixman-1 -I/usr/include/panel-2.0 
-I/usr/include/libgnomeui-2.0 -
I/usr/include/libbonoboui-2.0 -I/usr/include/libart-2.0 -I/usr/include/gconf/2 
-I/usr/include/gnome-keyring-1 -
I/usr/include/libgnome-2.0 -I/usr/include/libgnomecanvas-2.0 
-I/usr/include/gnome-vfs-2.0 -I/usr/lib/gnome-vfs-2.0/include 
-I/usr/include/orbit-2.0 -I/usr/include/libbonobo-2.0 
-I/usr/include/bonobo-activation-2.0 -I/usr/include/libxml2 -
I/usr/include/gail-1.0   -DICONDIR=\""/usr/share/pixmaps"\" 
-DSHARE_DIR=\"/usr/share\" -
DPACKAGE_DIR=\"/usr/share/gpmudmon-applet\" 
-DGNOMELOCALEDIR=\""/usr/share/locale"\"-g -O2 -g -Wall -O2 -c 
gpmudmon.c 
gpmudmon.c:39:31: error: gtkdatabox_marker.h: No such file or directory 
gpmudmon.c: In function 'graph_timer':  
gpmudmon.c:242: error: 'GTK_DATABOX_TEXT_NW' undeclared (first use in this 
function)   
 
gpmudmon.c:242: error: (Each undeclared identifier is reported only once
gpmudmon.c:242: error: for each function it appears in.)
gpmudmon.c:244: error: 'GTK_DATABOX_TEXT_NE' undeclared (first use in this 
function)   
 
gpmudmon.c:246: error: 'GTK_DATABOX_TEXT_N' undeclared (first use in this 
function)   
  
gpmudmon.c:247: warning: implicit declaration of function 
'gtk_databox_marker_set_label'  
  
gpmudmon.c:247: warning: implicit declaration of function 'GTK_DATABOX_MARKER'
gpmudmon.c:252: error: 'GTK_DATABOX_TEXT_SW' undeclared (first use in this 
function)
gpmudmon.c:254: error: 'GTK_DATABOX_TEXT_SE' undeclared (first use in this 
function)
gpmudmon.c:256: error: 'GTK_DATABOX_TEXT_S' undeclared (first use in this 
function)
gpmudmon.c:261: warning: implicit declaration of function 'gtk_databox_redraw'
make[3]: *** [gpmudmon.o] Error 1
make[3]: Leaving directory `/tmp/buildd/gpmudmon-applet-0.4.3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/tmp/buildd/gpmudmon-applet-0.4.3'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/tmp/buildd/gpmudmon-applet-0.4.3'
make: *** [debian/stamp-makefile-build] Error 2
dpkg-buildpackage: failure: debian/rules build gave error exit status 2
-- 
Daniel Schepler



--- End Message ---
--- Begin Message ---
Source: gpmudmon-applet
Source-Version: 0.4.4-1

We believe that the bug you reported is fixed in the latest version of
gpmudmon-applet, which is due to be installed in the Debian FTP archive:

gpmudmon-applet_0.4.4-1.diff.gz
  to pool/main/g/gpmudmon-applet/gpmudmon-applet_0.4.4-1.diff.gz
gpmudmon-applet_0.4.4-1.dsc
  to pool/main/g/gpmudmon-applet/gpmudmon-applet_0.4.4-1.dsc
gpmudmon-applet_0.4.4-1_powerpc.deb
  to pool/main/g/gpmudmon-applet/gpmudmon-applet_0.4.4-1_powerpc.deb
gpmudmon-applet_0.4.4.orig.tar.gz
  to pool/main/g/gpmudmon-applet/gpmudmon-applet_0.4.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Uwe Steinmann <[EMAIL PROTECTED]> (supplier of updated gpmudmon-applet package)

(This message was generated automatically at their request; if you
believe that there is a pro

Bug#494982: offlineimap: crashes on reusing an open connection

[Tanguy Ortolo]

Package: offlineimap
Version: 6.0.2
Severity: grave
Tags: patch
Justification: renders package unusable

OfflineIMAP crashes with backtrace, I think when it tries to reuse an already
open connection. Here is the backtrace, that is rather self-explaining:
> Main program terminated with exception:
> Traceback (most recent call last):
>   File "/var/lib/python-support/python2.4/offlineimap/init.py", line 198, in 
> startup
> threadutil.exitnotifymonitorloop(threadutil.threadexited)
>   File "/var/lib/python-support/python2.4/offlineimap/threadutil.py", line 
> 116, in exitnotifymonitorloop
> exitthreads.task_done()
> AttributeError: Queue instance has no attribute 'task_done'

It seems that Queue.task_done() is new in Python 2.5. On my Debian "Etch with
some testing and unstable packages", I have both Python 2.4 and 2.5 installed,
but /usr/bin/python still points to python2.4, no idea why.

So, running offlineimap with "/usr/bin/env python2.5" instead of "/usr/bin/env
python" solves that problem, but I do not know if that is the clean way to do
it.

Regards,

-- 
Tanguy

-- System Information:
Debian Release: lenny/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-k7
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages offlineimap depends on:
ii  python2.4.4-2An interactive high-level object-o
ii  python-support0.7.7  automated rebuilding support for P

offlineimap recommends no packages.

-- no debconf information
--- offlineimap.py.old  2008-08-13 17:25:41.0 +0200
+++ offlineimap.py  2008-08-13 17:25:56.0 +0200
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.5
 # Startup from single-user installation
 # Copyright (C) 2002 - 2008 John Goerzen
 # <[EMAIL PROTECTED]>

Bug#494303: use synaptic

[Marius Mikucionis]

doh! I also bumped into this one on a more outdated machine.
interestingly, the other two (more up-to-date) ones did not show this
problem and upgrade silently succeeded.
I guess these packages were not designed to be upgraded in "one big hop"
skipping some intermediate versions.

I worked-around this using synaptic by doing the following:
1) mark libdjvulibre21 for reinstallation (appears as broken)
2) mark libdjvulibre15 for total removal
3) mark djvulibre-desktop for installation
4) click apply to apply all these changes simultaneously
5) mark libdjvulibre-text to install
6) mark djvulibre-desktopt remove
7) click apply

I guess libdjvulibre-text should have a conflict with libdjvulibre15 the
same way as djvulibre-desktop does.

Bug#445772: marked as done (gnat-gps: FTBFS: unsat b-deps: libgnatprj-dev: Depends: gnat-4.2 (= 4.2.1-7) but it is not going to be installed)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 15:17:06 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445772: fixed in gnat-gps 4.3~2008.08.09
has caused the Debian Bug report #445772,
regarding gnat-gps: FTBFS: unsat b-deps: libgnatprj-dev: Depends: gnat-4.2 (= 
4.2.1-7) but it is not going to be installed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
445772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445772
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: gnat-gps
version: 4.0.1-6
Severity: serious
User: [EMAIL PROTECTED]
Usertags: qa-ftbfs-20071007 qa-ftbfs
Justification: FTBFS on i386

Hi,

During a rebuild of all packages in sid, your package failed to build on i386.

Relevant part:
** Using build dependencies supplied by package:
Build-Depends: gnat (>= 4.1), libgnatprj-dev, libgnatvsn-dev, python-dev, 
libtemplates-parser-dev, libgtkada2-dev (>= 2.8.1-3), tcl8.4-dev, 
libcairo2-dev, debhelper (>= 4.2.13), quilt
Build-Depends-Indep: debhelper (>> 4.2.13), texinfo, texlive-base-bin, 
texlive-fonts-recommended, texlive-latex-base, imagemagick, quilt, 
texlive-generic-recommended
Checking for already installed source dependencies...
gnat: missing
Using default version 4.1.2-11
libgnatprj-dev: missing
libgnatvsn-dev: missing
python-dev: missing
libtemplates-parser-dev: missing
libgtkada2-dev: missing
Using default version 2.8.1-6
tcl8.4-dev: missing
libcairo2-dev: missing
debhelper: missing
Using default version 5.0.57
quilt: missing
debhelper: missing
Using default version 5.0.57
texinfo: missing
texlive-base-bin: missing
texlive-fonts-recommended: missing
texlive-latex-base: missing
imagemagick: missing
quilt: missing
texlive-generic-recommended: missing
Checking for source dependency conflicts...
Reading package lists...
Building dependency tree...
Reading state information...
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
  libgnatprj-dev: Depends: gnat-4.2 (= 4.2.1-7) but it is not going to be 
installed
  libgnatvsn-dev: Depends: gnat-4.2 (= 4.2.1-7) but it is not going to be 
installed
E: Broken packages
apt-get failed.
Package installation failed
Trying to reinstall removed packages:
Trying to uninstall newly installed packages:
Source-dependencies not satisfied; skipping gnat-gps

The full build log is available from
http://people.debian.org/~lucas/logs/2007/10/07

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot containing a sid i386
environment.  Internet was not accessible from the build systems.

-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |


--- End Message ---
--- Begin Message ---
Source: gnat-gps
Source-Version: 4.3~2008.08.09

We believe that the bug you reported is fixed in the latest version of
gnat-gps, which is due to be installed in the Debian FTP archive:

gnat-gps-doc_4.3~2008.08.09_all.deb
  to pool/main/g/gnat-gps/gnat-gps-doc_4.3~2008.08.09_all.deb
gnat-gps_4.3~2008.08.09.diff.gz
  to pool/main/g/gnat-gps/gnat-gps_4.3~2008.08.09.diff.gz
gnat-gps_4.3~2008.08.09.dsc
  to pool/main/g/gnat-gps/gnat-gps_4.3~2008.08.09.dsc
gnat-gps_4.3~2008.08.09.orig.tar.gz
  to pool/main/g/gnat-gps/gnat-gps_4.3~2008.08.09.orig.tar.gz
gnat-gps_4.3~2008.08.09_amd64.deb
  to pool/main/g/gnat-gps/gnat-gps_4.3~2008.08.09_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovic Brenta <[EMAIL PROTECTED]> (supplier of updated gnat-gps package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 16:07:09 +0200
Source: gnat-gps
Binary: gnat-gps gnat-gps-doc
Architecture: source all amd64

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

Dmitry E. Oboukhov wrote:
> On 00:38 Thu 14 Aug , Sven Dowideit wrote:
> SD> No, I was told by Nico or Joey that web apps should not be filling up
> SD> the /var filesystem with session files.
> 
> SD> this is apparently also _not_ a solution.
> 
> SD> /tmp was determined in October 2007 as the best place
> 
> Ok, Yoy can do it (in your postinst):
> 
> twiki_session_dir=`mktemp -d /tmp/twiki.XX`
> chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data
> chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data
> perl -pi -e "s/(TempfileDir).*/$1} = '$twiki_session_dir';" \
> /etc/twiki/LocalSite.cfg
> 
> attributes must be 0750 or 0770 or 0700 if owner==www-data
> or 1770 if owner != www-data ($TWIKI_OWNER)
> 
and then on upgrade, create another one because the user selected to
overwrite the cfg, and so on - sounds like its less of a solution than
to use a predictable dir, with a more appropriate attempt to make sure
its safe.

it worries me that you appear to be contradicting the permissions I was
required to set up for #444982 - I'm not quite sure who's advice should
get priority - Joey's or yours.

Perhaps I should set up a google fight.

Sven



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

On 00:38 Thu 14 Aug , Sven Dowideit wrote:
SD> No, I was told by Nico or Joey that web apps should not be filling up
SD> the /var filesystem with session files.

SD> this is apparently also _not_ a solution.

SD> /tmp was determined in October 2007 as the best place

Ok, Yoy can do it (in your postinst):

twiki_session_dir=`mktemp -d /tmp/twiki.XX`
chown www-data:www-data $twiki_session_dir # or chown $TWIKI_OWNER:www-data
chmod 0750 $twiki_session_dir # or chmod 1770 if $TWIKI_OWNER != www-data
perl -pi -e "s/(TempfileDir).*/$1} = '$twiki_session_dir';" \
/etc/twiki/LocalSite.cfg

attributes must be 0750 or 0770 or 0700 if owner==www-data
or 1770 if owner != www-data ($TWIKI_OWNER)

--
... mpd is off

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

Yes, you should not share CGI::Session files, it does lead to leakage,
and really odd side effects.

Olivier Berger wrote:
> Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit :
>> On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
>>
>>> so Dmitry,
>>>
>>> if you were trying to actually help get this fixed, I presume you would
>>> have suggested that I just patch the code to
>>>
>>> rm /tmp/twiki
>>> and then create it?
>>>
>>> or what are you actually suggesting?
>>>
>> No.  Don't touch/use predictable file names in /tmp.
>>
> 
> Which leads us again to something like /var/run/twiki/session/
> or /var/lib/twiki/tmp/session/ or some other custom path, with some
> garbage collection (cronjob ?) and all the fuss ?
> 
> Maybe there are best practice use of CGI::Session somewhere ?
> 
> ... not to mention other uses of the other files created in /tmp/twiki
> at the moment... but the most critical seems to be the dir creation in
> the postinst.
> 
> Or maybe simply not create a separate dir for session files and use
> plain clear /tmp for CGI::Session files ? Unless that leads to potential
> information leaks ?
> 
> Follow-up to :
> http://lists.debian.org/debian-devel/2008/08/msg00340.html ?
> 
> My 2 cents,



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

No, I was told by Nico or Joey that web apps should not be filling up
the /var filesystem with session files.

this is apparently also _not_ a solution.

/tmp was determined in October 2007 as the best place



Dmitry E. Oboukhov wrote:
> On 00:17 Thu 14 Aug , Sven Dowideit wrote:
> SD> these are _WEB_ session files.
> 
> SD> there are no user directories.
> then it must have 
> user:group == www-data:www-data
> and attributes = 0700 or 0770 or 0750
> 
> and be placed to /var/???/twiki
> 
> SD> Dmitry E. Oboukhov wrote:
> SD>>> so Dmitry,
> SD>> 
> SD>>> if you were trying to actually help get this fixed, I presume you would
> SD>>> have suggested that I just patch the code to
> SD>> 
> SD>>> rm /tmp/twiki
> SD>>> and then create it?
> SD>> 
> SD>>> or what are you actually suggesting?
> SD>> 
> SD>>> Sven
> SD>> 
> SD>> At my oppinion You can oblige user to create this temp-dir
> SD>> in his directories and use user copy of LocalSite.cfg instead system
> SD>> config ($TWiki::cfg{RCS}{WorkAreaDir}).
> SD>> 
> SD>> hmm
> SD>> 
> SD>> --
> SD>> ... mpd playing: U.D.O. - Private Eye
> SD>> 
> SD>> . ''`. Dmitry E. Oboukhov
> SD>> : :’  : [EMAIL PROTECTED]
> SD>> `. `~’ GPGKey: 1024D / F8E26537 2006-11-21
> SD>>   `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537
> --
> ... mpd is off
> 
> . ''`. Dmitry E. Oboukhov
> : :’  : [EMAIL PROTECTED]
> `. `~’ GPGKey: 1024D / F8E26537 2006-11-21
>   `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Olivier Berger]

Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit :
> On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
> 
> > so Dmitry,
> > 
> > if you were trying to actually help get this fixed, I presume you would
> > have suggested that I just patch the code to
> > 
> > rm /tmp/twiki
> > and then create it?
> > 
> > or what are you actually suggesting?
> > 
> No.  Don't touch/use predictable file names in /tmp.
> 

Which leads us again to something like /var/run/twiki/session/
or /var/lib/twiki/tmp/session/ or some other custom path, with some
garbage collection (cronjob ?) and all the fuss ?

Maybe there are best practice use of CGI::Session somewhere ?

... not to mention other uses of the other files created in /tmp/twiki
at the moment... but the most critical seems to be the dir creation in
the postinst.

Or maybe simply not create a separate dir for session files and use
plain clear /tmp for CGI::Session files ? Unless that leads to potential
information leaks ?

Follow-up to :
http://lists.debian.org/debian-devel/2008/08/msg00340.html ?

My 2 cents,
-- 
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

So are you suggesting that I instead fill up /tmp directly with
thousands of cgisess_123412 files?

because the location that those files go into needs to be predictable -
so that each cgi script goes to the same place.



Julien Cristau wrote:
> On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:
> 
>> so Dmitry,
>>
>> if you were trying to actually help get this fixed, I presume you would
>> have suggested that I just patch the code to
>>
>> rm /tmp/twiki
>> and then create it?
>>
>> or what are you actually suggesting?
>>
> No.  Don't touch/use predictable file names in /tmp.
> 
> Cheers,
> Julien



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494926: knetwalk crash when puzzle completed

[Ana Guerrero]

On Wed, Aug 13, 2008 at 08:03:28AM +0200, Olivier Delemar wrote:
> Package: knetwalk
> Version: 4:3.5.5-1
> Severity: grave
> Justification: renders package unusable
> 
> At the end of each game, whatever is the level, knetwalk crashes with a
> "sig 11" reported by KDE.
>

Could you instal kdegames-dbg and provide an useful backtrace?

More info:
http://techbase.kde.org/Development/Tutorials/Debugging/How_to_create_useful_crash_reports

Ana




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#491505: [package varmon] varmon segfaults on Etch i386

[Julien Danjou]

Hi Christoph,

At 1218635679 time_t, Christoph Franzen wrote:
> However, I need a few days/weeks to set that up in my spare time.
> Please tell me if you are interested and provide the following
> information:
> 
> 1) Your desired user name on the machine

jd

> 2) Software packages that MUST be installed (specific versions needed?)

All build-dep of varmon + gdb + eletric fence might help.
Anyway I'll need root access to control the array so you can let me apt-get 
myself.

> 3) Software packages that MUST NOT be installed

FreeBSD. ;)

> 4) Any wishes regarding the hardware

amd64 might be better, but i386 will be fine.

> If you are interested I will maintain this machine as long as it is
> needed and I am able to. Besides, I speak also french (I mention
> this because your name sounds french to me).

Yes, I'm french.
I'm interested in fixing that problem. It won't take weeks, I'll let you
know as soon as I find and fix it and you'll be able to unplug the box.
:)

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

these are _WEB_ session files.

there are no user directories.


Dmitry E. Oboukhov wrote:
> SD> so Dmitry,
> 
> SD> if you were trying to actually help get this fixed, I presume you would
> SD> have suggested that I just patch the code to
> 
> SD> rm /tmp/twiki
> SD> and then create it?
> 
> SD> or what are you actually suggesting?
> 
> SD> Sven
> 
> At my oppinion You can oblige user to create this temp-dir
> in his directories and use user copy of LocalSite.cfg instead system
> config ($TWiki::cfg{RCS}{WorkAreaDir}).
> 
> hmm
> 
> --
> ... mpd playing: U.D.O. - Private Eye
> 
> . ''`. Dmitry E. Oboukhov
> : :’  : [EMAIL PROTECTED]
> `. `~’ GPGKey: 1024D / F8E26537 2006-11-21
>   `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

debian-bugs-rc@lists.debian.org

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.10.35
> forwarded 494969 
> http://sourcesup.cru.fr/tracker/index.php?func=detail&aid=4430
Bug#494969: sympa: Leftover debug code may lead to data loss
Noted your statement that Bug has been forwarded to 
http://sourcesup.cru.fr/tracker/index.php?func=detail&aid=4430.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Julien Cristau]

On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote:

> so Dmitry,
> 
> if you were trying to actually help get this fixed, I presume you would
> have suggested that I just patch the code to
> 
> rm /tmp/twiki
> and then create it?
> 
> or what are you actually suggesting?
> 
No.  Don't touch/use predictable file names in /tmp.

Cheers,
Julien



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#493363: Some SVG images make kio_thumbnail / Konqueror take 95% CPU and more than 1GB of memory

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> forwarded 493363 http://bugs.kde.org/show_bug.cgi?id=106847
Bug#493363: ksvg: Some SVG images make kio_thumbnail / Konqueror take 95% CPU 
and more than 1GB of memory
Noted your statement that Bug has been forwarded to 
http://bugs.kde.org/show_bug.cgi?id=106847.
(By the way, this Bug is currently marked as done.)

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#493363: Some SVG images make kio_thumbnail / Konqueror take 95% CPU and more than 1GB of memory

[Steve Cotton]

forwarded 493363 http://bugs.kde.org/show_bug.cgi?id=106847
quit

> Nice. could you forward this patch to the KDE SVN, so they can merge it into
> KDE 3.5.10?
> I would do but it is your patch :D

Thanks Ana, I've sent it to their Bugzilla.

Steve



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: your mail

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> found 494969 5.3.4-5
Bug#494969: sympa: Leftover debug code may lead to data loss
Bug marked as found in version 5.3.4-5.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: The possibility of attack with the help of symlinks in some Debian packages

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> found 494648 1:4.0.5-9.1
Bug#494648: The possibility of attack with the help of symlinks in some Debian 
packages
Bug marked as found in version 1:4.0.5-9.1.

> found 494648 1:4.1.2-3.2
Bug#494648: The possibility of attack with the help of symlinks in some Debian 
packages
Bug marked as found in version 1:4.1.2-3.2.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#491505: [package varmon] varmon segfaults on Etch i386

[Christoph Franzen]

Julien,

Am Mon, 11 Aug 2008 22:35:12 +0200 schrieb Julien Danjou
<[EMAIL PROTECTED]>:
> At 1218482627 time_t, Philipp Kern wrote:
> > there is a Release Critical bug filed against your package.
> > Unfortunately this package (varmon) needs special hardware to test
> > it. Could you please look if the problem the submitter faces is
> > currently reproduceable in Lenny?  (The upstream version is the
> > same, though.)
> 
> No, because I don't have the hardware neither.

I have got a spare DAC960PL Dual Channel Fast Wide SCSI RAID
Controller with a few suitable disks, so I can build a Pentium II test
box from that, install Lenny onto it, and give you SSH access.
The box can be up permanently with full internet access via ADSL with a
permanent IP address.

However, I need a few days/weeks to set that up in my spare time.
Please tell me if you are interested and provide the following
information:

1) Your desired user name on the machine
2) Software packages that MUST be installed (specific versions needed?)
3) Software packages that MUST NOT be installed
4) Any wishes regarding the hardware
5) Anything else which would help you

If you are interested I will maintain this machine as long as it is
needed and I am able to. Besides, I speak also french (I mention
this because your name sounds french to me).

> The etch version already had this problem (segfault) and it was
> avoided recompiling with a different -O option to gcc, see #401236.
> 
> So I've no clue on how to debug and fix, and lenny may be affected
> anyway.

It is the Etch version that I am using, and it HAS got the problem
here. So I think the workaround doesn't help in all cases.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494969: sympa: Leftover debug code may lead to data loss

[Olivier Berger]

Package: sympa
Version: 5.2.3-1.2+etch1
Severity: critical
Justification: causes serious data loss
Tags: security

Thanks to Dmitry E. Oboukhov, for spotting that the following code in Sympa 
leads to potential data loss due to symlink attacks (I think) :

In wwsympa.fcgi :
 open TMP, ">/tmp/dump";
 $document->dump(\*TMP);
 close TMP;

 open TMP, ">/tmp/dump2";
 &tools::dump_var ($param, 0, \*TMP);
 close TMP;

I'm not completely sure this may be called nor when, but if it may, then better 
not have /tmp/dump linked to something the CGI could write to.

In any case, such code seems like debug to me, so should be removed I guess (to 
be notified upstream, too).

Code in sympa.pl about --make_alias_file option may exhibit a similar 
vulnerability too, although that may not be invoked unless under admin control 
with a more or less changing filename... so may need more testing and analysis 
on that second one.

Source : http://uvw.ru/report.lenny.txt, 
http://lists.debian.org/debian-devel/2008/08/msg00312.html

Hope this helps,


-- System Information:
Debian Release: lenny/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-openvz-24-004.1d1-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sympa depends on:
ii  adduser  3.108   add and remove users and groups
ii  debconf [debconf-2.0]1.5.22  Debian configuration management sy
ii  exim4-daemon-light [mail-tra 4.69-6  lightweight Exim MTA (v4) daemon
pn  libarchive-zip-perl(no description available)
ii  libc62.7-13  GNU C Library: Shared libraries
pn  libcgi-fast-perl   (no description available)
pn  libcrypt-ciphersaber-perl  (no description available)
pn  libdbd-mysql-perl | libdbd-p   (no description available)
ii  libdbi-perl  1.605-1 Perl5 database interface by Tim Bu
ii  libfcgi-perl 0.67-2.1+b1 FastCGI Perl module
ii  libintl-perl 1.16-4  Uniforum message translations syst
ii  libio-stringy-perl   2.110-4 Perl modules for IO from scalars a
ii  libmailtools-perl2.03-1  Manipulate email in perl programs
pn  libmd5-perl(no description available)
ii  libmime-perl 5.427-1 transitional dummy package
ii  libmime-tools-perl [libmime- 5.427-1 Perl5 modules for MIME-compliant m
pn  libmsgcat-perl (no description available)
pn  libnet-ldap-perl   (no description available)
pn  libtemplate-perl   (no description available)
ii  libxml-libxml-perl   1.66-1+b1   Perl module for using the GNOME li
pn  mhonarc(no description available)
ii  perl [libmime-base64-perl]   5.10.0-11.1 Larry Wall's Practical Extraction 
pn  perl-suid  (no description available)
ii  sysklogd [system-log-daemon] 1.5-5   System Logging Daemon

Versions of packages sympa recommends:
ii  doc-base  0.8.16 utilities to manage online documen
ii  logrotate 3.7.1-3Log rotation utility

Versions of packages sympa suggests:
ii  apache2-mpm-prefork [httpd]   2.2.9-6Apache HTTP Server - traditional n
pn  libapache-mod-fastcgi  (no description available)
pn  mysql-server | postgresql  (no description available)
ii  openssl   0.9.8g-12  Secure Socket Layer (SSL) binary a

-- 
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: closed by Sven Dowideit <[EMAIL PROTECTED]> (duplicate of Bug#444982, which was fixed in Oct 2007)

[Olivier Berger]

Le mercredi 13 août 2008 à 22:49 +1000, Sven Dowideit a écrit :
> I have bugger all knowledge on how to use the debian bugs system, and to
> be honest, keep finding it quite unhelpful.
> 

Please don't send anything but commands to [EMAIL PROTECTED]
too ;)

> so. you have now bothered to tell me what the problem is. thanks :/
> 
> weird that we worked on this last year, but this was not noticed. I
> would still like to know what exactly _is_ the debain policy for
> creating safe session file locations.
> 

That's just why I just sent a mail to debian-devel asking for more
details on that very policy subject.

Hope this will help somehow.

Best regards,
-- 
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

so Dmitry,

if you were trying to actually help get this fixed, I presume you would
have suggested that I just patch the code to

rm /tmp/twiki
and then create it?

or what are you actually suggesting?

Sven


Dmitry E. Oboukhov wrote:
> 
> Where?
> 
> $curl 
> http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.1.2-3.2.diff.gz 
> 2>/dev/null|gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/'
> 
> +   #put into /tmp/twiki so that the open dir can't be used by others to
> fill up /var, thus crashing all logging
> +   if [ ! -e /tmp/twiki ]; then
> +   mkdir /tmp/twiki
> +   chmod 1777 /tmp/twiki
> +   chown $TWIKI_OWNER.www-data /tmp/twiki
> 
> http://packages.qa.debian.org/t/twiki.html
> Stable   1:4.0.5-9.1
> Testing  1:4.1.2-3.2
> Unstable 1:4.1.2-3.2
> 
> for etch:
> 
> $ curl
> http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.0.5-9.1.diff.gz 
> 2>/dev/null |gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/' 
> +   if [ ! -e /tmp/twiki ]; then
> +   mkdir /tmp/twiki 
> +   chmod 777 /tmp/twiki 
> +   chown $TWIKI_OWNER.www-data /tmp/twiki
> 
> SK> c.  Except in Etch. 
> 
> and lenny and sid
> 
> SK> Steve



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Olivier Berger]

Le mercredi 13 août 2008 à 13:57 +0100, Steve Kemp a écrit :
>   My understanding of the discussion thus far is:
> 
> a.  This is a genuine bug.
> b.  Which has been fixed.
> c.  Except in Etch.

No, as :

Le mercredi 13 août 2008 à 16:39 +0400, Dmitry E. Oboukhov a écrit :
> reopen 494648
> thanks
> 
> If you want, You may merge the bugs 444982 494648, dont close!
> 
> $ ln -s /etc/shadow /tmp/twiki
> $ LANG=C sudo apt-get install twiki
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> 
> Setting up twiki (1:4.1.2-3.2) ...
> Adding password for user TWikiGuest
> Adding password for user admin
> reloading apache2 config
> Reloading web server config: apache2.
> $ ll /etc/shadow
> -rwxrwxrwt 1 www-data www-data 1339 Июл 28 10:26 /etc/shadow
> 

I guess it's still there for lenny, then.

Regards,
-- 
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Dmitry E. Oboukhov]

On 13:57 Wed 13 Aug , Steve Kemp wrote:
SK> On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:

SK>> no, its got nothing to do with /var/lib/twiki/data etc, its the location
SK>> for session data - produced by CGI::Session etc.

SK> Yes it does.

SK> The code we're talking about is contained in the file debian/postinst,
SK> and only executes under the following condition:

SK> # create initial htpasswd, if needed
SK> if [ -e /var/lib/twiki/data ]; then

SK> ...
SK> ...
SK> #create securer-twiki session dir
SK> mkdir ...

SK> fi

SK> My understanding of the discussion thus far is:

SK> a.  This is a genuine bug.
SK> b.  Which has been fixed.

Where?

$curl http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.1.2-3.2.diff.gz 
2>/dev/null|gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/'

+   #put into /tmp/twiki so that the open dir can't be used by others to
fill up /var, thus crashing all logging
+   if [ ! -e /tmp/twiki ]; then
+   mkdir /tmp/twiki
+   chmod 1777 /tmp/twiki
+   chown $TWIKI_OWNER.www-data /tmp/twiki

http://packages.qa.debian.org/t/twiki.html
Stable   1:4.0.5-9.1
Testing  1:4.1.2-3.2
Unstable 1:4.1.2-3.2

for etch:

$ curl
http://ftp.nl.debian.org/debian/pool/main/t/twiki/twiki_4.0.5-9.1.diff.gz 
2>/dev/null |gunzip|grep -A 219 '^[+]\{3\}.*postinst'|grep '/tmp/' 
+   if [ ! -e /tmp/twiki ]; then
+   mkdir /tmp/twiki 
+   chmod 777 /tmp/twiki 
+   chown $TWIKI_OWNER.www-data /tmp/twiki

SK> c.  Except in Etch. 

and lenny and sid

SK> Steve
--
... mpd playing: U.D.O. - Man And Machine

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Olivier Berger]

Le mercredi 13 août 2008 à 12:52 +0200, Olivier Berger a écrit :
> Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
> > Nico,
> > 
> > /var/run - I'll keep that in mind for post lenny - I was really hoping
> > that debian had a place for this sort of session data, but didn't manage
> > to get there - thanks :)
> > 
> 
> Maybe there is a web apps policy to be determined here (unless it exists
> alread ?)
> 
> For instance, when considering recent issues with session files in
> phpgroupware, I noticed that with php5, by default sessions may be saved
> in /var/lib/php5/. But as we needed some kind of admin management of
> sessions of users (like killing them) it led us to have them (back)
> into /var/lib/phpgroupware/sessions/. I guess I've asked for some policy
> or guidelines but got no answer.
> 
> Le mercredi 13 août 2008 à 22:12 +1000, Sven Dowideit a écrit :
>
> the best irony of this bug, is :
> 
> > I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files
> in tmp are written by CGI::Session, that takes care of things.
> >
> > I also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point
> wrt to filling /var
> 

I'm not sure it's safe to remind old discussions about #444982 ;-), but
anyway, looks to me like the filling of /var should be avoided by TWiki
if possible, at least if we speak about temporary files that would never
be deleted (such as session files, since you don't know if the user will
continue the Web app's session, and need to keep them for some while, in
principle. Timeout may depend on apps there, however).

As I understand it, wrt session files created with CGI::Session, they
should be named in a consistent way, AFAIK ("cgisess_" prefix, if I can
trust man CGI::Session::Driver::file, and no further customizations).

Maybe a storage in some /var/[run/|tmp/|lib/twiki/tmp] (please correct
me with proper path wrt policy+FHS) and a cron script would be best ?
Like for php5 : /etc/cron.d/php5 :
09,39 * * * * root   [ -x /usr/lib/php5/maxlifetime ] && [ -d 
/var/lib/php5 ] && find /var/lib/php5/ -type f -cmin 
+$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm

But maybe it would be best to have some policy concerning CGI:Session's 
default dir and purge cronjob, and no overloading of of the default 
storage path, like in :
new CGI::Session("driver:file", $sid, {Directory=>'whatever /tmp dir'}); 
in perl apps using it ?

Of course there may be some garbage collecting on these session files
active here (for instance in php, its deactivated by default, I think).

With respect to other temp files stored in {TempfileDir}, then I expect
them to be auto-deleted by the script which uses them, so there should
be less risks of filling /var.

I guess much of this discussion is not twiki specific and relates to use
of CGI::Session... and may apply to other web packages too... hence area
for other security checks ? (and policy ?)

My 2 cents again.
-- 
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Steve Kemp]

On Wed Aug 13, 2008 at 22:51:00 +1000, Sven Dowideit wrote:

> no, its got nothing to do with /var/lib/twiki/data etc, its the location
> for session data - produced by CGI::Session etc.

  Yes it does.
  
  The code we're talking about is contained in the file debian/postinst,
 and only executes under the following condition:

 # create initial htpasswd, if needed
 if [ -e /var/lib/twiki/data ]; then

...
...
#create securer-twiki session dir
mkdir ...

 fi

  My understanding of the discussion thus far is:

a.  This is a genuine bug.
b.  Which has been fixed.
c.  Except in Etch.

Steve
-- 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

no, its got nothing to do with /var/lib/twiki/data etc, its the location
for session data - produced by CGI::Session etc.

Olivier Berger wrote:
> Le mercredi 13 août 2008 à 11:12 +0100, Steve Kemp a écrit :
>> On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
> 
>>I know that I can coerce it into working:
>>
>> [EMAIL PROTECTED]:~$ sudo rm -rf /tmp/twiki
>> [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki
>> [EMAIL PROTECTED]:~$ sudo /var/lib/dpkg/info/twiki.postinst configure
>> Reloading web server config...3224
>> .
>> [EMAIL PROTECTED]:~$ ls -l /etc/shadow
>> -rwxrwxrwx 1 www-data www-data 1093 2008-08-13 10:35 /etc/shadow
>>
>>   I guess the difference is relating to the presence, or not, of 
>>  /var/lib/twiki/data ?
>>
>>   Looks like merely installing the package wouldn't trigger this,
>>  but an upgrade might.  Or something like that !
>>
> 
> And note that it may also be the same on a second install too, if after
> a first install, and a first removal, but which may have left over stuff
> in /var/lib/twiki/data ... which is not necessarily automatically purged
> on removal :-/
> 
> Just my 2 cents,

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: closed by Sven Dowideit <[EMAIL PROTECTED]> (duplicate of Bug#444982, which was fixed in Oct 2007)

[Sven Dowideit]

I have bugger all knowledge on how to use the debian bugs system, and to
be honest, keep finding it quite unhelpful.

so. you have now bothered to tell me what the problem is. thanks :/

weird that we worked on this last year, but this was not noticed. I
would still like to know what exactly _is_ the debain policy for
creating safe session file locations.

sven

Dmitry E. Oboukhov wrote:
> reopen 494648
> thanks
> 
> If you want, You may merge the bugs 444982 494648, dont close!
> 
> $ ln -s /etc/shadow /tmp/twiki
> $ LANG=C sudo apt-get install twiki
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> 
> Setting up twiki (1:4.1.2-3.2) ...
> Adding password for user TWikiGuest
> Adding password for user admin
> reloading apache2 config
> Reloading web server config: apache2.
> $ ll /etc/shadow
> -rwxrwxrwt 1 www-data www-data 1339 ??? 28 10:26 /etc/shadow
> 
> 
> 
> On 12:09 Wed 13 Aug , Debian Bug Tracking System wrote:
> 
> DBTS> This is an automatic notification regarding your Bug report
> DBTS> which was filed against the twiki package:
> 
> DBTS> #494648: The possibility of attack with the help of symlinks in some 
> Debian packages
> 
> DBTS> It has been closed by Sven Dowideit <[EMAIL PROTECTED]>.
> 
> DBTS> Their explanation is attached below along with your original report.
> DBTS> If this explanation is unsatisfactory and you have not received a
> DBTS> better one in a separate message then please contact Sven Dowideit 
> <[EMAIL PROTECTED]> by
> DBTS> replying to this email.
> 
> DBTS> --
> DBTS> 494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
> DBTS> Debian Bug Tracking System
> DBTS> Contact [EMAIL PROTECTED] with problems
> 
> DBTS> Date: Wed, 13 Aug 2008 22:06:46 +1000
> DBTS> From: Sven Dowideit <[EMAIL PROTECTED]>
> DBTS> To: [EMAIL PROTECTED]
> DBTS> Subject: duplicate of Bug#444982, which was fixed
> DBTS> in Oct 2007
> DBTS> User-Agent: Mozilla-Thunderbird 2.0.0.16
> DBTS> (X11/20080724)
> 
> DBTS> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982
> 
> DBTS> Implemented Joey's suggestion of 1777 & O_EXCL - mostly the files in
> DBTS> /tmp are written by CGI::Session, that takes care of things.
> DBTS> Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt
> DBTS> to filling /var
> 
> DBTS> --
> DBTS> Professional Wiki Innovation and Support
> DBTS> Sven Dowideit - http://DistributedINFORMATION.com
> DBTS> A WikiRing Partner - http://wikiring.com
> DBTS> Public key -
> DBTS> 
> http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on
> 
> DBTS> Date: Mon, 11 Aug 2008 10:57:56 +0400
> DBTS> From: "Dmitry E. Oboukhov" <[EMAIL PROTECTED]>
> DBTS> To: [EMAIL PROTECTED]
> DBTS> Subject: The possibility of attack with the help of
> DBTS> symlinks in some Debian packages
> 
> DBTS> Package: twiki
> DBTS> Severity: grave
> DBTS> Tags: security
> 
> DBTS> This message about the error concerns a few packages  at  once.   I've
> DBTS> tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
> DBTS> config scripts were tested.
> 
> DBTS> In some packages I've discovered scripts with errors which may be used
> DBTS> by a user for damaging important system files.
> 
> DBTS> For example if a script uses in its work a temp file which is  created
> DBTS> in /tmp directory, then every user can create symlink  with  the  same
> DBTS> name in this directory in order to  destroy  or  rewrite  some  system
> DBTS> file.
> 
> DBTS> I set Severity into grave for  this  bug.   The  table  of  discovered
> DBTS> problems is below.
> 
> DBTS> +--+-+--
> DBTS> |package   |  script | file for attack
> DBTS> +--+-+--
> DBTS> | mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
> DBTS> |  | |
> DBTS> | nws-2.13 |  postinst   | /tmp/nws.debug (cp)
> DBTS> |  | |
> DBTS> | ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
> DBTS> |  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
> DBTS> |   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
> DBTS> |  | |
> DBTS> | twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
> DBTS> +--+-+--
> --
> ... mpd playing: U.D.O. - Man And Machine
> 
> . ''`. Dmitry E. Oboukhov
> : :’  : [EMAIL PROTECTED]
> `. `~’ GPGKey: 1024D / F8E26537 2006-11-21
>   `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wit

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Olivier Berger]

Le mercredi 13 août 2008 à 11:12 +0100, Steve Kemp a écrit :
> On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:

> 
>I know that I can coerce it into working:
> 
> [EMAIL PROTECTED]:~$ sudo rm -rf /tmp/twiki
> [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki
> [EMAIL PROTECTED]:~$ sudo /var/lib/dpkg/info/twiki.postinst configure
> Reloading web server config...3224
> .
> [EMAIL PROTECTED]:~$ ls -l /etc/shadow
> -rwxrwxrwx 1 www-data www-data 1093 2008-08-13 10:35 /etc/shadow
> 
>   I guess the difference is relating to the presence, or not, of 
>  /var/lib/twiki/data ?
> 
>   Looks like merely installing the package wouldn't trigger this,
>  but an upgrade might.  Or something like that !
> 

And note that it may also be the same on a second install too, if after
a first install, and a first removal, but which may have left over stuff
in /var/lib/twiki/data ... which is not necessarily automatically purged
on removal :-/

Just my 2 cents,
-- 
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#494648 closed by Sven Dowideit <[EMAIL PROTECTED]> (duplicate of Bug#444982, which was fixed in Oct 2007)

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reopen 494648
Bug#494648: The possibility of attack with the help of symlinks in some Debian 
packages
Bug reopened, originator not changed.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: closed by Sven Dowideit <[EMAIL PROTECTED]> (duplicate of Bug#444982, which was fixed in Oct 2007)

[Dmitry E. Oboukhov]

reopen 494648
thanks

If you want, You may merge the bugs 444982 494648, dont close!

$ ln -s /etc/shadow /tmp/twiki
$ LANG=C sudo apt-get install twiki
Reading package lists... Done
Building dependency tree   
Reading state information... Done

Setting up twiki (1:4.1.2-3.2) ...
Adding password for user TWikiGuest
Adding password for user admin
reloading apache2 config
Reloading web server config: apache2.
$ ll /etc/shadow
-rwxrwxrwt 1 www-data www-data 1339 Июл 28 10:26 /etc/shadow



On 12:09 Wed 13 Aug , Debian Bug Tracking System wrote:

DBTS> This is an automatic notification regarding your Bug report
DBTS> which was filed against the twiki package:

DBTS> #494648: The possibility of attack with the help of symlinks in some 
Debian packages

DBTS> It has been closed by Sven Dowideit <[EMAIL PROTECTED]>.

DBTS> Their explanation is attached below along with your original report.
DBTS> If this explanation is unsatisfactory and you have not received a
DBTS> better one in a separate message then please contact Sven Dowideit 
<[EMAIL PROTECTED]> by
DBTS> replying to this email.

DBTS> --
DBTS> 494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
DBTS> Debian Bug Tracking System
DBTS> Contact [EMAIL PROTECTED] with problems

DBTS> Date: Wed, 13 Aug 2008 22:06:46 +1000
DBTS> From: Sven Dowideit <[EMAIL PROTECTED]>
DBTS> To: [EMAIL PROTECTED]
DBTS> Subject: duplicate of Bug#444982, which was fixed
DBTS> in Oct 2007
DBTS> User-Agent: Mozilla-Thunderbird 2.0.0.16
DBTS> (X11/20080724)

DBTS> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982

DBTS> Implemented Joey's suggestion of 1777 & O_EXCL - mostly the files in
DBTS> /tmp are written by CGI::Session, that takes care of things.
DBTS> Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt
DBTS> to filling /var

DBTS> --
DBTS> Professional Wiki Innovation and Support
DBTS> Sven Dowideit - http://DistributedINFORMATION.com
DBTS> A WikiRing Partner - http://wikiring.com
DBTS> Public key -
DBTS> http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on

DBTS> Date: Mon, 11 Aug 2008 10:57:56 +0400
DBTS> From: "Dmitry E. Oboukhov" <[EMAIL PROTECTED]>
DBTS> To: [EMAIL PROTECTED]
DBTS> Subject: The possibility of attack with the help of
DBTS> symlinks in some Debian packages

DBTS> Package: twiki
DBTS> Severity: grave
DBTS> Tags: security

DBTS> This message about the error concerns a few packages  at  once.   I've
DBTS> tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
DBTS> config scripts were tested.

DBTS> In some packages I've discovered scripts with errors which may be used
DBTS> by a user for damaging important system files.

DBTS> For example if a script uses in its work a temp file which is  created
DBTS> in /tmp directory, then every user can create symlink  with  the  same
DBTS> name in this directory in order to  destroy  or  rewrite  somesystem
DBTS> file.

DBTS> I set Severity into grave for  this  bug.   The  tableof  discovered
DBTS> problems is below.

DBTS> +--+-+--
DBTS> |package   |  script | file for attack
DBTS> +--+-+--
DBTS> | mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
DBTS> |  | |
DBTS> | nws-2.13 |  postinst   | /tmp/nws.debug (cp)
DBTS> |  | |
DBTS> | ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
DBTS> |  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
DBTS> |   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
DBTS> |  | |
DBTS> | twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
DBTS> +--+-+--
--
... mpd playing: U.D.O. - Man And Machine

. ''`. Dmitry E. Oboukhov
: :’  : [EMAIL PROTECTED]
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature

Bug#483337: mt-daapd: Is there any hope for getting this in lenny? I'm happy to help...

[Reuben Thomas]

Package: mt-daapd
Version: 0.2.4+r1376-1.1+etch1
Followup-For: Bug #483337


I use mt-daapd, and I'm rather aghast to see it disappear from lenny.
I'd be happy to test any fix if that would help it get into lenny.
Please let me know.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mt-daapd depends on:
ii  adduser3.108 add and remove users and groups
ii  avahi-daemon   0.6.22-3  Avahi mDNS/DNS-SD daemon
ii  libavahi-compat-howl0  0.6.22-3  Avahi Howl compatibility library
ii  libavcodec0d   0.cvs20060823-8   ffmpeg codec library
ii  libavformat0d  0.cvs20060823-8   ffmpeg file format library
ii  libc6  2.7-13GNU C Library: Shared libraries
ii  libflac7   1.1.2-8   Free Lossless Audio Codec - runtim
ii  libid3tag0 0.15.1b-10ID3 tag reading library from the M
ii  libogg01.1.3-4   Ogg Bitstream Library
ii  libsqlite3-0   3.5.9-3   SQLite 3 shared library
ii  libtag1c2a 1.5-3 TagLib Audio Meta-Data Library
ii  libtagc0   1.5-3 TagLib Audio Meta-Data Library (C 
ii  libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  libvorbisfile3 1.2.0.dfsg-3.1The Vorbis General Audio Compressi
ii  zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

mt-daapd recommends no packages.

mt-daapd suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

Yes, I would suggest that there is a need for more detailed web apps
policies - not just for where session files should be placed safely, but
also things like safe and consistent ways to configure the webservers
(apache1 vs apache2 are (or were last i looked) already a pain), and
similarly for module support - like turning on mod_rewrite on the
different systems.

the best irony of this bug, is :

> I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files
in tmp are written by CGI::Session, that takes care of things.
>
> I also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point
wrt to filling /var


Sven


Olivier Berger wrote:
> Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
>> Nico,
>>
>> /var/run - I'll keep that in mind for post lenny - I was really hoping
>> that debian had a place for this sort of session data, but didn't manage
>> to get there - thanks :)
>>
> 
> Maybe there is a web apps policy to be determined here (unless it exists
> alread ?)
> 
> For instance, when considering recent issues with session files in
> phpgroupware, I noticed that with php5, by default sessions may be saved
> in /var/lib/php5/. But as we needed some kind of admin management of
> sessions of users (like killing them) it led us to have them (back)
> into /var/lib/phpgroupware/sessions/. I guess I've asked for some policy
> or guidelines but got no answer.
> 
>> I'm hoping for the next release that I can move everything into
>> /var/twiki (rather than scattered around the fs, including pollution the
>> perl lib dirs) so that TWiki people stop being totally confused by the
>> setup :/
>>
> 
> Hmmm... It seems to me it wouldn't be a good idea. See
> http://www.debian.org/doc/debian-policy/ch-opersys.html#s-fhs and
> http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html for
> reference.
> 
> I guess code should be in /usr/ and not in /var/ right ?
> 
> I guess that current dir layout is mostly good, as there are proper
> symlinks in /var/lib/twiki (bin, lib, data, pub, etc.). Once you're
> looking for something starting from /var/lib/twiki, you should find it
> (for TWiki folks).
> 
> Still, that /usr/share/perl5/TWiki* may not be desirable, yes. Bt I'm
> pretty sure the configuration allows some curstomization of the perl
> path. Still I don't know which path would be best. Maybe something
> like /usr/lib/twiki/ ?
> 
> Why change something that works ? ;)
> 
> My 2 cents.
> 
> Best regards,

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: marked as done (The possibility of attack with the help of symlinks in some Debian packages)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 22:06:46 +1000
with message-id <[EMAIL PROTECTED]>
and subject line duplicate of Bug#444982, which was fixed in Oct 2007
has caused the Debian Bug report #494648,
regarding The possibility of attack with the help of symlinks in some Debian 
packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494648: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: twiki
Severity: grave
Tags: security

This message about the error concerns a few packages  at  once.   I've
tested all the packages on my Debian mirror.  (post|pre)(inst|rm)  and
config scripts were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
file.

I set Severity into grave for  this  bug.   The  table  of  discovered
problems is below.

+--+-+--
|package   |  script | file for attack
+--+-+--
| mplayer-1.0~rc2  |  config | /tmp/HACK (pipe)
|  | |
| nws-2.13 |  postinst   | /tmp/nws.debug (cp)
|  | |
| ppp-2.4.4rel |  postinst   | /tmp/probe-finished (rm -f, pipe)
|  |  postinst   | /tmp/ppp-errors (rm -f, pipe)
|   ppp-udeb   |  /etc/ppp/ip-up | /tmp/resolv.conf.tmp (cp)
|  | |
| twiki-4.1.2  |  postinst   | /tmp/twiki  (chmod 1777, chown)
+--+-+--


--- End Message ---
--- Begin Message ---
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982

Implemented Joey's suggestion of 1777 & O_EXCL - mostly the files in
/tmp are written by CGI::Session, that takes care of things.
Also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt
to filling /var

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on

--- End Message ---

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

na, sorry, twiki dumps session data into /tmp/twiki

the /var vs /usr thing is a separate thing thta non-DD's get frustrated
with - basically, most people expect twiki to be laid out in the same
way as it is on non-debian system - everything under one twiki dir.
Debian packaging policy confuses the hell out of them.



Nico Golde wrote:
> Hi Olivier,
> * Olivier Berger <[EMAIL PROTECTED]> [2008-08-13 12:53]:
>> Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
> [...] 
>>> I'm hoping for the next release that I can move everything into
>>> /var/twiki (rather than scattered around the fs, including pollution the
>>> perl lib dirs) so that TWiki people stop being totally confused by the
>>> setup :/
>>>
>> Hmmm... It seems to me it wouldn't be a good idea. See
>> http://www.debian.org/doc/debian-policy/ch-opersys.html#s-fhs and
>> http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html for
>> reference.
>>
>> I guess code should be in /usr/ and not in /var/ right ?
> 
> twiki dumps code in this tmpdir?
> Cheers
> Nico

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Sven Dowideit]

Steve, yes but your information is outdated. (although i'm embarrassed
that we didn't also resolve it in the etch version :/)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982

Found in versions 4.1.2-1, twiki/1:4.1.2-2
Fixed in version twiki/1:4.1.2-3

and so, it seems to me that we're ok for the version that is going into
lenny - I'll close it as soon as i can find the docco for howto do that :/

Sven

Steve Kemp wrote:
> On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote:
> 
>> I will have to assume that this report is indeed incorrect unless I hear
>> otherwise.
> 
>   On my Debian Etch system:
> 
> [EMAIL PROTECTED]:~$ apt-get source twiki
> Reading package lists... Done
> Building dependency tree... Done
> Need to get 4304kB of source archives.
> Get: 1 http://mirror.bytemark.co.uk etch/main twiki 1:4.0.5-9.1 (dsc) [639B]
> Get: 2 http://mirror.bytemark.co.uk etch/main twiki 1:4.0.5-9.1 (tar) [4264kB]
> Get: 3 http://mirror.bytemark.co.uk etch/main twiki 1:4.0.5-9.1 (diff) 
> [39.3kB]
> Fetched 4304kB in 7s (546kB/s)
> gpg: Signature made Wed 21 Feb 2007 06:51:24 GMT using DSA key ID C0143D2D
> gpg: Can't check signature: public key not found
> dpkg-source: extracting twiki in twiki-4.0.5
> dpkg-source: unpacking twiki_4.0.5.orig.tar.gz
> dpkg-source: applying ./twiki_4.0.5-9.1.diff.gz
> 
> [EMAIL PROTECTED]:~$ cd twiki-4.0.5/
> [EMAIL PROTECTED]:~/twiki-4.0.5$ grep /tmp/twiki debian/postinst
> if [ ! -e /tmp/twiki ]; then
> mkdir /tmp/twiki
> chmod 777 /tmp/twiki
> chown $TWIKI_OWNER.www-data /tmp/twiki
> [EMAIL PROTECTED]:~/twiki-4.0.5$
> 
> 
>   So :
> 
> 1.  If /tmp/twiki doesn't exist it is made as a directory.
> 
> 2.  If it does exist its permissions are changed - unconditionally
> 
>   Let me exploit it:
> 
> [EMAIL PROTECTED]:~$
> [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki
> [EMAIL PROTECTED]:~$ sudo apt-get install twiki
> Password:
> Reading package lists... Done
> Building dependency tree... Done
> The following extra packages will be installed:
>   libalgorithm-diff-perl liblocale-maketext-lexicon-perl libtext-diff-perl rcs
> Suggested packages:
> ...
> ...
> Setting up libtext-diff-perl (0.35-2) ...
> Setting up rcs (5.7-18) ...
> Setting up twiki (4.0.5-9.1) ...
> Adding password for user TWikiGuest
> Reloading web server config...3224
> 
>Now what happened?
> 
>Nothing.  The directory /tmp/twiki was created and my symlink wasn't
>  touched.  So we look safe.  But I'm not convinced.
> 
>I know that I can coerce it into working:
> 
> [EMAIL PROTECTED]:~$ sudo rm -rf /tmp/twiki
> [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki
> [EMAIL PROTECTED]:~$ sudo /var/lib/dpkg/info/twiki.postinst configure
> Reloading web server config...3224
> .
> [EMAIL PROTECTED]:~$ ls -l /etc/shadow
> -rwxrwxrwx 1 www-data www-data 1093 2008-08-13 10:35 /etc/shadow
> 
>   I guess the difference is relating to the presence, or not, of 
>  /var/lib/twiki/data ?
> 
>   Looks like merely installing the package wouldn't trigger this,
>  but an upgrade might.  Or something like that !
> 
> Steve
> --  

-- 
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494949: More info

[Juhapekka Tolvanen]

On Wed, 13 Aug 2008, +14:47:11 EEST (UTC +0300),
Juhapekka Tolvanen <[EMAIL PROTECTED]> pressed some keys:


> With this command I was able to actually print my E-Mail without error:
> 
> LANG=en_US muttprint < koe.txt
> 
> Only Scandinavic characters in Subject-header where messed up, but body
> text was totally error-free.

Aha! I changed some settings in my ~/.muttrc:

 Clipe here 

# muttprint
#

set print_command="LANG=en_US muttprint"

# Dump all headers
macro index p 
macro pager p 

# No confirmation before printing
set print="yes"

# Print every mail extra
set print_split

 Clipe here 

If I press key "p" in my mutt, it creates error-free print. Also
Scandinavic chars in Subject-header are right.


-- 
Juhapekka "naula" Tolvanen * http colon slash slash iki dot fi slash juhtolv
"Boku wa ongakuka dentaku katate ni. Tashitari. Hiitari. Sousa shite.
Sakkyoku suru. Kono botan oseba ongaku kanaderu."  Kraftwerk



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Tag 494246 patch

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tags 494246 patch
Bug#494246: bzr: FTBFS: doc/en/user-reference/bzr_man.txt:2344: (WARNING/2) 
Option list ends without a blank line; unexpected unindent.
There were no tags set.
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494949: More info

[Juhapekka Tolvanen]

I checked out other bugs of this package and then bug #460166 seemed
interesting. I copied the whole E-Mail as a file to koe.txt (It was
easy, because I use Maildir-formatted folders).

This command caused the same errors as seen in my initial bug-report:

muttprint < koe.txt

With this command I was able to actually print my E-Mail without error:

LANG=en_US muttprint < koe.txt

Only Scandinavic characters in Subject-header where messed up, but body
text was totally error-free.

I suggest you start to create Debian-packages out of Subversion-sources.
In homepage of muttprint they show things like these:

 Clip here 
2006-05-06  Michel Kjorling's utf8x patch SVN Source Tree
2006-02-05  Magnus Therning's autoconf patch SVN Source Tree
 Clip here 


-- 
Juhapekka "naula" Tolvanen * http colon slash slash iki dot fi slash juhtolv
"Boku wa ongakuka dentaku katate ni. Tashitari. Hiitari. Sousa shite.
Sakkyoku suru. Kono botan oseba ongaku kanaderu."  Kraftwerk



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#494246: Problem caused by dot in option name

[Olivier Tétard]

Hello,

This bug was solved in latest upstream's version[1]. I attach the  
patch that solves the problem.


1.  



Thanks,
Olivier;

--
gpg --keyserver pgp.mit.edu --recv-keys 0x43CEA851
__
Olivier Tétard - toutoune25
site : http://toutoune25.miskin.fr/
Jabber : [EMAIL PROTECTED]
__


--- bzr-1.5/tools/rst2html.py	2008-05-17 00:21:24.0 +0200
+++ bzr-1.6rc1/tools/rst2html.py	2008-08-06 09:41:35.0 +0200
@@ -19,8 +19,7 @@
 import docutils
 from docutils.core import publish_cmdline, default_description
 
-
-if docutils.__version__ <= '0.4.1':
+if True: # this is still required in the distutils trunk as-at June 2008.
 from docutils.parsers.rst.states import Body
 # we have some option names that contain dot; which is not allowed by
 # python-docutils 0.4-4 -- so monkeypatch in a better pattern

Bug#494097: git-core_1.5.6.3-1+lenny2_amd64.changes ACCEPTED

[Nico Golde]

Hi Gerrit,
* Debian Installer <[EMAIL PROTECTED]> [2008-08-13 13:25]:
> Mapping testing-security to testing-proposed-updates.
> 
> Accepted:
> git-arch_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-arch_1.5.6.3-1+lenny2_all.deb
> git-core_1.5.6.3-1+lenny2.diff.gz
>   to pool/main/g/git-core/git-core_1.5.6.3-1+lenny2.diff.gz
> git-core_1.5.6.3-1+lenny2.dsc
>   to pool/main/g/git-core/git-core_1.5.6.3-1+lenny2.dsc
> git-core_1.5.6.3-1+lenny2_amd64.deb
>   to pool/main/g/git-core/git-core_1.5.6.3-1+lenny2_amd64.deb
> git-cvs_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-cvs_1.5.6.3-1+lenny2_all.deb
> git-daemon-run_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-daemon-run_1.5.6.3-1+lenny2_all.deb
> git-doc_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-doc_1.5.6.3-1+lenny2_all.deb
> git-email_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-email_1.5.6.3-1+lenny2_all.deb
> git-gui_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-gui_1.5.6.3-1+lenny2_all.deb
> git-svn_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/git-svn_1.5.6.3-1+lenny2_all.deb
> gitk_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/gitk_1.5.6.3-1+lenny2_all.deb
> gitweb_1.5.6.3-1+lenny2_all.deb
>   to pool/main/g/git-core/gitweb_1.5.6.3-1+lenny2_all.deb

Now I really messed things up when updating the 
testing-security upload. I accidently uploaded this to 
ftp-master and not security-master. This is the bad news. 

The good news is that apart from the version number and the 
changelog the package should properly fix this bug now.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpbYTYjAlNDe.pgp
Description: PGP signature

Bug#494648: The possibility of attack with the help of symlinks in some Debian packages

[Nico Golde]

Hi Olivier,
* Olivier Berger <[EMAIL PROTECTED]> [2008-08-13 12:53]:
> Le mercredi 13 août 2008 à 20:06 +1000, Sven Dowideit a écrit :
[...] 
> > I'm hoping for the next release that I can move everything into
> > /var/twiki (rather than scattered around the fs, including pollution the
> > perl lib dirs) so that TWiki people stop being totally confused by the
> > setup :/
> > 
> 
> Hmmm... It seems to me it wouldn't be a good idea. See
> http://www.debian.org/doc/debian-policy/ch-opersys.html#s-fhs and
> http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html for
> reference.
> 
> I guess code should be in /usr/ and not in /var/ right ?

twiki dumps code in this tmpdir?
Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpiZ77nSs9oa.pgp
Description: PGP signature

Bug#494097: marked as done (git-core: stack-based buffer overflow in git-diff and git-grep)

[Debian Bug Tracking System]

Your message dated Wed, 13 Aug 2008 11:02:11 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#494097: fixed in git-core 1:1.5.6.3-1+lenny2
has caused the Debian Bug report #494097,
regarding git-core: stack-based buffer overflow in git-diff and git-grep
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
494097: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494097
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: git-core
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for git-core.

| Some vulnerabilities have been reported in GIT, which can potentially be
| exploited by malicious people to compromise a user's system.
| 
| The vulnerabilities are caused due to boundary errors in various functions 
when
| processing overly long repository pathnames. These can be exploited to cause
| stack-based buffer overflows by tricking a user into running e.g. "git-diff" 
or
| "git-grep" against a repository containing pathnames that are larger than the
| "PATH_MAX" value on the user's system.
| 
| Successful exploitation may allow execution of arbitrary code.

In this case there is no CVE id yet. I will add the CVE id to the bug report
when I got it.  Please make sure to add it in the changelog when fixing the bug
then.

You can find the upstream patch on:
http://kerneltrap.org/mailarchive/git/2008/7/16/2529284

For further information see:

[0] http://secunia.com/advisories/31347/

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpUO2rhkv8Oa.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: git-core
Source-Version: 1:1.5.6.3-1+lenny2

We believe that the bug you reported is fixed in the latest version of
git-core, which is due to be installed in the Debian FTP archive:

git-arch_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-arch_1.5.6.3-1+lenny2_all.deb
git-core_1.5.6.3-1+lenny2.diff.gz
  to pool/main/g/git-core/git-core_1.5.6.3-1+lenny2.diff.gz
git-core_1.5.6.3-1+lenny2.dsc
  to pool/main/g/git-core/git-core_1.5.6.3-1+lenny2.dsc
git-core_1.5.6.3-1+lenny2_amd64.deb
  to pool/main/g/git-core/git-core_1.5.6.3-1+lenny2_amd64.deb
git-cvs_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-cvs_1.5.6.3-1+lenny2_all.deb
git-daemon-run_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-daemon-run_1.5.6.3-1+lenny2_all.deb
git-doc_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-doc_1.5.6.3-1+lenny2_all.deb
git-email_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-email_1.5.6.3-1+lenny2_all.deb
git-gui_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-gui_1.5.6.3-1+lenny2_all.deb
git-svn_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/git-svn_1.5.6.3-1+lenny2_all.deb
gitk_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/gitk_1.5.6.3-1+lenny2_all.deb
gitweb_1.5.6.3-1+lenny2_all.deb
  to pool/main/g/git-core/gitweb_1.5.6.3-1+lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated git-core package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 13 Aug 2008 12:12:03 +0200
Source: git-core
Binary: git-core git-doc git-arch git-cvs git-svn git-email git-daemon-run 
git-gui gitk gitweb
Architecture: source amd64 all
Version: 1:1.5.6.3-1+lenny2
Distribution: testing-security
Urgency: high
Maintainer: Gerrit Pape <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system
 git-cvs- fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system 
(git-daemon s
 git-doc- fast, scalable, distributed revision control system (documentatio
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui- fast, scalable, distributed revision control system (GUI)
 git-svn- fast, 

Bug#494949: Fails charset conversion, if E-Mail uses anything else but US-ASCII

[Juhapekka Tolvanen]

Package: muttprint
Version: 0.72d-9
Severity: grave

Whenever I try to print any E-Mail that uses some other charset than
US-ASCII, it shows just this text in dialog:

 Clip here 
 │ Muttprint Version 0.72d -- Error│
 │ ==  │
 │ │
 │ Line 1968: Error in charset conversion. │
 │ String was  │
 │ Sain│
 │ │
 Clip here 

"Sain" is actually the first word in body of that E-Mail. Headers of that
E-Mail include these:

 MIME-Version: 1.0
 Content-Type: text/plain; charset=iso-8859-1
 Content-Disposition: inline
 Content-Transfer-Encoding: 8bit

If charset is us-acii, then everything goes just fine.



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (1100, 'testing'), (990, 'stable'), (500, 
'testing-proposed-updates'), (500, 'proposed-updates'), (101, 'testing'), (99, 
'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages muttprint depends on:
ii  debconf [debconf-2.0]  1.5.23Debian configuration management sy
ii  latex-ucs  20041017-8support for using UTF-8 input enco
ii  libtext-iconv-perl 1.7-1+b1  converts between character sets in
ii  perl   5.10.0-13 Larry Wall's Practical Extraction 
ii  texlive-fonts-recommended  2007.dfsg.1-3 TeX Live: Recommended fonts
ii  texlive-latex-extra2007.dfsg.3-2 TeX Live: LaTeX supplementary pack
ii  texlive-latex-recommended  2007.dfsg.1-3 TeX Live: LaTeX recommended packag

Versions of packages muttprint recommends:
ii  bsd-mailx [mail-re 8.1.2-0.20071201cvs-3 A simple mail user agent
ii  emacs [mail-reader 22.2+2-3  The GNU Emacs editor (metapackage)
ii  emacs22-gtk [mail- 22.2+2-3  The GNU Emacs editor (with GTK use
ii  evolution [mail-re 2.22.3.1-1groupware suite with mail client a
ii  mew-bin [mail-read 1:5.2-4   external commands for Mew
ii  mutt [mail-reader] 1.5.18-3  text-based mailreader supporting M

Versions of packages muttprint suggests:
ii  compface  1:1.5.2-4  Compress/decompress images for mai
ii  dialog1.1-20080727-1 Displays user-friendly dialog boxe
ii  emacs [news-reader]   22.2+2-3   The GNU Emacs editor (metapackage)
ii  emacs22-gtk [news-reader] 22.2+2-3   The GNU Emacs editor (with GTK use
ii  graphicsmagick-imagemagic 1.1.11-3.1 image processing tools providing I
ii  libtimedate-perl  1.1600-9   Time and date functions for Perl
ii  lynx-cur [news-reader]2.8.7dev9-1.2  Text-mode WWW Browser with NLS sup
ii  muttprint-manual  0.72d-9Manual for muttprint
ii  ospics0.72d-9Some images of operating system lo
ii  psutils   1.17-26A collection of PostScript documen

-- debconf information:
  muttprint/moved_pics:

-- 
Juhapekka "naula" Tolvanen * http colon slash slash iki dot fi slash juhtolv
"Boku wa ongakuka dentaku katate ni. Tashitari. Hiitari. Sousa shite.
Sakkyoku suru. Kono botan oseba ongaku kanaderu."  Kraftwerk



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]