Bug#693026: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1
On Mon, Nov 12, 2012 at 02:01:13PM +0100, Emmanuel Bouthenot wrote:
[...]
I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1
to testing-proposed-updates in order to fix a security issue which could
permit to a remote attacker to crash weechat by forging malicious IRC
messages: http://bugs.debian.org/693026
No opinions?
Regards
M.
--
Emmanuel Bouthenot
mail: kolter@{openics,debian}.orggpg: 4096R/0x929D42C3
xmpp: kol...@im.openics.org irc: kolter@{freenode,oftc}
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692946: cdd-dev: copyright file missing after upgrade (policy 12.5)
Andreas, could you please [ ] agree [ ] disagree to the suggestion to lower the priority of this bug. I would like to deal with this as quick as possible but I would like to hear your opinion about the action that should be done. Kind regards Andreas. On Mon, Nov 12, 2012 at 08:35:22AM +0900, Charles Plessy wrote: Le Sun, Nov 11, 2012 at 02:57:45PM +0100, Andreas Tille a écrit : it is true that /usr/share/doc/cdd-dev does not contain a copyright file because it is simply a symlink to /usr/share/doc/blends-dev and the transitional (=empty) package cdd-dev depends from blends-dev. So while the report is correct I would consider an upload at current time simply causing work for several people just to follow some rules with no profit for anybody. I'd suggest to lower the priority of the bug and leave the package as is. What do you think? Hi Andreas, if /usr/share/doc/cdd-dev were a symlink to /usr/share/doc/blends-dev, then piuparts would have found the copyright file. I think that what piuparts seems to have found, is that when upgrading from lenny to squeeze to wheezy, /usr/share/doc/cdd-dev does not become a symlink : MISSING COPYRIGHT FILE: /usr/share/doc/cdd-dev/copyright drwxr-xr-x 2 root root 40 Nov 10 07:33 /usr/share/doc/cdd-dev total 0 drwxr-xr-x 2 root root 40 Nov 10 07:33 . drwxr-xr-x 126 root root 2660 Nov 10 07:35 .. This really looks like an empty directory. I would agree to downgrade the bug (cdd-dev is transitional and native, there is anyway not copyrighted work to look for in this package), but is the breakage limited to /usr/share/doc/cdd-dev/ ? Cheers, -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-blends-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2012233522.gd17...@falafel.plessy.net -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689249: [Pkg-mediawiki-devel] Candidates for removal from testing (2012-11-14)
On Wed, 14 Nov 2012, Niels Thykier wrote: * The package had at least one RC bug without activity for the past 14 days. Jonathan Wiltshire j...@debian.org mediawiki-math (U) Mediawiki Maintenance Team pkg-mediawiki-de...@lists.alioth.debian.org mediawiki-math Hey Jonathan, will you take care of this? Otherwise I’ll have to see that I take some time for it… bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-314 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Boris Esser, Sebastian Mancke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693287: marked as done (CVE-2012-5474: /etc/openstack-dashboard/local_settings.py is world readable)
Your message dated Thu, 15 Nov 2012 08:32:46 + with message-id e1tyusq-wj...@franck.debian.org and subject line Bug#693287: fixed in horizon 2012.1.1-7 has caused the Debian Bug report #693287, regarding CVE-2012-5474: /etc/openstack-dashboard/local_settings.py is world readable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693287 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: openstack-dashboard Version: 2012.1.1-6 Severity: grave CVE-2012-5474: /etc/openstack-dashboard/local_settings.py is world readable ---End Message--- ---BeginMessage--- Source: horizon Source-Version: 2012.1.1-7 We believe that the bug you reported is fixed in the latest version of horizon, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 693...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand z...@debian.org (supplier of updated horizon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 15 Nov 2012 08:47:18 + Source: horizon Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache Architecture: source all Version: 2012.1.1-7 Distribution: unstable Urgency: high Maintainer: PKG OpenStack openstack-de...@lists.alioth.debian.org Changed-By: Thomas Goirand z...@debian.org Description: openstack-dashboard - OpenStack Dashboard openstack-dashboard-apache - OpenStack Dashboard - Apache support python-django-horizon - Django module providing web interaction with OpenStack Closes: 693287 Changes: horizon (2012.1.1-7) unstable; urgency=high . * CVE-2012-5474: The file /etc/openstack-dashboard/local_settings is not world readable anymore (Closes: #693287). Checksums-Sha1: f835a31a07a1e4c95b22d54a31b5e1d46f9f0039 1935 horizon_2012.1.1-7.dsc 8fd89513f483234df4777334eb1e69c39a35 7665 horizon_2012.1.1-7.debian.tar.gz af407f57ab1ff10d838fa7c64132ff34798f6c7d 391714 python-django-horizon_2012.1.1-7_all.deb 273c1dd70b6f872fd803e1197ff39bddae867ac5 195952 openstack-dashboard_2012.1.1-7_all.deb 0dc1b19bab038d93004dd1193cc1c9c3e6f70b7a 4128 openstack-dashboard-apache_2012.1.1-7_all.deb Checksums-Sha256: ce4575747403bdc07b36d876c566ecb4485c8b58f5c2ee2b07937e1bcd5f317b 1935 horizon_2012.1.1-7.dsc 4a73bbcc4299b2bdd13d79d29abf8acff036435c6adcdb5ce3c337abdc19eba4 7665 horizon_2012.1.1-7.debian.tar.gz a030e0909cd67b3ada1f580059f03137c7f30492a1d24812731ef68a6739f1f1 391714 python-django-horizon_2012.1.1-7_all.deb ced22961bd60fbdb7a18edabb6350e1fd8b9aa3b8f49b73350ddd1ad98494a15 195952 openstack-dashboard_2012.1.1-7_all.deb f7197037eacafcc0515c59abdeeecd415b67b89bbeaa435b65588f569cbfc061 4128 openstack-dashboard-apache_2012.1.1-7_all.deb Files: 705e7634f1f363d67949187b80bc2a06 1935 net extra horizon_2012.1.1-7.dsc a15edc577f3300d779c47444e03e1165 7665 net extra horizon_2012.1.1-7.debian.tar.gz c0f16dc41f4692cfc984f53f337199c3 391714 python extra python-django-horizon_2012.1.1-7_all.deb 1c58e96069c592e6e10f266c7242bad9 195952 net extra openstack-dashboard_2012.1.1-7_all.deb 04d8018862614c9a9b0f2fa6b4f01001 4128 net extra openstack-dashboard-apache_2012.1.1-7_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlCkrPIACgkQl4M9yZjvmknccQCfUNZiT7kPy8BlJuWg1KYdp5Ye z+sAn1ErbvPstbzVuWp1OhYl/taeCTnu =Mja8 -END PGP SIGNATUREEnd Message---
Bug#654491: Accepted minidjvu 0.8.svn.2010.05.06+dfsg-1 (source amd64)
Hi, minidjvu (0.8.svn.2010.05.06+dfsg-1) unstable; urgency=low . * support multiarch * ack silly NMU (silly because the waf file was unused, and because there is a difference between sourceless and source in odd format) * revamp autotools and engage automake for robustness Unfortunately, the first and last of those changes make the package unsuitable for an unblock. Opinions on which of the various options we take from here welcome. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689898: marked as done (Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2))
Your message dated Thu, 15 Nov 2012 08:47:31 +
with message-id e1tyv6h-00058s...@franck.debian.org
and subject line Bug#689898: fixed in lyskom-server 2.1.2-13
has caused the Debian Bug report #689898,
regarding Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
689898: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689898
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: lyskom-server
Version: 2.1.2-12
Severity: serious
Tags: patch
Dear Maintainer,
Andreas Beckmann deb...@abeckmann.de reported in -devel that your package
(as well as 27 others) ships a folder either in /var/run or /var/lock. This
is forbidden by policy.
Lintian detects the problem and warns as follow:
/var/run may be a temporary filesystem, so any directories or files needed
/there must be created dynamically at boot time.
Refer to Debian Policy Manual section 9.3.2 (Writing the scripts) for
details.
Severity: serious, Certainty: possible
Check: files, Type: binary, udeb
which is why I am reporting this bug with severity serious (and there fore,
release critical).
Please fix your package. I have attached what I believe is a good fix the
problem, however, I haven't tried it, and I haven't tested if something more
for creating the necessary folder at runtime should be added. Please make
sure to test before applying the patch blindly.
Cheers,
Thomas Goirand (zigo)
diff -u lyskom-server-2.1.2/debian/lyskom-server.dirs lyskom-server-2.1.2/debian/lyskom-server.dirs
--- lyskom-server-2.1.2/debian/lyskom-server.dirs
+++ lyskom-server-2.1.2/debian/lyskom-server.dirs
@@ -7 +6,0 @@
-var/run/lyskom-server
diff -u lyskom-server-2.1.2/debian/changelog lyskom-server-2.1.2/debian/changelog
--- lyskom-server-2.1.2/debian/changelog
+++ lyskom-server-2.1.2/debian/changelog
@@ -1,3 +1,11 @@
+lyskom-server (2.1.2-12.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fixes wrong handling of var/run/lyskom-server life cycle (Closes: #XX).
+ * Now uses lsb-base to display messages.
+
+ -- Thomas Goirand z...@debian.org Sat, 06 Oct 2012 21:05:23 +0800
+
lyskom-server (2.1.2-12) unstable; urgency=low
* Added Danish translation of Debconf templates.
diff -u lyskom-server-2.1.2/debian/lyskom-server.init.d lyskom-server-2.1.2/debian/lyskom-server.init.d
--- lyskom-server-2.1.2/debian/lyskom-server.init.d
+++ lyskom-server-2.1.2/debian/lyskom-server.init.d
@@ -19,6 +19,9 @@
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC=LysKOM server
+NAME=komrunning
+RUNDIR=/var/run/lyskom-server
if [ -f /etc/default/lyskom-server ]; then
. /etc/default/lyskom-server
@@ -26,28 +29,42 @@
test -x /usr/sbin/komrunning || exit 0
+. /lib/lsb/init-functions
+
+start_lyskom (){
+ if [ ! -d ${RUNDIR} ] ; then
+mkdir -p ${RUNDIR}
+if [ -d ${RUNDIR} ] ; then
+ chown lyskom:nogroup ${RUNDIR}
+fi
+ fi
+ /usr/sbin/komrunning start
+ return $?
+}
+
case $1 in
start)
+log_begin_msg Starting ${DESC} ${NAME}
if test $startonboot = NO; then
- echo Automatic start of the LysKOM server from /etc/init.d is disabled.
+ log_failure_msg Automatic start of the LysKOM server from /etc/init.d is disabled.
else
- sh $0 force-start
+ start_lyskom
fi
+log_end_msg 0
;;
force-start)
-echo -n Signalling start of LysKOM server
-mkdir -p /var/run/lyskom-server
-/usr/sbin/komrunning start
-echo .
+log_begin_msg Starting ${DESC} ${NAME}
+start_lyskom
+log_end_msg 0
;;
stop)
-echo -n Stopping LysKOM server
+log_begin_msg Stopping ${DESC} ${NAME}
/usr/sbin/komrunning stop
-rm -f /var/run/lyskom-server/pid
-rm -f /var/run/lyskom-server/status
-echo .
+rm -f ${RUNDIR}/pid
+rm -f ${RUNDIR}/status
+log_end_msg 0
;;
restart|force-reload)
---End Message---
---BeginMessage---
Source: lyskom-server
Source-Version: 2.1.2-13
We believe that the bug you reported is fixed in the latest version of
lyskom-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Magnus Holmgren holmg...@debian.org (supplier of updated lyskom-server
package)
(This message was generated automatically at their
Bug#692534: Fails to build sqldeveloper package with chmod: missing operand after `755'
On Mon, 2012-11-12 at 18:09 +0100, Salvatore Bonaccorso wrote: Hi Steven [...] As you migth have seen, I uploaded a NMU to a delayed queue. You can test the package in [1] if you like. [1]: http://ftp-master.debian.org/deferred/ Regards, Salvatore Hi all, I was ill these last few days so I didn't have a chance to test the updated package. I have however seen quite a conversation happening on debian-mentors about it, regarding the Wheezy freeze policy. It seems the original maintainer has an updated package, but I'm a bit confused about which to test at the moment. I have installed sqldeveloper using a .deb I pulled out of alien, so I'm good for now. Still happy to test if you'd like. Btw, what would be the difference between those 2 packages (using sqldeveloper-package on one hand and alien to convert the RPM on the other)? Best regards, Steven -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 692937
Processing commands for cont...@bugs.debian.org: # openmpi1.6 not part of wheezy tags 692937 + sid Bug #692937 [mpich2-doc,openmpi1.6-doc] openmpi1.6-doc and mpich2-doc: error when trying to install together Added tag(s) sid. thanks Stopping processing here. Please contact me if you need assistance. -- 692937: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692937 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692946: cdd-dev: copyright file missing after upgrade (policy 12.5)
On 2012-11-15 09:20, Andreas Tille wrote: Andreas, could you please [ ] agree [ ] disagree to the suggestion to lower the priority of this bug. I would like to deal with this as quick as possible but I would like to hear your opinion about the action that should be done. I'm not sure how to deal with this bug properly: missing copyright file in empty transitional package, already caused by a lenny-squeeze update. Therefore Cc:ing -release@ for their opinion on this (currently RC) bug. From the piuparts point of view I'd rather like to see this fixed in the package than working around this in piuparts (IIRC this is blocking about 50 rdepends from being checked). The transitional package should have been dropped for wheezy (but there wasn't any new upload after squeeze). For fixing this in jessie I'd propose to drop cdd-dev and add Package: blends-dev Conflicts: cdd-dev Replaces: cdd-dev to get rid of installations of the old faulty package. Andreas Kind regards Andreas. On Mon, Nov 12, 2012 at 08:35:22AM +0900, Charles Plessy wrote: Le Sun, Nov 11, 2012 at 02:57:45PM +0100, Andreas Tille a écrit : it is true that /usr/share/doc/cdd-dev does not contain a copyright file because it is simply a symlink to /usr/share/doc/blends-dev and the transitional (=empty) package cdd-dev depends from blends-dev. So while the report is correct I would consider an upload at current time simply causing work for several people just to follow some rules with no profit for anybody. I'd suggest to lower the priority of the bug and leave the package as is. What do you think? Hi Andreas, if /usr/share/doc/cdd-dev were a symlink to /usr/share/doc/blends-dev, then piuparts would have found the copyright file. I think that what piuparts seems to have found, is that when upgrading from lenny to squeeze to wheezy, /usr/share/doc/cdd-dev does not become a symlink : MISSING COPYRIGHT FILE: /usr/share/doc/cdd-dev/copyright drwxr-xr-x 2 root root 40 Nov 10 07:33 /usr/share/doc/cdd-dev total 0 drwxr-xr-x 2 root root 40 Nov 10 07:33 . drwxr-xr-x 126 root root 2660 Nov 10 07:35 .. This really looks like an empty directory. I would agree to downgrade the bug (cdd-dev is transitional and native, there is anyway not copyrighted work to look for in this package), but is the breakage limited to /usr/share/doc/cdd-dev/ ? Cheers, -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692534: Fails to build sqldeveloper package with chmod: missing operand after `755'
Hi: I've uploaded another package to debian-mentors (v0.2.4) that only addresses the bugs reported in hope it will be accepted in Wheezy, but I haven't got any feedback yet. The main difference between a sqldeveloper-package generated deb and a RPM converted one is compliance with Debian standards, namely location and integration. From the SQL Developer application pure point of view either will work. Regards, -- Lazarus -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693301: MediaTomb always bind to all interfaces regardless of configuration settings
Package: mediatomb-common Version: 0.12.1-4+b1 Severity: critical File: /usr/bin/mediatomb Tags: security Attempt to force mediatomb to bind to a specific IP address (or interface) is ignored. E.g. I've tried to change setting in /etc/default/mediatomb as follows: OPTIONS=-i 10.0.10.2 and mediatomb is started with the -i 10.0.10.2 option: $ pgrep -a mediatomb 17000 /usr/bin/mediatomb -c /etc/mediatomb/config.xml -d -u mediatomb -g mediatomb -P /var/run/mediatomb.pid -l /var/log/mediatomb.log -i 10.0.10.2 but it binds to all interfaces: $ sudo netstat -anp | grep mediatomb tcp0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 17000/mediatomb udp0 0 0.0.0.0:19000.0.0.0:* 17000/mediatomb udp0 0 127.0.0.1:39862 0.0.0.0:* 17000/mediatomb Apparently this has been reported upstream: http://sourceforge.net/tracker/?func=detailaid=3039645group_id=129766atid=715780 but this is not fixed. Could the debian team please fix this issue in the debian package, since it is obviously a security issue? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mediatomb-common depends on: ii libavformat53 7:0.10.3-dmo1 ii libavutil517:1.0-dmo3 ii libc6 2.13-36 ii libcurl3-gnutls7.28.0-2 ii libexif12 0.6.20-3 ii libexpat1 2.1.0-1 ii libffmpegthumbnailer4 2.0.7-2 ii libgcc11:4.7.2-4 ii libjs-prototype1.7.0-2 ii libmagic1 5.11-2 ii libmozjs185-1.01.8.5-1.0.0+dfsg-4 ii libmysqlclient18 5.5.28+dfsg-1 ii libsqlite3-0 3.7.14.1-1 ii libstdc++6 4.7.2-4 ii libtag1c2a 1.8-dmo1 ii zlib1g 1:1.2.7.dfsg-13 mediatomb-common recommends no packages. mediatomb-common suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 691271 is grave
Processing commands for cont...@bugs.debian.org: severity 691271 grave Bug #691271 [lvm2] lvm2: Losing data when moving LV between regular HD → SSD Ignoring request to change severity of Bug 691271 to the same value. thanks Stopping processing here. Please contact me if you need assistance. -- 691271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691271 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#654491: Accepted minidjvu 0.8.svn.2010.05.06+dfsg-1 (source amd64)
Adam, I do not see any reason to unblock the freeze on minidjvu for this issue. But if you want to, and don't want the revamped autotools stuff, feel free to just take 0.8.svn.2010.05.06+dfsg-0.1 and push it to proposed-updates or whatever the procedure is. Justification for the above As discussed earlier, despite the overheated rhetoric and +dfsg NMU version, this is *not* actually a DFSG issue. There is a file in the upstream source tarball which is in an unpleasant format (waf). That file is however (a) easily converted to a nicer format, and (b) completely unused in the build process. We have a policy of not wanting source files in such unpleasant formats for a reason. The reason is *not* that they violate the DFSG per-se, but rather that they're a pain in the ass: we want sources to be easy to examine and audit both manually and automatically, and files in weird formats complicate this. But those are not issues *in this particular case* because the waf file in question is not used during the build at all. The build uses autoconf instead. Justification of updated autotools files The old autotools files were stepping on user variables in a way that interacted poorly with fortified compilation. The only substantive difference in version 0.8.svn.2010.05.06+dfsg-2 is that warning and strictness flags are not accidentally turned off when doing a fortified (or optimized for that matter) build. This potentially slightly improves security, and certainly makes the package more auditable. But, they do not really change the generated binaries (except for moving library files to multiarch dirs.) --Barak. -- Barak A. Pearlmutter http://www.bcl.hamilton.ie/~barak/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692946: cdd-dev: copyright file missing after upgrade (policy 12.5)
Hi, On Thu, Nov 15, 2012 at 10:17:08AM +0100, Andreas Beckmann wrote: On 2012-11-15 09:20, Andreas Tille wrote: Andreas, could you please [ ] agree [ ] disagree to the suggestion to lower the priority of this bug. I would like to deal with this as quick as possible but I would like to hear your opinion about the action that should be done. I'm not sure how to deal with this bug properly: missing copyright file in empty transitional package, already caused by a lenny-squeeze update. Therefore Cc:ing -release@ for their opinion on this (currently RC) bug. From the piuparts point of view I'd rather like to see this fixed in the package than working around this in piuparts (IIRC this is blocking about 50 rdepends from being checked). Hmmm, I wonder what metapackage might remain to depend from cdd-dev ... The transitional package should have been dropped for wheezy (but there wasn't any new upload after squeeze). That's correct. I intended to leave the transition package for two Debian releases in case users might skip Squeeze. I admit that I will definitely not stick to this intention - so the most simple fix I would go for is to do this ... For fixing this in jessie I'd propose to drop cdd-dev and add Package: blends-dev Conflicts: cdd-dev Replaces: cdd-dev to get rid of installations of the old faulty package. ... right now for Wheezy. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690229: google-glog ftbfs on i386 in unstable (0.3.2-3 ?)
found 690229 google-glog/0.3.2-3 thanks Original bug was reported against 0.3.2-4 which does not exists AFAIK. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: google-glog ftbfs on i386 in unstable (0.3.2-3 ?)
Processing commands for cont...@bugs.debian.org: found 690229 google-glog/0.3.2-3 Bug #690229 [google-glog] google-glog ftbfs on i386 in unstable Marked as found in versions google-glog/0.3.2-3. thanks Stopping processing here. Please contact me if you need assistance. -- 690229: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690229 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: your mail
Processing commands for cont...@bugs.debian.org: severity 690252 serious Bug #690252 [src:google-glog] google-glog: FTBFS on hurd-i386: missing autoreconf Severity set to 'serious' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 690252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690252 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692946: cdd-dev: copyright file missing after upgrade (policy 12.5)
[dropped -release@] On 2012-11-15 11:18, Andreas Tille wrote: package than working around this in piuparts (IIRC this is blocking about 50 rdepends from being checked). Hmmm, I wonder what metapackage might remain to depend from cdd-dev ... for that test, dependency resolution is done in lenny * start with a minimal lenny chroot * install $PACKAGE * evolve the system via squeeze to wheezy * check $PACKAGE (in wheezy, only if it is still installed) That's correct. I intended to leave the transition package for two Debian releases in case users might skip Squeeze. I admit that I will skipping releases is not supported ... (although I myself keep most cleanup parts of the maintainer scripts for two releases to have them available in backports as well - in case the user did not install the stable package before installing the backport) Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677054: nut-client: prompting due to modified conffiles which were not modified by the user
On Thu, Aug 09, 2012 at 05:04:00PM +0200, Laurent Bigonville wrote: the best would be to patch nut.conf to have spaces already removed. I don't see anything else. In the current version in wheezy/sid, this is already done. Should we do this also in stable to limit the number of people impacted by this? Hi Laurent, Aranud, from what you wrote above, this bug should not affect the testing version, but according to the BTS it is still marked as such. Do you have any objection to mark this as: notfound 677054 2.6.4-1 (or, alternatively, close it as wontfix as you discussed in a later mail) ? TIA, Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
Bug#677054: nut-client: prompting due to modified conffiles which were not modified by the user
On Thu, Nov 15, 2012 at 11:57:09 +0100, Stefano Zacchiroli wrote: On Thu, Aug 09, 2012 at 05:04:00PM +0200, Laurent Bigonville wrote: the best would be to patch nut.conf to have spaces already removed. I don't see anything else. In the current version in wheezy/sid, this is already done. Should we do this also in stable to limit the number of people impacted by this? Hi Laurent, Aranud, from what you wrote above, this bug should not affect the testing version, but according to the BTS it is still marked as such. Do you have any objection to mark this as: notfound 677054 2.6.4-1 (or, alternatively, close it as wontfix as you discussed in a later mail) ? I do object, fwiw. It should be possible to change the wheezy version's preinst script to avoid the prompt on upgrades from squeeze. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689493: src:youtube-dl: missing source for Windows binary
Hi, Andres,
On Nov 13 2012, Andres Salomon wrote:
I haven't heard anything about this bug, and I'd be pretty sad to see
wheezy released without youtube-dl, so I'm going to go ahead with the
NMU in the next few days.
Sorry for not replying earlier. I will upload a new version of youtube-dl
without the windows binary.
Please, if I don't upload something during this weekend, *do* feel free to
ping me.
Thanks for the reminder,
--
Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFC
http://rb.doesntexist.org/blog : Projects : https://github.com/rbrito/
DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693301: [Secure-testing-team] Bug#693301: MediaTomb always bind to all interfaces regardless of configuration settings
Control: severity -1 important On jeu., 2012-11-15 at 12:57 +0400, Vladimir Volovich wrote: Package: mediatomb-common Version: 0.12.1-4+b1 Severity: critical No need to over-estimate severity. File: /usr/bin/mediatomb Tags: security Attempt to force mediatomb to bind to a specific IP address (or interface) is ignored. E.g. I've tried to change setting in /etc/default/mediatomb as follows: OPTIONS=-i 10.0.10.2 and mediatomb is started with the -i 10.0.10.2 option: $ pgrep -a mediatomb 17000 /usr/bin/mediatomb -c /etc/mediatomb/config.xml -d -u mediatomb -g mediatomb -P /var/run/mediatomb.pid -l /var/log/mediatomb.log -i 10.0.10.2 but it binds to all interfaces: $ sudo netstat -anp | grep mediatomb tcp0 0 0.0.0.0:49152 0.0.0.0:* LISTEN 17000/mediatomb udp0 0 0.0.0.0:19000.0.0.0:* 17000/mediatomb udp0 0 127.0.0.1:39862 0.0.0.0:* 17000/mediatomb Apparently this has been reported upstream: http://sourceforge.net/tracker/?func=detailaid=3039645group_id=129766atid=715780 but this is not fixed. Could the debian team please fix this issue in the debian package, since it is obviously a security issue? Is the feature supposed to be supported by mediatomb (and it doesn't work) or is it not supported at all? Regards, -- Yves-Alexis -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: [Secure-testing-team] Bug#693301: MediaTomb always bind to all interfaces regardless of configuration settings
Processing control commands: severity -1 important Bug #693301 [mediatomb-common] MediaTomb always bind to all interfaces regardless of configuration settings Severity set to 'important' from 'critical' -- 693301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693301 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692946: cdd-dev: copyright file missing after upgrade (policy 12.5)
On Thu, Nov 15, 2012 at 11:54:22AM +0100, Andreas Beckmann wrote: [dropped -release@] On 2012-11-15 11:18, Andreas Tille wrote: package than working around this in piuparts (IIRC this is blocking about 50 rdepends from being checked). Hmmm, I wonder what metapackage might remain to depend from cdd-dev ... for that test, dependency resolution is done in lenny * start with a minimal lenny chroot * install $PACKAGE * evolve the system via squeeze to wheezy * check $PACKAGE (in wheezy, only if it is still installed) Ahhh - I was not aware that piuparts does upgrade via two distribution steps. Nice. That's correct. I intended to leave the transition package for two Debian releases in case users might skip Squeeze. I admit that I will skipping releases is not supported ... (although I myself keep most cleanup parts of the maintainer scripts for two releases to have them available in backports as well - in case the user did not install the stable package before installing the backport) Yep. We do not officially support this but I thought it could not harm to just do it. But *if* it harms I will immediately drop it. Because a severity serious bug is definitely something that causes harm I'll kick it in case there is no agreement to just lower the priority for now to keep the noise level for release team lower. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#627508: dconf maintainer has quit
On Tue, Sep 25, 2012 at 05:13:39AM +0200, jw-...@freenet.de wrote: On Sat, 8 Sep 2012 12:31:44 +0100 Ulrich Dangel u...@debian.org wrote: I am not sure what happens when the maintainer does not react but maybe the package should get removed I tracked down the maintainer of the package dconf. He said he no longer has time for Debian and asked me to let the project know of this, so that package should probably be marked Orphaned. I won't post his new mail address here, but if you want to contact him you can easily find it by entering his name into a popular search engine together with the string gmail. The package is orphaned now: http://bugs.debian.org/693308 Ana -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#671483: icedove: crashes on startup with failed assertion
I'm using the latest version of Squeeze and I'm still having the same problem.
Tim Chadburn
--- On Tue, 30/10/12, Moritz Muehlenhoff j...@inutil.org wrote:
On Fri, May 04, 2012 at 02:04:59PM +0100, Tim Chadburn wrote:
Package: icedove
Version: 3.0.11-1+squeeze9
Severity: grave
Justification: renders package unusable
I've had icedove working fine for ages, up to and including the last version
(3.0.11-1+squeeze8), but the latest version (3.0.11-1+squeeze9) breaks it.
When
icedove is started, the icedove window appears for about a second, and then,
while the status bar at the bottom says Looking for folders..., Icedove
crashes with the following terminal output:
icedove-bin: gconv.c:75: __gconv: Assertion `outbuf != ((void *)0) *outbuf
!= ((void *)0)' failed.
/usr/lib/icedove/run-mozilla.sh: line 131: 4455 Aborted
$prog ${1+$@}
Does this still occur with Squeeze 6.0.6?
Cheers,
Moritz
Bug#677054: nut-client: prompting due to modified conffiles which were not modified by the user
Le Thu, 15 Nov 2012 11:57:09 +0100, Stefano Zacchiroli z...@debian.org a écrit : On Thu, Aug 09, 2012 at 05:04:00PM +0200, Laurent Bigonville wrote: the best would be to patch nut.conf to have spaces already removed. I don't see anything else. In the current version in wheezy/sid, this is already done. Should we do this also in stable to limit the number of people impacted by this? Hi Laurent, Aranud, from what you wrote above, this bug should not affect the testing version, but according to the BTS it is still marked as such. Do you have any objection to mark this as: notfound 677054 2.6.4-1 (or, alternatively, close it as wontfix as you discussed in a later mail) The bug (maintainer script modifying conffile) that bring us to this situation (prompting the user for a file he has not modified himself) is not happening in the version in wheezy and the root cause is fixed (bug #684392) in sid. The user will still be prompted when upgrading from squeeze (that's why I didn't close that bug) BUT chances, in a normal situation, that the user didn't changed that file by himself is close to zero, as that file is controlling which part of the NUT software (client/server/standalone) is running. If somebody want to provide a patch, I would apply it with joy but I'm quite busy now and I'm not sure how to do that properly (handling upgrade being aborted,...). Cheers Laurent Bigonville -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 693138 is grave
Processing commands for cont...@bugs.debian.org:
#From the developer reference (...) causes data loss, or introduces a
security hole (...); Getting new users to install testing instead of stable
can introduce security holes and/or data loss. I therefore think severity
grave is appropriate. Yours Martin
severity 693138 grave
Bug #693138 {Done: David Prévot taf...@debian.org} [debian-reference] debian
reference claims wheezy is already stable
Ignoring request to change severity of Bug 693138 to the same value.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
693138: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693138
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#577635: nmu
Hi Michael, hi Samuel,
On So, 11 Nov 2012, Michael Gilbert wrote:
Hi, I've uploaded an nmu fixing this issue to delayed/5. Please see
attached patch.
I see. But I expect you or Samuel to take care for freeze exceptions.
Because due to your upload the already granted freeze exception for -7a
will not come into effect, since the delayed/5 will hit before the 10 days
pass for the transition to testing.
I appreciate your interest in this package, but what is going on in
this bug is a bit strange:
On 2012-11-08 I upload a new package and ask for freeze exception (granted)
On 2012-11-09 Samuel Bronson adjusted the severity to serious (actually
I never saw that emailon our list)
On 2012-11-11 Michael Gilbert uploaded a NMU to delay/5, thus it will hit
on 11-16, just two days before -7 enters testing.
I honestly have to say I leave that up to you two, because I do not waste
my time with things that gots played around ping-pong in short time
without waiting for any response from the maintainer.
If -7 does not enter testing, this is another RC bug, but I leave that
up to the two people that have created this chaos.
Thanks for your understanding
Norbert
Norbert Preiningpreining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan TeX Live Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
AIRD OF SLEAT (n. archaic)
Ancient Scottish curse placed from afar on the stretch of land now
occupided by Heathrow Airport.
--- Douglas Adams, The Meaning of Liff
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693319: obmenu: obm-xdg doesn't generate menu
Package: obmenu Version: 1.0-2 Severity: grave Justification: renders package unusable Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? Call obm-xdg with no arguments from shell or in openbox root menu * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? Traceback (most recent call last): File /usr/bin/obm-xdg, line 443, in module mnu.parseFile(filename) File /usr/bin/obm-xdg, line 180, in parseFile f = open(filename) IOError: [Errno 2] No such file or directory: '' * What outcome did you expect instead? To generate an application menu *** End of the template - remove these lines *** -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages obmenu depends on: ii python 2.7.3~rc2-1 ii python-glade2 2.24.0-3 ii python-support 1.0.15 Versions of packages obmenu recommends: ii openbox 3.5.0-4 obmenu suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692345: tiff: CVE-2012-4564
Package: tiff
Version: 4.0.2-4
Followup-For: Bug #692345
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu raring ubuntu-patch
*** /tmp/tmpm0_BMg/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: denial of service and possible code execution via
crafted PPM image
- debian/patches/CVE-2012-4564.patch: check scanline_size in
tools/ppm2tiff.c.
- CVE-2012-4564
Thanks for considering the patch.
-- System Information:
Debian Release: wheezy/sid
APT prefers quantal-updates
APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500,
'quantal'), (100, 'quantal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5.0-18-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru tiff-4.0.2/debian/changelog tiff-4.0.2/debian/changelog
diff -Nru tiff-4.0.2/debian/patches/CVE-2012-4564.patch tiff-4.0.2/debian/patches/CVE-2012-4564.patch
--- tiff-4.0.2/debian/patches/CVE-2012-4564.patch 1969-12-31 19:00:00.0 -0500
+++ tiff-4.0.2/debian/patches/CVE-2012-4564.patch 2012-11-15 08:56:13.0 -0500
@@ -0,0 +1,34 @@
+Description: fix denial of service and possible code execution via crafted PPM image
+Origin: upstream, ppm2tiff.c,v 1.17
+
+Index: tiff-4.0.2/tools/ppm2tiff.c
+===
+--- tiff-4.0.2.orig/tools/ppm2tiff.c 2010-04-10 15:22:34.0 -0400
tiff-4.0.2/tools/ppm2tiff.c 2012-11-14 09:50:52.283703218 -0500
+@@ -89,6 +89,7 @@
+ int c;
+ extern int optind;
+ extern char* optarg;
++ tmsize_t scanline_size;
+
+ if (argc 2) {
+ fprintf(stderr, %s: Too few arguments\n, argv[0]);
+@@ -237,8 +238,16 @@
+ }
+ if (TIFFScanlineSize(out) linebytes)
+ buf = (unsigned char *)_TIFFmalloc(linebytes);
+- else
+- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++ else {
++ scanline_size = TIFFScanlineSize(out);
++ if (scanline_size != 0)
++ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++ else {
++ fprintf(stderr, %s: scanline size overflow\n,infile);
++ (void) TIFFClose(out);
++ exit(-2);
++ }
++ }
+ if (resolution 0) {
+ TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
+ TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff -Nru tiff-4.0.2/debian/patches/series tiff-4.0.2/debian/patches/series
--- tiff-4.0.2/debian/patches/series 2012-10-05 17:07:54.0 -0400
+++ tiff-4.0.2/debian/patches/series 2012-11-15 08:56:13.0 -0500
@@ -1,3 +1,4 @@
opengl.patch
CVE-2012-3401.patch
CVE-2012-4447.patch
+CVE-2012-4564.patch
Processed: a fix is prepared
Processing commands for cont...@bugs.debian.org: package crawl Limiting to bugs with field 'package' containing at least one of 'crawl' Limit currently set to 'package':'crawl' tags 692947 + pending Bug #692947 [crawl] crawl: copyright file missing after upgrade (policy 12.5) Added tag(s) pending. kthxbye Stopping processing here. Please contact me if you need assistance. -- 692947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692947 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#520753: Potential serious bug on ghostscript-cups
Hi Jonas, Le dimanche, 29 juillet 2012 18.03:16, Jonas Smedegaard a écrit : For Wheezy we should probably aim for the uglier but much simpler solution. the master branch is not intended for Wheezy, I will use a separate master-wheezy for that. I think I disagree. The patch I propose makes ghostscript-cups rely on cups' postinst which is already proven working by more than 14 packages, all of them already in Wheezy. I think this is a patch the Release Team can accept and a patch that makes Wheezy a better release by reducing useless code duplication in maintainer scripts. Oh, ok. Would you mind file the bugreport requesting freeze exception, when I have uploaded it to unstable? I am quite lousy at arguing such cases for the Release Managers :-/ I remembered this bug and noticed it was fixed, but badly: do you intend to upload the nice cups-postinst-trigger solution to Wheezy? I still think it is better than Bastien's hack on that bug. I'm also still ready to argue that with the Release Team if that helps. Cheers, OdyX -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633799: getmail4: Mboxrd format is not supported
Hi, On Thu, Oct 25, 2012 at 03:44:26PM +0200, Christoph Anton Mitterer wrote: Hi. On Thu, 2012-10-25 at 21:26 +0900, Osamu Aoki wrote: But if you read history of bug report including patches, you could have written a bit kinder tone message. I feel a bit sad to see this message. Well it wasn't meant particularly personally or offensive,... I just think the issue is quite serious. I see now, that you considered this just to be a documentation problem... IMHO, one needs to look throughout all Debian, to find any places where mboxo is still used. Python ! http://docs.python.org/2/library/mailbox.html#mbox and links from there. It argues why it does so. The problem is, that using mboxo itself (even if documented) is IMHO a serious bug, as the format is utterly broken. H... I thought differently ... But I take this as a chance to improve after your good work with upstream. Especially no user expects that when he stores mail it's being irrecoverably cluttered up (which is what mboxo does). Actually I'd say that most people even don't know that there are different subformats of mbox. ... I know this is old discussion we do not repeat here... really must warn our users on that issue. And even if upstream would fix it, we still would need to warn our users at least in the NEWS file / release notes... that all their mail from previous years is likely corrupted. mboxo has been always so and have been widely used. I know, and this is actually quite a problem. As I wrote above, most people don't know this... and AFAIU the corruption inherent to this format can't be undone. mboxrd is technically superior. Yes,... an alternative is mboxcl2... but it has also it's drawbacks. anyone who stores file in mbox should know there are risks as you describe. Phew... I mean I wouldn't call myself uneducated ;-) ... and I was really shocked when I learned about this recently. I asked around at my friends, all studied computer scientists and decent sysadmins... noone knew. I am not arguing this with you. Not all smart people know how much stupidity has been commited by human before. I do not expect it either. My point is it was knowen and documented issue as seen on python. This package only used python as is ... thus suffered. I think you are a bit exxagurating severity of trivial part of data change. Actually most people seem to see it like this. I can't join that opinion however. I mean the change is little, arguably, but a) it can't be undone automatically and b) given, that storing mail is the core functionality of e.g. getmail, it think it's quite severe. That would be the same if your paint program changes all the colours (just a tiny bit) when you save your image. Let's ask release manager how this should be handled now. Saw your mail :) Thanks for your efforts :) I realize that ML is not for discussion. I post this message to mark this bug actively cared. This bug fix will be my next work within a week :-) Osamu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: bug 674156 is forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=688406
Processing commands for cont...@bugs.debian.org: forwarded 674156 https://bugzilla.gnome.org/show_bug.cgi?id=688406 Bug #674156 [glib2.0] glib2.0: GStaticMutex ABI change on armel (maybe other archs) Set Bug forwarded-to-address to 'https://bugzilla.gnome.org/show_bug.cgi?id=688406'. thanks Stopping processing here. Please contact me if you need assistance. -- 674156: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674156 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692947: marked as done (crawl: copyright file missing after upgrade (policy 12.5))
Your message dated Thu, 15 Nov 2012 16:17:44 + with message-id e1tz28o-0001kp...@franck.debian.org and subject line Bug#692947: fixed in crawl 2:0.10.3-3 has caused the Debian Bug report #692947, regarding crawl: copyright file missing after upgrade (policy 12.5) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692947 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: crawl Version: 2:0.10.3-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, a test with piuparts revealed that your package misses the copyright file after an upgrade from lenny to squeeze to wheezy, which is a violation of Policy 12.5: http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile After the upgrade /usr/share/doc/$PACKAGE/ is just an empty directory. From the attached log (scroll to the bottom...): (from 'ls -lad /u/s/d/$PKG' and 'ls -la /u/s/d/$PKG/') MISSING COPYRIGHT FILE: /usr/share/doc/crawl/copyright drwxr-xr-x 2 root root 40 Nov 7 07:42 /usr/share/doc/crawl total 0 drwxr-xr-x 2 root root 40 Nov 7 07:42 . drwxr-xr-x 95 root root 2020 Nov 7 07:43 .. Additional info may be available here: http://wiki.debian.org/MissingCopyrightFile cheers, Andreas crawl_2:0.10.3-2.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: crawl Source-Version: 2:0.10.3-3 We believe that the bug you reported is fixed in the latest version of crawl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adam Borowski kilob...@angband.pl (supplier of updated crawl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 15 Nov 2012 13:54:14 +0100 Source: crawl Binary: crawl-common crawl crawl-tiles Architecture: source all amd64 Version: 2:0.10.3-3 Distribution: unstable Urgency: low Maintainer: Guus Sliepen g...@debian.org Changed-By: Adam Borowski kilob...@angband.pl Description: crawl - Dungeon Crawl, a text-based roguelike game crawl-common - Dungeon Crawl, a text-based roguelike game (data files) crawl-tiles - Dungeon Crawl, a roguelike game, tiles version Closes: 692947 Changes: crawl (2:0.10.3-3) unstable; urgency=low . * Work around dpkg failing to replace a directory with a symlink. Closes: #692947 Checksums-Sha1: 2c7c01d0e61fbb91f435f8407904b27b51634d21 1398 crawl_0.10.3-3.dsc 8397ee3a74bf1724b50380a414bd30b75f9d7c63 11982 crawl_0.10.3-3.debian.tar.gz 0aff643fde490292d3a6f0cb393de092ff6ea095 1200230 crawl-common_0.10.3-3_all.deb 6971ea8337139e92dc2e39ee8abc03b9cc961f5d 3429832 crawl_0.10.3-3_amd64.deb 704f952d3e9d02491796703385b4fc7afdce5ab3 5769278 crawl-tiles_0.10.3-3_amd64.deb Checksums-Sha256: 9e2e6bde3609e489cf33f268cd3ee2c3146d9cc08f436cb39a65f3d553737011 1398 crawl_0.10.3-3.dsc 2df2158671801a386fd4eaa61d2726bab0b391e774cd6aa88228cbcd405b1ca5 11982 crawl_0.10.3-3.debian.tar.gz d331b1cae73baf667f6bb785a9e2063048e0cac8a52219e792be09a7ccdccf94 1200230 crawl-common_0.10.3-3_all.deb f1dbf6443d99bb6084fdcd4f02b6dc4eddd90310d8223c0e3761c0af33703d6b 3429832 crawl_0.10.3-3_amd64.deb 0420aa9457e2c68ec44585b5f226090011f14cf27b3e1859506bd682cadb1d86 5769278 crawl-tiles_0.10.3-3_amd64.deb Files: 3836b52e18065cf7f0f299b202059f0a 1398 games optional crawl_0.10.3-3.dsc 80bb70287961ea01383624a6e9761437 11982 games optional crawl_0.10.3-3.debian.tar.gz 4f8f134a3417702f4cc776de701607a0 1200230 games optional crawl-common_0.10.3-3_all.deb 9ae1c87487e703c29e6d79f535710ba1 3429832 games optional crawl_0.10.3-3_amd64.deb eb2ee90495ca9e215051ba28fb566145 5769278 games optional crawl-tiles_0.10.3-3_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlClErAACgkQAxLow12M2nvv+QCff9KOBWOZPEOKkaoyVOlX+5Yz riQAnjBEoFY8B49qEt5XbQpIEg7cx7Ht =XKBJ -END PGP SIGNATUREEnd Message---
Processed: tagging 692013
Processing commands for cont...@bugs.debian.org: # supposedly fixed in maintainer git repo tags 692013 + pending Bug #692013 [php5] php5-* modules: fails to install and uninstall if the config file was removed by user Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 692013: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692013 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693346: diffutils: FTBFS with eglibc 2.16 - due to outdated gnulib
Package: diffutils Version: 3.2-7 Severity: serious Tags: patch experimental upstream Justification: fails to build from source Diffutils doesn't build with eglibc2.16 due to gets finally being removed but the gnulib in the package not knowing about this. The patch has links to upstream bugs. A new diffutils release with new gnulib is the right fix for this, but this simple nobbling works in the meantime (and allows the arm64 bootstrap to progress) -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32.33-kvm-i386-2028-dirty (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru diffutils-3.2/debian/changelog diffutils-3.2/debian/changelog --- diffutils-3.2/debian/changelog 2012-10-04 16:12:47.0 + +++ diffutils-3.2/debian/changelog 2012-11-15 15:56:56.0 + @@ -1,3 +1,9 @@ +diffutils (1:3.2-8) UNRELEASED; urgency=low + + * Fix lib/stdio.in.h to build with glibc-2.16 (no gets) + + -- Wookey woo...@wookware.org Thu, 15 Nov 2012 15:56:17 + + diffutils (1:3.2-7) unstable; urgency=low * Updated config.guess and config.sub for arm64. Closes: #688965, #689617. diff -Nru diffutils-3.2/debian/patches/eglibc-2.16-nogets diffutils-3.2/debian/patches/eglibc-2.16-nogets --- diffutils-3.2/debian/patches/eglibc-2.16-nogets 1970-01-01 00:00:00.0 + +++ diffutils-3.2/debian/patches/eglibc-2.16-nogets 2012-11-15 16:24:49.0 + @@ -0,0 +1,31 @@ +Description: Allow diffutils to build with glibc2.16 + 'gets' has been removed from glibc-2.16 but gnulib still refers to it + causing build failures. + The simple fix for now is just to remove the reference in + lib/stdio.in.h + A new diffutils release made with a new gnulib is a better fix + . + diffutils (1:3.2-8) UNRELEASED; urgency=low + . + * Fix lib/stdio.in.h to build with glibc-2.16 (no gets) +Author: Wookey woo...@wookware.org + +--- +Bug : http://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00186.html +Bug-Debian: http://bugs.debian.org/687986 +Forwarded: not-needed +Last-Update: 2012-11-15 + +--- diffutils-3.2.orig/lib/stdio.in.h diffutils-3.2/lib/stdio.in.h +@@ -694,10 +694,6 @@ _GL_CXXALIAS_SYS (gets, char *, (char *s + # undef gets + # endif + _GL_CXXALIASWARN (gets); +-/* It is very rare that the developer ever has full control of stdin, +- so any use of gets warrants an unconditional warning. Assume it is +- always declared, since it is required by C89. */ +-_GL_WARN_ON_USE (gets, gets is a security hole - use fgets instead); + #endif + + diff -Nru diffutils-3.2/debian/patches/series diffutils-3.2/debian/patches/series --- diffutils-3.2/debian/patches/series 2012-10-04 16:14:44.0 + +++ diffutils-3.2/debian/patches/series 2012-11-15 15:59:15.0 + @@ -1,3 +1,4 @@ 01-no-usr-share-info-dir-gz 02-gnulib-fix-for-float-in-powerpc 99-config-guess-config-sub +eglibc-2.16-nogets
Processed: severity of 693346 is normal
Processing commands for cont...@bugs.debian.org: severity 693346 normal Bug #693346 [diffutils] diffutils: FTBFS with eglibc 2.16 - due to outdated gnulib Severity set to 'normal' from 'serious' thanks Stopping processing here. Please contact me if you need assistance. -- 693346: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693346 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692237: svn: E235000: In file '/tmp/buildd/subversion-1.7.5/subversion/libsvn_wc/update_editor.c' line 1583: assertion failed (action == svn_wc_conflict_action_edit || action == svn_wc_conflict_ac
# [1] forwarded 692237 http://subversion.tigris.org/issues/show_bug.cgi?id=4091 quit Aron Xu wrote: When I was updating an old copy of openwrt repository, svn up failed with error: svn: E235000: In file '/tmp/buildd/subversion-1.7.5/subversion/libsvn_wc/update_editor.c' line 1583: assertion failed (action == svn_wc_conflict_action_edit || action == svn_wc_conflict_action_delete || action == svn_wc_conflict_action_replace) Thanks for writing. Sounds like [1]. Jonathan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: svn: E235000: In file '/tmp/buildd/subversion-1.7.5/subversion/libsvn_wc/update_editor.c' line 1583: assertion failed (action == svn_wc_conflict_action_edit || action == svn_wc_conflict
Processing commands for cont...@bugs.debian.org: # [1] forwarded 692237 http://subversion.tigris.org/issues/show_bug.cgi?id=4091 Bug #692237 [subversion] svn: E235000: In file '/tmp/buildd/subversion-1.7.5/subversion/libsvn_wc/update_editor.c' line 1583: assertion failed (action == svn_wc_conflict_action_edit || action == svn_wc_conflict_action_delete || action == svn_wc_conflict_action_replace) Set Bug forwarded-to-address to 'http://subversion.tigris.org/issues/show_bug.cgi?id=4091'. quit Stopping processing here. Please contact me if you need assistance. -- 692237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692237 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690409: closed by Michal ÃÂihaà  ni...@debian.org (Bug#690409: fixed in xcache 2.0.0-3)
Hi, Michal Čihař wrote (15 Nov 2012 06:47:07 GMT) : It should be. However it won't be there for upgrades from versions which did already move config file without using dpkg helper. Unfortunately the helper is not clever enough to handle breakage I've introduced. OK. Well, this should be good enough then, I guess. The absolute path unfortunately needs to be there - that's difference between zend_extension and extension. Fortunately the path removal was done in file which was not used at the end. Thanks for the explanation. Anyway as the package is now unblocked I'd like to avoid yet another upload just for changelog clarification. Fair enough. Case closed, then! :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#666334: gnustep-back: diff for NMU version 0.20.1-2.1
tags 666334 + patch
tags 666334 + pending
thanks
Dear maintainer,
I've prepared an NMU for gnustep-back (versioned as 0.20.1-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe
`- NP: Simon And Garfunkel: The Boxer
diff -u gnustep-back-0.20.1/debian/rules gnustep-back-0.20.1/debian/rules
--- gnustep-back-0.20.1/debian/rules
+++ gnustep-back-0.20.1/debian/rules
@@ -112,16 +112,16 @@
touch $@
-build: patch build-indep build-arch
+build: build-indep build-arch
-build-indep: debian/build-indep-stamp
+build-indep: $(QUILT_STAMPFN) debian/build-indep-stamp
clean_files += debian/build-indep-stamp
debian/build-indep-stamp: config
$(MAKE) -C Documentation messages=yes
touch $@
-build-arch: debian/build-art-stamp debian/build-cairo-stamp
+build-arch: $(QUILT_STAMPFN) debian/build-art-stamp debian/build-cairo-stamp
clean_files += debian/build-art-stamp debian/build-cairo-stamp
debian/build-art-stamp: debian/configure-art-stamp
dh_testdir
@@ -198,7 +198,7 @@
dh_testdir -a
dh_testroot -a
dh_installchangelogs -a ChangeLog
- dh_installdocs -a Documentation/{ANNOUNCE,NEWS,README}
+ dh_installdocs -a
gsdh_gnustep -a
dh_installman -p$(p_gpbs) Tools/gpbs.1
dh_link -a
diff -u gnustep-back-0.20.1/debian/changelog gnustep-back-0.20.1/debian/changelog
--- gnustep-back-0.20.1/debian/changelog
+++ gnustep-back-0.20.1/debian/changelog
@@ -1,3 +1,16 @@
+gnustep-back (0.20.1-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix FTBFS: build-arch problems with patch applying and installation
+of files generated only in build-indep target:
+- debian/rules: make build-arch and build-indep depend on quilt patch
+ target, thanks Ralf Treinen
+- debian/rules: don't install documentation in binary-arch target, only
+ built for binary-indep packages
+(Closes: #666334)
+
+ -- gregor herrmann gre...@debian.org Thu, 15 Nov 2012 18:16:40 +0100
+
gnustep-back (0.20.1-2) unstable; urgency=low
* Upload to unstable.
signature.asc
Description: Digital signature
Processed: gnustep-back: diff for NMU version 0.20.1-2.1
Processing commands for cont...@bugs.debian.org: tags 666334 + patch Bug #666334 [src:gnustep-back] FTBFS: build-arch problems with patch applying and installation of files generated only in build-indep target Added tag(s) patch. tags 666334 + pending Bug #666334 [src:gnustep-back] FTBFS: build-arch problems with patch applying and installation of files generated only in build-indep target Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 666334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666334 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692613: php5: non-free files in upstream tarball (The Software shall be used for, Good, not Evil)
Since Fedora doesn't consider the json license as good [1], it seems we are not the only ones having this problem. Have you checked what other distros are doing about that, especially Fedora? [1] https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#692613: php5: non-free files in upstream tarball (The Software shall be used for, Good, not Evil)
On 15.11.2012 18:51, Michael Biebl wrote: Since Fedora doesn't consider the json license as good [1], it seems we are not the only ones having this problem. Have you checked what other distros are doing about that, especially Fedora? [1] https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Bad_Licenses to be more specific. In addition, there was mentioned that the json license is listed under http://www.gnu.org/licenses/license-list.html#NonFreeSoftwareLicenses It's probably worth pointing that out to (php) upstream. They seem to think it's a self-made, Debian-only problem. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#692613: [php-maint] Bug#692613: php5: non-free files in upstream tarball (The Software shall be used for, Good, not Evil)
On Thu, Nov 15, 2012 at 7:51 PM, Michael Biebl bi...@debian.org wrote: Since Fedora doesn't consider the json license as good [1], it seems we are not the only ones having this problem. Have you checked what other distros are doing about that, especially Fedora? Fedora says it's bad, but they still provide it (checked php-5.4.1-1.fc17.src.rpm from Fedora 17). Kaplan
Bug#692613: [php-maint] Bug#692613: Bug#692613: php5: non-free files in upstream tarball (The Software shall be used for, Good, not Evil)
I think the best course of action is to contact debian-release team and ask for an exception (e.g. in Cc:). Unless we get upstream to change the license (which is unlikely), it's too late in release cycle for any radical change (like stripping the json out completely). On Thu, Nov 15, 2012 at 7:09 PM, Lior Kaplan kap...@debian.org wrote: On Thu, Nov 15, 2012 at 7:51 PM, Michael Biebl bi...@debian.org wrote: Since Fedora doesn't consider the json license as good [1], it seems we are not the only ones having this problem. Have you checked what other distros are doing about that, especially Fedora? Fedora says it's bad, but they still provide it (checked php-5.4.1-1.fc17.src.rpm from Fedora 17). Kaplan ___ pkg-php-maint mailing list pkg-php-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý ond...@sury.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693352: tar: FTBFS with eglibc-2.16 (due to outdated gnulib)
Package: tar Version: 1.26-4 Severity: serious Tags: upstream experimental patch Justification: fails to build from source tar does not build against eglibc-2.16 due to gets having been removed but embedded gnulib in package still referring to it. Upstream bug links are in the patch. This patch makes it work by #ifdefing the offending line but the proper fix is a new upstream release using a newer gnulib. This patch allows eglibc 2.16 to be uploaded and for the arm64 port to proceed. -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32.33-kvm-i386-2028-dirty (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash diff -Nru tar-1.26/debian/.gitignore tar-1.26/debian/.gitignore diff -Nru tar-1.26/debian/changelog tar-1.26/debian/changelog --- tar-1.26/debian/changelog 2011-12-30 16:33:42.0 + +++ tar-1.26/debian/changelog 2012-11-15 18:16:35.0 + @@ -1,3 +1,9 @@ +tar (1.26-5) UNRELEASED; urgency=low + + * Fix included gnulib so we don't get FTBFS with eglibc-2.16 + + -- Wookey woo...@wookware.org Thu, 15 Nov 2012 18:13:30 + + tar (1.26-4) unstable; urgency=low * mark Mult-Arch: foreign to ease crossgrading, closes: #649478 diff -Nru tar-1.26/debian/patches/eglibc-2.16-ftbfs-gnulib-nogets tar-1.26/debian/patches/eglibc-2.16-ftbfs-gnulib-nogets --- tar-1.26/debian/patches/eglibc-2.16-ftbfs-gnulib-nogets 1970-01-01 00:00:00.0 + +++ tar-1.26/debian/patches/eglibc-2.16-ftbfs-gnulib-nogets 2012-11-15 16:44:41.0 + @@ -0,0 +1,491 @@ +Description: Allow package to build with glibc-2.16 + 'gets' has been removed from glibc-2.16 but gnulib still refers to it + causing build failures. + The simple fix for now is just to put a check around the reference in + lib/stdio.in.h + A new release made with a new gnulib is a better fix. + . + tar (1.26-5) unstable; urgency=low + . + * Fix gnu/stdio.in.h to build with glibc-2.16 (gets removed) +Author: Wookey woo...@wookware.org +Last-Update: 2012-11-5 +Bug : http://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00186.html +Bug-Debian: http://bugs.debian.org/687986 +Forwarded: not-needed + +--- tar-1.26.orig/gnu/stdio.in.h tar-1.26/gnu/stdio.in.h +@@ -164,7 +164,9 @@ _GL_WARN_ON_USE (fflush, fflush is not +so any use of gets warrants an unconditional warning. Assume it is +always declared, since it is required by C89. */ + #undef gets ++#ifdef HAVE_RAW_DECL_GETS + _GL_WARN_ON_USE (gets, gets is a security hole - use fgets instead); ++#endif + + #if @GNULIB_FOPEN@ + # if @REPLACE_FOPEN@ +--- tar-1.26.orig/build-aux/config.sub tar-1.26/build-aux/config.sub +@@ -2,9 +2,9 @@ + # Configuration validation subroutine script. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +-# 2011 Free Software Foundation, Inc. ++# 2011, 2012 Free Software Foundation, Inc. + +-timestamp='2011-02-24' ++timestamp='2012-04-18' + + # This file is (in principle) common to ALL GNU software. + # The presence of a machine in this file suggests that SOME GNU software +@@ -21,9 +21,7 @@ timestamp='2011-02-24' + # GNU General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see http://www.gnu.org/licenses/. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -76,8 +74,8 @@ version=\ + GNU config.sub ($timestamp) + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +@@ -132,6 +130,10 @@ case $maybe_os in + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++os=-linux-android ++basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -223,6 +225,12 @@ case $os in + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -247,17 +255,22 @@ case $basic_machine in + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ |
Processed: Re: Bug#693352: tar: FTBFS with eglibc-2.16 (due to outdated gnulib)
Processing control commands: severity -1 normal Bug #693352 [tar] tar: FTBFS with eglibc-2.16 (due to outdated gnulib) Severity set to 'normal' from 'serious' -- 693352: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693352 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693352: tar: FTBFS with eglibc-2.16 (due to outdated gnulib)
Control: severity -1 normal On Thu, Nov 15, 2012 at 18:40:06 +, Wookey wrote: Package: tar Version: 1.26-4 Severity: serious Tags: upstream experimental patch Justification: fails to build from source tar does not build against eglibc-2.16 due to gets having been removed but embedded gnulib in package still referring to it. Until glibc 2.16 is in sid, this is not a serious bug. Cheers, Julien signature.asc Description: Digital signature
Bug#693026: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1
On Thu, 2012-11-15 at 08:59 +0100, Emmanuel Bouthenot wrote: On Mon, Nov 12, 2012 at 02:01:13PM +0100, Emmanuel Bouthenot wrote: I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1 to testing-proposed-updates in order to fix a security issue which could permit to a remote attacker to crash weechat by forging malicious IRC messages: http://bugs.debian.org/693026 No opinions? More likely that no-one's had chance to look at it yet, given that the mail wasn't filed via the BTS, there were less than three days since the original mail and we've still got quite a few other requests to process. :-/ Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693026: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1
On Thu, Nov 15, 2012 at 08:59:07 +0100, Emmanuel Bouthenot wrote: On Mon, Nov 12, 2012 at 02:01:13PM +0100, Emmanuel Bouthenot wrote: [...] I'd like to get your approval about the upload of weechat 0.3.8-2wheezy1 to testing-proposed-updates in order to fix a security issue which could permit to a remote attacker to crash weechat by forging malicious IRC messages: http://bugs.debian.org/693026 No opinions? My opinion is you can wait more than a couple days. Cheers, Julien signature.asc Description: Digital signature
Bug#692946: cdd-dev: copyright file missing after upgrade (policy 12.5)
On Thu, Nov 15, 2012 at 10:17:08 +0100, Andreas Beckmann wrote: On 2012-11-15 09:20, Andreas Tille wrote: Andreas, could you please [ ] agree [ ] disagree to the suggestion to lower the priority of this bug. I would like to deal with this as quick as possible but I would like to hear your opinion about the action that should be done. I'm not sure how to deal with this bug properly: missing copyright file in empty transitional package, already caused by a lenny-squeeze update. Therefore Cc:ing -release@ for their opinion on this (currently RC) bug. I don't see why this should be downgraded, and I'm not seeing a rationale above. From the piuparts point of view I'd rather like to see this fixed in the package than working around this in piuparts (IIRC this is blocking about 50 rdepends from being checked). The transitional package should have been dropped for wheezy (but there wasn't any new upload after squeeze). For fixing this in jessie I'd propose to drop cdd-dev and add Package: blends-dev Conflicts: cdd-dev Replaces: cdd-dev to get rid of installations of the old faulty package. Adding conflicts seems pointless. Cheers, Julien signature.asc Description: Digital signature
Bug#693087: segfault in xscreensaver, screen revealed
clone 693087 -1 -2 -3 reassign -1 ftp.debian.org user ftp.debian@packages.debian.org usertags -1 rm retitle -1 RM: pam-rsa -- RoST; unmaintained, buggy and dangerous user release.debian@packages.debian.org reassign -2 release.debian.org usertags -2 rm retitle -2 RM: pam-rsa -- RoST; unmaintained, buggy and dangerous tags -2 + wheezy reassign -3 release.debian.org usertags -3 rm retitle -3 RM: pam-rsa -- RoST; unmaintained, buggy and dangerous tags -3 + squeeze thanks On Thu, 2012-11-15 at 07:48 +0100, Yves-Alexis Perez wrote: Control: clone -1 -2 -3 Control: reassign -2 ftpmasters Hopefully fixed now. :-) On mar., 2012-11-13 at 21:56 +0100, Yves-Alexis Perez wrote: On mar., 2012-11-13 at 09:00 -0800, Ian Zimmerman wrote: Jan Is it possible to reproduce that xscreensaver crash also without Jan libpam-rsa module being used? (when using pam-unix login Jan alternative with the same scenario) No, it doesn't happen with pam-unix. This had been kicked around the debian security team for a couple of days before this bug was posted. You may want to contact them to coordinate your response. Yes, we were made aware of the issue. Seeing the gravity of the bug, the number of people using it, the time of last (upstream) release and the number of NMU, we're considering just removing it from Debian altogether, unless you have a decisive argument to keep it (and fix the bug quickly). Doing this now (hoping the Control: syntax will work). Not so much. :-( Nor does ftpmasters@d.o or the ftpmasters package exist. :-) Hopefully it's now as you intended. ftpmasters, release team: the security team is requesting the removal of the pam-rsa package because we were made aware of the above (#693087) bug: in some situations, pam_rsa module will cause a segfault in xscreensaver, leaving the screen unlocked. Package seeems to be mostly abandonned upstream (last release in 2007, called a “beta release” and no answer from the bug address on the upstream webpage) and, although the Debian maintainer seems around, there were only NMUs since 2007. In our opinion, considering the low pam-rsa usage (and even questionning the real benefit of the package) it'd be just best to remove it altogether. Thus, we'd like the removal from at least testing and unstable. For stable, I'm a bit unsure about how we're supposed to handle a package disparition in stable, so I'm available for discussion (although we don't think it's really supportable in the current state). I've cloned a copy of the bug for stable, so we can look at that separately. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: segfault in xscreensaver, screen revealed
Processing commands for cont...@bugs.debian.org: clone 693087 -1 -2 -3 Bug #693087 [libpam-rsa] segfault in xscreensaver, screen revealed Bug 693087 cloned as bugs 693358-693360 reassign -1 ftp.debian.org Bug #693358 [libpam-rsa] segfault in xscreensaver, screen revealed Bug reassigned from package 'libpam-rsa' to 'ftp.debian.org'. No longer marked as found in versions libpam-rsa/0.8-9-2.4. Ignoring request to alter fixed versions of bug #693358 to the same values previously set user ftp.debian@packages.debian.org Setting user to ftp.debian@packages.debian.org (was a...@adam-barratt.org.uk). usertags -1 rm There were no usertags set. Usertags are now: rm. retitle -1 RM: pam-rsa -- RoST; unmaintained, buggy and dangerous Bug #693358 [ftp.debian.org] segfault in xscreensaver, screen revealed Changed Bug title to 'RM: pam-rsa -- RoST; unmaintained, buggy and dangerous' from 'segfault in xscreensaver, screen revealed' user release.debian@packages.debian.org Setting user to release.debian@packages.debian.org (was ftp.debian@packages.debian.org). reassign -2 release.debian.org Bug #693359 [libpam-rsa] segfault in xscreensaver, screen revealed Bug reassigned from package 'libpam-rsa' to 'release.debian.org'. No longer marked as found in versions libpam-rsa/0.8-9-2.4. Ignoring request to alter fixed versions of bug #693359 to the same values previously set usertags -2 rm There were no usertags set. Usertags are now: rm. retitle -2 RM: pam-rsa -- RoST; unmaintained, buggy and dangerous Bug #693359 [release.debian.org] segfault in xscreensaver, screen revealed Changed Bug title to 'RM: pam-rsa -- RoST; unmaintained, buggy and dangerous' from 'segfault in xscreensaver, screen revealed' tags -2 + wheezy Bug #693359 [release.debian.org] RM: pam-rsa -- RoST; unmaintained, buggy and dangerous Added tag(s) wheezy. reassign -3 release.debian.org Bug #693360 [libpam-rsa] segfault in xscreensaver, screen revealed Bug reassigned from package 'libpam-rsa' to 'release.debian.org'. No longer marked as found in versions libpam-rsa/0.8-9-2.4. Ignoring request to alter fixed versions of bug #693360 to the same values previously set usertags -3 rm There were no usertags set. Usertags are now: rm. retitle -3 RM: pam-rsa -- RoST; unmaintained, buggy and dangerous Bug #693360 [release.debian.org] segfault in xscreensaver, screen revealed Changed Bug title to 'RM: pam-rsa -- RoST; unmaintained, buggy and dangerous' from 'segfault in xscreensaver, screen revealed' tags -3 + squeeze Bug #693360 [release.debian.org] RM: pam-rsa -- RoST; unmaintained, buggy and dangerous Added tag(s) squeeze. thanks Stopping processing here. Please contact me if you need assistance. -- 693087: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693087 693358: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693358 693359: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693359 693360: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693360 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#666334: gnustep-back: diff for NMU version 0.20.1-2.1
gregor herrmann wrote: I've prepared an NMU for gnustep-back (versioned as 0.20.1-2.1) and uploaded it to DELAYED/2. Thanks for taking the time and effort to fix a bug in my package. The diff looks fine. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693026: Pre-approval request for t-p-u upload of weechat/0.3.8-2wheezy1
On Thu, Nov 15, 2012 at 08:27:29PM +0100, Julien Cristau wrote:
[...]
My opinion is you can wait more than a couple days.
Anyway, I've learnt today that it has been discovered another security
issue which will lead to another CVE soon, hence I suggest to wait until
this one will be fixed in unstable.
I'll come back to you for an upload in t-p-u which will fix these two
bugs in a row.
Regards,
M.
--
Emmanuel Bouthenot
mail: kolter@{openics,debian}.orggpg: 4096R/0x929D42C3
xmpp: kol...@im.openics.org irc: kolter@{freenode,oftc}
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689012: Bug #689012: chrony: Refuses to start: Fatal error : Cannot read information from uname
Hello Timo, Timo Juhani Lindfors wrote on 2012-11-14 18:47: but it does not seem to solve the problem for me. I also looked at upstream git but they have a much more complicated fix. O.K. I see this already patched source need more work. I will look for a good solution in the next days. Perhaps the git commit at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692923#30 gives the right idea. --- Have a nice day. Joachim (Germany) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 690656 is serious
Processing commands for cont...@bugs.debian.org: # needs to be fixed before release severity 690656 serious Bug #690656 [harden-remoteaudit] harden-remoteaudit: Please remove dependency on openvas-server Severity set to 'serious' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 690656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690656 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: block 690655 with 690656
Processing commands for cont...@bugs.debian.org: block 690655 with 690656 Bug #690655 [release.debian.org] RM: openvas2 [wheezy] -- RoM; abandoned-upstream 690655 was not blocked by any bugs. 690655 was not blocking any bugs. Added blocking bug(s) of 690655: 690656 thanks Stopping processing here. Please contact me if you need assistance. -- 690655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693371: insserv: Please update insserv.conf to ensure mountall-bootclean is run
Package: insserv Version: 1.14.0-4 Severity: serious Tags: patch Justification: Breaks boot See also: #677097 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677097 When we added mountall-bootclean to initscripts, I didn't realise at the time that the dependencies were insufficient, and $local_fs requires mountall-bootclean to be run, or it can be mis-ordered and delete /run. The attached patch fixes up insserv to add mountall-bootclean to $local_fs. I've included the change to both debian/patches and to insserv.conf so you can apply whatever you feel best. Flagged as serious since this does prevent systems from booting. I'm going to also make the change to sysvinit to add X-Start-Before: bootmish.sh to mountall_bootclean but it would be good to have it here as well to make it less easy to break your system. Thanks, Roger -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32.33-kvm-i386-2028-dirty (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages insserv depends on: ii libc6 2.13-35 insserv recommends no packages. Versions of packages insserv suggests: pn bootchart2 none -- no debconf information diff -urN insserv-1.14.0.original/debian/patches/11_debian_conf.patch insserv-1.14.0/debian/patches/11_debian_conf.patch --- insserv-1.14.0.original/debian/patches/11_debian_conf.patch 2012-11-15 20:28:53.639644555 + +++ insserv-1.14.0/debian/patches/11_debian_conf.patch 2012-11-15 20:32:27.459921674 + @@ -9,7 +9,7 @@ # All local filesystems are mounted (done during boot phase) # -$local_fs boot.localfs +boot.crypto -+$local_fs +mountall +mountoverflowtmp +umountfs ++$local_fs +mountall +mountall-bootclean +mountoverflowtmp +umountfs # # Low level networking (ethernet card) diff -urN insserv-1.14.0.original/insserv.conf insserv-1.14.0/insserv.conf --- insserv-1.14.0.original/insserv.conf 2012-11-15 20:28:53.639644555 + +++ insserv-1.14.0/insserv.conf 2012-11-15 20:30:57.778120460 + @@ -1,7 +1,7 @@ # # All local filesystems are mounted (done during boot phase) # -$local_fs +mountall +mountoverflowtmp +umountfs +$local_fs +mountall +mountall-bootclean +mountoverflowtmp +umountfs # # Low level networking (ethernet card)
Bug#658139: marked as done (missing mime entry)
Your message dated Thu, 15 Nov 2012 20:47:54 + with message-id e1tz6lq-00068j...@franck.debian.org and subject line Bug#658139: fixed in evince 3.4.0-3.1 has caused the Debian Bug report #658139, regarding missing mime entry to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 658139: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658139 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: evince Severity: important Tags: patch Hi, several programs (for instance see, mc) are regarding mime entries in mailcap file and can not find a PDF viewer in case only evince is installed. This ends up in something like: $ see test.pdf Error: no view mailcap rules found for type application/pdf I set this to important because this is somehow breaking the usual functionality of those programs. The following patch will fix this: diff -Nru /dev/null evince-3.2.1/debian/evince.mime --- /dev/null +++ evince-3.2.1/debian/evince.mime @@ -0,0 +1,2 @@ +application/pdf; /usr/bin/evince %s; test=test $DISPLAY != ; description=Portable Document Format; nametemplate=%s.pdf; priority=6 +application/x-pdf; /usr/bin/evince %s; test=test $DISPLAY != ; description=Portable Document Format; nametemplate=%s.pdf; priority=6 Kind regards and thanks for maintaining evince Andreas. -- System Information: Debian Release: 6.0.4 Architecture: i386 (i686) Kernel: Linux 2.6.36-xenU-4814-i386 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Source: evince Source-Version: 3.4.0-3.1 We believe that the bug you reported is fixed in the latest version of evince, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 658...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Don Armstrong d...@debian.org (supplier of updated evince package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Nov 2012 10:32:12 -0800 Source: evince Binary: evince evince-dbg evince-gtk evince-common libevdocument3-4 libevview3-3 libevince-dev gir1.2-evince-3.0 Architecture: source all amd64 Version: 3.4.0-3.1 Distribution: unstable Urgency: low Maintainer: Debian GNOME Maintainers pkg-gnome-maintain...@lists.alioth.debian.org Changed-By: Don Armstrong d...@debian.org Description: evince - Document (PostScript, PDF) viewer evince-common - Document (PostScript, PDF) viewer - common files evince-dbg - Document (PostScript, PDF) viewer - debugging symbols evince-gtk - Document (PostScript, PDF) viewer (GTK+ version) gir1.2-evince-3.0 - GObject introspection data for the evince libraries libevdocument3-4 - Document (PostScript, PDF) rendering library libevince-dev - Document (PostScript, PDF) rendering library - development files libevview3-3 - Document (PostScript, PDF) rendering library - Gtk+ widgets Closes: 658139 Changes: evince (3.4.0-3.1) unstable; urgency=low . * Non-maintainer Upload * Support the rest of the mime types that evince used to support in evince-gtk.mime and evince.mime. Closes: #658139. This also fixes #619564, #627027, and #551734 which were related to evince.mime and evince-gtk.mime. #581441 was fixed in shared-mime-info/1.0. Checksums-Sha1: 9a953d5ad3e24acf5952284cee81f27b7348f2f9 2998 evince_3.4.0-3.1.dsc b9675739e0b86d9c2802b8df4fc334e1188d6839 27486 evince_3.4.0-3.1.debian.tar.gz d7457d02bd5f122986d5e73d714a46369123ba18 5157034 evince-common_3.4.0-3.1_all.deb 761abe8b9e2bb74b2b241b6c37523321416bbb63 634916 evince_3.4.0-3.1_amd64.deb 21e6739748817993423426798136479942318c16 1627098 evince-dbg_3.4.0-3.1_amd64.deb a8cf43fbee83d013f7fa042970051992e5c916bd 630684 evince-gtk_3.4.0-3.1_amd64.deb 5f35e666c480ed25606b278c1504ae6af879cd96 652414 libevdocument3-4_3.4.0-3.1_amd64.deb 427c804cc062eefba5df51da0ba7beefa2ebc452 568612 libevview3-3_3.4.0-3.1_amd64.deb 71152b66aee6716d198a761bef2e1b1f09b7221f 714384 libevince-dev_3.4.0-3.1_amd64.deb 2384a16e9d635b086ef75224c8e59d64e92a3fda 498748 gir1.2-evince-3.0_3.4.0-3.1_amd64.deb Checksums-Sha256:
Bug#692618: marked as done (non-free files in upstream tarball (The Software shall be used for Good, not Evil))
Your message dated Thu, 15 Nov 2012 20:48:00 + with message-id e1tz6lw-0006bt...@franck.debian.org and subject line Bug#692618: fixed in jquery 1.7.2+dfsg-1 has caused the Debian Bug report #692618, regarding non-free files in upstream tarball (The Software shall be used for Good, not Evil) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692618: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692618 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: jquery Version: 1.7.2+debian-2.1 Severity: serious The upstream tarball contains files under the non-free JSON license: % rgrep -l 'The Software shall be used for Good, not Evil.' . ./build/lib/jshint.js Ansgar ---End Message--- ---BeginMessage--- Source: jquery Source-Version: 1.7.2+dfsg-1 We believe that the bug you reported is fixed in the latest version of jquery, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marcelo Jorge Vieira (metal) me...@debian.org (supplier of updated jquery package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 15 Nov 2012 13:11:00 -0200 Source: jquery Binary: libjs-jquery Architecture: source all Version: 1.7.2+dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian Javascript Maintainers pkg-javascript-de...@lists.alioth.debian.org Changed-By: Marcelo Jorge Vieira (metal) me...@debian.org Description: libjs-jquery - JavaScript library for dynamic web applications Closes: 692618 Changes: jquery (1.7.2+dfsg-1) unstable; urgency=high . * Removed non-free files in upstream tarball (Closes: #692618) Checksums-Sha1: 62ab67d1eb520b235ad0490a9f5504d0e0b234a3 1977 jquery_1.7.2+dfsg-1.dsc 1c17c0b49b4a37af469fb63a5c56cfdf919f769e 147053 jquery_1.7.2+dfsg.orig.tar.gz d2e62ae389124390c5170eb92dbc41911ba93c58 5965 jquery_1.7.2+dfsg-1.debian.tar.gz 8b71602d402b50a7cb2e997df7cb9386c5025c29 80070 libjs-jquery_1.7.2+dfsg-1_all.deb Checksums-Sha256: cbf85639eae141a8fd1df0c80fcab090d997714fd290755eadb13d221ac8893c 1977 jquery_1.7.2+dfsg-1.dsc 43384d8c975c723a3b7d6f46e7ff1518d161760e0781a37675eeda1a05a503fe 147053 jquery_1.7.2+dfsg.orig.tar.gz edddc5720631a07118445453424cd05e20ea7c0163a99a718f12dbe9eeceb2cf 5965 jquery_1.7.2+dfsg-1.debian.tar.gz 2363a8b700645439e184560bf679c110e07af5004433b2cea9d24e986a40c64d 80070 libjs-jquery_1.7.2+dfsg-1_all.deb Files: aa2d3d20a8a47ef3a1ecf3b7314f8686 1977 web optional jquery_1.7.2+dfsg-1.dsc c75b2e33e0d769bedfea8f4e7ca45d4c 147053 web optional jquery_1.7.2+dfsg.orig.tar.gz b3d996072c5d102ac37f7b4ea2a0ab89 5965 web optional jquery_1.7.2+dfsg-1.debian.tar.gz d6a0dd22a0402c609a6ba5f956703a8b 80070 web optional libjs-jquery_1.7.2+dfsg-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQpVBxAAoJEAGffgcyZKXEOxEP/jTmn+faOeMAxMlhCnzx0pHc NE9YkVNokcCpCN44ErQjqX0g9aPafnrRtEFB2bu1cVobRjQHKaTbYGYkaocJMp5Q 2ybD/6VNIDtSBeXwzS2sfZJC6Tw8Sb2UmwcdmsoPjiDQHV4zjuKEENN00rljLnNE HI6ifzSE2SNkA68peNOb+wDF9MDyAsLI9RtotF9civt03ktU8v3QXrCaPXqTFmmc Le7Z6Bf7087Xs8JARQidy91A4X0zEyWevBU7Zj3RTjAEMa7PHLWztNq8BNBrkT5t IGU8n+GFWH3bY8ckx4KE4WL0DDRVUjP5UFa+GqKdTyIJYnyGt4e1+0uao+/DNBwY IaXhysktKsvsllU4Vf5u77vIGNoQlMOVUuqVR9n71atMcuwYsBBiKxHlJhIbC13F VvlcaBHFDPeRuTiJcGC3juZdOpyE9QKkIEtEZpCyhsHgESRt1NCC3hU3u4lJNG4R lYbAr3VE7A5oalx4I9N9YNh+tF4p66Vh0mAxhnktG6Dw0YJNzxBdtuDet/E3OWDa zhLltSsCV+E5sWxTw8yXNGLQek2n6/mhSIeftDJacvnHQEn64+BIU2NH03mVPYY4 c/+1b2p0eS6FMXT503RLeQ13wPosu4FZ5KZG1F6s23McfUrBki7jiCmkm16m5Pf2 gCBL+JpEqsG+dOUedbte =IDGP -END PGP SIGNATUREEnd Message---
Processed: forcibly merging 693015 693016
Processing commands for cont...@bugs.debian.org:
forcemerge 693015 693016
Bug #693015 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record
could cause named to terminate
Bug #693016 {Done: Matthew Grant matthewgra...@gmail.com} [bind9] bind9:
CVE-2012-4244 - A specially crafted Resource Record could cause named to
terminate
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions bind9/1:9.9.2.dfsg-1 and
bind9/1:9.8.4.dfsg-1.
Bug #693016 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record
could cause named to terminate
Marked as fixed in versions bind9/1:9.9.2.dfsg-1 and bind9/1:9.8.4.dfsg-1.
Merged 693015 693016
thanks
Stopping processing here.
Please contact me if you need assistance.
--
693015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693015
693016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: found 693015 in bind9/1:9.7.3.dfsg-1~squeeze7
Processing commands for cont...@bugs.debian.org: found 693015 bind9/1:9.7.3.dfsg-1~squeeze7 Bug #693015 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Bug #693016 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Marked as found in versions bind9/1:9.7.3.dfsg-1~squeeze7. Marked as found in versions bind9/1:9.7.3.dfsg-1~squeeze7. thanks Stopping processing here. Please contact me if you need assistance. -- 693015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693015 693016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693016 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: notfound 693015 in bind9/1:9.7.3.dfsg-1~squeeze7, found 693015 in bind9/1:9.7.3.dfsg-1 ...
Processing commands for cont...@bugs.debian.org: notfound 693015 bind9/1:9.7.3.dfsg-1~squeeze7 Bug #693015 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Bug #693016 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate No longer marked as found in versions bind9/1:9.7.3.dfsg-1~squeeze7. No longer marked as found in versions bind9/1:9.7.3.dfsg-1~squeeze7. found 693015 bind9/1:9.7.3.dfsg-1 Bug #693015 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Bug #693016 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Marked as found in versions bind9/1:9.7.3.dfsg-1. Marked as found in versions bind9/1:9.7.3.dfsg-1. fixed 693015 bind9/1:9.7.3.dfsg-1~squeeze7 Bug #693015 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Bug #693016 [bind9] bind9: CVE-2012-4244 - A specially crafted Resource Record could cause named to terminate Marked as fixed in versions bind9/1:9.7.3.dfsg-1~squeeze7. Marked as fixed in versions bind9/1:9.7.3.dfsg-1~squeeze7. thanks Stopping processing here. Please contact me if you need assistance. -- 693015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693015 693016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693016 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693017: marked as done (concavity: FTBFS on non-amd64 platforms: tries to copy file from .../bin/x86_64.)
Your message dated Thu, 15 Nov 2012 21:32:28 + with message-id e1tz72y-0006o9...@franck.debian.org and subject line Bug#693017: fixed in concavity 0.1-2 has caused the Debian Bug report #693017, regarding concavity: FTBFS on non-amd64 platforms: tries to copy file from .../bin/x86_64. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693017: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693017 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: concavity Version: 0.1-1 Severity: serious Justification: fails to build from source Builds of concavity for any architectures other than amd64 and freebsd-amd64 have been failing because the Debian packaging wrongly expects to find the executable(s?) in a .../bin/x86_64 directory: dh_install -a -O--parallel cp: cannot stat `debian/tmp/bin/x86_64/concavity': No such file or directory dh_install: cp -a debian/tmp/bin/x86_64/concavity debian/concavity/usr/bin/ returned exit code 1 make: *** [binary-arch] Error 2 Could you please use a wildcard to account for all the other possible architectures? Thanks! ---End Message--- ---BeginMessage--- Source: concavity Source-Version: 0.1-2 We believe that the bug you reported is fixed in the latest version of concavity, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 693...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Kajan lka...@rostlab.org (supplier of updated concavity package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 10 Oct 2012 18:05:08 +0200 Source: concavity Binary: concavity concavity-dbg Architecture: source amd64 Version: 0.1-2 Distribution: unstable Urgency: low Maintainer: Debian Med Packaging Team debian-med-packag...@lists.alioth.debian.org Changed-By: Laszlo Kajan lka...@rostlab.org Description: concavity - predictor of protein ligand binding sites from structure and cons concavity-dbg - predictor of protein ligand binding sites (debug) Closes: 693017 Changes: concavity (0.1-2) unstable; urgency=low . * Added cmd line argument for limiting cavity threshold search steps. * Use a wildcard to account for all architectures (Closes: #693017). Checksums-Sha1: 2861de1f74ff5dd0b0ea12301c35e60bf4d0e1f3 2021 concavity_0.1-2.dsc cd927ef046169767b3c5d3b547dcf80429e0a2b4 10918 concavity_0.1-2.debian.tar.gz 0e02ec83d9e1bb257dacf93427e57e2bfbc8b8c0 314588 concavity_0.1-2_amd64.deb 6914df7b60500df5074aeff914e54eb16d40226e 930866 concavity-dbg_0.1-2_amd64.deb Checksums-Sha256: 3ba0cd089d337b08d300651e8edd1097607b9c771675b789bc85d6a7243fd344 2021 concavity_0.1-2.dsc 91788777e598f8c93fb57f8fed5fefeee717f6fbe2335208d934cc07b9050235 10918 concavity_0.1-2.debian.tar.gz 1256c6466b2f508dedf37a0b2826bf065d673011dc86defe6f90e6c7a038fc67 314588 concavity_0.1-2_amd64.deb a75cae4b53f0f922530e5d5e63f76c282d98bad8ba781ecc2a0fed0f856302aa 930866 concavity-dbg_0.1-2_amd64.deb Files: 81beb777d8d1a94e60faaad181d23265 2021 science extra concavity_0.1-2.dsc fdb84379b138c989ec481103039e0110 10918 science extra concavity_0.1-2.debian.tar.gz cd83cbb7a6303f54dd970b826724030e 314588 science extra concavity_0.1-2_amd64.deb 8f78d59162d5e8e11a4b388ac68e1e9e 930866 debug extra concavity-dbg_0.1-2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQpVrvAAoJEJvS1kCaDFL6avEQALvwk1C6Fz1ThYLohanoBEod Y4RfjUeIc49Dx6LjoeBG8uaDA4QTzsLh52LokX4GhDzqqOxGnMp3u5Rosv4be966 5qjLlHv8wQQzUZGDsXr0NID1Kra17qlY6obkkoSYdtdRBTRU7hUywb1Sr+GFUdwr WD9R+XPfvenxUkObH16VfJ7RSB23zOqTwmC69Cd5sfOQhT+GrQVdxvSYPT+1ed/l sebZNUv0bbJbZJRmCj5reledViLjcU94UUpRFHYHf/PaVjFCg1NqeT0+R36x0doV iBrkaG6uzEbYXPByH0pZ+fiKmt5JrMHdEm0V5+f1vbvBP2n0UVdmJBrfrj04W1fX VRXxjP+TkdIxIcnafN9QSkWN/YClJtuTAz2b6fI2f4A8qGeuaZt/S3AtmfqKASBh znIJKHu/tWsPq8KNw1DPKyGjXJcOHtr4o3yOYhtsEnrc+aLgYkcOaZeKGaTGKaNG 6k0CmgfLbZ74Vai32O+7qQo0d9K5ymPRnSY3hWGOAWpdg5Op90MoxiHep/Bovh1L 2WeyOI+3hfi9Qla/nPcAH8iNQ8oL/9H9GPUPA+M5+ocs06y0AYKaFPIMYAynAGdv 6K2vlbe9hKamAHlPO3B5UYwWWEGZvAhZpIRhd/ONJa5LLiGPJMCGYH1gXHPzEiEz lY3/J8OykVu1KGzoQNWp =RVgd -END PGP SIGNATUREEnd Message---
Bug#666334: gnustep-back: diff for NMU version 0.20.1-2.1
On Thu, 15 Nov 2012 21:49:53 +0200, Yavor Doganov wrote: I've prepared an NMU for gnustep-back (versioned as 0.20.1-2.1) and uploaded it to DELAYED/2. Thanks for taking the time and effort to fix a bug in my package. The diff looks fine. Thanks for your feedback and for taking the time to check the diff. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: Kurt Ostbahn Die Kombo: So gern so vü signature.asc Description: Digital signature
Processed: found 681457 in 1.7.13-1, severity of 681457 is serious
Processing commands for cont...@bugs.debian.org: found 681457 1.7.13-1 Bug #681457 [libaudit0] libaudit: does not actually support ARM, breaks linked binary like readahead Marked as found in versions audit/1.7.13-1. severity 681457 serious Bug #681457 [libaudit0] libaudit: does not actually support ARM, breaks linked binary like readahead Severity set to 'serious' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 681457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681457 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#693388: ghostscript: enters an infinite loop on some PDF files, probably due to gs_2_colors patch
Package: ghostscript Version: 8.71~dfsg2-9 Severity: grave Hi, We're having problem with gs going into infinite loops when people print some given PDFs from CUPS, so after a few days you have fifteen gs processes that use 100% CPU and the rest of your system doesn't really work too well. The command line is: gs -dFirstPage=1 -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs -sIjsServer=hpijs -dDEVICEWIDTHPOINTS=612 -dDEVICEHEIGHTPOINTS=792 -sDeviceManufacturer=HEWLETT-PACKARD -sDeviceModel=HP\ LaserJet -dDuplex=false -r600 -sIjsParams=Quality:Quality=0,Quality:ColorMode=0,Quality:MediaType=0,Quality:PenSet=0,PS:MediaPosition=7 -dIjsUseOutputFD -sOutputFile=/dev/null foomatic-IU6jZL I am unfortunately not at a liberty to include the example PDF itself (foomatic-IU6jZL) in the BTS, as it contains non-public information; please send me private email for a copy. This does not happen with upstream 8.71. If I build the package without 0940_Merge_gs_2_colors_branch.patch, the problem goes away and the job completes in 5-6 seconds. It happens every time for me with this PDF and command-line flags. -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.5.4 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ghostscript depends on: ii debconf [de 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4.2 Fonts for the Ghostscript interpre ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libgs8 8.71~dfsg2-9 The Ghostscript PostScript/PDF int ghostscript recommends no packages. ghostscript suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#691933: marked as done (libphp-jpgraph depends on contrib: ttf-mscorefonts-installer)
Your message dated Fri, 16 Nov 2012 00:02:32 + with message-id e1tz9oc-00088m...@franck.debian.org and subject line Bug#691933: fixed in libphp-jpgraph 1.5.2-12.1 has caused the Debian Bug report #691933, regarding libphp-jpgraph depends on contrib: ttf-mscorefonts-installer to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 691933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691933 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libphp-jpgraph Version: 1.5.2-12 Severity: serious Justification: Policy 2.2.1 The main archive area = Problem = Package libphp-jpgraph depends on ttf-mscorefonts-installer in contrib ttf-liberation | ttf-mscorefonts-installer But listing contrib package in Depends field is clear violation of Policy. = Analisys = As I understand you wish to make at least one of these fonts to be available automatically just like libreoffice does by slighly weaker recommends. Both of these are clear violation of Policy. = Proposed resolution = Now that ttf-liberation is a dummy transitional package, let's list fonts-liberation and skip listing ttf-mscorefonts-installer for this package. Let me file another bug report to ttf-mscorefonts-installer to add following Provides: fonts-liberation This will fix root cause of main area FREE package listing non-free/contrib packages. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (10, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Source: libphp-jpgraph Source-Version: 1.5.2-12.1 We believe that the bug you reported is fixed in the latest version of libphp-jpgraph, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 691...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot taf...@debian.org (supplier of updated libphp-jpgraph package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 13 Nov 2012 19:29:03 -0400 Source: libphp-jpgraph Binary: libphp-jpgraph libphp-jpgraph-examples Architecture: source all Version: 1.5.2-12.1 Distribution: unstable Urgency: low Maintainer: Christian Bayle ba...@debian.org Changed-By: David Prévot taf...@debian.org Description: libphp-jpgraph - Object oriented graph library for php5 libphp-jpgraph-examples - Object oriented graph library for php5 (examples) Closes: 691933 Changes: libphp-jpgraph (1.5.2-12.1) unstable; urgency=low . * Non-maintainer upload. * debian/control: - Drop ttf-mscorefonts-installer from dependencies. (Closes: #691933) - Depends on fonts-liberation instead of dummy ttf-liberation transitional package. * src/jpgraph_dir.php: adjust to fonts-liberation path. Checksums-Sha1: 3e4b2b8ee4544f5b6e7ad73a5df8700bc5c8ace7 1768 libphp-jpgraph_1.5.2-12.1.dsc bbd0d124eb5e678b86ff72144ccaec459b7b5e3f 8881 libphp-jpgraph_1.5.2-12.1.diff.gz 1e2133461487407d800d97afdb3d8a6304ae7eba 92696 libphp-jpgraph_1.5.2-12.1_all.deb c126425bfb66a56fffac040b840fd5eae8749169 98140 libphp-jpgraph-examples_1.5.2-12.1_all.deb Checksums-Sha256: 53672583beeb4c94f4152d4878f96d196283b596c6cb950de70cc15d8579c745 1768 libphp-jpgraph_1.5.2-12.1.dsc 32570ef0cd63bb51988301bca676b93039b5aab6499259a0b76406c0e0b6ec94 8881 libphp-jpgraph_1.5.2-12.1.diff.gz 93602c1d464aafd0f9fc34e4e855c0acd3b6e3bb49d9fb25be6701fba5422f46 92696 libphp-jpgraph_1.5.2-12.1_all.deb df99c8e2436d8eaadde40bbd1e055c0c85d207c3cea59cb45caa8a8757a09aab 98140 libphp-jpgraph-examples_1.5.2-12.1_all.deb Files: a01db7b18fcf05683fe2794f2f1b0f57 1768 php optional libphp-jpgraph_1.5.2-12.1.dsc 142982ab9cf07b453e0ecc7598eea578 8881 php optional libphp-jpgraph_1.5.2-12.1.diff.gz 15f08c83dcdb9fcc18a73af7e58e7b2e 92696 php optional libphp-jpgraph_1.5.2-12.1_all.deb 1a64179fedd04e37bd2b60bacd097e6e 98140 php optional libphp-jpgraph-examples_1.5.2-12.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12
Bug#691883: mahara debdiffs
Debdiffs attached, release team cc'd.
Sorry for the delay. Had some urgent important interruptions to deal with.
As far as I know, I do not have any upload rights, so I believe this is
as far as I can go without assistance. My usual accomplice is busy until
next week some time, so if the patches are deemed ok, please proceed to
uploading if you can.
diff -Nru mahara-1.5.1/debian/changelog mahara-1.5.1/debian/changelog
--- mahara-1.5.1/debian/changelog 2012-10-28 02:11:42.0 +
+++ mahara-1.5.1/debian/changelog 2012-11-12 23:07:24.0 +
@@ -1,3 +1,36 @@
+
+mahara (1.5.1-3) unstable; urgency=high
+
+ * SECURITY UPDATE: Disable XML entity parsing to prevent XEE
+- debian/patches/CVE-2012-2239.patch: upstream patch
+
+ * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
+- Content passed to the error message was not escaped
+- Escape pieform errors displayed to users
+- debian/patches/CVE-2012-2243-0001.patch: upstream patch
+- XHTML files prone to embedded javascript
+- Prevent uploaded xhtml files from displaying verbatim
+- debian/patches/CVE-2012-2243-0002.patch: upstream patch
+
+ * SECURITY UPDATE: Arbitrary file execution via clam path
+- Remove executable bit from existing uploaded files
+- debian/patches/CVE-2012-2244-0001.patch: upstream patch
+- Ensure future files will not be executable
+- debian/patches/CVE-2012-2244-0002.patch: upstream patch
+- Remove direct path option from web configuration
+- debian/patches/CVE-2012-2244-0003.patch: upstream patch
+
+ * SECURITY UPDATE: Prevent click-jacking attacks
+- Add a HTTP header of X-Frame-Options to every page
+- debian/patches/CVE-2012-2246.patch: upstream patch
+
+ * SECURITY UPDATE: Prevent SVG images being displayed
+- SVG images displayed inline
+- Adds SVG files to the list of files to not display by default
+- debian/patches/CVE-2012-2247.patch: upstream patch
+
+ -- Melissa Draper meli...@catalyst.net.nz Tue, 12 Nov 2012 04:08:09 +
+
mahara (1.5.1-2.1) unstable; urgency=low
* Non-maintainer upload
diff -Nru mahara-1.5.1/debian/patches/CVE-2012-2239.patch mahara-1.5.1/debian/patches/CVE-2012-2239.patch
--- mahara-1.5.1/debian/patches/CVE-2012-2239.patch 1970-01-01 00:00:00.0 +
+++ mahara-1.5.1/debian/patches/CVE-2012-2239.patch 2012-11-12 23:07:24.0 +
@@ -0,0 +1,70 @@
+Author: Hugh Davenport h...@catalyst.net.nz
+Description: Disable XML entity parsing
+Origin: upstream
+Bug: https://bugs.launchpad.net/mahara/+bug/1047111
+Last-Update: 2012-09-11
+
+Fix XML Security bug
+
+There is a security issue with the default XML parser for PHP, where ENTITY fields are
+loaded and substituted in text parts.
+
+This allows possible attackers to read from internal networks, or files readable by the
+web server user.
+
+This includes reading of the config.php file, which contains sensitive information such
+as the database password, and the password salt field.
+
+The fix for this was to include a call to libxml_disable_entity_loader(true) during the
+initialization of a page. This is based on a report from Mike Haworth
+
+The vulnerability was present in the admin area when uploading Leap2A users, and also in
+the user page area where a user could provide a RSS feed with specific XML ENTITY fields.
+
+More information can be found at the following:
+ http://projects.webappsec.org/w/page/13247003/XML%20External%20Entities
+ http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
+
+diff --git a/htdocs/blocktype/externalfeed/db/upgrade.php b/htdocs/blocktype/externalfeed/db/upgrade.php
+index 90e79f9..a6ba403 100644
+--- a/htdocs/blocktype/externalfeed/db/upgrade.php
b/htdocs/blocktype/externalfeed/db/upgrade.php
+@@ -106,5 +106,12 @@ function xmldb_blocktype_externalfeed_upgrade($oldversion=0) {
+ add_field($table, $field);
+ }
+
++if ($oldversion 2011091402) {
++// Reset all feeds to reset themselves
++set_field('blocktype_externalfeed_data', 'lastupdate', db_format_timestamp('0'));
++safe_require('blocktype', 'externalfeed');
++call_static_method('PluginBlocktypeExternalfeed', 'refresh_feeds');
++}
++
+ return true;
+ }
+diff --git a/htdocs/blocktype/externalfeed/version.php b/htdocs/blocktype/externalfeed/version.php
+index 24b1e09..cd84230 100644
+--- a/htdocs/blocktype/externalfeed/version.php
b/htdocs/blocktype/externalfeed/version.php
+@@ -28,5 +28,5 @@
+ defined('INTERNAL') || die();
+
+ $config = new StdClass;
+-$config-version = 2011091401;
++$config-version = 2011091402;
+ $config-release = '1.0.3';
+diff --git a/htdocs/init.php b/htdocs/init.php
+index 07c8c47..0865428 100644
+--- a/htdocs/init.php
b/htdocs/init.php
+@@ -58,6 +58,10 @@ if (!is_readable($CFG-docroot . 'config.php')) {
+
+ init_performance_info();
+
++if (function_exists('libxml_disable_entity_loader')) {
Bug#693388: marked as done (ghostscript: enters an infinite loop on some PDF files, probably due to gs_2_colors patch)
Your message dated Thu, 15 Nov 2012 21:36:58 -0500 with message-id CANTw=mpz1cduazudhnad+1p5+hzrrptdf+ys-7ogfn_wpg8...@mail.gmail.com and subject line Re: Bug#693388: ghostscript: enters an infinite loop on some PDF files, probably due to gs_2_colors patch has caused the Debian Bug report #693388, regarding ghostscript: enters an infinite loop on some PDF files, probably due to gs_2_colors patch to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693388 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: ghostscript Version: 8.71~dfsg2-9 Severity: grave Hi, We're having problem with gs going into infinite loops when people print some given PDFs from CUPS, so after a few days you have fifteen gs processes that use 100% CPU and the rest of your system doesn't really work too well. The command line is: gs -dFirstPage=1 -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs -sIjsServer=hpijs -dDEVICEWIDTHPOINTS=612 -dDEVICEHEIGHTPOINTS=792 -sDeviceManufacturer=HEWLETT-PACKARD -sDeviceModel=HP\ LaserJet -dDuplex=false -r600 -sIjsParams=Quality:Quality=0,Quality:ColorMode=0,Quality:MediaType=0,Quality:PenSet=0,PS:MediaPosition=7 -dIjsUseOutputFD -sOutputFile=/dev/null foomatic-IU6jZL I am unfortunately not at a liberty to include the example PDF itself (foomatic-IU6jZL) in the BTS, as it contains non-public information; please send me private email for a copy. This does not happen with upstream 8.71. If I build the package without 0940_Merge_gs_2_colors_branch.patch, the problem goes away and the job completes in 5-6 seconds. It happens every time for me with this PDF and command-line flags. -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.5.4 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ghostscript depends on: ii debconf [de 1.5.36.1 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4.2 Fonts for the Ghostscript interpre ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libgs8 8.71~dfsg2-9 The Ghostscript PostScript/PDF int ghostscript recommends no packages. ghostscript suggests no packages. -- debconf-show failed ---End Message--- ---BeginMessage--- version: 9.01~dfsg-1 On Thu, Nov 15, 2012 at 5:25 PM, Steinar H. Gunderson wrote: This does not happen with upstream 8.71. If I build the package without 0940_Merge_gs_2_colors_branch.patch, the problem goes away and the job completes in 5-6 seconds. It happens every time for me with this PDF and command-line flags. Dropped in the above version. You may want to consider pinning wheezy's package or upgrading. Best wishes, Mike---End Message---
Bug#690252: google-glog: FTBFS on hurd-i386: missing autoreconf
control: severity -1 important This is a FTBFS, thus using severity serious. ... on hurd, which is not a release architecture. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: re: google-glog: FTBFS on hurd-i386: missing autoreconf
Processing control commands: severity -1 important Bug #690252 [src:google-glog] google-glog: FTBFS on hurd-i386: missing autoreconf Severity set to 'important' from 'serious' -- 690252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690252 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#691883: #691883 mahara debdiffs
Hi, hmm, the patches look ok, especially the DEP-3 headers are useful. However, the debdiff seems to be for squeeze and not for wheezy? Are in fact both squeeze and wheezy affected by the bugs? If yes, we need two uploads. -Timo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#658739: Patch from Ubuntu
I rebuild Wheezy's version of libgcrypt11_1.5.0-3 with the patch(no_global_init_during_thread_callbacks.diff) from Ubuntu. I can confirm the new patched version of libgcrypt solves this problem, and I am able to use sudo again. Can someone review this patch and see if it would be a suitable solution to fix this problem? If needed I can prepare a NMU. Regards, Martijn van Brummelen diff -Nur -x '*.orig' -x '*~' libgcrypt11/src/global.c libgcrypt11.new/src/global.c --- libgcrypt11/src/global.c2012-05-24 16:25:08.500282000 -0400 +++ libgcrypt11.new/src/global.c2012-05-24 16:31:09.986542239 -0400 @@ -440,8 +440,6 @@ case GCRYCTL_SET_THREAD_CBS: err = ath_install (va_arg (arg_ptr, void *), any_init_done); - if (! err) - global_init (); break; case GCRYCTL_FAST_POLL:
Processed: your mail
Processing commands for cont...@bugs.debian.org: tags 690229 patch Bug #690229 [google-glog] google-glog ftbfs on i386 in unstable Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. -- 690229: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690229 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
