Bug#695272: libphone-utils0: harmful postrm purge action in M-A:same package
On Fri, Dec 07, 2012 at 12:41:19AM +0100, Dominik George wrote: I propose that you, Helmut, try to test whether this fixes the problem and report back if it does. Thanks for your work on this issue. Introducing a new binary package is a quite big change. Please contact the release team on whether such a change is acceptable at this point of the freeze. Note that simply removing M-A:same is also way to solve this issue and that libphone-utils0 has very few reverse dependencies. This is not to say that the general approach of splitting the package would be flawed. To the contrary. So I encourage you to target experimental or even unstable with such a fix independently. The new package you are introducing is named libphone-utils0-common. So when there is a soname bump, there will be a libphone-utils1-common package. Those packages then share a configuration file. Transferring that configuration file across packages seems difficult at best. It might be better to drop the soname from the common package. This is not without problems though. I suggest to wait for a maintainer response on this issue. Unrelated to the reported issue, the code updating the configuration file could to better at leaving backup files in case something goes wrong. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695250: tomcat6: CVE-2012-4534 CVE-2012-4431 CVE-2012-3546
On Thu, Dec 06, 2012 at 10:23:17PM -0800, tony mancill wrote: On 12/05/2012 11:43 PM, Moritz Muehlenhoff wrote: Package: tomcat6 Severity: grave Tags: security Justification: user security hole More Tomcat security issues have been disclosed: http://tomcat.apache.org/security-6.html The page contains links to the upstream fixes. BTW, is there a specific reason why both tomcat6 and tomcat7 are present in Wheezy? This will duplicate all efforts for security updates in Wheezy. Hi Moritz, I have an updated package that includes the patches for these 3 CVEs and am doing some smoke-testing now. But before I upload, I have a question about what is permissible to include in the upload. I'd like to rename the patches that were included in the 6.0.35-5+nmu1 upload so they follow the same naming convention as the other patches in the package and include the origin patch header. (As you point out, after all, we'll be supporting this package for a long time to come.) Also, I'd like to quilt refresh the patches in the package, as they're getting a bit fuzzy. So, no substantive or real packaging changes, but the interdiff will be a bit larger. Is that okay, or should I upload with only the new patches for the CVEs applied? Release managers are busy enough already, so please keep it as minimal as possible. Regarding tomcat6 and tomcat7, although they are certainly related, they implement different versions of the servlet and JSP specifications [1], and there are a number still organizations running applications developed for/tested on tomcat6 in production. There is a migration guide for going from 6.x to 7.x that must be taken into consideration [2]. But specifically for Debian, there are still a number of packages in wheezy that depend explicitly on tomcat6 and/or libservlet2.5-java. According to popcon, tomcat6 is about 5x more popular than tomcat7, and libservlet2.5 is quite popular indeed [3,4]. Ok, but tomcat6 should be removed for jessie, then. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#681549: Still present in 1.2.0-3
This bug seems to still exist in CouchDB 1.2.0-3 update that was pushed out recently in Wheezy. Setting up couchdb (1.2.0-3) ... Installing new version of config file /etc/init.d/couchdb ... Installing new version of config file /etc/logrotate.d/couchdb ... [] Starting database server: couchdbApache CouchDB needs write permission on the PID file: /var/run/couchdb/couchdb.pid failed! invoke-rc.d: initscript couchdb, action start failed. dpkg: error processing couchdb (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: couchdb E: Sub-process /usr/bin/dpkg returned an error code (1) NOTICE AND DISCLAIMER This e-mail (including any attachments) is intended for the above-named person(s). If you are not the intended recipient, notify the sender immediately, delete this email from your system and do not disclose or use for any purpose. We may monitor all incoming and outgoing emails in line with current legislation. We have taken steps to ensure that this email and attachments are free from any virus, but it remains your responsibility to ensure that viruses do not adversely affect you -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695334: openarena-dbg: dependency on openarena-server is both insufficient and undesired
Package: openarena-dbg
Version: 0.8.8-5+deb7u1
Severity: serious
Justification: Policy §12.5
Tags: pending
In squeeze, openarena-server contained the dedicated server and
client/server game logic, and openarena depended on openarena-server
for the game logic. It contained an init script for the dedicated server,
but that init script contravened normal Debian practice by being
disabled by default.
In wheezy, openarena contains a separate copy of the game logic
(the required openarena*-data family of packages are so huge that a
second copy of some C code is insignificant by comparison) and no longer
depends on openarena-server. openarena-server's init script is enabled
by default for new installations, with some magic in the preinst to
ensure that it is still disabled when upgrading from a version where
it was disabled by default.
openarena-dbg's directory in /usr/share/doc is currently a symlink
to openarena-server, resulting in debhelper adding a depencency
on openarena-server to ${misc:Depends}. In squeeze, this made sense,
but in wheezy, there are two problems with this:
1) the dependency isn't strictly versioned (Policy §12.5: this results in
/usr/share/doc/openarena-dbg/copyright not necessarily containing
copyright information for a matching version of openarena-dbg)
2) users who install openarena-dbg to debug an openarena crash, having
never had openarena-server installed, will get openarena-server
installed via the dependency and enabled by default, which is undesired
This is easily fixed.
S
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692650: marked as done (axis: CVE-2012-5784)
Your message dated Fri, 07 Dec 2012 09:32:45 + with message-id e1tguix-0006ae...@franck.debian.org and subject line Bug#692650: fixed in axis 1.4-16.2 has caused the Debian Bug report #692650, regarding axis: CVE-2012-5784 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: axis Severity: grave Tags: security Justification: user security hole CVE-2012-5784 has been assigned to Axis being affected by the issues described in this paper: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf (See Section 8.1) Cheers, Moritz ---End Message--- ---BeginMessage--- Source: axis Source-Version: 1.4-16.2 We believe that the bug you reported is fixed in the latest version of axis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Fernández Martínez inf...@gmail.com (supplier of updated axis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 6 Dec 2012 14:28:00 +0100 Source: axis Binary: libaxis-java libaxis-java-doc Architecture: source all Version: 1.4-16.2 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: Alberto Fernández Martínez inf...@gmail.com Description: libaxis-java - SOAP implementation in Java libaxis-java-doc - SOAP implementation in Java (documentation) Closes: 692650 Changes: axis (1.4-16.2) unstable; urgency=low . * Non-maintainer upload. * Fix CVE-2012-5784 (Closes: #692650) * Fix CN extraction from DN of X500 principal. * Fix wildcard validation on ssl connections Checksums-Sha1: 48f38fa463e1c0897a9e52c04ac691ffb195d7ae 1602 axis_1.4-16.2.dsc 8f578501c50e7d1a342ba40da7ada21f0508d896 11868 axis_1.4-16.2.debian.tar.gz 5bd1b2d03f2c53f044edc451ac6d171f05b6fd43 1494606 libaxis-java_1.4-16.2_all.deb c9d5ceacfb918dd6f7feab2b8b287426dabbb04f 2036068 libaxis-java-doc_1.4-16.2_all.deb Checksums-Sha256: 88dce098ba6314366bc365cd04897ae057e8b9d863b3a991d37a6c044fc6967a 1602 axis_1.4-16.2.dsc a844225b1c10b50e59ff9ed295e9d01db4546451400eb611780e77e94878b227 11868 axis_1.4-16.2.debian.tar.gz 032d34c27629460224bed4ab314c4e1475af22633bb2e00bdfdbe56100f7d194 1494606 libaxis-java_1.4-16.2_all.deb d7def35539b836ab97e408eb1a20058789a519cc02ac4cfb73d4d2bc82188781 2036068 libaxis-java-doc_1.4-16.2_all.deb Files: e4970d88f7ffbeca4944d92d15ab15f4 1602 java optional axis_1.4-16.2.dsc 16b495a03148b42d2ceec1e2a351b2e5 11868 java optional axis_1.4-16.2.debian.tar.gz 9602c21a20bea96e5d901f1a4e0afccc 1494606 java optional libaxis-java_1.4-16.2_all.deb cabf67754524fa146cb1803efbc59987 2036068 doc optional libaxis-java-doc_1.4-16.2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlDBtzAACgkQYDBbMcCf01rmegCeO+D1kGu17NdOSNWaD8CeJH1u uRsAoJ9c8DzzWXirqDaVFvrJ43fENEUq =oY9m -END PGP SIGNATUREEnd Message---
Bug#695334: marked as done (openarena-dbg: dependency on openarena-server is both insufficient and undesired)
Your message dated Fri, 07 Dec 2012 10:02:59 +
with message-id e1tguln-0001id...@franck.debian.org
and subject line Bug#695334: fixed in openarena 0.8.8-5+deb7u2
has caused the Debian Bug report #695334,
regarding openarena-dbg: dependency on openarena-server is both insufficient
and undesired
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
695334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695334
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: openarena-dbg
Version: 0.8.8-5+deb7u1
Severity: serious
Justification: Policy §12.5
Tags: pending
In squeeze, openarena-server contained the dedicated server and
client/server game logic, and openarena depended on openarena-server
for the game logic. It contained an init script for the dedicated server,
but that init script contravened normal Debian practice by being
disabled by default.
In wheezy, openarena contains a separate copy of the game logic
(the required openarena*-data family of packages are so huge that a
second copy of some C code is insignificant by comparison) and no longer
depends on openarena-server. openarena-server's init script is enabled
by default for new installations, with some magic in the preinst to
ensure that it is still disabled when upgrading from a version where
it was disabled by default.
openarena-dbg's directory in /usr/share/doc is currently a symlink
to openarena-server, resulting in debhelper adding a depencency
on openarena-server to ${misc:Depends}. In squeeze, this made sense,
but in wheezy, there are two problems with this:
1) the dependency isn't strictly versioned (Policy §12.5: this results in
/usr/share/doc/openarena-dbg/copyright not necessarily containing
copyright information for a matching version of openarena-dbg)
2) users who install openarena-dbg to debug an openarena crash, having
never had openarena-server installed, will get openarena-server
installed via the dependency and enabled by default, which is undesired
This is easily fixed.
S
---End Message---
---BeginMessage---
Source: openarena
Source-Version: 0.8.8-5+deb7u2
We believe that the bug you reported is fixed in the latest version of
openarena, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 695...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie s...@debian.org (supplier of updated openarena package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 07 Dec 2012 09:40:17 +
Source: openarena
Binary: openarena openarena-server openarena-dbg
Architecture: source amd64
Version: 0.8.8-5+deb7u2
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Simon McVittie s...@debian.org
Description:
openarena - fast-paced 3D first-person shooter
openarena-dbg - debug symbols for OpenArena's game logic
openarena-server - server and game logic for the game OpenArena
Closes: 686648 695334
Changes:
openarena (0.8.8-5+deb7u2) unstable; urgency=low
.
* Request confirmation before enabling auto-downloading, which is
a security risk (Closes: #686648)
* Switch /usr/share/doc/openarena-dbg from a symlink to openarena-server
to a real directory. Using the symlink requires it to depend on
openarena-server, which is undesirable, because since 0.8.8-1 that
package has contained an init script which is enabled by default.
* As a result, openarena-dbg no longer depends on openarena-server
(Closes: #695334)
Checksums-Sha1:
047a326f32a07e9fc2ba1ab61c3c797bf791186f 2162 openarena_0.8.8-5+deb7u2.dsc
b8f86b2b35f8f4587470e8327557fa9aa33d076b 44531
openarena_0.8.8-5+deb7u2.debian.tar.gz
816cc310b36a53ad5e1a0645bd72030acfe0afa0 2446906
openarena_0.8.8-5+deb7u2_amd64.deb
9abe3590ad5b3e78c01c26279083c82b2fe36678 2429452
openarena-server_0.8.8-5+deb7u2_amd64.deb
8a63cc46369fcb7213c22569175959538c4b4aa8 3722108
openarena-dbg_0.8.8-5+deb7u2_amd64.deb
Checksums-Sha256:
a54d54d043b7142ce19c3f1153249a953cbceb852b869c7a76e52ed24524ae00 2162
openarena_0.8.8-5+deb7u2.dsc
Bug#695339: uses wrong location for typelib files
Package: gir1.2-guestfs-1.0 Version: 1:1.18.10-1 Severity: serious gir1.2-guestfs-1.0 uses multiarch paths to install its typelib file: /usr/lib/triplet/girepository-1.0/Guestfs-1.0.typelib gobject-introspection does not (yet) support multi-arch, so for the time being this file needs to be moved to /usr/lib/girepository-1.0 manually. See e.g [1] and also the gi mini policy [2] Michael [1] http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/clutter-1.0/debian/gir1.2-clutter-1.0.install?view=markup [2] http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/gobject-introspection/debian/policy.txt?view=markup -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695341: uses wrong location for typelib files
Package: gir1.2-urfkill-glib0 Version: 0.4.0-1 Severity: serious gir1.2-urfkill-glib0 uses multiarch paths to install its typelib file: /usr/lib/triplet/girepository-1.0/Urfkill-0.4.typelib gobject-introspection does not (yet) support multi-arch, so for the time being this file needs to be moved to /usr/lib/girepository-1.0 manually. See e.g [1] and also the gi mini policy [2] Michael [1] http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/clutter-1.0/debian/gir1.2-clutter-1.0.install?view=markup [2] http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/gobject-introspection/debian/policy.txt?view=markup -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: found 668801 in 1:9.9.2.dfsg.P1-1, found 668801 in 1:9.8.4.dfsg.P1-1, found 608035 in 1.9.2b2-4.1 ...
Processing commands for cont...@bugs.debian.org: found 668801 1:9.9.2.dfsg.P1-1 Bug #668801 [bind9] bind9: unowned files after purge (policy 6.8, 10.8) Marked as found in versions bind9/1:9.9.2.dfsg.P1-1. found 668801 1:9.8.4.dfsg.P1-1 Bug #668801 [bind9] bind9: unowned files after purge (policy 6.8, 10.8) Marked as found in versions bind9/1:9.8.4.dfsg.P1-1. found 608035 1.9.2b2-4.1 Bug #608035 [freevo] freevo: doesnt cleanup on purge Marked as found in versions freevo/1.9.2b2-4.1. found 669278 kdebase-workspace-bin/4:4.8.4-5 Bug #669278 [libqt4-dbus] please add phonon-backend-xine transitional package Bug #655382 [libqt4-dbus] libqt4-dbus has circular Depends on qdbus Bug #669878 [libqt4-dbus] Could not perform immediate configuration on 'phonon-backend-vlc' The source kdebase-workspace-bin and version 4:4.8.4-5 do not appear to match any binary packages Marked as found in versions kdebase-workspace-bin/4:4.8.4-5. Marked as found in versions kdebase-workspace-bin/4:4.8.4-5. Marked as found in versions kdebase-workspace-bin/4:4.8.4-5. thanks Stopping processing here. Please contact me if you need assistance. -- 608035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608035 655382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655382 668801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668801 669278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669278 669878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669878 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687848: Currently, only the symlink is removed
On Wed, Dec 05, 2012 at 07:23:51AM +0100, Daniel Baumann wrote: On 12/04/2012 07:57 PM, Ivo De Decker wrote: Daniel, will you fix this bug in sid and (via t-p-u) in wheezy, or do you want someone else to do an NMU? Daniel, Thanks for the fix in sid. I filed a pre-approval request for wheezy (#695343) and I will do the t-p-u NMU when I get the approval of the release team. Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'
On Wed, Dec 05, 2012 at 03:13:16PM +0100, Salvatore Bonaccorso wrote:
Control: reassign 675895 icu 4.8.1.1-7
Control: fixed 675895 4.8.1.1-8
Control: affects 675895 + parrot
Hi Alessandro and Jay
On Tue, Jun 05, 2012 at 02:22:07PM -0400, Jay Berkenbilt wrote:
Alessandro Ghedini al3x...@gmail.com wrote:
Apparently it's icu-config --ldlfags (called by Parrot's build system)
who
brings in the PIE options (along with all the other hardening build
flags).
Using --ldflags-libsonly should do (I'm working on it).
The fact that icu-config passes all those build flags doesn't sound quite
right
though and may cause other packages to FTBFS. Jay, what do you think?
Yes, this is a bug in ICU. I'll switch it back to using
hardening-wrapper. This came in when I changed from that to
dpkg-buildoptions. There are odd things with icu's build system
I was going trough the list in [1], so the bugs 'affecting wheezy, but not
sid'. With the above I tried to reassign and marking correct version
so that this should not show up.
Thanks.
I have builded the current version in wheezy (4.0.0-3) both in wheezy
and unstable (which both have icu 4.8.1.1-10.
Yeah, I had marked it as fixed in icu/4.8.1.1-8 without reassigning, but it
seems that it doesn't work like that.
But it looks there is another FTBFS on ia64[2].
Yup, that's #689177, which is sid-only.
Cheers
--
perl -E '$_=q;$/= @{[@_]};and s;\S+;inidehG ordnasselA;eg;say~~reverse'
signature.asc
Description: Digital signature
Processed: unarchiving 687657, found 687657 in 0.8.6.h-4+lenny3, unarchiving 493335 ..., usertagging 493335 ...
Processing commands for cont...@bugs.debian.org:
unarchive 687657
Bug #687657 {Done: Benjamin Drung bdr...@debian.org} [vlc] vlc: copyright
file missing after squeeze-wheezy upgrade
Unarchived Bug 687657
found 687657 0.8.6.h-4+lenny3
Bug #687657 {Done: Benjamin Drung bdr...@debian.org} [vlc] vlc: copyright
file missing after squeeze-wheezy upgrade
Marked as found in versions vlc/0.8.6.h-4+lenny3.
unarchive 493335
Bug #493335 {Done: Christoph Martin christoph.mar...@uni-mainz.de} [sks] sks:
crontest failure
Unarchived Bug 493335
user debian...@lists.debian.org
Setting user to debian...@lists.debian.org (was deb...@abeckmann.de).
usertags 493335 piuparts
Usertags were: cron-qa-20080802 cron-qa.
Usertags are now: cron-qa-20080802 piuparts cron-qa.
found 687947 3.62-13.1
Bug #687947 [wims] wims: modifies shipped files:
/var/lib/wims/public_html/gifs/*, /var/lib/wims/public_html/themes/*
Marked as found in versions wims/3.62-13.1.
found 682939 2:1.3-12
Bug #682939 {Done: Daniele Tricoli er...@mornie.org} [xfonts-tipa]
xfonts-utils, xfonts-encodings, debhelper: installing xfonts-tipa removes
/usr/share/fonts/X11/encodings/encodings.dir
Marked as found in versions tipa/2:1.3-12.
found 689121 5.6.58-2
Bug #689121 {Done: Євгеній Мещеряков eu...@debian.org} [swi-prolog-nox]
swi-prolog-nox: should not ship /usr/lib/swi-prolog/library/INDEX.pl
There is no source info for the package 'swi-prolog-nox' at version '5.6.58-2'
with architecture ''
Unable to make a source version for version '5.6.58-2'
Marked as found in versions 5.6.58-2.
affects 689121 + swi-prolog-clib swi-prolog-odbc swi-prolog-sgml
Bug #689121 {Done: Євгеній Мещеряков eu...@debian.org} [swi-prolog-nox]
swi-prolog-nox: should not ship /usr/lib/swi-prolog/library/INDEX.pl
Added indication that 689121 affects swi-prolog-clib, swi-prolog-odbc, and
swi-prolog-sgml
thanks
Stopping processing here.
Please contact me if you need assistance.
--
493335: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493335
682939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682939
687657: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687657
687947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687947
689121: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689121
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tvtime: package installation creates /root/.tvtime
Processing commands for cont...@bugs.debian.org: tags 694892 pending Bug #694892 [tvtime] tvtime: package installation creates /root/.tvtime Added tag(s) pending. stop Stopping processing here. Please contact me if you need assistance. -- 694892: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694892 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: unarchiving 603426, found 603426 in 2.5.16.1-4.1, found 690216 in aspell-ta/0.01-3 ...
Processing commands for cont...@bugs.debian.org:
unarchive 603426
Bug #603426 {Done: Benoit Mortier benoit.mort...@opensides.be} [gosa-desktop]
gosa-desktop: prompting due to modified conffiles which where not modified by
the user
Unarchived Bug 603426
found 603426 2.5.16.1-4.1
Bug #603426 {Done: Benoit Mortier benoit.mort...@opensides.be} [gosa-desktop]
gosa-desktop: prompting due to modified conffiles which where not modified by
the user
Marked as found in versions gosa/2.5.16.1-4.1.
found 690216 aspell-ta/0.01-3
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
Marked as found in versions aspell-ta/0.01-3.
found 690216 aspell-mr/0.10-4
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
Marked as found in versions aspell-mr/0.10-4.
found 690216 aspell-lv/0.7.3-2
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
The source aspell-lv and version 0.7.3-2 do not appear to match any binary
packages
Marked as found in versions aspell-lv/0.7.3-2.
found 690216 aspell-gu/0.03-0-2
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
Marked as found in versions aspell-gu/0.03-0-2.
found 690216 aspell-et/1:20030606-11
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
The source aspell-et and version 1:20030606-11 do not appear to match any
binary packages
Marked as found in versions aspell-et/1:20030606-11.
found 690216 aspell-bn/0.60.0.01.1.1-7
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
Marked as found in versions aspell-bn/0.60.0.01.1.1-7.
affects 690216 + aspell-pt-br aspell-pt-pt aspell-fr aspell-tl
Bug #690216 [piuparts] bug for tracking aspell dictionary hash handling
upgrades that will be done in jessie
Added indication that 690216 affects aspell-pt-br, aspell-pt-pt, aspell-fr, and
aspell-tl
thanks
Stopping processing here.
Please contact me if you need assistance.
--
603426: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603426
690216: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690216
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: dovecot fails to empty the inbox
Processing commands for cont...@bugs.debian.org: severity 676676 serious Bug #676676 [dovecot-core] dovecot fails to empty the inbox Severity set to 'serious' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 676676: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676676 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694892: marked as done (tvtime: package installation creates /root/.tvtime)
Your message dated Fri, 07 Dec 2012 12:02:39 + with message-id e1tgwdb-0008lo...@franck.debian.org and subject line Bug#694892: fixed in tvtime 1.0.2-10 has caused the Debian Bug report #694892, regarding tvtime: package installation creates /root/.tvtime to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694892: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694892 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: tvtime Version: 1.0.2-9 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed that your package creates files in /root. From the attached log (scroll to the bottom): 0m34.1s ERROR: FAIL: Package purging left files on system: /root/.tvtime/ not owned Creating stuff in /root is a FHS and policy violation. (And of course these files should not be deleted by maintainer scripts.) But it is also an indication that the package operation may depend on root's .tvtime configuration (and package installation might even fail if that configuration is broken). That would be a case for configuration files not in /etc. This might also be the cause for #445192 where a users ~/.tvtime/ is owned by root:root - probably depending on how the user switched to root. See #689806 for a similar issue with /root/.gnupg/ and how this was solved there. Cheers, Andreas tvtime_1.0.2-9.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: tvtime Source-Version: 1.0.2-10 We believe that the bug you reported is fixed in the latest version of tvtime, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bart Martens ba...@debian.org (supplier of updated tvtime package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 07 Dec 2012 08:44:21 + Source: tvtime Binary: tvtime Architecture: source amd64 Version: 1.0.2-10 Distribution: unstable Urgency: low Maintainer: Bart Martens ba...@debian.org Changed-By: Bart Martens ba...@debian.org Description: tvtime - television display application Closes: 445192 694892 Changes: tvtime (1.0.2-10) unstable; urgency=low . * debian/patches/saveconfig.diff: Added. Prevents needless creation of $HOME/.tvtime by tvtime-configure. Closes: #694892, #445192. Checksums-Sha1: 7ba6945c9f32fe082ba725fe55067a8767e67e9c 1828 tvtime_1.0.2-10.dsc 9c2faba822d1c9f25068cb50cf5f3ef83ab2821a 92518 tvtime_1.0.2-10.diff.gz 810b86b4d8bdba341de5bd07e6447915416fc3df 744270 tvtime_1.0.2-10_amd64.deb Checksums-Sha256: bba9e269ca11415aa8b2a6ffede3bcc74cb4f4d04b98a5fc341f1ab8c847ae94 1828 tvtime_1.0.2-10.dsc b6119abee5f4e5e642904e3747f95e4b5896f9dfd00a58aee80e66489890a42d 92518 tvtime_1.0.2-10.diff.gz 70f246c4a1182c9e74d95e1a816ab4a66aadc19ed7ca0e57e8385da251f6363b 744270 tvtime_1.0.2-10_amd64.deb Files: 632acaf2cd3f2d87e1664d173b82db07 1828 video optional tvtime_1.0.2-10.dsc 21afb1fb2c5948ce6b2d6b8e47e7ed19 92518 video optional tvtime_1.0.2-10.diff.gz 37a86865254b48ebce7932cb5dae6922 744270 video optional tvtime_1.0.2-10_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJQwdbtAAoJEDNV9NY7WCHMcfcP/Rid+JpDVPctQjY9rnZBWuDu AcfzFtLQVx01XMM9aFRAaWM+tLhOd5jbYMUBeM7KA+dn4EAk5+XpLGaGtzJ6lLeo UzWvcOAsQICcJBAZMNFB3nf/ll2bVBEwSpeh3PGV+RueOO4INvwnlabx28P1wUxe sW22BUvRcFEy4Q/9r9ryhclGqyZGWma8mm9AK1zFXVVPo/XNXqKZKkgE1iOX26vN uWPriTfL3aH1l8w5MI6NmkdzE1rVsqjA67dhzToBUN/FftZehAsxMDrnrUhx/b8k u1ZZ6wF9He34fxEH4QhFIfFaORvpGfPlwxG9vttTVQd36au9N9jnIprLgGu4Dyc9 KHjRj5+bXxhizTIByROfozIh2fI3DX3JKfIErcTqOhv81XeHaGgtjAeeePWIuXBB y86GBmCPEwgu3snXcEE8+PN0pkjl+1mp5xGOa2CyI/+FX4TpKXaazXltqnMm0XeD xRcLMPr/vwy5z8r6FXn6/7k4OHrgFHcTlo5y3QNP6CZBE/XLSBmQbV8KrdlF/xhm EBOayjHpV6Tg7Pv/BOan4IFw1bKxkOWmr8xmbuUNgyMmXnBoWZnaHo7EDpoqkxfs l1s51nsAPuLknW0CNaD95XPE4dL792oDAxqxvTJjo2+vJ7GBxwZ6yJ8nMyyKoxPn LY1jNBikVHWXdObO3qC9 =3JWP -END PGP SIGNATUREEnd Message---
Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'
Hey Alessandro On Fri, Dec 07, 2012 at 12:11:23PM +0100, Alessandro Ghedini wrote: But it looks there is another FTBFS on ia64[2]. Yup, that's #689177, which is sid-only. Yup, noticed it only after already sending my email. Salvatore signature.asc Description: Digital signature
Bug#683273: CVE-2012-3435: zabbix/testing
On lun., 2012-10-01 at 22:59 +1000, Dmitry Smirnov wrote: Hi Raphael, Thank you for fixing CVE-2012-3435 in Squeeze. I've made a fix for Wheezy: http://anonscm.debian.org/gitweb/?p=collab-maint/zabbix.git;a=commitdiff;h=480ef5baede0f478a4a90a16b9453bc32b9f756d and uploaded source package to http://mentors.debian.net/debian/pool/main/z/zabbix/zabbix_1.8.11-1.1.dsc This is my very first security-related upload so please review and advise if I shall upload or if you'll take care of the rest. There's no security archive for Wheezy right now, so this need to go through testing-proposed-updates. Please get contact with the release team to get approval request. Regards, -- Yves-Alexis Perez Debian Security signature.asc Description: This is a digitally signed message part
Bug#692753: Balazar dies soon with Error: class, 'soya.GLError'(GL_INVALID_OPERATION)
I agree with Andrey, the official homepage states that the project is interrupted [1] and the last change in svn is 17 month ago [2]. So the whole package should be removed. regards tobias [1]: http://home.gna.org/oomadness/en/balazar/ [2]: http://svn.gna.org/viewcvs/balazar/ signature.asc Description: OpenPGP digital signature
Bug#694145: cipux-cat-web: diff for NMU version 3.4.0.3-4.1
tags 656456 + patch
tags 656456 + pending
tags 694145 + patch
tags 694145 + pending
thanks
Dear maintainer,
I've prepared an NMU for cipux-cat-web (versioned as 3.4.0.3-4.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe
`- NP: Joan Baez Mercedes Sosa: Gracias A La Vida
diff -Nru cipux-cat-web-3.4.0.3/debian/changelog cipux-cat-web-3.4.0.3/debian/changelog
--- cipux-cat-web-3.4.0.3/debian/changelog 2011-05-04 22:10:41.0 +0200
+++ cipux-cat-web-3.4.0.3/debian/changelog 2012-12-07 15:46:41.0 +0100
@@ -1,3 +1,20 @@
+cipux-cat-web (3.4.0.3-4.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix cipux-cat-web, libcipux-cat-web-perl: inconsistent permission
+handling of /etc/cipux-cat-web/:
+- drop debian/postinst, instead
+- ship directories in both binary packages, with group/permissions set
+ appropriately (debian/libcipux-cat-web-perl.dirs added, debian/rules
+ extended)
+- add lintian overrides for non-standard-dir-perm warnings
+(Closes: #694145)
+ * This also fixes unowned files after purge (policy 6.8, 10.8) which was
+caused by the directories being created in postinst but never removed.
+(Closes: #656456)
+
+ -- gregor herrmann gre...@debian.org Fri, 07 Dec 2012 15:46:40 +0100
+
cipux-cat-web (3.4.0.3-4) unstable; urgency=low
* Improve package relations:
diff -Nru cipux-cat-web-3.4.0.3/debian/cipux-cat-web.lintian-overrides cipux-cat-web-3.4.0.3/debian/cipux-cat-web.lintian-overrides
--- cipux-cat-web-3.4.0.3/debian/cipux-cat-web.lintian-overrides 1970-01-01 01:00:00.0 +0100
+++ cipux-cat-web-3.4.0.3/debian/cipux-cat-web.lintian-overrides 2012-12-07 15:31:46.0 +0100
@@ -0,0 +1 @@
+cipux-cat-web: non-standard-dir-perm etc/cipux-cat-web/ 0750 != 0755
diff -Nru cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.dirs cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.dirs
--- cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.dirs 1970-01-01 01:00:00.0 +0100
+++ cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.dirs 2012-12-07 15:24:06.0 +0100
@@ -0,0 +1,3 @@
+etc/cipux-cat-web
+var/cache/cipux-cat-web
+var/log/cipux-cat-web
diff -Nru cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.lintian-overrides cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.lintian-overrides
--- cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.lintian-overrides 1970-01-01 01:00:00.0 +0100
+++ cipux-cat-web-3.4.0.3/debian/libcipux-cat-web-perl.lintian-overrides 2012-12-07 15:32:08.0 +0100
@@ -0,0 +1,3 @@
+libcipux-cat-web-perl: non-standard-dir-perm etc/cipux-cat-web/ 0750 != 0755
+libcipux-cat-web-perl: non-standard-dir-perm var/cache/cipux-cat-web/ 0750 != 0755
+libcipux-cat-web-perl: non-standard-dir-perm var/log/cipux-cat-web/ 0750 != 0755
diff -Nru cipux-cat-web-3.4.0.3/debian/postinst cipux-cat-web-3.4.0.3/debian/postinst
--- cipux-cat-web-3.4.0.3/debian/postinst 2011-05-04 22:09:31.0 +0200
+++ cipux-cat-web-3.4.0.3/debian/postinst 1970-01-01 01:00:00.0 +0100
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-#DEBHELPER#
-
-set -e
-
-case $1 in
-configure)
- ourdirs=/var/log/cipux-cat-web /var/cache/cipux-cat-web /etc/cipux-cat-web
- for dir in $ourdirs; do
- [ -d $dir ] || mkdir -p $dir
- chgrp www-data $dir
- chmod 750 $dir
- done
- ;;
-abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-*)
- echo postinst called with unknown argument \`$1' 2
- exit 1
- ;;
-esac
-
-exit 0
diff -Nru cipux-cat-web-3.4.0.3/debian/rules cipux-cat-web-3.4.0.3/debian/rules
--- cipux-cat-web-3.4.0.3/debian/rules 2011-05-04 18:08:30.0 +0200
+++ cipux-cat-web-3.4.0.3/debian/rules 2012-12-07 15:51:27.0 +0100
@@ -69,10 +69,18 @@
-name web -not -name dpkg-daemon-helper \
-exec mv -t debian/$(cdbs_curpkg)/usr/share/cipux-cat-web/web '{}' ';'
+# Set permissions/group (#694145)
+binary-fixup/cipux-cat-web::
+ chgrp www-data debian/$(cdbs_curpkg)/etc/cipux-cat-web
+ chmod 750 debian/$(cdbs_curpkg)/etc/cipux-cat-web
+
# Override upstream default: secure connection is unneeded to localhost
+# Set permissions/group (#694145)
binary-fixup/libcipux-cat-web-perl::
perl -i -pe s|^(\h*catweb_rpc_server\h*=\h*).*,\h*(#.*)?\$$|\$$1'http://localhost:8001/RPC2',| \
debian/$(cdbs_curpkg)/etc/cipux-cat-web/cipux-cat-web.conf
+ chgrp www-data debian/$(cdbs_curpkg)/var/log/cipux-cat-web debian/$(cdbs_curpkg)/var/cache/cipux-cat-web debian/$(cdbs_curpkg)/etc/cipux-cat-web
+ chmod 750 debian/$(cdbs_curpkg)/var/log/cipux-cat-web debian/$(cdbs_curpkg)/var/cache/cipux-cat-web debian/$(cdbs_curpkg)/etc/cipux-cat-web
# Ensure debconf PO files is in sync with templates
clean::
signature.asc
Description: Digital
Processed: cipux-cat-web: diff for NMU version 3.4.0.3-4.1
Processing commands for cont...@bugs.debian.org: tags 656456 + patch Bug #656456 [libcipux-cat-web-perl] libcipux-cat-web-perl: unowned files after purge (policy 6.8, 10.8) Added tag(s) patch. tags 656456 + pending Bug #656456 [libcipux-cat-web-perl] libcipux-cat-web-perl: unowned files after purge (policy 6.8, 10.8) Added tag(s) pending. tags 694145 + patch Bug #694145 [cipux-cat-web,libcipux-cat-web-perl] cipux-cat-web, libcipux-cat-web-perl: inconsistent permission handling of /etc/cipux-cat-web/ Added tag(s) patch. tags 694145 + pending Bug #694145 [cipux-cat-web,libcipux-cat-web-perl] cipux-cat-web, libcipux-cat-web-perl: inconsistent permission handling of /etc/cipux-cat-web/ Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 656456: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656456 694145: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694389: mythes-it: missing Breaks+Replaces: openoffice.org-thesaurus-it ( 1:0)
On Thu, Dec 06, 2012 at 05:11:15PM +0100, Andreas Tille wrote: I'm currently busy to squash all missing Breaks+Replaces bugs opened by the other Andreas. Just let me know if you need a helping hand to NMU the package. Thanks! Feel free: this weekend I'll be out of home most of the time. Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Bug#693893: kawari8 segfaults on 64bit Linux
Dear Maintainer, An updated patch(kawari8-64bit-fix2.patch) is available here: http://sourceforge.net/tracker/?func=detailaid=3588933group_id=47961atid=451497 Please consider applying this patch to the package. Regards, Shyouzou Sugitani -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: geda-gaf: diff for NMU version 1:1.6.2-4.2
Processing commands for cont...@bugs.debian.org: tags 694015 + patch Bug #694015 [geda] geda: copyright file missing after upgrade (policy 12.5) Added tag(s) patch. tags 694015 + pending Bug #694015 [geda] geda: copyright file missing after upgrade (policy 12.5) Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 694015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.2
tags 694015 + patch
tags 694015 + pending
thanks
Dear maintainer,
I've prepared an NMU for geda-gaf (versioned as 1:1.6.2-4.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe
`- NP: Steppenwolf: Born To Be Wild
diff -Nru geda-gaf-1.6.2/debian/changelog geda-gaf-1.6.2/debian/changelog
--- geda-gaf-1.6.2/debian/changelog 2012-11-29 15:20:31.0 +0100
+++ geda-gaf-1.6.2/debian/changelog 2012-12-07 16:35:24.0 +0100
@@ -1,3 +1,12 @@
+geda-gaf (1:1.6.2-4.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix copyright file missing after upgrade (policy 12.5):
+make dependency geda - geda-doc strictly versioned.
+(Closes: #694015)
+
+ -- gregor herrmann gre...@debian.org Fri, 07 Dec 2012 16:34:46 +0100
+
geda-gaf (1:1.6.2-4.1) unstable; urgency=low
* Non-maintainer upload (with maintainer's ACK).
diff -Nru geda-gaf-1.6.2/debian/control geda-gaf-1.6.2/debian/control
--- geda-gaf-1.6.2/debian/control 2012-11-29 15:15:42.0 +0100
+++ geda-gaf-1.6.2/debian/control 2012-12-07 16:34:42.0 +0100
@@ -12,7 +12,7 @@
Package: geda
Architecture: all
-Depends: ${misc:Depends}, geda-gschem, geda-gnetlist, geda-doc
+Depends: ${misc:Depends}, geda-gschem, geda-gnetlist, geda-doc (= ${source:Version})
Recommends: geda-gsymcheck, geda-gattrib
Suggests: geda-utils, geda-examples, gerbv, pcb
Description: GPL EDA -- Electronics design software (metapackage)
signature.asc
Description: Digital signature
Bug#694330: mako: diff for NMU version 0.7.0-1.1
tags 694330 + pending
thanks
Dear maintainer,
I've prepared an NMU for mako (versioned as 0.7.0-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe
`- NP: Der Junge mit der Gitarre: 2 Akkorde
diff -Nru mako-0.7.0/debian/changelog mako-0.7.0/debian/changelog
--- mako-0.7.0/debian/changelog 2012-03-31 20:04:00.0 +0200
+++ mako-0.7.0/debian/changelog 2012-12-07 16:44:53.0 +0100
@@ -1,3 +1,12 @@
+mako (0.7.0-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix missing Breaks+Replaces: python3-mako ( 0.3.6-1):
+add them for python-mako-doc.
+(Closes: #694330)
+
+ -- gregor herrmann gre...@debian.org Fri, 07 Dec 2012 16:44:44 +0100
+
mako (0.7.0-1) unstable; urgency=low
* New upstream release
diff -Nru mako-0.7.0/debian/control mako-0.7.0/debian/control
--- mako-0.7.0/debian/control 2012-03-31 20:03:49.0 +0200
+++ mako-0.7.0/debian/control 2012-12-07 16:44:38.0 +0100
@@ -53,8 +53,8 @@
Architecture: all
Priority: extra
Depends: libjs-jquery, libjs-underscore, ${misc:Depends}
-Breaks: python-mako ( 0.3.6-1)
-Replaces: python-mako ( 0.3.6-1)
+Breaks: python-mako ( 0.3.6-1), python3-mako ( 0.3.6-1)
+Replaces: python-mako ( 0.3.6-1), python3-mako ( 0.3.6-1)
Suggests: python-mako, python3-mako
Description: documentation for the Mako Python library
Mako is a template library written in Python.
signature.asc
Description: Digital signature
Bug#695268: liblockfile1: harmful remove action in M-A:same package
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I looked at the package and am baffled by the postinst and postrm scripts. They are (should be?) entirely useless (manually calling ldconfig ??). I then brought up debian/rules and immediately saw what the reason for that method is: Complete ignorance of debhelper or anything else allowing anyone but the maintainer to cope with the packaging work in a reasonable way. I am reporting this issue as a wishlist bug because I think maintainers should try to not make life for other contributors harder than necessary. And re-working the paackge with proper debhelper code would certainly also fix this issue. - -nik - -- * mirabilos is handling my post-1990 smartphone * mirabilos Aaah, it vibrates! Wherefor art thou, daemonic device?? PGP fingerprint: 2086 9A4B E67D 1DCD FFF6 F6C1 59FC 8E1D 6F2A 8001 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQFOBAEBCAA4BQJQwg/NMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQWfyOHW8qgAGEGwf+PIBFHWu49w2O/kdyCXn+ egsiTvLcjt6irn9nYyKHwdMjZdmBgndzSSqCcynpoc3iWjmmZBE9GR7aFoSezUHE etaqHLjdqy5PM6BB1Nu+mjj0yBni72Pszb3lN5+Rly4ptpr8H9SrNMwM+VzbbHMv xkkQ4rjNwgZRmlB1vDfMFH2/lKMD2moLLAIGZAxnSWWUEhz+ROAz7xdKbyp2Rdy3 nqfGIBdOOaxzCKdfTfYtCoh6IsMtEVhA778kN+54k4/DzVfWju1ACiUkdp7vApn0 dWrCOZQC4ixiXe2HpTmoIOdvg/eUfIzGLPcjaVll+mhbbDTaEVi4Gf3xWL9KlsFH Vg== =KkjQ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: mako: diff for NMU version 0.7.0-1.1
Processing commands for cont...@bugs.debian.org: tags 694330 + pending Bug #694330 [python-mako-doc] python-mako-doc: missing Breaks+Replaces: python3-mako ( 0.3.6-1) Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 694330: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694330 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694389: marked as done (mythes-it: missing Breaks+Replaces: openoffice.org-thesaurus-it ( 1:0))
Your message dated Fri, 07 Dec 2012 15:47:47 + with message-id e1th09t-0003z9...@franck.debian.org and subject line Bug#694389: fixed in mythes-it 2.0.7.gh.deb1-4.1 has caused the Debian Bug report #694389, regarding mythes-it: missing Breaks+Replaces: openoffice.org-thesaurus-it ( 1:0) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694389 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mythes-it Version: 2.0.7.gh.deb1-2 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package openoffice.org-thesaurus-it. Unpacking openoffice.org-thesaurus-it (from .../openoffice.org-thesaurus-it_2.0.7.gh.deb1-1.1_all.deb) ... Setting up openoffice.org-thesaurus-it (2.0.7.gh.deb1-1.1) ... Selecting previously deselected package mythes-it. Unpacking mythes-it (from .../mythes-it_2.0.7.gh.deb1-4_all.deb) ... dpkg: error processing /var/cache/apt/archives/mythes-it_2.0.7.gh.deb1-4_all.deb (--unpack): trying to overwrite '/usr/share/mythes/th_it_IT_v2.dat', which is also in package openoffice.org-thesaurus-it 2.0.7.gh.deb1-1.1 dpkg-deb: subprocess paste killed by signal (Broken pipe) This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/share/mythes/th_it_IT_v2.dat usr/share/mythes/th_it_IT_v2.idx openoffice.org-thesaurus-it was renamed to mythes-it (in 2.0.7.gh.deb1-2) without adding proper Breaks/Replaces. src:openoffice.org ships an empty transitional package with an epoch 1:* version. The following relationships are currently defined: Package: mythes-it Conflicts: openoffice.org ( 1.9) Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: mythes-it Breaks:openoffice.org-thesaurus-it ( 1:0) Replaces: openoffice.org-thesaurus-it ( 1:0) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. openoffice.org-thesaurus-it=2.0.7.gh.deb1-1.1_mythes-it=2.0.7.gh.deb1-4.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: mythes-it Source-Version: 2.0.7.gh.deb1-4.1 We believe that the bug you reported is fixed in the latest version of mythes-it, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille ti...@debian.org (supplier of updated mythes-it package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 07 Dec 2012 16:26:32 +0100 Source: mythes-it Binary: mythes-it Architecture: source all Version: 2.0.7.gh.deb1-4.1 Distribution: unstable Urgency: low Maintainer: Enrico Zini enr...@debian.org Changed-By: Andreas Tille ti...@debian.org Description: mythes-it - Italian Thesaurus for OpenOffice.org 2 Closes: 694389 Changes: mythes-it (2.0.7.gh.deb1-4.1) unstable; urgency=low . * Non-maintainer upload acknowledged by maintainer * Add missing Breaks+Replaces Closes: #694389 Checksums-Sha1: 7a5ebc42f9b8f4f644c2feedeb867606f3106c0f
Bug#681549: Still present in 1.2.0-3
Dane Elwell dane.elw...@ukfast.co.uk writes: This bug seems to still exist in CouchDB 1.2.0-3 update that was pushed out recently in Wheezy. Setting up couchdb (1.2.0-3) ... Installing new version of config file /etc/init.d/couchdb ... Installing new version of config file /etc/logrotate.d/couchdb ... [] Starting database server: couchdbApache CouchDB needs write permission on the PID file: /var/run/couchdb/couchdb.pid failed! invoke-rc.d: initscript couchdb, action start failed. dpkg: error processing couchdb (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: couchdb E: Sub-process /usr/bin/dpkg returned an error code (1) I think this happens when you upgrade from 1.2.0-2, where the bad ownership was, to 1.2.0-3 where it is fixed. If you install 1.2.0-3 directly, without ever having 1.2.0-2 installed, you no longer have the problem. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#688302: Please provide cherry-picked patch for Wheezy
Hi Dmitry, this bug has been marked as release-critical for Debian Wheezy and should therefore be fixed before Wheezy is released. While the bug has already been fixed in version 1:2.0.1+dfsg-1, it is still present in version 1:1.8.11-1. Since Wheezy has already been frozen, version 1:2.0.1+dfsg-1 contains too many changes to be migrated automatically into Wheezy and the bug remains therefore open. You should therefore cherry-pick the patch which fixes this particular issue described in this bug report and rebuild the package 1:1.8.11-1 for Wheezy and have your mentor upload the package. It would also be nice if you could attach the patch to this bug report to help others trying to fix this issue for Wheezy. Cheers, Tobias -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#681549: Still present in 1.2.0-3
Hi Dane, On Fri, 2012-12-07 at 09:07 +, Dane Elwell wrote: This bug seems to still exist in CouchDB 1.2.0-3 update that was pushed out recently in Wheezy. It's caused by -2 . If you install -3 from scratch or delete /var/run/couchdb/ after -2 is stopped, it'll start normally. Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687692: More info/testcase is needed
Hi, is there a test case to brake libitext-java (2.1.7-3)? There seem to be 4 classes which are using the ASN1ObjectIdentifier (mentioned in https://lists.debian.org/debian-java/2012/08/msg00030.html) although they can't be found explicitly in the corresponding java files. Grepping thorugh the extracted jar, I find: find . | grep .class$ | xargs grep ASN1ObjectIdentifier Binary file ./com/lowagie/text/pdf/PdfPublicKeySecurityHandler.class matches Binary file ./com/lowagie/text/pdf/TSAClientBouncyCastle.class matches Binary file ./com/lowagie/text/pdf/OcspClientBouncyCastle.class matches Binary file ./com/lowagie/text/pdf/PdfPKCS7.class matches However, I can't think of a testcase to actually see that they are 'broken' (A look on pdfsam, which is dependent on libitext-java, doesn't show errors.) Greetings Tobias -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695066: FTBFS
On Dec 6, 2012, at 2:05 PM, Anton Gladky gladky.an...@gmail.com wrote: The package FTBFS in a clean environment: = gfortran seclf1.F make[4]: Leaving directory `/tmp/buildd/geant321-3.21.14.dfsg/build/geant321/matx55' cd /tmp/buildd/geant321-3.21.14.dfsg/lib ln -s ../src/geant321/data/xsneut95.dat xsneut95.dat /bin/sh: 1: cd: can't cd to /tmp/buildd/geant321-3.21.14.dfsg/lib make[3]: *** [/tmp/buildd/geant321-3.21.14.dfsg/lib/xsneut95.dat] Error 2 make[3]: *** Waiting for unfinished jobs Looks like a race in the parallel build. The makefile doesn't check if the directory exists before trying to cd in and link xsneut95.dat. It assumes it has already been created when libgeant321.a is installed, but doesn't depend on it. It should build fine without the parallel=n option (though I couldn't reproduce the failure with it but I do see the potential). -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695024: marked as done (stringencoders: FTBFS on some platforms (testsuite, char casting))
Your message dated Fri, 07 Dec 2012 20:48:24 +
with message-id e1th4qo-0004lj...@franck.debian.org
and subject line Bug#695024: fixed in stringencoders 3.10.3-2
has caused the Debian Bug report #695024,
regarding stringencoders: FTBFS on some platforms (testsuite, char casting)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
695024: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695024
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: stringencoders
Version: 3.10.3-1
Severity: serious
Tags: upstream patch
Hi,
stringencoders fails to build from source on some platforms, including armel,
powerpc and s390 because of bad casting from -1 to 255 in the testsuite:
[...]
make[1]: Leaving directory
`/build/buildd-stringencoders_3.10.3-1-powerpc-His7AR/stringencoders-3.10.3'
dh_auto_test -a
make[1]: Entering directory
`/build/buildd-stringencoders_3.10.3-1-powerpc-His7AR/stringencoders-3.10.3'
test/modp_b16_test.c OK (8 tests)
make[1]: *** [unittest] Error 1
dh_auto_test: make -j1 test returned exit code 2
test/modp_b64_test.c .ASSERTION FAILED: test/modp_b64_test.c:34
make[1]: Leaving directory
`/build/buildd-stringencoders_3.10.3-1-powerpc-His7AR/stringencoders-3.10.3'
make: *** [build-arch] Error 29
dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2
[...]
(See also the buildd logs)
Attaching a patch that fixes this, testing 255 instead of -1 on values that
were originally initialized as 255.
Thanks,
Roland
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Description: Fix compile error on some platforms
stringencoders fails to build from source on some platforms, including armel,
powerpc and s390 because of bad casting from -1 to 255 in the testsuite. This
patch fixes this, testing 255 instead of -1 on values that were originally
initialized as 255.
Author: Roland Stigge sti...@antcom.de
---
test/modp_b64_test.c | 18 +-
test/modp_b85_test.c | 12 ++--
2 files changed, 15 insertions(+), 15 deletions(-)
--- stringencoders-3.10.3.orig/test/modp_b64_test.c
+++ stringencoders-3.10.3/test/modp_b64_test.c
@@ -16,7 +16,7 @@ static char* testEndian()
{
// this test that 1 is AAAB
char buf[100];
-char result[10];
+unsigned char result[10];
char endian[] = {(char)0, (char)0, (char)1};
int d = modp_b64_encode(buf, endian, 3);
mu_assert_int_equals(4, d);
@@ -31,7 +31,7 @@ static char* testEndian()
mu_assert_int_equals(0, result[0]);
mu_assert_int_equals(0, result[1]);
mu_assert_int_equals(1, result[2]);
-mu_assert_int_equals(-1, result[3]);
+mu_assert_int_equals(255, result[3]);
return 0;
}
@@ -70,7 +70,7 @@ static char* testPadding()
char msg[100];
const char ibuf[6] = {1,1,1,1,1,1};
char obuf[10];
-char rbuf[10];
+unsigned char rbuf[10];
int d = 0;
// 1 in, 4 out
@@ -83,7 +83,7 @@ static char* testPadding()
d = modp_b64_decode(rbuf, obuf, d);
mu_assert_int_equals_msg(msg, 1, d);
mu_assert_int_equals(1, rbuf[0]);
-mu_assert_int_equals(-1, rbuf[1]);
+mu_assert_int_equals(255, rbuf[1]);
// 2 in, 4 out
memset(obuf, 255, sizeof(obuf));
@@ -96,7 +96,7 @@ static char* testPadding()
mu_assert_int_equals_msg(msg, 2, d);
mu_assert_int_equals_msg(msg, 1, rbuf[0]);
mu_assert_int_equals_msg(msg, 1, rbuf[1]);
-mu_assert_int_equals_msg(msg, -1, rbuf[2]);
+mu_assert_int_equals_msg(msg, 255, rbuf[2]);
// 3 in, 4 out
memset(obuf, 255, sizeof(obuf));
@@ -110,7 +110,7 @@ static char* testPadding()
mu_assert_int_equals_msg(msg, 1, rbuf[0]);
mu_assert_int_equals_msg(msg, 1, rbuf[1]);
mu_assert_int_equals_msg(msg, 1, rbuf[2]);
-mu_assert_int_equals_msg(msg, -1, rbuf[3]);
+mu_assert_int_equals_msg(msg, 255, rbuf[3]);
// 4 in, 8 out
memset(obuf, 255, sizeof(obuf));
@@ -125,7 +125,7 @@ static char* testPadding()
mu_assert_int_equals(1, rbuf[1]);
mu_assert_int_equals(1, rbuf[2]);
mu_assert_int_equals(1, rbuf[3]);
-mu_assert_int_equals(-1, rbuf[4]);
+mu_assert_int_equals(255, rbuf[4]);
// 5 in, 8 out
memset(obuf, 255, sizeof(obuf));
@@ -141,7 +141,7 @@ static char* testPadding()
mu_assert_int_equals(1, rbuf[2]);
mu_assert_int_equals(1, rbuf[3]);
Bug#642750: [PATCH] epiphany-browser: *HIGHLY* unstable on ia64, (IA-64/IPF/Itanium) platform
Émeric Maschino wrote:
Indeed, even with your updated packages, Epiphany still crashes with
the scenario I described in this bug report
I looked for anything that is different on a release build and on a
debug build. It turned out that a lot of code related to the memory
heap is different in Source/JavaScriptCore/wtf/FastMalloc.cpp:
#if !(defined(USE_SYSTEM_MALLOC) USE_SYSTEM_MALLOC) defined(NDEBUG)
#define FORCE_SYSTEM_MALLOC 0
#else
#define FORCE_SYSTEM_MALLOC 1
#endif
(Consider NDEBUG.)
Webkit doesn't use its own heap implementation in FastMalloc.cpp on
the debug build! When someone builds the release build all the buggy
code runs and will make trouble.
This was done to make debugging much easier :-). (Greetings from
Google's sadists club.)
I didn't try to find all bugs in the fast malloc implementation. One
thing I noticed which could break it on ia64 but works on x86-64 is
the following in Source/JavaScriptCore/wtf/FastMalloc.cpp:1375:
// Return 0 if we have no information, or else the correct sizeclass for p.
// Reads and writes to pagemap_cache_ do not require locking.
// The entries are 64 bits on 64-bit hardware and 16 bits on
// 32-bit hardware, and we don't mind raciness as long as each read of
// an entry yields a valid entry, not a partially updated entry.
size_t GetSizeClassIfCached(PageID p) const {
return pagemap_cache_.GetOrDefault(p, 0);
}
void CacheSizeClass(PageID p, size_t cl) const {
pagemap_cache_.Put(p, cl); }
When different processor cores access one memory location - one
processor at first, the second one at next - the processor cores
excange the data through their caches as needed with their bus
protocol automatically on x86 and x86-64.
But on ia64 caches are not coherent automatically, the caches are
flushed using memory barriers (some special machine instructions).
When you use some dispatcher objects, for example, a mutex with the
following pattern
- acquire the dispatcher object
- read/write to the data location which are guarded by the dispatcher object,
- release the dispatcher object
you don't need to think on the cache coherency and memory barriers.
The implementation of the dispatcher object does the memory barriers
correctly for you.
When you start to do something own what has multiple threads but
doesn't use any dispatcher object, you have to think on memory
barriers. Ia64 isn't the only arch that requires this.
One approach would be building-in the needed memory barrier in
FastMalloc.cpp. This would mean adding memory barrier definitions for
a lot of architectures. You can take a look at the
hw/xfree86/common/compiler.h file of the xserver-xorg-core package in
order to get an idea what it would mean.
So the second approach: We do no longer use the fast malloc
implementation on ia64 as it is already done on Blackberry OS and on
the Qt port of webkit on any OS other than UNIX.
An appropriate modification can be useful as well on other archs that
require memory barriers, for example, alpha, powerpc.
So here is a new set of patches:
01-ia64-wide-ptr.patch at first,
02-ia64-use-system-malloc.patch at next.
The patches are for the most recent libwebkitgtk-3.0-0 package of Wheezy.
The patches don't change anything on archs other than ia64.
The packages which were built with the patch of this bug report and
the one of bug#694971 are here; the tar contains all debs which are
created by the libwebkitgtk-3.0-0 source:
http://www.fs-driver.org/debian-ia64/webkitgtk-debs-v2.tar
The patches also fix bug#582774 (seed FTBFS on ia64).
Stephan
01-ia64-wide-ptr.patch
Description: 01-ia64-wide-ptr.patch
02-ia64-use-system-malloc.patch
Description: 02-ia64-use-system-malloc.patch
Bug#695422: ntop: links with both libssl and libgdbm and is mainly GPL-licensed without linking exception
Package: ntop Version: 3:4.99.3+ndpi5517+dfsg1-1 Severity: serious Justification: Policy 2.3 Hello, I noticed that ntop is mainly licensed under the terms of the GNU GPL v2 or later, with only one file (ssl.c) having an OpenSSL linking exception. However, ntop seems to link with libssl (which is notoriously GPL-incompatible) and also seems to link with libgdbm (which [1] is licensed under the GNU GPL v2 or later, with no OpenSSL linking exception). [1] http://packages.debian.org/changelogs/pool/main/g/gdbm/gdbm_1.8.3-11/libgdbm3.copyright I am under the impression that several ntop source GPL-licensed files get compiled into a binary that links with libssl, but do not have any OpenSSL linking exception. Moreover the same binary seems to also link with libgdbm, also GPL-licensed with no exception. This scenario seems to produce an undistributable binary package. Please clarify and/or cooperate with upstream in order to fix this issue. The possible solutions I can think of are: A) ntop is modified so that it can link with GNUTLS, instead of OpenSSL B) an OpenSSL linking exception is granted to all the relevant files by the respective copyright holders and also to the FSF's GNU DBM library by its copyright holders (I don't know how much this is likely to happen, though...) Thanks for your time. Bye. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593141: Bug#653582: ruby-hpricot: FTBFS on ia64: ruby crashes while running tests
I took a look at this a few weeks ago. The problem is the code in the cont.c file which implements continuations. A thread saves its own stack and its thread context itself while it is running. The ruby programmers believe that that the saved info can be used by another thread to switch over. They are wrong! This is simply ill-formed code; wrong usage of the makecontext()/swapcontext() functions. It is a miracle that it works on other architectures - on sparc it did after doing some dirty tricks. The problem causes crashes which are almost impossible to understand with the debugger. The code was written in 2007 and made a lot of trouble until now; when you take a look to cont.c, you are see some really weird code fragments - dirty hacks to workaround some fundamental design flaws. I'm not satisfied with the code quality of the ruby project at all; I don't understand how it could be included in a ruby version that is for production use. So the continuations and perhaps some related threading features are broken - very advanced and new features in Ruby. I think a fix is feasable for platforms which use makecontext()/swapcontext() - as Linux is (rather than Windows Win32 functions). What can be implememnted is that a thread switches to another context/stack; the initial context/stack is saved after that. The thread switches back to the initial context/stack finally. This means: - The performance becomes worse due to additional context switches. I think it isn't that bad; the ruby code copies over huge portions of memory in its implementation all the time; the entire original code is a huge performance penalty (if it wouldn't crash). I don't believe that the additional context switches makes it noticeable worse. - The patch would be a real patch bomb. It would remove a lot of mess for (not working) ia64 workarounds and the most recent sparc patches of Debian as well. The patch replaces a lot of code of cont.c. - The patch would change the implementation for all Debian archs, not only ia64. I appreciate comments on that. For now I'd prefer the 'wheezy-ignore' rather than removing the ia64 ruby package. Stephan If you want to read something pleasing about ia64 for a change, you can take a look at bug#659186 or #582774. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695424: ntop: protocols.c seems to be incompatibly licensed
Package: ntop Version: 3:4.99.3+ndpi5517+dfsg1-1 Severity: serious Justification: Policy 2.3 Hello, the debian/copyright file for the ntop Debian package states: [...] | Files: protocols.c | Copyright: 2003-2010, Luca Deri d...@ntop.org |1994-1996, The Regents of the University of California | License: GPL-2+ and BSD-4-clause [...] According to the machine-readable debian/copyright file format specification version 1.0 [1], this means that the file protocols.c has both GPL-licensed and 4-clause-BSD-licensed code in it. [1] http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ If this is the case, then protocols.c seems to be undistributable, since the 4-clause BSD is GPL-incompatible. Please clarify and/or fix this issue. I see that protocols.c is in part copyrighted by The Regents of the University of California: I suppose that the part which is under the terms of the 4-clause BSD license is copyrighted by the University of California. If this is indeed confirmed, then, please check whether that part originally comes from some version of the Berkeley Software Distribution, since maybe the corresponding re-licensing [2] could automatically apply... [2] ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change Thanks for your time. Bye. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#632443: kst-data: Please don't forget to file an unblock request
Package: kst-data Followup-For: Bug #632443 Hey, I am just going through the RC bugs relevant for Wheezy and saw that there is apparantly no unblock request for kst/2.0.3-1.3 yet. Please don't forget to file it as a bug report against release.debian.org, so that the release team can consider this package for Wheezy as it needs to be unfrozen. Please also include the debdiff showing the changes between the current version in testing and unstable. Cheers, Adrian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 681922
Processing commands for cont...@bugs.debian.org: # emacs24 is not in wheezy tags 681922 + sid Bug #681922 [sml-mode] sml-mode: can't be compiled with emacs24 Ignoring request to alter tags of bug #681922 to the same tags previously set thanks Stopping processing here. Please contact me if you need assistance. -- 681922: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681922 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#688302: Please provide cherry-picked patch for Wheezy
Hi Tobias, Thanks you for having a look into the issue. On Sat, 8 Dec 2012 04:05:16 Tobias Kranz wrote: this bug has been marked as release-critical for Debian Wheezy and should therefore be fixed before Wheezy is released. While the bug has already been fixed in version 1:2.0.1+dfsg-1, it is still present in version 1:1.8.11-1. Since Wheezy has already been frozen, version 1:2.0.1+dfsg-1 contains too many changes to be migrated automatically into Wheezy and the bug remains therefore open. We have an unblock request (#687916) for 1:2.0.2+dfsg-4 with release team so we're waiting for their decision. We still have some (fading) hope that 2.0.2 can be unblocked. The situation is quite extraordinary: although Zabbix was staged in unstable too late to satisfy freeze policy, there were not a single bug reported since upload of 1:2.0.2+dfsg-4 ~114 days ago. The problem will be gone if 2.0.2 will be allowed to migrate -- otherwise we will request removal of 1.8.11 from testing and upload to wheezy-backports. You should therefore cherry-pick the patch which fixes this particular issue described in this bug report and rebuild the package 1:1.8.11-1 for Wheezy and have your mentor upload the package. It would also be nice if you could attach the patch to this bug report to help others trying to fix this issue for Wheezy. Even if this particular problem could be easily fixed (which is not the case) there are some other security issues that make 1.8.11 unsuitable for release. Regards, Dmitry. signature.asc Description: This is a digitally signed message part.
Bug#683273: CVE-2012-3435: zabbix/testing
On Sat, 8 Dec 2012 00:37:44 Yves-Alexis Perez wrote: There's no security archive for Wheezy right now, so this need to go through testing-proposed-updates. Please get contact with the release team to get approval request. After discussing this issue we're all agreed that 1.8.11 shall be removed from testing or replaced with 1:2.0.2+dfsg-4 (for which we have an unblock request #687916). The problem will be gone if 2.0.2 will be allowed to migrate -- otherwise we will request removal of 1.8.11 from testing and upload to wheezy-backports. So at the moment we're waiting for release team decision. There is a fading hope for unblock of version 2.0.2 -- although it was staged in unstable too late to comply with freeze policy, there were not a single bug reported since upload of 1:2.0.2+dfsg-4 ~114 days ago. Regards, Dmitry. signature.asc Description: This is a digitally signed message part.
Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'
It's not clear to me whether there's anything I have to do ICU regarding this. I doesn't look like it, but before I just ignore this, I thought I'd double check. If there is something I need to do, please draw my attention to it. Thanks. The latest update to ICU just added pkgconfig files, but this wouldn't impact anything using icu-config, and also the .pc files don't suffer from the problem mentioned in the original bug report. -- Jay Berkenbilt q...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#678337: Same crash here as well for almost a year.
When Freeswitch attempts to invoke Exim to email the voicemail it segfaults latest: Dec 7 12:57:47 sh1 kernel: exim4[806]: segfault at bf8ec6b8 ip 0806533f sp bf8ec650 error 6 in exim4[8048000+d] This is on a rock stable Linode VPS - feel free to email and request we do a join.me session to the server, I executed the command Andreas requested: root@shared-hosting-1:/var/log# /usr/sbin/exim4 -bV Exim version 4.72 #1 built 12-May-2011 18:13:45 Copyright (c) University of Cambridge, 1995 - 2007 Berkeley DB: Berkeley DB 4.8.30: (April 9, 2010) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 GnuTLS compile-time version: 2.8.6 GnuTLS runtime version: 2.8.6 Configuration file is /var/lib/exim4/config.autogenerated root@shared-hosting-1:/var/log# -- Daniel Sokolowski Web Engineer Danols Web Engineering http://webdesign.danols.com/ Office: 613-817-6833 Fax: 613-817-5340 Toll Free: 1-855-5DANOLS Kingston, ON K7L 1H3, Canada Notice of Confidentiality: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review re-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error please contact the sender immediately by return electronic transmission and then immediately delete this transmission including all attachments without copying distributing or disclosing same. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: cloning 690655, severity of -1 is serious, retitle -1 to Unfit for Wheezy, reassign -1 to libopenvas2 ...
Processing commands for cont...@bugs.debian.org: clone 690655 -1 Bug #690655 [release.debian.org] RM: openvas2 [wheezy] -- RoM; abandoned-upstream Bug 690655 cloned as bug 695439 690656 was not blocked by any bugs. 690656 was blocking: 690655 Added blocking bug(s) of 690656: 695439 severity -1 serious Bug #695439 [release.debian.org] RM: openvas2 [wheezy] -- RoM; abandoned-upstream Severity set to 'serious' from 'normal' retitle -1 Unfit for Wheezy Bug #695439 [release.debian.org] RM: openvas2 [wheezy] -- RoM; abandoned-upstream Changed Bug title to 'Unfit for Wheezy' from 'RM: openvas2 [wheezy] -- RoM; abandoned-upstream' reassign -1 libopenvas2 Bug #695439 [release.debian.org] Unfit for Wheezy Bug reassigned from package 'release.debian.org' to 'libopenvas2'. Ignoring request to alter found versions of bug #695439 to the same values previously set Ignoring request to alter fixed versions of bug #695439 to the same values previously set clone -1 -2 -3 Bug #695439 [libopenvas2] Unfit for Wheezy Bug 695439 cloned as bugs 695440-695441 695440 was blocked by: 690656 695440 was blocking: 690656 Ignoring request to alter blocking bugs of bug #695440 to the same blocks previously set 695441 was blocked by: 690656 695441 was blocking: 690656 Ignoring request to alter blocking bugs of bug #695441 to the same blocks previously set 690656 was blocked by: 695439 690656 was blocking: 690655 Added blocking bug(s) of 690656: 695440; removed blocking bug(s) of 690656: 695439 690656 was blocked by: 695440 690656 was blocking: 690655 Added blocking bug(s) of 690656: 695441; removed blocking bug(s) of 690656: 695440 reassign -2 libopenvasnasl2 Bug #695440 [libopenvas2] Unfit for Wheezy Bug reassigned from package 'libopenvas2' to 'libopenvasnasl2'. Ignoring request to alter found versions of bug #695440 to the same values previously set Ignoring request to alter fixed versions of bug #695440 to the same values previously set reassign -3 openvas-client Bug #695441 [libopenvas2] Unfit for Wheezy Bug reassigned from package 'libopenvas2' to 'openvas-client'. Ignoring request to alter found versions of bug #695441 to the same values previously set Ignoring request to alter fixed versions of bug #695441 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 690655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690655 690656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690656 695439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695439 695440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695440 695441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#674821: xserver-xorg-input-tslib: undefined symbol: xf86XInputSetScreen reported when X loads tslib_drv.so
On 12/05/12 01:24, Gianluigi Tiesi wrote: Package: xf86-input-tslib Followup-For: Bug #674821 I've tested by commenting out the call and works without problems, to be sure I've instead made a patch using the code that was removed from xorg, so teorically it should behave like in xorg 1.11 I've not directly tested the effect of the patch, but it should be ok, I'll report results asap Regards Hi, I've just tested the patch and it works fine for me, it would be nice to have the package in wheezy but I don't known exactly the policy Regards -- Gianluigi Tiesi sher...@netfarm.it EDP Project Leader Netfarm S.r.l. - http://www.netfarm.it/ Free Software: http://oss.netfarm.it/ Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695439: Bug#690655: RM: openvas2 [wheezy] -- RoM; abandoned-upstream
On 2012-10-16 07:52, Javier Fernández-Sanguino Peña wrote: Package: release.debian.org Version: N/A Priority: grave Tags: rm Hi, I would like to request the Release Managers to remove *all* of the OpenVAS 2.x packages from the current testing distribution. This includes the following packages: - libopenvas2 / libopenvas2-dev (version 2.0.4-2.1) - libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1) - openvas-client (version 2.0.5-1.1) - openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2) - openvas-server / openvas-server-dev (version 2.0.3-6) I have added a removal hint for these packages (except openvas-plugins-base, which wasn't in testing). I also added RC bugs against packages that didn't have one already to ensure they don't re-enter testing by accident. For reference that would be #695439, #695440 and #695441. In addition, please also remove the following package: - harden-remoteaudit: it depends on openvas-server (I have sent a bug to the package to update this dependency) Fixed already afaict, so I left this one alone. [...] Regards Javier ~Niels -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 695439, tagging 695440, tagging 695441
Processing commands for cont...@bugs.debian.org: tags 695439 + sid wheezy Bug #695439 [libopenvas2] Unfit for Wheezy Added tag(s) sid and wheezy. tags 695440 + sid wheezy Bug #695440 [libopenvasnasl2] Unfit for Wheezy Added tag(s) sid and wheezy. tags 695441 + sid wheezy Bug #695441 [openvas-client] Unfit for Wheezy Added tag(s) sid and wheezy. thanks Stopping processing here. Please contact me if you need assistance. -- 695439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695439 695440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695440 695441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692440: marked as done (tomcat7: CVE-2012-2733 CVE-2012-3439)
Your message dated Sat, 08 Dec 2012 04:47:40 + with message-id e1thckc-0006lr...@franck.debian.org and subject line Bug#692440: fixed in tomcat6 6.0.35-6 has caused the Debian Bug report #692440, regarding tomcat7: CVE-2012-2733 CVE-2012-3439 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692440 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: tomcat7 Severity: grave Tags: security Justification: user security hole Please see http://tomcat.apache.org/security-7.html Since Wheezy is frozen, please apply isolated security fixes instead of updating to a new upstream release. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: tomcat6 Source-Version: 6.0.35-6 We believe that the bug you reported is fixed in the latest version of tomcat6, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill tmanc...@debian.org (supplier of updated tomcat6 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 06 Dec 2012 21:10:11 -0800 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras Architecture: source all Version: 6.0.35-6 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: tony mancill tmanc...@debian.org Description: libservlet2.4-java - Transitional package for libservlet2.5-java libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6- Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- documentation tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-extras - Servlet and JSP engine -- additional components tomcat6-user - Servlet and JSP engine -- tools to create user instances Closes: 692440 695250 Changes: tomcat6 (6.0.35-6) unstable; urgency=high . * Acknowledge NMU: 6.0.35-5+nmu1 (Closes: #692440) - Thank you to Michael Gilbert. * Add patches for the following security issues: (Closes: #695250) - CVE-2012-4534, CVE-2012-4431, CVE-2012-3546 Checksums-Sha1: c13aaa9b0bc2823883f6be29eb088787ff666853 2692 tomcat6_6.0.35-6.dsc d5b0b9e3c4c3ff3d650ad9c2aad799b543d0 51688 tomcat6_6.0.35-6.debian.tar.gz 3913062050c58ec4b1db35cc6a07c7ea61a60fc6 52826 tomcat6-common_6.0.35-6_all.deb 3c514f20440986efe49f40c25245fae06d0ca907 40544 tomcat6_6.0.35-6_all.deb 858f2a90abca9511bf13047e701d25274a9f640a 31430 tomcat6-user_6.0.35-6_all.deb b91497e4e1cc024f258d18175c5fb4835027440c 3101344 libtomcat6-java_6.0.35-6_all.deb d83c76425fa7024d980f7280844ef347cc773cf9 13374 libservlet2.4-java_6.0.35-6_all.deb f632dbab7eee663a4fceebd08df90b3c55bbd215 196142 libservlet2.5-java_6.0.35-6_all.deb 3ed9687f059915ed75f7eb54adcb1f6b7301f55b 255404 libservlet2.5-java-doc_6.0.35-6_all.deb fd6c6cc55b42bae060874a38f6838af1f44a9b12 48368 tomcat6-admin_6.0.35-6_all.deb 8835355230d330579e66d9b4ed35e0f4b26ceda7 163418 tomcat6-examples_6.0.35-6_all.deb 6cb15c2203f41051e88a7a7b46112ac60ed823e2 567894 tomcat6-docs_6.0.35-6_all.deb 2b091dd877165b197710d5244903ff4991a63401 13578 tomcat6-extras_6.0.35-6_all.deb Checksums-Sha256: 87ec4d49d7998a99f22434d1a6f858f0ea0808d3668a7058e75f3eb2fec9bc5a 2692 tomcat6_6.0.35-6.dsc d99f35fbc6659d063b24d0601ec3554adbb6150ea31a9a832da83a38539d7b47 51688 tomcat6_6.0.35-6.debian.tar.gz 7ce8860323f667d4d342077c3d62553f8daf7f4232c8392b47483fb4634d71a8 52826 tomcat6-common_6.0.35-6_all.deb 556ec06b971b5a3fba8fb4d23d81fd0b12e23c3400d1a7eac42564708e8e3e39 40544 tomcat6_6.0.35-6_all.deb b8e18faa318c30cf1dada1af09783557def0bac580792fcd36358e888f5fb918 31430 tomcat6-user_6.0.35-6_all.deb
Bug#695250: marked as done (tomcat6: CVE-2012-4534 CVE-2012-4431 CVE-2012-3546)
Your message dated Sat, 08 Dec 2012 04:47:40 + with message-id e1thckc-0006lu...@franck.debian.org and subject line Bug#695250: fixed in tomcat6 6.0.35-6 has caused the Debian Bug report #695250, regarding tomcat6: CVE-2012-4534 CVE-2012-4431 CVE-2012-3546 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 695250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695250 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: tomcat6 Severity: grave Tags: security Justification: user security hole More Tomcat security issues have been disclosed: http://tomcat.apache.org/security-6.html The page contains links to the upstream fixes. BTW, is there a specific reason why both tomcat6 and tomcat7 are present in Wheezy? This will duplicate all efforts for security updates in Wheezy. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: tomcat6 Source-Version: 6.0.35-6 We believe that the bug you reported is fixed in the latest version of tomcat6, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 695...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill tmanc...@debian.org (supplier of updated tomcat6 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 06 Dec 2012 21:10:11 -0800 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras Architecture: source all Version: 6.0.35-6 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: tony mancill tmanc...@debian.org Description: libservlet2.4-java - Transitional package for libservlet2.5-java libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6- Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- documentation tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-extras - Servlet and JSP engine -- additional components tomcat6-user - Servlet and JSP engine -- tools to create user instances Closes: 692440 695250 Changes: tomcat6 (6.0.35-6) unstable; urgency=high . * Acknowledge NMU: 6.0.35-5+nmu1 (Closes: #692440) - Thank you to Michael Gilbert. * Add patches for the following security issues: (Closes: #695250) - CVE-2012-4534, CVE-2012-4431, CVE-2012-3546 Checksums-Sha1: c13aaa9b0bc2823883f6be29eb088787ff666853 2692 tomcat6_6.0.35-6.dsc d5b0b9e3c4c3ff3d650ad9c2aad799b543d0 51688 tomcat6_6.0.35-6.debian.tar.gz 3913062050c58ec4b1db35cc6a07c7ea61a60fc6 52826 tomcat6-common_6.0.35-6_all.deb 3c514f20440986efe49f40c25245fae06d0ca907 40544 tomcat6_6.0.35-6_all.deb 858f2a90abca9511bf13047e701d25274a9f640a 31430 tomcat6-user_6.0.35-6_all.deb b91497e4e1cc024f258d18175c5fb4835027440c 3101344 libtomcat6-java_6.0.35-6_all.deb d83c76425fa7024d980f7280844ef347cc773cf9 13374 libservlet2.4-java_6.0.35-6_all.deb f632dbab7eee663a4fceebd08df90b3c55bbd215 196142 libservlet2.5-java_6.0.35-6_all.deb 3ed9687f059915ed75f7eb54adcb1f6b7301f55b 255404 libservlet2.5-java-doc_6.0.35-6_all.deb fd6c6cc55b42bae060874a38f6838af1f44a9b12 48368 tomcat6-admin_6.0.35-6_all.deb 8835355230d330579e66d9b4ed35e0f4b26ceda7 163418 tomcat6-examples_6.0.35-6_all.deb 6cb15c2203f41051e88a7a7b46112ac60ed823e2 567894 tomcat6-docs_6.0.35-6_all.deb 2b091dd877165b197710d5244903ff4991a63401 13578 tomcat6-extras_6.0.35-6_all.deb Checksums-Sha256: 87ec4d49d7998a99f22434d1a6f858f0ea0808d3668a7058e75f3eb2fec9bc5a 2692 tomcat6_6.0.35-6.dsc d99f35fbc6659d063b24d0601ec3554adbb6150ea31a9a832da83a38539d7b47 51688 tomcat6_6.0.35-6.debian.tar.gz 7ce8860323f667d4d342077c3d62553f8daf7f4232c8392b47483fb4634d71a8 52826 tomcat6-common_6.0.35-6_all.deb 556ec06b971b5a3fba8fb4d23d81fd0b12e23c3400d1a7eac42564708e8e3e39 40544
Bug#695251: tomcat7: CVE-2012-4431 CVE-2012-4534 CVE-2012-3546
retitle 695251 tomcat7: CVE-2012-4431 CVE-2012-3546 thanks On 12/05/2012 11:49 PM, Moritz Muehlenhoff wrote: Package: tomcat7 Severity: grave Tags: security Justification: user security hole New security issues in Tomcat have been disclosed: http://tomcat.apache.org/security-7.html I am retitling this bug as the fix for CVE-2012-4534 is already included in upstream release 7.0.28. See the upstream bug report 52858 [1]. I also verified the affected source file and there's nothing to patch. The other 2 CVEs are not yet addressed in 7.0.28. Thank you, tony [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52858 signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#695251: tomcat7: CVE-2012-4431 CVE-2012-4534 CVE-2012-3546
Processing commands for cont...@bugs.debian.org: retitle 695251 tomcat7: CVE-2012-4431 CVE-2012-3546 Bug #695251 [tomcat7] tomcat7: CVE-2012-4431 CVE-2012-4534 CVE-2012-3546 Changed Bug title to 'tomcat7: CVE-2012-4431 CVE-2012-3546' from 'tomcat7: CVE-2012-4431 CVE-2012-4534 CVE-2012-3546' thanks Stopping processing here. Please contact me if you need assistance. -- 695251: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#675895: [Pkg-parrot-devel] Bug#675895: parrot: FTBFS in sid: (.text+0x20): undefined reference to `main'
Hi Jay On Fri, Dec 07, 2012 at 10:13:20PM -0500, Jay Berkenbilt wrote: It's not clear to me whether there's anything I have to do ICU regarding this. I doesn't look like it, but before I just ignore this, I thought I'd double check. If there is something I need to do, please draw my attention to it. Thanks. The latest update to ICU just added pkgconfig files, but this wouldn't impact anything using icu-config, and also the .pc files don't suffer from the problem mentioned in the original bug report. No there is nothing more that's needed to do. I only checked the bugreport and then reassigned it to icu, with found and fixed versions updated. So as far as I can see all related to #675895 is resolved. Salvatore signature.asc Description: Digital signature
