Bug#700782: Solving directory vs. symlink conflict: /usr/include/python3.2
On 2013-02-22 08:51, Vincent Cheng closed #700997: * [...] distutils in Debian now takes care of installing headers into the right location as of python3.2 (= 3.2.3-7), so add a build-dep on that [...] Maybe a solution for the other packages, too. Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701165: drupal7: CVE-2013-0316
Package: drupal7 Severity: grave Tags: security Justification: user security hole This has been assigned CVE-2013-0316: http://drupal.org/SA-CORE-2013-002 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Kernel panic - not syncing: Fatal exception in interrupt
Processing control commands: severity -1 grave Bug #700739 [src:linux] Kernel panic - not syncing: Fatal exception in interrupt Severity set to 'grave' from 'important' -- 700739: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700739 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#699615: Re: Bug#699615: CVE-2013-0250 - corosync: Remote DoS due improper HMAC initialization
Processing control commands: found -1 1.99.9-1 Bug #699615 [corosync] CVE-2013-0250 - corosync: Remote DoS due improper HMAC initialization Marked as found in versions corosync/1.99.9-1. -- 699615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701185: CVE-2013-0200: Insecure temporary files
Package: hplip Severity: grave Tags: security Justification: user security hole Several further insecurely handled temporary files were discovered by Red Hat: https://www.redhat.com/archives/enterprise-watch-list/2013-February/msg00024.html I've extracted the patch from the RHEL update, it's attached to this mail. Cheers, Moritz diff -up hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp --- hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 2013-01-22 10:57:13.651460928 + +++ hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp 2013-01-22 10:57:34.087541538 + @@ -637,19 +637,22 @@ int HPCupsFilter::processRasterData(cups { charszFileName[32]; memset(szFileName, 0, sizeof(szFileName)); -snprintf (szFileName, sizeof(szFileName), /tmp/hpcupsfilterc_%d.bmp, current_page_number); +snprintf (szFileName, sizeof(szFileName), /tmp/hpcupsfilterc_%d.bmp.XX, current_page_number); if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || cups_header.cupsColorSpace == CUPS_CSPACE_RGB) { -cfp = fopen (szFileName, w); -chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + int fd = mkstemp (szFileName); + if (fd != -1) + cfp = fdopen (fd, w); } if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || cups_header.cupsColorSpace == CUPS_CSPACE_K) { -szFileName[17] = 'k'; -kfp = fopen (szFileName, w); -chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + int fd; + snprintf (szFileName, sizeof(szFileName), /tmp/hpcupsfilterk_%d.bmp.XX, current_page_number); + fd = mkstemp (szFileName); + if (fd != -1) + kfp = fdopen (fd, w); } WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER); diff -up hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/SystemServices.cpp --- hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 2012-04-10 09:32:37.0 +0100 +++ hplip-3.12.4/prnt/hpcups/SystemServices.cpp 2013-01-22 10:57:34.088541545 + @@ -36,10 +36,12 @@ SystemServices::SystemServices(int iLogL m_fp = NULL; if (iLogLevel SAVE_PCL_FILE) { + int fd; charfname[32]; -sprintf(fname, /tmp/hpcups_job%d.out, job_id); -m_fp = fopen(fname, w); -chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); +sprintf(fname, /tmp/hpcups_job%d.out.XX, job_id); + fd = mkstemp (fname); + if (fd != -1) + m_fp = fdopen(fd, w); } } diff -up hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpijs/hpijs.cpp --- hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 2013-01-22 10:57:12.219455275 + +++ hplip-3.12.4/prnt/hpijs/hpijs.cpp 2013-01-22 10:57:34.089541549 + @@ -96,13 +96,12 @@ void setLogLevel(UXServices *pSS) if (pSS-m_iLogLevel SAVE_PCL_FILE) { + int fd; charszFileName[32]; - sprintf (szFileName, /tmp/hpijs_%d.out, getpid()); - pSS-outfp = fopen (szFileName, w); - if (pSS-outfp) - { - chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - } + sprintf (szFileName, /tmp/hpijs_%d.out.XX, getpid()); + fd = mkstemp (szFileName); + if (fd != -1) + pSS-outfp = fdopen (fd, w); } } diff -up hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 hplip-3.12.4/prnt/hpps/hppsfilter.c --- hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 2012-04-10 09:32:37.0 +0100 +++ hplip-3.12.4/prnt/hpps/hppsfilter.c 2013-01-22 10:57:34.089541549 + @@ -92,10 +92,12 @@ void open_dbg_outfile(char* szjob_id) g_fp_outdbgps = NULL; if (g_savepsfile SAVE_PS_FILE) { + int fd; charsfile_name[FILE_NAME_SIZE] = {0}; -sprintf(sfile_name, DBG_PSFILE, szjob_id); -g_fp_outdbgps= fopen(sfile_name, w); -chmod(sfile_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); +sprintf(sfile_name, DBG_PSFILE .XX, szjob_id); + fd = mkstemp (sfile_name); + if (fd != -1) + g_fp_outdbgps = fdopen(fd, w); } }
Bug#701176: linbox: FTBFS: GIVARO = 3.2.10... not found
Package: linbox Version: 1.1.6~rc0-4.2 Severity: serious Tags: sid Hi, in an unstable chroot, linbox FTBFS like this: checking whether GMP was compiled with --enable-cxx... yes checking for NTL = 5.0... found checking for GIVARO = 3.2.10... not found *** ERROR: GIVARO not found! GIVARO version 3.2.10 or greater is required for this library to compile. Please make sure GIVARO is installed and specify its location with the option --with-givaro=prefix when running configure. *** make: *** [debian/stamp-autotools] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 Tested on i386 and powerpcspe. Roland -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#685581: Info received (inn: CVE-2012-3523 prone to STARTTLS plaintext command injection)
On 2013-02-22 12:18, ow...@bugs.debian.org wrote: Thank you for the additional information you have supplied regarding this Bug report. Ah, this happened automatically because the bug was closed. There is no need to prepare stable packages unless stable is affected. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701188: ipplan: Lost connection to MySQL server at 'reading initial communication packet', system error: 111 during initial config via web IF (debconf mysql)
Package: ipplan Version: 4.92a-2 Severity: grave Justification: renders package unusable New install: Configured mysql via debconf ok but needed to amend /etc/ipplan.apache.conf to re-enable aliases to /usr/share/ipplan before the ipplan web page could be accessed, contrary to instructions in /usr/share/doc/ipplan/README.Debian which says that the alias has been disabled only to prevent it from affecting every virtual host. As mysql was configured via debconf skipped to step 2, as per instuctions. Details in /etc/ipplan/local_conf.php appeared to be correct but web page login required user 'admin' pw 'admin' which don't appear to be documented anywhere. Then when trying to display the sql to apply to the mysql db to complete the installation I got the Lost connection to MySQL server at 'reading initial communication packet', system error: 111 error message. mysql server running ok for other packages i.e. nagios cacti. Unable to complete installation, therefore package unusable. I suspect that the problem is due to ambiguities and omissions in the instructions detailed in /usr/share/ipplan/README.Debian file e.g. step 2) ...and maybe the username... How is anyone to know whether this needs to be modified or not because no criterion is given? -- System Information: Debian Release: 6.0.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ipplan depends on: ii apache2 2.2.16-6+squeeze10 Apache HTTP Server metapackage ii apache2-mpm-prefork [ 2.2.16-6+squeeze10 Apache HTTP Server - traditional n ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libapache2-mod-php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti ii libphp-adodb 5.10-1 The ADOdb database abstraction lay ii libphp-phplayersmenu 3.2.0rc-3 hierarchical menu system class for ii libphp-phpmailer 5.1-1 full featured email transfer class ii mysql-client 5.1.66-0+squeeze1 MySQL database client (metapackage ii mysql-client-5.1 [mys 5.1.66-0+squeeze1 MySQL database client binaries ii php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti ii php5-mysql5.3.3-7+squeeze14 MySQL module for php5 ii postgresql-client 8.4.16-0squeeze1 front-end programs for PostgreSQL ii postgresql-client-8.4 8.4.16-0squeeze1 front-end programs for PostgreSQL ii ucf 3.0025+nmu1Update Configuration File: preserv ii wwwconfig-common 0.2.1 Debian web auto configuration Versions of packages ipplan recommends: ii mysql-server 5.1.66-0+squeeze1 MySQL database server (metapackage ii mysql-server-5.1 [mysq 5.1.66-0+squeeze1 MySQL database server binaries and ii php5-snmp 5.3.3-7+squeeze14 SNMP module for php5 ii postgresql 8.4.16-0squeeze1 object-relational SQL database (su Versions of packages ipplan suggests: ii nmap 5.00-3 The Network Mapper -- Configuration Files: /etc/ipplan/apache.conf changed: Alias /ipplan/menus /usr/share/php/libphp-phplayersmenu Alias /ipplan /usr/share/ipplan Directory /usr/share/ipplan Options FollowSymLinks AllowOverride Limit Options FileInfo /Directory -- debconf information: ipplan/mysql/dbpass: (password omitted) ipplan/mysql/dbadmpass: (password omitted) * ipplan/mysql/dbadmin: root ipplan/purge: true ipplan/mysql/dbname: ipplan ipplan/mysql/configure: true ipplan/restart-webserver: false ipplan/webserver_type: apache2 * ipplan/mysql/dbuser: ipplan * ipplan/mysql/dbserver: 192.168.20.151 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700718: python-numpy: fails to upgrade from squeeze: prerm: 6: update-python-modules: not found
Le samedi 16 février 2013 à 16:35 +0100, Andreas Beckmann a écrit : during a test with piuparts I noticed your package fails to upgrade from 'squeeze'. It installed fine in 'squeeze', then the upgrade to 'wheezy' fails. From the attached log (scroll to the bottom...): Preparing to replace python-numpy 1:1.4.1-5 (using .../python-numpy_1%3a1.6.2-1.1_amd64.deb) ... /var/lib/dpkg/info/python-numpy.prerm: 6: update-python-modules: not found dpkg: warning: subprocess old pre-removal script returned error exit status 127 dpkg: trying script from the new package instead ... /var/lib/dpkg/tmp.ci/prerm: 6: update-python-modules: not found dpkg: error processing /var/cache/apt/archives/python-numpy_1%3a1.6.2-1.1_amd64.deb (--unpack): subprocess new pre-removal script returned error exit status 127 configured to not write apport reports /var/lib/dpkg/info/python-numpy.postinst: 6: update-python-modules: not found dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 127 Here is what happens: when the prerm script is started, /usr/bin/python symlink points to /usr/bin/python2.7, but the latter has not yet been unpacked. So the python script update-python-modules cannot be run… Said otherwise, python-minimal 2.7.3-4 has been unpacked, but python2.7-minimal has not yet been. It is clear that this is not a python-numpy bug, but at this stage I don’t know which package to reassign it to (python-defaults, python-support, or even apt ?). -- .''`.Sébastien Villemot : :' :Debian Developer `. `' http://www.dynare.org/sebastien `- GPG Key: 4096R/381A7594 signature.asc Description: This is a digitally signed message part
Processed: your mail
Processing commands for cont...@bugs.debian.org: tags 697015 -wheezy Bug #697015 [src:imagevis3d] imagevis3d: FTBFS[kfreebsd]: error: 'POSIX_FADV_WILLNEED' was not declared in this scope Removed tag(s) wheezy. thanks Stopping processing here. Please contact me if you need assistance. -- 697015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: closing 701184
Processing commands for cont...@bugs.debian.org: close 701184 Bug #701184 [fai-nfsroot] fai-nfsroot: fails to remove: rm: cannot remove `/etc/init.d/rcS': No such file or directory Marked Bug as done thanks Stopping processing here. Please contact me if you need assistance. -- 701184: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701184 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701181: im-switch: LP: 1101836: Needs to keep hands off when removed but not purged
Package: im-switch Version: 1.20 Severity: serious If this im-switch package is removed but not purged, this package makes other somewhat independent package im-config unusable and causes hard to fix problem for non-technical users and its effect is very annoying since it interferes with keyboard input. So this is not suitable for release as it is. This is very much anticipated situation since we are asking user to migrate from im-switch to im-config and purging is very unlikely scenario. Hi, On Fri, Feb 22, 2013 at 04:06:40AM +0100, Gunnar Hjalmarsson wrote: On 2013-02-21 17:23, Osamu Aoki wrote: Hmmm... this may be good idea but may violate Debian policy. Can you file the same bug to Debian. I can, but I would prefer that we finalise the discussion at the bug report first. Your comments there would be appreciated. https://launchpad.net/bugs/1101836 Oh, thanks for good pointer and reminder. This was critical or serious bug for Debian. (critical in my opinion but reportbug tells me package with dependency does not count ... oh, well) As for the resolution, this is sourced script so it should use return instead of exit. But your thought on solution reported to Ubuntu is the one I need to put. test -x /usr/bin/im-switch || return 0 or if [ ! -x /usr/bin/im-switch ]; then return 0 fi or in line with the same style as other lines: [ -x /usr/bin/im-switch ] || return 0 OK, I will use this and test it. Oh, 0.19 is not good. Check out 0.20 im-config (0.20) unstable; urgency=low * Fix regression on uim for #683950 caused by the 0.19~pre1 fixing #694446. Closes: #695940 * Adjust desktop file to match the gnome-shell 3.4.1-8 behavior updated just around the wheezy freeze on 23 Jun 2012. * Work around zenity bug for readable display under Japanese. Closes: #695939 -- Osamu Aoki os...@debian.org Sat, 15 Dec 2012 11:25:11 +0900 It should of course be merged into the Ubuntu package somehow. Who is going to do that? Thanks. Osamu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#685581: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection
Package: inn2 Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.7) - use target stable Please prepare a minimal-changes upload targetting each of these suites, and submit a debdiff to the Release Team [0] for consideration. They will offer additional guidance or instruct you to upload your package. I will happily assist you at any stage if the patch is straightforward and you need help. Please keep me in CC at all times so I can track [1] the progress of this request. For details of this process and the rationale, please see the original announcement [2] and my blog post [3]. 0: debian-rele...@lists.debian.org 1: http://prsc.debian.net/tracker/685581/ 2: 201101232332.11736.th...@debian.org 3: http://deb.li/prsc Thanks, with his security hat on: -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701188: marked as done (ipplan: Lost connection to MySQL server at 'reading initial communication packet', system error: 111 during initial config via web IF (debconf mysql))
Your message dated Fri, 22 Feb 2013 16:32:58 +0100 with message-id 51278faa.6030...@cyconet.org and subject line Re: Bug#701188: ipplan: Lost connection to MySQL server at 'reading initial communication packet', system error: 111 during initial config via web IF (debconf mysql) has caused the Debian Bug report #701188, regarding ipplan: Lost connection to MySQL server at 'reading initial communication packet', system error: 111 during initial config via web IF (debconf mysql) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 701188: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701188 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: ipplan Version: 4.92a-2 Severity: grave Justification: renders package unusable New install: Configured mysql via debconf ok but needed to amend /etc/ipplan.apache.conf to re-enable aliases to /usr/share/ipplan before the ipplan web page could be accessed, contrary to instructions in /usr/share/doc/ipplan/README.Debian which says that the alias has been disabled only to prevent it from affecting every virtual host. As mysql was configured via debconf skipped to step 2, as per instuctions. Details in /etc/ipplan/local_conf.php appeared to be correct but web page login required user 'admin' pw 'admin' which don't appear to be documented anywhere. Then when trying to display the sql to apply to the mysql db to complete the installation I got the Lost connection to MySQL server at 'reading initial communication packet', system error: 111 error message. mysql server running ok for other packages i.e. nagios cacti. Unable to complete installation, therefore package unusable. I suspect that the problem is due to ambiguities and omissions in the instructions detailed in /usr/share/ipplan/README.Debian file e.g. step 2) ...and maybe the username... How is anyone to know whether this needs to be modified or not because no criterion is given? -- System Information: Debian Release: 6.0.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ipplan depends on: ii apache2 2.2.16-6+squeeze10 Apache HTTP Server metapackage ii apache2-mpm-prefork [ 2.2.16-6+squeeze10 Apache HTTP Server - traditional n ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libapache2-mod-php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti ii libphp-adodb 5.10-1 The ADOdb database abstraction lay ii libphp-phplayersmenu 3.2.0rc-3 hierarchical menu system class for ii libphp-phpmailer 5.1-1 full featured email transfer class ii mysql-client 5.1.66-0+squeeze1 MySQL database client (metapackage ii mysql-client-5.1 [mys 5.1.66-0+squeeze1 MySQL database client binaries ii php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti ii php5-mysql5.3.3-7+squeeze14 MySQL module for php5 ii postgresql-client 8.4.16-0squeeze1 front-end programs for PostgreSQL ii postgresql-client-8.4 8.4.16-0squeeze1 front-end programs for PostgreSQL ii ucf 3.0025+nmu1Update Configuration File: preserv ii wwwconfig-common 0.2.1 Debian web auto configuration Versions of packages ipplan recommends: ii mysql-server 5.1.66-0+squeeze1 MySQL database server (metapackage ii mysql-server-5.1 [mysq 5.1.66-0+squeeze1 MySQL database server binaries and ii php5-snmp 5.3.3-7+squeeze14 SNMP module for php5 ii postgresql 8.4.16-0squeeze1 object-relational SQL database (su Versions of packages ipplan suggests: ii nmap 5.00-3 The Network Mapper -- Configuration Files: /etc/ipplan/apache.conf changed: Alias /ipplan/menus /usr/share/php/libphp-phplayersmenu Alias /ipplan /usr/share/ipplan Directory /usr/share/ipplan Options FollowSymLinks AllowOverride Limit Options FileInfo /Directory -- debconf information: ipplan/mysql/dbpass: (password omitted) ipplan/mysql/dbadmpass: (password omitted) * ipplan/mysql/dbadmin: root ipplan/purge: true ipplan/mysql/dbname: ipplan ipplan/mysql/configure: true ipplan/restart-webserver: false ipplan/webserver_type: apache2 * ipplan/mysql/dbuser: ipplan * ipplan/mysql/dbserver: 192.168.20.151 ---End Message--- ---BeginMessage---
Bug#701184: fai-nfsroot: fails to remove: rm: cannot remove `/etc/init.d/rcS': No such file or directory
Package: fai-nfsroot Version: 3.2.17~lenny1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: fixed -1 3.4.7 Hi, during a test with piuparts I noticed your package fails to remove. From the attached log (scroll to the bottom...): Removing fai-nfsroot ... rm: cannot remove `/etc/init.d/rcS': No such file or directory dpkg: error processing fai-nfsroot (--purge): subprocess post-removal script returned error exit status 1 Errors were encountered while processing: fai-nfsroot cheers, Andreas PS: that was the last unreported piuparts failure for lenny fai-nfsroot_3.2.17~lenny1.log.gz Description: GNU Zip compressed data
Bug#701181: marked as done (im-switch: LP: 1101836: Needs to keep hands off when removed but not purged)
Your message dated Fri, 22 Feb 2013 16:32:49 + with message-id e1u8vyh-00081g...@franck.debian.org and subject line Bug#701181: fixed in im-switch 1.23 has caused the Debian Bug report #701181, regarding im-switch: LP: 1101836: Needs to keep hands off when removed but not purged to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 701181: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701181 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: im-switch Version: 1.20 Severity: serious If this im-switch package is removed but not purged, this package makes other somewhat independent package im-config unusable and causes hard to fix problem for non-technical users and its effect is very annoying since it interferes with keyboard input. So this is not suitable for release as it is. This is very much anticipated situation since we are asking user to migrate from im-switch to im-config and purging is very unlikely scenario. Hi, On Fri, Feb 22, 2013 at 04:06:40AM +0100, Gunnar Hjalmarsson wrote: On 2013-02-21 17:23, Osamu Aoki wrote: Hmmm... this may be good idea but may violate Debian policy. Can you file the same bug to Debian. I can, but I would prefer that we finalise the discussion at the bug report first. Your comments there would be appreciated. https://launchpad.net/bugs/1101836 Oh, thanks for good pointer and reminder. This was critical or serious bug for Debian. (critical in my opinion but reportbug tells me package with dependency does not count ... oh, well) As for the resolution, this is sourced script so it should use return instead of exit. But your thought on solution reported to Ubuntu is the one I need to put. test -x /usr/bin/im-switch || return 0 or if [ ! -x /usr/bin/im-switch ]; then return 0 fi or in line with the same style as other lines: [ -x /usr/bin/im-switch ] || return 0 OK, I will use this and test it. Oh, 0.19 is not good. Check out 0.20 im-config (0.20) unstable; urgency=low * Fix regression on uim for #683950 caused by the 0.19~pre1 fixing #694446. Closes: #695940 * Adjust desktop file to match the gnome-shell 3.4.1-8 behavior updated just around the wheezy freeze on 23 Jun 2012. * Work around zenity bug for readable display under Japanese. Closes: #695939 -- Osamu Aoki os...@debian.org Sat, 15 Dec 2012 11:25:11 +0900 It should of course be merged into the Ubuntu package somehow. Who is going to do that? Thanks. Osamu ---End Message--- ---BeginMessage--- Source: im-switch Source-Version: 1.23 We believe that the bug you reported is fixed in the latest version of im-switch, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 701...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Osamu Aoki os...@debian.org (supplier of updated im-switch package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 22 Feb 2013 22:46:40 +0900 Source: im-switch Binary: im-switch Architecture: source all Version: 1.23 Distribution: unstable Urgency: low Maintainer: Osamu Aoki os...@debian.org Changed-By: Osamu Aoki os...@debian.org Description: im-switch - Input method switch framework Closes: 701181 Changes: im-switch (1.23) unstable; urgency=low . * Disable hook script if package is removed. Closes: #701181 Checksums-Sha1: 0ca9725013d94a45cd8fcf3d6e0f6026289b8e00 925 im-switch_1.23.dsc 150e66e88dc7225cc4f4e2f0b4f89b449e7b97f4 23821 im-switch_1.23.tar.gz b8014fba1669612f06409dd1eb979673c1d7bd9b 18628 im-switch_1.23_all.deb Checksums-Sha256: 3a1d0af1805699daa638ba963a2f41bfbf21052b5b38dba916696a63eb1cd08a 925 im-switch_1.23.dsc faac7833515455dd002294db0e7354fe9b1b6aa62f57891d4f110d5e454b8748 23821 im-switch_1.23.tar.gz 10f1ea2291ed26c6520f8cb5654b38da03e3ca65a0c75fb89c9eeb3b5bc4ddd5 18628 im-switch_1.23_all.deb Files: 0ce15acb273259aa6bd474710b8e0683 925 oldlibs optional im-switch_1.23.dsc acb4270b1de43ea922d051228a3508a9 23821 oldlibs optional im-switch_1.23.tar.gz 6b6a60b53404d1b654f964cfd6891b81 18628 oldlibs optional im-switch_1.23_all.deb -BEGIN PGP SIGNATURE- Version:
Bug#701186: python-django: CVE-2013-0305 CVE-2013-0306
Package: python-django Severity: grave Tags: security Justification: user security hole Please see https://www.djangoproject.com/weblog/2013/feb/19/security/ Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: fai-nfsroot: fails to remove: rm: cannot remove `/etc/init.d/rcS': No such file or directory
Processing control commands: fixed -1 3.4.7 Bug #701184 [fai-nfsroot] fai-nfsroot: fails to remove: rm: cannot remove `/etc/init.d/rcS': No such file or directory Marked as fixed in versions fai/3.4.7. -- 701184: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701184 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#581999: fails to install
Hello, The config file of rinputd starts like this: - #!/bin/sh set -e [ `echo $DEBIAN_FRONTEND | tr '[:upper:]' '[:lower:]'` = noninteractive ] exit 0 . /usr/share/debconf/confmodule - I don't have much experience with debconf but hardcoding the check of $DEBIAN_FRONTEND cannot be the right way to solve the problem of the original bug report. The right way seems to be indicated on [1] (search for: Preventing infinite loops). Following what is said on that page, the fix would be to set USER and PASS to sensible default values right at the beginning of the body of the loop (i.e., before the db_beginblock). I could do an NMU for this but I do not know the sensible default values for this case. -Ralf. [1] http://manpages.ubuntu.com/manpages/lucid/man7/debconf-devel.7.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699892: [Pan-devel] Seeking advice on Pan license issue with optional TLS component
Le jeudi 21 février 2013 23:12:28, vous avez écrit : It looks like the license of GNUTLS 3.1.x may eventually be changed from LGPLv3+ back to LGPLv2.1+. If that succeeds, I believe it would solve the incompatibility with Pan. http://lists.gnutls.org/pipermail/gnutls-devel/2013-February/006086.html Thanks for the info. I'll forward this upstream. Alternatively, the SSL support could be rewritten to use the NSS library from Mozilla; that one remains GPLv2-compatible. I don't know yet how different its API is. Upstream is thinking about using PolarSSL. All the best Dominique signature.asc Description: This is a digitally signed message part.
Bug#699615: Re: Bug#699615: CVE-2013-0250 - corosync: Remote DoS due improper HMAC initialization
Control: found -1 1.99.9-1 Hi all I had a look at the version in experimental: On Mon, Feb 18, 2013 at 09:23:20PM +0100, Martin Gerhard Loschwitz wrote: I don't think we have Corosync 2.0 anywhere (we have 1.99 in experimental, I don't know if that specific version is affected or not just yet). So can we please tag this bug accordingly? The version in experimental has on lines 407 and 408: 407 hash_param.data = 0; 408 hash_param.len = 0; which is in init_nss_hash. So this looks like corosync in experimental is affected. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701182: avelsieve: Uses deprecated/removed session_unregister PHP function
Package: avelsieve Version: 1.9.9-2.3 Severity: grave Justification: renders package unusable Working with a fresh install/config of avelsieve and dovecot-managesieved, with no sieve scripts yet, I am able to view and fill out the initial add rule form in avelsieve. Upon adding the rule (which is successfully saved by managesieved), I am redirected to a blank page (except for the standard SquirrelMail header). If I attempt to access the Filters section of SquirrelMail (handled by avelsieve), I am again sent to this blank page. The blank page's URL is squirrelmail/plugins/avelsieve/table.php, and whenever it is accessed, the following error appears in my apache error log: PHP Fatal error: Call to undefined function session_unregister() in /usr/share/squirrelmail/plugins/avelsieve/include/html_rulestable.inc.php on line 164 Brief googling indicates that session_unregister is a PHP function that is removed in PHP 5.4+. Although not listed as an avelsieve dependency, PHP is required to run it, and the current php5 package installed on my system, and available in both testing and unstable, is 5.4.4. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (800, 'testing'), (700, 'unstable'), (600, 'stable'), (500, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages avelsieve depends on: ii debconf [debconf-2.0] 1.5.49 ii libjs-scriptaculous1.9.0-2 ii squirrelmail 2:1.4.23~svn20120406-2 avelsieve recommends no packages. Versions of packages avelsieve suggests: ii dovecot-imapd 1:2.1.7-7 -- debconf information excluded -- Joseph Spiros jos...@josephspiros.com +1 (440) 707-6855 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699224: [libvirt] [PATCH] rpc: Fix crash on error paths of message dispatching
Hi, On Sun, Feb 03, 2013 at 06:18:57PM +0100, Guido Günther wrote: Hi Eric, On Tue, Jan 29, 2013 at 02:21:30PM -0700, Eric Blake wrote: On 01/29/2013 01:22 PM, Guido Günther wrote: Hi, On Mon, Jan 28, 2013 at 07:35:38PM +0100, Peter Krempa wrote: When reading and dispatching of a message failed the message was freed but wasn't removed from the message queue. After that when the connection was about to be closed the pointer for the message was still present in the queue and it was passed to virNetMessageFree which tried to call the callback function from an uninitialized pointer. Debian stable is shipping 0.8.2. I checked and it seems this version isn't affected siince we properly remove the message from the queue before looking at it in daemon/libvirtd.c. I'd be great if somebody could double check though! 0.8.2 predates the RPC rewrite, and I concur with your assessment that back then, the code was _always_ clearing the queue: v0.8.2:daemon/libvirtd.c:qemudDispatchClientRead(): /* Grab the completed message */ struct qemud_client_message *msg = qemudClientMessageQueueServe(client-rx); struct qemud_client_filter *filter; /* Decode the header so we can use it for routing decisions */ if (remoteDecodeClientMessageHeader(msg) 0) { VIR_FREE(msg); qemudDispatchClientFailure(client); } However, it does look like there might be a missing 'return' statement after that error is reported, especially given that the next error reporting a few lines later does an early return. Thanks for double checking. It indeed looks like there's a return missing (cc:'ing the Debian bugreport to make this information permanent there too). Sorry for the delay but attached patch would fix the issue in Squeeze. I didn't reference the CVE since it's a kind of different problem but could do so of course if needed. Cheers, -- Guido diff -Nru libvirt-0.8.3/debian/changelog libvirt-0.8.3/debian/changelog --- libvirt-0.8.3/debian/changelog 2011-07-16 20:40:00.0 +0200 +++ libvirt-0.8.3/debian/changelog 2013-02-22 20:32:53.0 +0100 @@ -1,3 +1,9 @@ +libvirt (0.8.3-5+squeeze3) stable-security; urgency=low + + * [0bbbca1] Add missing return on error path (Closes: #699224) + + -- Guido Günther a...@sigxcpu.org Fri, 22 Feb 2013 20:32:53 +0100 + libvirt (0.8.3-5+squeeze2) stable-security; urgency=low * [ac67c93] CVE-2011-1486: Make error reporting in libvirtd thread safe diff -Nru libvirt-0.8.3/debian/patches/0016-Add-missing-return-on-error-path.patch libvirt-0.8.3/debian/patches/0016-Add-missing-return-on-error-path.patch --- libvirt-0.8.3/debian/patches/0016-Add-missing-return-on-error-path.patch 1970-01-01 01:00:00.0 +0100 +++ libvirt-0.8.3/debian/patches/0016-Add-missing-return-on-error-path.patch 2013-02-22 20:06:37.0 +0100 @@ -0,0 +1,20 @@ +From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org +Date: Fri, 22 Feb 2013 20:06:25 +0100 +Subject: Add missing return on error path + +--- + daemon/libvirtd.c |1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c +index 711360b..9b88aac 100644 +--- a/daemon/libvirtd.c b/daemon/libvirtd.c +@@ -1820,6 +1820,7 @@ readmore: + if (remoteDecodeClientMessageHeader(msg) 0) { + VIR_FREE(msg); + qemudDispatchClientFailure(client); ++return; + } + + /* Check if any filters match this message */ diff -Nru libvirt-0.8.3/debian/patches/series libvirt-0.8.3/debian/patches/series --- libvirt-0.8.3/debian/patches/series 2011-07-16 20:40:00.0 +0200 +++ libvirt-0.8.3/debian/patches/series 2013-02-22 20:06:37.0 +0100 @@ -13,3 +13,4 @@ security/0013-Add-missing-checks-for-read-only-connections.patch security/0014-Make-error-reporting-in-libvirtd-thread-safe.patch security/0015-Fix-integer-overflow-in-VirDomainGetVcpus.patch +0016-Add-missing-return-on-error-path.patch
Processed: marking fixed version
Processing commands for cont...@bugs.debian.org: fixed 690319 0.7.15+squeeze3 Bug #690319 {Done: Arthur de Jong adej...@debian.org} [nss-pam-ldapd] lookup fail to contact nslcd when first 1024 filedescriptor are already used (select) There is no source info for the package 'nss-pam-ldapd' at version '0.7.15+squeeze3' with architecture '' Unable to make a source version for version '0.7.15+squeeze3' Marked as fixed in versions 0.7.15+squeeze3. thanks Stopping processing here. Please contact me if you need assistance. -- 690319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#700971: nslcd mangles config file upon update
Processing control commands: fixed -1 0.8.5 Bug #700971 [nslcd] nslcd mangles config file upon update Marked as fixed in versions nss-pam-ldapd/0.8.5. tags -1 + patch Bug #700971 [nslcd] nslcd mangles config file upon update Added tag(s) patch. -- 700971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700971 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700971: nslcd mangles config file upon update
Control: fixed -1 0.8.5 Control: tags -1 + patch On Thu, 2013-02-21 at 01:09 +, Mark Cunningham wrote: Before install, i get the defaults i configured when installed the package. I set these to non used variables and created the nslcd.conf myself. I've been able to find the problem: the package configuration scripts don't do the modifications properly when an option is specified multiple times in nslcd.conf. This is allowed for the base keyword. When reading the configuration file, the last value from the configuration file is used but when writing back the changes the first option is replaced. This was fixed in 0.8.5 to both read and write the first option only which means the configuration should no longer be mangled in those cases (debconf configuration still doesn't support configuring with multiple base options though). The change that went into 0.8.5 is here: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1567view=revision Attached is a patch which has basically the same change for 0.7.15+squeeze3. Also, the 0.8 packaging has been updated to be more robust in parsing and writing the configuration. Btw, in nslcd.conf you currently have: base ou=users,ou=users,dc=example,dc=com base ou=groups,dc=example,dc=com while this is probably what is meant: base passwd ou=users,ou=users,dc=example,dc=com base group ou=groups,dc=example,dc=com The way is more efficient because if you have two base statements two searches are always performed. If i understand the process, are debian scripts actually parsing out options that you've configured and attempting to regenerate the config file? Yes. The package tries to guess reasonable defaults during installation (e.g. if libnss_ldap was installed before, look in DNS for a likely search base, etc.). The package also supports managing most common configurations with: dpkg-reconfigure nslcd The package also supports pre-seeding (setting site-wide defaults for automated installation). If a configuration file is already in place it should take the values of the configuration file instead of using pre-seeded or guessed values. Should it not be done the same as any other package with a changed config file. You're prompted to install the package maintaner's version or keep your own and have the ability of doing a diff. Not to mention there doesn't actually seem to be any changes needed in this case. Why even attempt to mess with the config file at all? It is a little more complicated than that. When managing configuration files as described you will not get prompts to install the maintainer's version (the two mechanisms are mutually exclusive). Hope this clarifies a few things. Thanks for the bug report and providing the detailed information that made it possible to track down this issue. I will try to get this into an update for squeeze if possible. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- Property changes on: . ___ Modified: svn:mergeinfo Merged /nss-pam-ldapd:r1566 Index: debian/nslcd.config === --- debian/nslcd.config (revision 1926) +++ debian/nslcd.config (working copy) @@ -78,7 +78,7 @@ if [ -z $uris ] then hosts=`sed -n 's/^host[[:space:]]*//ip' $cfgfile` - port=`sed -n 's/^port[[:space:]]*//ip' $cfgfile | tail -n 1` + port=`sed -n 's/^port[[:space:]]*//ip' $cfgfile | head -n 1` for host in $hosts do if [ -z $port ] || (echo $host | grep -q ':' ) @@ -95,21 +95,21 @@ db_get nslcd/ldap-base if [ -z $RET ] then -searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $cfgfile | tail -n 1` +searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $cfgfile | head -n 1` [ -n $searchbase ] db_set nslcd/ldap-base $searchbase fi # find binddn db_get nslcd/ldap-binddn if [ -z $RET ] then -binddn=`sed -n 's/^binddn[[:space:]]*//ip' $cfgfile | tail -n 1` +binddn=`sed -n 's/^binddn[[:space:]]*//ip' $cfgfile | head -n 1` db_set nslcd/ldap-binddn $binddn fi # find bindpw db_get nslcd/ldap-bindpw if [ -z $RET ] then -bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' $cfgfile | tail -n 1` +bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' $cfgfile | head -n 1` db_set nslcd/ldap-bindpw $bindpw fi # check ssl option @@ -128,7 +128,7 @@ db_get nslcd/ldap-reqcert if [ -z $RET ] then -reqcert=`sed -n 's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' $cfgfile | tail -n 1` +reqcert=`sed -n 's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' $cfgfile | head -n 1` # normalise value reqcert=`echo $reqcert | tr 'A-Z' 'a-z' | sed 's/^no$/never/;s/^yes$/demand/;s/^hard$/demand/'` [ -n $reqcert ] db_set nslcd/ldap-reqcert $reqcert
Processed: add extra found to fix graph (first version the code appears in)
Processing commands for cont...@bugs.debian.org: found 700971 0.6.7 Bug #700971 [nslcd] nslcd mangles config file upon update There is no source info for the package 'nslcd' at version '0.6.7' with architecture '' Unable to make a source version for version '0.6.7' Marked as found in versions 0.6.7. thanks Stopping processing here. Please contact me if you need assistance. -- 700971: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700971 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696099: libgssdp-1.0-dev: removal of libgssdp-1.0-dev makes files disappear from gupnp-vala
Hello Andreas! Sorry for not noticing your bug report earlier! Will fix the (somewhat artificial, but whatever) bug immediately, but I have one small question below that I would be very happy if you could confirm before I upload On Sun, Dec 16, 2012 at 07:06:48PM +0100, Andreas Beckmann wrote: [...] This is caused by using Replaces without corresponding Breaks. [...] The libgssdp-1.0-dev package has the following relationships with gupnp-vala: Conflicts: n/a Breaks:n/a Replaces: gupnp-vala (= 0.10.4) Adding Breaks: gupnp-vala (= 0.10.4) should solve this issue. This should be gupnp-vala ( 0.10.4), right? Since gupnp-vala 0.10.4 is the first gupnp-vala version which has an (artificial) versioned build-dependency on gssdp new enough so that gupnp-vala (0.10.4) no longer includes the gssdp introspection files? (Also, there's a replaces on gir-repository-dev without corresponding breaks... but that version is older then the one included in squeeze and has since been completely dropped... So I don't know which files if any was actually replaced there Guess I can just ignore that) -- Andreas Henriksson -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696099: libgssdp-1.0-dev: removal of libgssdp-1.0-dev makes files disappear from gupnp-vala
On Fri, Feb 22, 2013 at 10:26:12PM +0100, Andreas Henriksson wrote: [...] Adding Breaks: gupnp-vala (= 0.10.4) should solve this issue. This should be gupnp-vala ( 0.10.4), right? [...] Oh wait I guess this doesn't matter since 0.10.4 0.10.4-1... Both and = 0.10.4 could work since there are only 0.10.3-1 and 0.10.4-1. I'll make sure that both the replaces and breaks use the same version -- Andreas Henriksson -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696099: marked as done (libgssdp-1.0-dev: removal of libgssdp-1.0-dev makes files disappear from gupnp-vala)
Your message dated Fri, 22 Feb 2013 22:02:36 + with message-id e1u90hq-j7...@franck.debian.org and subject line Bug#696099: fixed in gssdp 0.12.2.1-2 has caused the Debian Bug report #696099, regarding libgssdp-1.0-dev: removal of libgssdp-1.0-dev makes files disappear from gupnp-vala to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696099 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libgssdp-1.0-dev Version: 0.12.2.1-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts replaces-without-breaks Hi, during a test with piuparts and EDOS tools I noticed your package causes removal of files that also belong to another package. This is caused by using Replaces without corresponding Breaks. This was observed on a partial upgrade from wheezy to sid. The installation sequence to reproduce this problem is apt-get install gupnp-vala/wheezy # (1) apt-get install libgssdp-1.0-dev/sid apt-get remove libgssdp-1.0-dev # (2) The list of installed files at points (1) and (2) should be identical, but the following files have disappeared: This is a serious bug violating policy 7.6, see http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces and also see the footnote that describes this incorrect behavior http://www.debian.org/doc/debian-policy/footnotes.html#f53 The libgssdp-1.0-dev package has the following relationships with gupnp-vala: Conflicts: n/a Breaks:n/a Replaces: gupnp-vala (= 0.10.4) Adding Breaks: gupnp-vala (= 0.10.4) should solve this issue. From the attached log (scroll to the bottom...): Selecting previously unselected package gupnp-vala. (Reading database ... 6761 files and directories currently installed.) Unpacking gupnp-vala (from .../gupnp-vala_0.10.3-1_amd64.deb) ... Setting up gupnp-vala (0.10.3-1) ... Selecting previously unselected package libgssdp-1.0-dev. Unpacking libgssdp-1.0-dev (from .../libgssdp-1.0-dev_0.12.2.1-1_amd64.deb) ... Replacing files in old package gupnp-vala ... Setting up libgssdp-1.0-dev (0.12.2.1-1) ... Removing libgssdp-1.0-dev ... 4m11.6s ERROR: FAIL: After purging files have disappeared: /usr/share/vala/vapi/gssdp-1.0.depsowned by: libgssdp-1.0-dev /usr/share/vala/vapi/gssdp-1.0.vapiowned by: libgssdp-1.0-dev 4m11.6s ERROR: FAIL: After purging files have been modified: /var/lib/dpkg/info/gupnp-vala.list not owned cheers, Andreas gupnp-vala=0.10.3-1_libgssdp-1.0-dev=0.12.2.1-1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: gssdp Source-Version: 0.12.2.1-2 We believe that the bug you reported is fixed in the latest version of gssdp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Henriksson andr...@fatal.se (supplier of updated gssdp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 22 Feb 2013 22:18:33 +0100 Source: gssdp Binary: libgssdp-1.0-3 gir1.2-gssdp-1.0 libgssdp-1.0-dev libgssdp-1.0-dbg libgssdp-doc gssdp-tools Architecture: source all amd64 Version: 0.12.2.1-2 Distribution: unstable Urgency: low Maintainer: Ross Burton r...@debian.org Changed-By: Andreas Henriksson andr...@fatal.se Description: gir1.2-gssdp-1.0 - GObject introspection data for the GSSDP library gssdp-tools - GObject-based library for SSDP (tools) libgssdp-1.0-3 - GObject-based library for SSDP libgssdp-1.0-dbg - GObject-based library for SSDP (debug symbols) libgssdp-1.0-dev - GObject-based library for SSDP (development files) libgssdp-doc - GObject-based library for SSDP (documentation) Closes: 696099 Changes: gssdp (0.12.2.1-2) unstable; urgency=low . * libgssdp-1.0-dev now breaks gupnp-vala (= 0.10.4) for policy compliance. Thanks to to Andreas Beckmann for finding and describing the problem. (Closes: #696099) * Also break (the ancient) gir-repository-dev (= 0.6.5-5) for correctness Checksums-Sha1: 0269a9b86614bc0a839e6033af8bf7c0baa176e1 1673 gssdp_0.12.2.1-2.dsc
Bug#700739: Kernel panic - not syncing: Fatal exception in interrupt
Control: severity -1 important On Fri, 2013-02-22 at 23:37 +0900, Kubo Hiroshi wrote: Control: severity -1 grave Sorry, no. This package works for most people, so it doesn't 'break the whole system'. Hi dear, After I repoted the crash, I experienced the same crashes for serveral times on the same machine. Most common situation is shutting down process, but not limited to it. I haven't experience the same crash before the last update of the linux-image package. Do the functions 'i8xx_irq_handler' and 'queue_work_on' always appear in the call trace? The attached file is another information about the machine. I didn't receive any attachment with this mail. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap. signature.asc Description: This is a digitally signed message part
Processed: Re: Bug#700739: Kernel panic - not syncing: Fatal exception in interrupt
Processing control commands: severity -1 important Bug #700739 [src:linux] Kernel panic - not syncing: Fatal exception in interrupt Severity set to 'important' from 'grave' -- 700739: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700739 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700820: Patch
On Thu, Feb 21, 2013 at 08:01:02PM +0100, Margarita Manterola wrote: tags 700820 +patch thanks Hi, I have prepared a patch that fixes the issue, by adding a --non-interactive flag to the script called by the postinst script. This way, the postinst doesn't prompt but if called by the user, the script will prompt as it did before. I've also updated the manpage. I will upload this to the 7 day delayed queue. Since this package is now orphaned, there is no need for the delayed queue. I've rescheduled to 1-day. Gruesse, Frank -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696099: libgssdp-1.0-dev: removal of libgssdp-1.0-dev makes files disappear from gupnp-vala
On 2013-02-22 22:37, Andreas Henriksson wrote: Both and = 0.10.4 could work since there are only 0.10.3-1 and 0.10.4-1. I'll make sure that both the replaces and breaks use the same version And I probably just suggested to add a matching Breaks, since the operator does not really make a difference here (and you probably had a reason for the Replaces versioning) :-) (although I'd probably use ( 0.10.4) as it indicates anything before this new upstream (without thinking about any Debian revision part) while a = makes me think why is the new upstream without debian revision *included*?) Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696099: libgssdp-1.0-dev: removal of libgssdp-1.0-dev makes files disappear from gupnp-vala
On 2013-02-22 22:26, Andreas Henriksson wrote: (Also, there's a replaces on gir-repository-dev without corresponding breaks... but that version is older then the one included in squeeze and has since been completely dropped... So I don't know which files if any was actually replaced there Guess I can just ignore that) Just think about removing it for wheezy+1, unless you want to keep it forever ... Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701214: warmux: immediately stops when start playing game
Package: warmux Version: 1:11.04.1+repack-3 Justification: renders package unusable Severity: grave Hello! When I press the Play button warmux immediately stops with following errors: markus@markusbyte:~ LC_ALL=C warmux Moving /home/markus/.wormux/ to /home/markus/.local/share/wormux/ Moving /home/markus/.local/share/wormux/config.xml to /home/markus/.config/wormux/config.xml o Reading the default config file o Locale: o Bind text domain to: /usr/share/locale o Codeset: UTF-8 o Text domain: warmux === Warmux version 11.04 === Authors: Lawrence AZZOUG, Frédéric BERTOLUS, Anthony CARRÉ, Laurent DEFERT SIMONNEAU, Jean-Christophe DUBERGA, Matthieu FERTRÉ, Christophe GISQUET, Sebastien GONZALVE, Reiner HERRMANN, Florian KÖBERLE, Renaud LOTTIAUX, Yannig PERRÉ, Olivie SERRES, Victor STINNER, Mikko VARTIAINEN === Website: www.warmux.org Warmux version 11.04, Copyright (C) 2001-2011 Warmux Team Warmux comes with ABSOLUTELY NO WARRANTY. This is free software and you are welcome to redistribute it under certain conditions. Read the file COPYING for details. [ Run game ] o Opened audio at 44100 Hz 16 bit o Loading sound profile: default o Loading music o Load teams:! Error in team/teams_list.cpp:166 (Warmux 11.04) : You need at least two valid teams! ./base/error.cpp:86: Missed assertion false markus@markusbyte:~ Removing the configuration rm -r /home/markus/.local/share/wormux/ /home/markus/.wormux/ /home/markus/.config/wormux does not help. Starting the game with another user does not help either. This bug might be related: https://bugs.archlinux.org/task/24485 When I try to add a new Team, i get the error that /home/markus/.config/wormux/custom_team/eigener_Spieler__1/team.xml could not be removed Looking at team/teams_list.cpp:166 from wheezy/main warmux 1:11.04.1+repack-3 does not really point to a possible error: 164 std::endl; 165 return false; 166 } 167 168 // Create a new character and add him to the team best regards, Markus -- System Information: Debian Release: 7.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages warmux depends on: ii libc62.13-38 ii libcurl3-gnutls 7.26.0-1+wheezy1 ii libfribidi0 0.19.2-3 ii libpng12-0 1.2.49-1 ii libsdl-gfx1.2-4 2.0.23-2 ii libsdl-image1.2 1.2.12-2 ii libsdl-mixer1.2 1.2.12-3 ii libsdl-net1.21.2.8-2 ii libsdl-ttf2.0-0 2.0.11-2 ii libsdl1.2debian 1.2.15-5 ii libstdc++6 4.7.2-5 ii libx11-6 2:1.5.0-1 ii libxml2 2.8.0+dfsg1-7 ii warmux-data 1:11.04.1+repack-3 warmux recommends no packages. warmux suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#581999: rinputd fails to install
Control: tags 581999 patch I haven't tested the following patch, but it should essentially resolve the issue. It removes the check for empty USER and PASS entirely, instead setting a default password (a default was already set for user) in the debconf template, and lets debconf's noninteractive frontend handle the lack of interaction :) diff -Nru rinputd-1.0.5/debian/changelog rinputd-1.0.5/debian/changelog --- rinputd-1.0.5/debian/changelog 2012-04-12 11:20:15.0 -0700 +++ rinputd-1.0.5/debian/changelog 2013-02-22 15:55:28.0 -0800 @@ -1,3 +1,13 @@ +rinputd (1.0.5-2.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Do not special-case when debconf is set to noninteractive, let the +Noninteractive debconf frontend handle that (Closes: #581999). + * Set a default password, to avoid infinite loop when debconf priority is too +high or in noninteractive mode (Closes: #581999). + + -- Vagrant Cascadian vagr...@debian.org Fri, 22 Feb 2013 15:52:38 -0800 + rinputd (1.0.5-2) unstable; urgency=low * Convert from CDBS to debhelper diff -Nru rinputd-1.0.5/debian/config rinputd-1.0.5/debian/config --- rinputd-1.0.5/debian/config 2012-04-12 11:06:14.0 -0700 +++ rinputd-1.0.5/debian/config 2013-02-22 15:51:31.0 -0800 @@ -2,8 +2,6 @@ set -e -[ `echo $DEBIAN_FRONTEND | tr '[:upper:]' '[:lower:]'` = noninteractive ] exit 0 - . /usr/share/debconf/confmodule db_beginblock @@ -17,18 +15,3 @@ USER=$RET db_get rinputd/passwd PASS=$RET - -while [ -z $USER -o -z $PASS ]; do - db_beginblock - db_input high rinputd/invalid || true - db_input high rinputd/username || true - db_input high rinputd/passwd || true - db_endblock - - db_go - - db_get rinputd/username - USER=$RET - db_get rinputd/passwd - PASS=$RET -done diff -Nru rinputd-1.0.5/debian/rinputd.postinst rinputd-1.0.5/debian/rinputd.postinst --- rinputd-1.0.5/debian/rinputd.postinst 2012-04-03 21:33:44.0 -0700 +++ rinputd-1.0.5/debian/rinputd.postinst 2013-02-22 15:52:14.0 -0800 @@ -24,14 +24,12 @@ echo Done fi -if [ `echo $DEBIAN_FRONTEND | tr '[:upper:]' '[:lower:]'` != noninteractive ]; then db_get rinputd/username USER=$RET db_get rinputd/passwd PASS=$RET echo $PASS | saslpasswd2 -p -c -u rinput $USER -fi fi #DEBHELPER# diff -Nru rinputd-1.0.5/debian/templates rinputd-1.0.5/debian/templates --- rinputd-1.0.5/debian/templates 2012-04-03 21:33:44.0 -0700 +++ rinputd-1.0.5/debian/templates 2013-02-22 15:51:59.0 -0800 @@ -18,12 +18,7 @@ remote input daemon. Template: rinputd/passwd +Default: rinput-password Type: password _Description: Remote input password: Please enter a password for the remote input login. - -Template: rinputd/invalid -Type: error -_Description: Invalid username or password - Neither the remote input username nor the password can be empty. - Please correct them. live well, vagrant -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: rinputd fails to install
Processing control commands: tags 581999 patch Bug #581999 [rinputd] fails to install Added tag(s) patch. -- 581999: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581999 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700789: marked as done (autoconf-archive: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE)
Your message dated Sat, 23 Feb 2013 01:02:32 + with message-id e1u93vy-0006jj...@franck.debian.org and subject line Bug#700789: fixed in autoconf-archive 20111221-2 has caused the Debian Bug report #700789, regarding autoconf-archive: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700789 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: autoconf-archive Version: 20111221-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, an upgrade test with piuparts revealed that your package installs files over existing symlinks and possibly overwrites files owned by other packages. This usually means an old version of the package shipped a symlink but that was later replaced by a real (and non-empty) directory. This kind of overwriting another package's files cannot be detected by dpkg. This was observed on the following upgrade paths: squeeze - wheezy For /usr/share/doc/PACKAGE this may not be problematic as long as both packages are installed, ship byte-for-byte identical files and are upgraded in lockstep. But once one of the involved packages gets removed, the other one will lose its documentation files, too, including the copyright file, which is a violation of Policy 12.5: http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile For other overwritten locations anything interesting may happen. Note that dpkg intentionally does not replace directories with symlinks and vice versa, you need the maintainer scripts to do this. See in particular the end of point 4 in http://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-unpackphase For switching from a symlink to a directory, the *preinst* script should do something like this: DOCDIR=/usr/share/doc/@@PACKAGE@@ if [ -L $DOCDIR ]; then rm $DOCDIR fi From the attached log (usually somewhere in the middle...): 0m49.6s INFO: dirname part contains a symlink: /usr/share/doc/autoconf-archive/html/Downloads.html (autoconf-archive) != /usr/share/autoconf-archive/html/Downloads.html (?) /usr/share/doc/autoconf-archive/html/GNU-Free-Documentation-License.html (autoconf-archive) != /usr/share/autoconf-archive/html/GNU-Free-Documentation-License.html (?) /usr/share/doc/autoconf-archive/html/How-to-contribute.html (autoconf-archive) != /usr/share/autoconf-archive/html/How-to-contribute.html (?) /usr/share/doc/autoconf-archive/html/Introduction.html (autoconf-archive) != /usr/share/autoconf-archive/html/Introduction.html (?) /usr/share/doc/autoconf-archive/html/The-Macros.html (autoconf-archive) != /usr/share/autoconf-archive/html/The-Macros.html (?) /usr/share/doc/autoconf-archive/html/ax_005fabsolute_005fheader.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fabsolute_005fheader.html (?) /usr/share/doc/autoconf-archive/html/ax_005fac_005fappend_005fto_005ffile.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fac_005fappend_005fto_005ffile.html (?) /usr/share/doc/autoconf-archive/html/ax_005fac_005fprint_005fto_005ffile.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fac_005fprint_005fto_005ffile.html (?) /usr/share/doc/autoconf-archive/html/ax_005fadd_005fam_005fmacro.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fadd_005fam_005fmacro.html (?) /usr/share/doc/autoconf-archive/html/ax_005fadd_005fam_005fmacro_005fstatic.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fadd_005fam_005fmacro_005fstatic.html (?) /usr/share/doc/autoconf-archive/html/ax_005fadd_005fam_005ftrilinos_005fmakefile_005fexport.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fadd_005fam_005ftrilinos_005fmakefile_005fexport.html (?) /usr/share/doc/autoconf-archive/html/ax_005fadd_005frecursive_005fam_005fmacro.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fadd_005frecursive_005fam_005fmacro.html (?) /usr/share/doc/autoconf-archive/html/ax_005fadd_005frecursive_005fam_005fmacro_005fstatic.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fadd_005frecursive_005fam_005fmacro_005fstatic.html (?) /usr/share/doc/autoconf-archive/html/ax_005fafs.html (autoconf-archive) != /usr/share/autoconf-archive/html/ax_005fafs.html (?) [...] I have no idea how to properly clean up currently messed up installations ... cheers, Andreas autoconf-archive_20111221-1.log.gz
Bug#698879: e2fsprogs: Unhandled /usr/share/doc symlink to doc transition
Package: src:e2fsprogs Followup-For: Bug #698879 Control: tags 698879 + patch Hello. I think that uploading the attached diff would close this bug. The problem causing data corruption on 16TB filesystems should probably be reported as a separate serious bug. Do you think it is possible to extract the related commits from the upstream git history? Apply these commits as debian patches to 1.42.5-1 would produce much smaller changes than the ones to 1.42.7~WIP-2013-01-01-1, and the release team may allow them to enter testing. diff --git a/debian/changelog b/debian/changelog index 8bc3d36..a4cb2b4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +e2fsprogs (1.42.5-1.1) unstable; urgency=low + + * Non-maintainer upload. + * e2fsck-static, e2fsprogs: let preinst remove a symbolic link in +/usr/share/doc, that should have been replaced with a directory since +1.39+1.40-WIP-2006.10.02+dfsg-1. (Closes: #698879). + + -- Nicolas Boulenguez nico...@debian.org Fri, 22 Feb 2013 23:14:59 +0100 + e2fsprogs (1.42.5-1) unstable; urgency=low * New upstream version diff --git a/debian/e2fsck-static.preinst b/debian/e2fsck-static.preinst new file mode 100644 index 000..e756ade --- /dev/null +++ b/debian/e2fsck-static.preinst @@ -0,0 +1,19 @@ +#!/bin/sh + +# Abort on error. +set -e + +PKG=e2fsck-static +DOCLNK=/usr/share/doc/$PKG +if test $1 = upgrade \ +-a -L $DOCLNK +then +rm $DOCLNK +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/e2fsprogs.preinst b/debian/e2fsprogs.preinst new file mode 100644 index 000..bfa9f6b --- /dev/null +++ b/debian/e2fsprogs.preinst @@ -0,0 +1,19 @@ +#!/bin/sh + +# Abort on error. +set -e + +PKG=e2fsprogs +DOCLNK=/usr/share/doc/$PKG +if test $1 = upgrade \ +-a -L $DOCLNK +then +rm $DOCLNK +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0
Processed: Re: e2fsprogs: Unhandled /usr/share/doc symlink to doc transition
Processing control commands: tags 698879 + patch Bug #698879 [src:e2fsprogs] e2fsprogs: Unhandled /usr/share/doc symlink to doc transition Added tag(s) patch. -- 698879: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698879 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700446: ia64, xserver-xorg-video-ati package doesn't install mach64, r128 drivers
Source: xserver-xorg-video-ati Followup-For: Bug #700446 Please refer to http://anonscm.debian.org/gitweb/?p=pkg-xorg/driver/xserver-xorg-video-ati.git;a=commitdiff;h=42fd3337aac4dd1e2efa71cbcbd87ae11d4e527d -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#700446: ia64, xserver-xorg-video-ati package doesn't install mach64, r128 drivers
Followup-For: Bug #700446 Please also check the log for bug #700447. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 1 errors): Re: Bug#699034: libwebkitgtk-1.0-0: midori and GtkLauncher crash after typing a url (cairo-surface.c assertion)
Processing control commands: reassign -1 libgcrypt11 Bug #699034 [src:cairo] libwebkitgtk-1.0-0: midori and GtkLauncher crash after typing a url (cairo-surface.c assertion) Bug reassigned from package 'src:cairo' to 'libgcrypt11'. Ignoring request to alter found versions of bug #699034 to the same values previously set Ignoring request to alter fixed versions of bug #699034 to the same values previously set affects -1 + libwebkitgtk-1.0-0 Bug #699034 [libgcrypt11] libwebkitgtk-1.0-0: midori and GtkLauncher crash after typing a url (cairo-surface.c assertion) Added indication that 699034 affects libwebkitgtk-1.0-0 severity -1 grave Bug #699034 [libgcrypt11] libwebkitgtk-1.0-0: midori and GtkLauncher crash after typing a url (cairo-surface.c assertion) Severity set to 'grave' from 'normal' merge -1 640501 Bug #699034 [libgcrypt11] libwebkitgtk-1.0-0: midori and GtkLauncher crash after typing a url (cairo-surface.c assertion) Unable to merge bugs because: severity of #640501 is 'important' not 'grave' affects of #640501 is 'claws-mail,midori' not 'libwebkitgtk-1.0-0' severity of #640123 is 'important' not 'grave' affects of #640123 is 'claws-mail,midori' not 'libwebkitgtk-1.0-0' Failed to merge 699034: Did not alter merged bugs Debbugs::Control::set_merged('transcript', 'GLOB(0x1e91320)', 'requester', 'Trek tre...@inbox.ru', 'request_addr', '699034-sub...@bugs.debian.org', 'request_msgid', '20130223051030.7f758d62@enterprise', 'request_subject', ...) called at /usr/local/lib/site_perl/Debbugs/Control/Service.pm line 538 eval {...} called at /usr/local/lib/site_perl/Debbugs/Control/Service.pm line 537 Debbugs::Control::Service::control_line('line', 'merge -1 640501', 'clonebugs', 'HASH(0x1eb2360)', 'limit', 'HASH(0x1eb2588)', 'common_control_options', 'ARRAY(0x1eb2660)', 'errors', ...) called at /usr/lib/debbugs/process line 1035 -- 640123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640123 640501: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640501 699034: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701227: nagios-nrpe: CVE-2013-1362: allows the passing of $() as command arguments to execute shell commands
Package: nagios-nrpe Severity: grave Tags: security Hi On bugtraq mailinglist it was reported publicly[1]. If support for command argument in the daemon are enabled then it would be possible to pass $() and possibly executing shell commands when run unter bash. Upstream has released 2.14 containing a patch and disabling bash command substitutions by default: 2.14 - 12/21/2012 - - Added configure option to allow bash command substitutions, disabled by default [bug #400] (Eric Stanley) - Patched to shutdown SSL connection completely (Jari Takkala) - Added SRC support on AIX (Thierry Bertaud) - Updated RPM SPEC file to support creating RPMs on AIX (Eric Stanley) - Updated logging to support compiling on AIX (Eric Stanley) According to [1], there is CVE-2013-1362 assigned to it. In the debian package we have explicitly --enable-command-args so the Debian packages looks affected. [1]: http://seclists.org/bugtraq/2013/Feb/119 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org