Processed: your mail
Processing commands for cont...@bugs.debian.org: fixed 775888 4.3.20-dfsg-1 Bug #775888 [virtualbox] virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Marked as fixed in versions virtualbox/4.3.20-dfsg-1. tags 775888 patch Bug #775888 [virtualbox] virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. -- 775888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775881: [debian-mysql] Bug#775881: mysql-5.5: Multiple security fixes from January 2015 CPU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/01/15 19:14, Salvatore Bonaccorso wrote: For wheezy-security I'm just building the package with imported version 5.5.41 to resolve the issues. Can say more if build suceeds. I've pushed commits to git.debian.org for unstable; should fine time to build and test in the next day or so. Thanks for doing the wheezy update. Cheers James - -- James Page Ubuntu and Debian Developer james.p...@ubuntu.com jamesp...@debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUwP+6AAoJEL/srsug59jDhWgP/1bjnh28HsTDLH8GY5n3GWnw OaBRi9GPKLg+jRIVAt96oeiZZPhb5VMnu8RdwBWNUqWbvefpyFjc286S1UnBpm1D MNMRI9KF2+KJblHVyFaemvwv1UrjYUafhYY1mrKcHyQwncbulLHfWzHP1Mv0ib8h /fXU9qKOzyMR+9xmeapifXN6HAJTdxhofSCv0AD47FqzbKjMFDsQgUITciD0F6C0 IJFg2v2qhn8ISMGMIGzdQpplILvjqYBK5wgcUhP0SdbBm5pCtbaa6SotYnpe6MiQ 2DYifV1OtrkOfVWXo/QvvLAu1dTFC4Q/vZvbwWI8gwEZxaFEMzxzeO0lNOjs9qs+ dnacsYoIG6nXs7SYEMY6ilAbtdcMWqOtmdGWnnZiPuwXUlwng29RJh5Y/CNtfknS bvIpW3GkNpzxeO3/h6FvLGUCZr0yIm0BsAH8qDhHVpEpg/f5sWHsrgWLIFzLSFGX g5RDh1U0PI6cJLJ1r/mItNZLGfZ/Pw8Srz9qN1nC+u7W+o781+dq2GmjF1O8nbC5 fMJ/HO6NM/cCet82BEO3nwki0cLMv+3WQranRT8Ml8OiUShnOFF7LTREDcfn/Pwd enzpdZ+8b8TTEPkYLgAk9viEeT5cQBVU6xKmospZLk82kIF4pSqe1LdPFwWREHfd HXmmuWwXxfTVfUlWD5wH =8K/g -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi all, so to sum everything up: experimental: NOT AFFECTED. jessie: fixed all of them by disabling the code (attached jessie-debdiff) wheezy: fixed CVE-2015-0377, CVE-2015-0418 wheezy-bpo: I propose to backport the new 4.3.18 into bpo when it reaches testing. squeeze: no virtualbox there squeeze-bpo: I propose to backport kbuild and then virtualbox 4.1 or 4.3 from wheezy-jessie. Attached the debdiffs thanks again Frank for your help! cheers, Gianfranco wheezy-debdiff Description: Binary data jessie-debdiff Description: Binary data
Bug#775953: openntpd if-up.d hook can cause system boot to hang indefinitely
tags 775953 +moreinfo thanks On 21/01/15 19:17, Sascha Silbe wrote: The reason for the hang (ntpd never daemonizing itself) can be replicated on a fully booted system by disconnecting the network and invoking /etc/init.d/openntpd force-reload. For some reason it _does_ daemonize correctly while being traced with strace, though. :-/ -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: armel (armv5tel) Hi SaschaSilbe! Thanks for contributing and reporting this issue into the Debian BTS! I'm trying to reproduce this, and trying to understand your working environment, which seems to be an armel architecture of an ARMv5tel device. Is your device being able to be emulated by qemu or some equivalent tool? What physical device is that? Thanks, Dererk -- BOFH excuse #109: The electricity substation in the car park blew up. signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#775953: openntpd if-up.d hook can cause system boot to hang indefinitely
Processing commands for cont...@bugs.debian.org: tags 775953 +moreinfo Bug #775953 [openntpd] openntpd if-up.d hook can cause system boot to hang indefinitely Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 775953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775953 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773643: initramfs-tools: fsck.* not added to initrd image for mount by UUID or label with type=auto
Control: retitle -1 initramfs-tools: fsck.* not added to initrd image for mount by UUID or label with type=auto Am Montag, den 19.01.2015, 22:30 +0100 schrieb Paul Menzel: Am Montag, den 19.01.2015, 00:52 + schrieb Ben Hutchings: […] On Sun, 2015-01-18 at 23:47 +0100, Paul Menzel wrote: Am Sonntag, den 18.01.2015, 15:12 + schrieb Ben Hutchings: [...] I think I know why this is, but please can you send the fstab line for the root filesystem? Sure. UUID=2b45d72e-7bd8-490f-bd9e-7e5990859148 / auto discard,noatime,commit=600,defaults,errors=remount-ro 0 1 In `/etc/fstab` tabs instead of spaces are used. OK, this is the same as in #766448 and I have a fix for it. Awesome! I’ll try to test that patch this week I can confirm, that your patch fixes the problem. and corrected the title of this bug report. Unfortunately I failed at that. I’ll try again. Thanks, Paul signature.asc Description: This is a digitally signed message part
Bug#754565: [moodle-packaging] Bug#754565: Bug#754565: Non free icc profile
On 22/01/15 18:47, Dan Poltawski wrote: Hi Riley, On 22 January 2015 at 06:34, Riley Baird bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch wrote: P.S. I tried writing a message on the moodle forums to give them a heads up on the situation, but the spam filter stopped me. It told me to send my post to he...@moodle.org, so hopefully it will still get through. 'Upstream' here. Apologies that you got hit by a spam filter (I'm afraid we were getting hit quite aggressively by first time link spammers which is probably the cause of your filtering). Thank you very much for trying to get in touch with us. That's OK - Helen just helped me work around the filter. I've posted a short thread here: https://moodle.org/mod/forum/discuss.php?d=278847 So much as it saddens me - I think this is the right course of action. There is little evidence to suggest that the package is widely used which makes it even less motivating for contributors for the significant amount of work it takes to keep up with our wide ranging upstream security fixes. Thanks for your support of this. Popcon shows only 78 installations. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#773643: initramfs-tools: fsck.* not added to initrd image for mount by UUID or label with type=auto
Processing control commands: retitle -1 initramfs-tools: fsck.* not added to initrd image for mount by UUID or label with type=auto Bug #773643 [initramfs-tools] initramfs-tools: mkfs.* not added to initrd image (Warning: couldn't identify filesystem type for fsck hook, ignoring.) Bug #766448 [initramfs-tools] root fstype auto in /etc/fstab guaranteed unbootable Changed Bug title to 'initramfs-tools: fsck.* not added to initrd image for mount by UUID or label with type=auto' from 'initramfs-tools: mkfs.* not added to initrd image (Warning: couldn't identify filesystem type for fsck hook, ignoring.)' Changed Bug title to 'initramfs-tools: fsck.* not added to initrd image for mount by UUID or label with type=auto' from 'root fstype auto in /etc/fstab guaranteed unbootable' -- 766448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766448 773643: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773643 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775935: geneweb: FTBFS on various arches: Please run 'make' in directory '../src' first
Le 21/01/2015 18:37, James Cowgill a écrit : Source: geneweb Version: 6.06-1 Severity: serious Hi, geneweb has FTBFS on various arches (arm64, mips, mipsel, ppc64el, s390x) since 6.06-1 all with errors similar to: Indeed. Thanks for pointing this. I'm afraid that it will prevent 6.08 to be in jessie, sadly. Sadly also, I didn't notice the FTBFS and had no opportunity to fix the problem before the freeze and now, it seems quite too late, according to the freeze rules. I'm always wondering why maintainers do not automatically get mails when packages FTBFS on autobuilders. (and I also wonder why the build succeeded on some autobuilders, as well as it did on my build machine, in a clean chroot) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776007: buffer overrun in acknowledge.c(gi)
Source: xymon
Version: 4.3.17-1
Severity: grave
Tags: security patch pending
web/acknowledge.c uses a string twice in a format string, but only
allocates memory for one copy. The attached patch fixes this.
Christoph
--
c...@df7cb.de | http://www.df7cb.de/
--- a/web/acknowledge.c
+++ b/web/acknowledge.c
@@ -289,7 +289,7 @@ int main(int argc, char *argv[])
pcre *dummy;
char *re;
- re = (char *)malloc(8 +
strlen(pagename));
+ re = (char *)malloc(8 +
2*strlen(pagename));
sprintf(re, %s$|^%s/.+, pagename,
pagename);
dummy = compileregex(re);
if (dummy) {
Processed: Re: Bug#775970: jasper: Debdiffs for CVE-2014-8157 CVE-2014-8158
Processing control commands: tags -1 + patch Bug #775970 [src:jasper] jasper: CVE-2014-8157 CVE-2014-8158 Added tag(s) patch. -- 775970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775970 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776004: qemu-system-x86: fails to install: dpkg-maintscript-helper: error: missing arguments after --
Package: qemu-system-x86 Version: 1:2.2+dfsg-3exp Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install. As per definition of the release team this makes the package too buggy for a release, thus the severity. From the attached log (scroll to the bottom...): Selecting previously unselected package qemu-system-x86. (Reading database ... 8743 files and directories currently installed.) Preparing to unpack .../qemu-system-x86_1%3a2.2+dfsg-3exp_amd64.deb ... dpkg-maintscript-helper: error: missing arguments after -- Use 'dpkg-maintscript-helper help' for program usage information. dpkg: error processing archive /var/cache/apt/archives/qemu-system-x86_1%3a2.2+dfsg-3exp_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 1 dpkg-maintscript-helper: error: missing arguments after -- Use 'dpkg-maintscript-helper help' for program usage information. dpkg: error while cleaning up: subprocess new post-removal script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/qemu-system-x86_1%3a2.2+dfsg-3exp_amd64.deb cheers, Andreas qemu-system-x86_1:2.2+dfsg-3exp.log.gz Description: application/gzip
Bug#775970: jasper: Debdiffs for CVE-2014-8157 CVE-2014-8158
Control: tags -1 + patch
Hi Roland
Attached are the two debdiffs, one for wheezy-security and the one for
the unstable upload.
Regards,
Salvatore
diff -Nru jasper-1.900.1/debian/changelog jasper-1.900.1/debian/changelog
--- jasper-1.900.1/debian/changelog 2014-12-20 08:46:40.0 +0100
+++ jasper-1.900.1/debian/changelog 2015-01-22 16:40:29.0 +0100
@@ -1,3 +1,14 @@
+jasper (1.900.1-13+deb7u3) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Add 07-CVE-2014-8157.patch patch.
+CVE-2014-8157: dec-numtiles off-by-one check in jpc_dec_process_sot().
+(Closes: #775970)
+ * Add 08-CVE-2014-8158.patch patch.
+CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes:
#775970)
+
+ -- Salvatore Bonaccorso car...@debian.org Thu, 22 Jan 2015 16:39:58 +0100
+
jasper (1.900.1-13+deb7u2) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru jasper-1.900.1/debian/patches/07-CVE-2014-8157.patch
jasper-1.900.1/debian/patches/07-CVE-2014-8157.patch
--- jasper-1.900.1/debian/patches/07-CVE-2014-8157.patch1970-01-01
01:00:00.0 +0100
+++ jasper-1.900.1/debian/patches/07-CVE-2014-8157.patch2015-01-22
16:40:29.0 +0100
@@ -0,0 +1,19 @@
+Description: CVE-2014-8157: dec-numtiles off-by-one check in
jpc_dec_process_sot()
+Origin: vendor,
http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179282
+Bug-Debian: https://bugs.debian.org/775970
+Forwarded: not-needed
+Author: Salvatore Bonaccorso car...@debian.org
+Last-Update: 2015-01-22
+
+--- a/src/libjasper/jpc/jpc_dec.c
b/src/libjasper/jpc/jpc_dec.c
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ dec-curtileendoff = 0;
+ }
+
+- if (JAS_CAST(int, sot-tileno) dec-numtiles) {
++ if (JAS_CAST(int, sot-tileno) = dec-numtiles) {
+ jas_eprintf(invalid tile number in SOT marker segment\n);
+ return -1;
+ }
diff -Nru jasper-1.900.1/debian/patches/08-CVE-2014-8158.patch
jasper-1.900.1/debian/patches/08-CVE-2014-8158.patch
--- jasper-1.900.1/debian/patches/08-CVE-2014-8158.patch1970-01-01
01:00:00.0 +0100
+++ jasper-1.900.1/debian/patches/08-CVE-2014-8158.patch2015-01-22
16:40:29.0 +0100
@@ -0,0 +1,336 @@
+Description: CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c
+Origin: vendor,
http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8158.patch
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179298
+Bug-Debian: https://bugs.debian.org/775970
+Forwarded: not-needed
+Author: Salvatore Bonaccorso car...@debian.org
+Last-Update: 2015-01-22
+
+--- a/src/libjasper/jpc/jpc_qmfb.c
b/src/libjasper/jpc/jpc_qmfb.c
+@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t {
+@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numcols = 2) {
+ hstartcol = (numcols + 1 - parity) 1;
+@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t {
+@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows = 2) {
+ hstartcol = (numrows + 1 - parity) 1;
+@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split
Processed: bug 775873 is forwarded to https://savannah.gnu.org/bugs/?44059
Processing commands for cont...@bugs.debian.org: forwarded 775873 https://savannah.gnu.org/bugs/?44059 Bug #775873 [patch] patch: CVE-2015-1196 directory traversal via file rename Set Bug forwarded-to-address to 'https://savannah.gnu.org/bugs/?44059'. thanks Stopping processing here. Please contact me if you need assistance. -- 775873: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#388141: Relicensing of Debian www pages
Hi Bradley, A couple of years ago, you offered to assist Debian in the relicensing of its www pages. Has there been any progress on this? Yours thankfully, Riley Baird -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775418: pcmanfm: diff for NMU version 1.2.3-1.1
Control: tags 775418 + patch
Control: tags 775418 + pending
Dear maintainer,
Mateusz Łukasik has prepared an NMU for pcmanfm (versioned as
1.2.3-1.1) and I've uploaded it to DELAYED/2. Please feel free to
tell me if I should delay it longer.
Regards.
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe
`- NP: Cat Power: Where Is My Love
diff -Nru pcmanfm-1.2.3/debian/changelog pcmanfm-1.2.3/debian/changelog
--- pcmanfm-1.2.3/debian/changelog 2014-10-14 20:58:09.0 +0200
+++ pcmanfm-1.2.3/debian/changelog 2015-01-22 21:56:16.0 +0100
@@ -1,3 +1,11 @@
+pcmanfm (1.2.3-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add code to transition /usr/share/doc/pcmanfm-dbg from directory to
+symlink (Closes: #775418).
+
+ -- Mateusz Łukasik mat...@linuxmint.pl Thu, 22 Jan 2015 21:56:10 +0100
+
pcmanfm (1.2.3-1) unstable; urgency=low
* Adding polkit agent to Recommends, mounting disks will require it.
diff -Nru pcmanfm-1.2.3/debian/control pcmanfm-1.2.3/debian/control
--- pcmanfm-1.2.3/debian/control 2014-10-14 19:56:44.0 +0200
+++ pcmanfm-1.2.3/debian/control 2015-01-22 21:44:38.0 +0100
@@ -41,6 +41,7 @@
Section: debug
Priority: extra
Architecture: any
+Pre-Depends: ${misc:Pre-Depends}
Depends: ${misc:Depends}, pcmanfm (= ${binary:Version})
Description: extremely fast and lightweight file manager (debug)
PCMan File Manager is a GTK+ based file manager. It is a primary file
diff -Nru pcmanfm-1.2.3/debian/pcmanfm-dbg.maintscript pcmanfm-1.2.3/debian/pcmanfm-dbg.maintscript
--- pcmanfm-1.2.3/debian/pcmanfm-dbg.maintscript 1970-01-01 01:00:00.0 +0100
+++ pcmanfm-1.2.3/debian/pcmanfm-dbg.maintscript 2015-01-22 21:42:53.0 +0100
@@ -0,0 +1 @@
+dir_to_symlink /usr/share/doc/pcmanfm-dbg pcmanfm 1.2.3-1.1~ pcmanfm-dbg
signature.asc
Description: Digital Signature
Processed: pcmanfm: diff for NMU version 1.2.3-1.1
Processing control commands: tags 775418 + patch Bug #775418 [pcmanfm-dbg] pcmanfm-dbg: copyright file missing after upgrade (policy 12.5) Added tag(s) patch. tags 775418 + pending Bug #775418 [pcmanfm-dbg] pcmanfm-dbg: copyright file missing after upgrade (policy 12.5) Added tag(s) pending. -- 775418: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775418 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775873: patch: directory traversal via file rename
On Thu, Jan 22, 2015 at 09:49:39PM +, Jonathan Wiltshire wrote: This issue was assigned CVE-2015-1196. If you upload fixed packages, please include the CVE identifier in the changelog. Seems the previous fix was incomplete, if I understand the traffic correctly. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#775873: patch: directory traversal via file rename
Processing control commands: retitle -1 patch: CVE-2015-1196 directory traversal via file rename Bug #775873 [patch] patch: directory traversal via file rename Changed Bug title to 'patch: CVE-2015-1196 directory traversal via file rename' from 'patch: directory traversal via file rename' -- 775873: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775873: patch: directory traversal via file rename
Control: retitle -1 patch: CVE-2015-1196 directory traversal via file rename This issue was assigned CVE-2015-1196. If you upload fixed packages, please include the CVE identifier in the changelog. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 775689
Processing commands for cont...@bugs.debian.org: tags 775689 - moreinfo Bug #775689 [src:unetbootin] Do NOT use unetbootin for Debian CD images Removed tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 775689: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775689 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#755834: It gives me the following errors during install
Here is the installation log on FRESH INSTALLED jessie ~# aptitude install isc-dhcp-server The following NEW packages will be installed: isc-dhcp-server 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/381 kB of archives. After unpacking 863 kB will be used. 50% [Working]Preconfiguring packages ... Selecting previously unselected package isc-dhcp-server. (Reading database ... 54285 files and directories currently installed.) Preparing to unpack .../isc-dhcp-server_4.3.1-5_amd64.deb ... Unpacking isc-dhcp-server (4.3.1-5) ... Processing triggers for man-db (2.7.0.2-5) ... Setting up isc-dhcp-server (4.3.1-5) ... Generating /etc/default/isc-dhcp-server... Job for isc-dhcp-server.service failed. See 'systemctl status isc-dhcp-server.service' and 'journalctl -xn' for details. invoke-rc.d: initscript isc-dhcp-server, action start failed. dpkg: error processing package isc-dhcp-server (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: isc-dhcp-server E: Sub-process /usr/bin/dpkg returned an error code (1) Failed to perform requested operation on package. Trying to recover: Setting up isc-dhcp-server (4.3.1-5) ... Job for isc-dhcp-server.service failed. See 'systemctl status isc-dhcp-server.service' and 'journalctl -xn' for details. invoke-rc.d: initscript isc-dhcp-server, action start failed. dpkg: error processing package isc-dhcp-server (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: isc-dhcp-server Then after proper configuration I can start isc-dhcp-server. But something is going wrong... Best wished, Andrew Zeltser. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776010: marked as done (dpkg-cross: Can generate broken binaries due to off_t vs LFS disconnect)
Your message dated Fri, 23 Jan 2015 00:03:21 +
with message-id e1yerib-0007um...@franck.debian.org
and subject line Bug#776010: fixed in dpkg-cross 2.6.12
has caused the Debian Bug report #776010,
regarding dpkg-cross: Can generate broken binaries due to off_t vs LFS
disconnect
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
776010: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776010
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: dpkg-cross
Version: 2.6.11
Severity: serious
Hi!
Some of the config.site files define a value for ac_cv_sizeof_off_t,
but that value is wrong as it depends on whether the package is going
to be built with LFS enabled (through AC_SYS_LARGEFILE for example).
Unfortunately this is unfixable through a config.site deployment as the
LFS checks are performed way later than when the config cache files have
been loaded, so the value cannot be assigned depending on LFS.
Those values would need to be removed from the config.site files, and
packages that lack the value during cross-compilation would need to be
updated to use a more recent autoconf which is able to compute such
sizeof values even when cross-compiling.
Even though I know dpkg-cross is considered completely deprecated and
that it should be left to die, the config.site support is something
that is supposed to move elsewhere AFAIK, so that's the reason I've
bothered reporting this at all.
Thanks,
Guillem
---End Message---
---BeginMessage---
Source: dpkg-cross
Source-Version: 2.6.12
We believe that the bug you reported is fixed in the latest version of
dpkg-cross, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 776...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Wookey woo...@debian.org (supplier of updated dpkg-cross package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 22 Jan 2015 19:18:29 +
Source: dpkg-cross
Binary: dpkg-cross libdebian-dpkgcross-perl
Architecture: source all
Version: 2.6.12
Distribution: experimental
Urgency: medium
Maintainer: Debian Embedded Group debian-embed...@lists.debian.org
Changed-By: Wookey woo...@debian.org
Description:
dpkg-cross - tools for cross compiling Debian packages
libdebian-dpkgcross-perl - functions to aid cross-compiling Debian packages
Closes: 649094 741476 771497 772045 776010
Changes:
dpkg-cross (2.6.12) experimental; urgency=medium
.
* Remove ac_cv_sizeof_off_t as supreceded by AC_SYS_LARGEFILE (Closes:
776010)
* Support lib{hf,n32,sf,x32}. (Closes: 771497)
* Ensure multilib ldscripts are fixed up. (Closes: 772045,649094)
* Update uploaders list (Closes: 741476)
* Include support for libo32 multilibs
Checksums-Sha1:
1b337ae9a81ccd23adcf8b5caceb50d811e8b9f4 1783 dpkg-cross_2.6.12.dsc
23518429614c7dc3ebd535cf43e46cebbdae549a 80101 dpkg-cross_2.6.12.tar.gz
7560dd37b850c00cbf9fa8700620c263790eadb2 53912 dpkg-cross_2.6.12_all.deb
5cdbd440e676697c09acfaf645731c83d4202850 29050
libdebian-dpkgcross-perl_2.6.12_all.deb
Checksums-Sha256:
a95137a22076cf0947cc7c8f367b451088a7027e98d07a1c1839682e3545 1783
dpkg-cross_2.6.12.dsc
5e354da53fb8ab79ff67a4cdded507252f11255ff1e6c326efc4f6a5cc34b58e 80101
dpkg-cross_2.6.12.tar.gz
34673376eb21ea716d9110789cb4a8f33691de2bed4d5248b9461e4c0624341b 53912
dpkg-cross_2.6.12_all.deb
0037d43c3953f5b937f0becf020acb6cba0b0d3c51eda299c3728199a19b0b76 29050
libdebian-dpkgcross-perl_2.6.12_all.deb
Files:
ca264c27ca53766c0ea530c5e389b8d7 1783 utils extra dpkg-cross_2.6.12.dsc
df748c6b3d26bfe7afb304bb53685adb 80101 utils extra dpkg-cross_2.6.12.tar.gz
626d545dbc9391fb7da307e133b8ee59 53912 utils extra dpkg-cross_2.6.12_all.deb
0e15f197f8277d3d358c8400a88de48f 29050 perl extra
libdebian-dpkgcross-perl_2.6.12_all.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJUwY9IAAoJEPuGMlGob55H0jwQALySklC3dA9rUvDglrgJyz9R
aCrp+MpoYqzNLLIG5rjkbwMzDld6GuIoA9uoPOMuRjV+G04vx8JFeBRlb1cCRIpb
nJ6lZI/KFCh3dW+AVCo5+gBNojZPjAzZ9nc92dBNN0qUVHZm65ZJEtreO4FIV6zJ
4AIt1ZllndOFQq7VPluejU9K/rkrYP77dbln1qD4P32QQp3ekp1DagYwQ4DSy3DL
aB6nqjfHJvhkKzIwRbmC4ZoPILEiR28SrfndpWwGT+XGbMzthHpOp3t8L6Us5ZLy
Bug#775439: winetricks: vcrun2013 not installable (sha1sum mismatch)
Hi, Thank you for providing a detailed bug report. I have marked the bug as serious as you have suggested. I have a debdiff that changes the sha1sum to be as it appears upstream (specifically the commit you attached). I agree that it is best for users who cannot (or don't want to) wait for the fix in Debian to download the winetricks script from upstream. I sent the debdiff to my sponsor for review. After he reviews it, the unblock request will be submitted. Cheers, Joseph -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774844: xfonts-traditional: fails to upgrade from 'wheezy': Can't locate File/Find.pm in @INC
Ian Jackson ijack...@chiark.greenend.org.uk writes: But it mostly occurs when a dependency is indirected through an intermediate package. That is, A uses some feature in C, but the dependency is declared on B which depends on C. This is (perhaps surprisingly) not particularly common. That's partly because those of us who work on Lintian have been annoying maintainers about this as much as possible to try to get them not to do that. :) But in the case of perl it's nearly universal, because of the policy recommendation to depend on the metapackage `perl' rather than perl-base or perl-modules. I suspect this is an outgrowth of the fact that we've always felt that the split of the perl package was sort of wrong, in the sense that we did it for internal reasons that are valid, but the average user should not perceive it as being divided into multiple packages, and we generally should try to avoid treating it as such. I don't think `requires strict dependencies' is a very useful concept here. That xfonts-traditional uses (in a maintainer script) a perl module which has always been implied by `perl' can hardly be unusual. I don't think it makes sense to regard that as a particularly `strict'. There are certainly other packages in the archive with Perl maintainer scripts, although the ones I'm aware of I don't think use modules that have moved. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#766560: marked as done (banshee: Banshee freezes for 2-3 minutes during startup/searching/browsing after recent libsqlite3-0 update)
Your message dated Fri, 23 Jan 2015 05:33:29 + with message-id e1yews5-00031l...@franck.debian.org and subject line Bug#766560: fixed in banshee 2.9.1-3 has caused the Debian Bug report #766560, regarding banshee: Banshee freezes for 2-3 minutes during startup/searching/browsing after recent libsqlite3-0 update to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 766560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766560 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: banshee Version: 2.6.2-2 Severity: important Noticed about a week banshee taking 2-3 minutes to start up and would also freeze for a similar amount of time while searching or browsing my music collection. I backed up and deleted ~/.config/banshee-1 and ~/.cache/banshee-1, problem seemed to be initially fixed by a new config but importing my music collection again caused the issue to reoccur. Also checked the integrity of my original banshee.db file using sqlite3 (pragma integrity_check;), and also downgraded banshee (not sure which version at this point) but to no avail. I noticed banshee had not been recently updated in unstable but that libsqlite3-0 had been a week ago (libsqlite3-0 had been updated to 3.8.7-1 from 3.8.6-1 in unstable on 17 Oct 2014, six days ago,) so I downgraded libsqlite3-0 to 3.8.6-1 which stops the freezes, and which I am currently using as a workaround. Quick summary: banshee freezes 2-3 minutes at a time during startup and while searching/browsing, downgrading libsqlite3-0 from 3.8.7-1 to 3.8.6-1 resolves issue -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages banshee depends on: ii gnome-icon-theme 3.12.0-1 ii gstreamer1.0-alsa [gstreamer1.0-audiosink] 1.4.3-1 ii gstreamer1.0-plugins-bad [gstreamer1.0-audi 1.4.3-2+b1 ii gstreamer1.0-plugins-base1.4.3-1 ii gstreamer1.0-plugins-good [gstreamer1.0-aud 1.4.3-1+b1 ii gstreamer1.0-pulseaudio [gstreamer1.0-audio 1.4.3-1+b1 ii libboo2.0.9-cil 0.9.5~git20110729.r1.202a430-2 ii libc62.19-12 ii libcairo21.14.0-2 ii libdbus-glib-1-2 0.102-1 ii libdbus-glib2.0-cil 0.6.0-1 ii libdbus2.0-cil 0.8.1-1 ii libgconf2.0-cil 2.24.2-3 ii libgdata2.1-cil 2.2.0.0-2 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libgkeyfile1.0-cil 0.1-4 ii libglib2.0-0 2.42.0-2 ii libglib2.0-cil 2.12.10-5 ii libgpod4 0.8.3-1.1+b1 ii libgstreamer-plugins-base1.0-0 1.4.3-1 ii libgstreamer1.0-01.4.3-1 ii libgtk-sharp-beans-cil 2.14.1-3 ii libgtk2.0-0 2.24.25-1 ii libgtk2.0-cil2.12.10-5 ii libgudev1.0-cil 0.1-3 ii libkarma00.1.2-2.3 ii libmono-addins0.2-cil1.0+git20130406.adcd75b-3 ii libmono-cairo4.0-cil 3.2.8+dfsg-7 ii libmono-corlib4.5-cil3.2.8+dfsg-7 ii libmono-posix4.0-cil 3.2.8+dfsg-7 ii libmono-sharpzip4.84-cil 3.2.8+dfsg-7 ii libmono-system-core4.0-cil 3.2.8+dfsg-7 ii libmono-system-xml4.0-cil3.2.8+dfsg-7 ii libmono-system4.0-cil3.2.8+dfsg-7 ii libmono-zeroconf1.0-cil 0.9.0-4 ii libmtp9 1.1.8-1+b1 ii libnotify0.4-cil 0.4.0~r3032-7 ii libpango-1.0-0 1.36.8-2 ii libpangocairo-1.0-0 1.36.8-2 ii libsoup-gnome2.4-1 2.48.0-1 ii libsoup2.4-1 2.48.0-1 ii libsqlite3-0 3.8.6-1 ii libtaglib2.1-cil 2.1.0.0-3 ii libwebkitgtk-1.0-0 2.4.7-1 ii libwnck222.30.7-2 ii libx11-6
Bug#766560: marked as done (banshee: Banshee freezes for 2-3 minutes during startup/searching/browsing after recent libsqlite3-0 update)
Your message dated Fri, 23 Jan 2015 05:48:31 + with message-id e1yex6d-0004az...@franck.debian.org and subject line Bug#766560: fixed in banshee 2.6.2-3 has caused the Debian Bug report #766560, regarding banshee: Banshee freezes for 2-3 minutes during startup/searching/browsing after recent libsqlite3-0 update to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 766560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766560 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: banshee Version: 2.6.2-2 Severity: important Noticed about a week banshee taking 2-3 minutes to start up and would also freeze for a similar amount of time while searching or browsing my music collection. I backed up and deleted ~/.config/banshee-1 and ~/.cache/banshee-1, problem seemed to be initially fixed by a new config but importing my music collection again caused the issue to reoccur. Also checked the integrity of my original banshee.db file using sqlite3 (pragma integrity_check;), and also downgraded banshee (not sure which version at this point) but to no avail. I noticed banshee had not been recently updated in unstable but that libsqlite3-0 had been a week ago (libsqlite3-0 had been updated to 3.8.7-1 from 3.8.6-1 in unstable on 17 Oct 2014, six days ago,) so I downgraded libsqlite3-0 to 3.8.6-1 which stops the freezes, and which I am currently using as a workaround. Quick summary: banshee freezes 2-3 minutes at a time during startup and while searching/browsing, downgrading libsqlite3-0 from 3.8.7-1 to 3.8.6-1 resolves issue -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages banshee depends on: ii gnome-icon-theme 3.12.0-1 ii gstreamer1.0-alsa [gstreamer1.0-audiosink] 1.4.3-1 ii gstreamer1.0-plugins-bad [gstreamer1.0-audi 1.4.3-2+b1 ii gstreamer1.0-plugins-base1.4.3-1 ii gstreamer1.0-plugins-good [gstreamer1.0-aud 1.4.3-1+b1 ii gstreamer1.0-pulseaudio [gstreamer1.0-audio 1.4.3-1+b1 ii libboo2.0.9-cil 0.9.5~git20110729.r1.202a430-2 ii libc62.19-12 ii libcairo21.14.0-2 ii libdbus-glib-1-2 0.102-1 ii libdbus-glib2.0-cil 0.6.0-1 ii libdbus2.0-cil 0.8.1-1 ii libgconf2.0-cil 2.24.2-3 ii libgdata2.1-cil 2.2.0.0-2 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libgkeyfile1.0-cil 0.1-4 ii libglib2.0-0 2.42.0-2 ii libglib2.0-cil 2.12.10-5 ii libgpod4 0.8.3-1.1+b1 ii libgstreamer-plugins-base1.0-0 1.4.3-1 ii libgstreamer1.0-01.4.3-1 ii libgtk-sharp-beans-cil 2.14.1-3 ii libgtk2.0-0 2.24.25-1 ii libgtk2.0-cil2.12.10-5 ii libgudev1.0-cil 0.1-3 ii libkarma00.1.2-2.3 ii libmono-addins0.2-cil1.0+git20130406.adcd75b-3 ii libmono-cairo4.0-cil 3.2.8+dfsg-7 ii libmono-corlib4.5-cil3.2.8+dfsg-7 ii libmono-posix4.0-cil 3.2.8+dfsg-7 ii libmono-sharpzip4.84-cil 3.2.8+dfsg-7 ii libmono-system-core4.0-cil 3.2.8+dfsg-7 ii libmono-system-xml4.0-cil3.2.8+dfsg-7 ii libmono-system4.0-cil3.2.8+dfsg-7 ii libmono-zeroconf1.0-cil 0.9.0-4 ii libmtp9 1.1.8-1+b1 ii libnotify0.4-cil 0.4.0~r3032-7 ii libpango-1.0-0 1.36.8-2 ii libpangocairo-1.0-0 1.36.8-2 ii libsoup-gnome2.4-1 2.48.0-1 ii libsoup2.4-1 2.48.0-1 ii libsqlite3-0 3.8.6-1 ii libtaglib2.1-cil 2.1.0.0-3 ii libwebkitgtk-1.0-0 2.4.7-1 ii libwnck222.30.7-2 ii libx11-6
Bug#776010: dpkg-cross: Can generate broken binaries due to off_t vs LFS disconnect
Hi! On Thu, 2015-01-22 at 19:15:36 +, Wookey wrote: +++ Guillem Jover [2015-01-22 18:22 +0100] wrote: Some of the config.site files define a value for ac_cv_sizeof_off_t, but that value is wrong as it depends on whether the package is going to be built with LFS enabled (through AC_SYS_LARGEFILE for example). Unfortunately this is unfixable through a config.site deployment as the LFS checks are performed way later than when the config cache files have been loaded, so the value cannot be assigned depending on LFS. Those values would need to be removed from the config.site files, and packages that lack the value during cross-compilation would need to be updated to use a more recent autoconf which is able to compute such sizeof values even when cross-compiling. OK. that's easy enough to do. It tends to occur twice. Once unconditionally, and once in: # parted if [ $PACKAGE = parted -o $PACKAGE_NAME = GNU parted ]; then ac_cv_sizeof_off_t=8 fi Does parted know if it is being compiled with LFS or not? I presume not, as LFS is a kernel feature, right(?), which may or may not be enabled. LFS is both a kernel feature and a libc feature. On most old 32-bit arches the LFS enabled functions are an additional set of functions and syscalls complementing the non-LFS ones with names usually ending with 64, like fstat64() for fstat(); or fseeko() for fseek(). These are usually not exposed if not requested, for backward compatibility reasons. There's two ways to expose them, one is to just make them visible, by defining _LARGEFILE_SOURCE and _LARGEFILE64_SOURCE, but then you need to clutter your source with conditional #ifdef to call fstat64() if available or fstat(), and this is one of the reasons this is deprecated now. The other preferable way is to define _FILE_OFFSET_BITS=64, which transparently redirects the non-LFS function declarations and data types with the LFS enabled ones, so that when you call open() you are in fact calling open64() for example, or when you use off_t you are in fact using off64_t. Of course if you are using an off_t of size 4 but calling a 64-bit version of the functions then bad-things-will-happen. So having a mismatched ac_cv_sizeof_off_t around is bad. (The same as not including config.h as the first thing in every source file, as then you have mismatching function calls in different objects.) So, yes parted should know. It either is being passed an explicit _FILE_OFFSET_BITS=64 or is using AC_SYS_LARGEFILE, which would allow disabling LFS with «./configure --disable-largefile». But even if we assume it is currently being built with LFS, hardcoding the off_t size in the config.site is not wise. I was just wondering if there was any justification for leaving this in. I presume it's just as wrong in this per-package conditional, as it is 'bare'? Yes. There are a lot of values in dpkg-cross site.config that _could_ be wrong. The setting are set are set for 'debian, with this glibc and standard kernel'. Is that in fact a fixed value for LFS? (which would be a possible excuse for leaving it in). No, LFS does not have a fixed value, it's selectable at build time, as mentioned above. The rest should be in principle constant per ABI, except for when we change the ABI, remember the «long long double» transition recently. But we shouldn't be keeping any values which can in fact be determined at build time, even when crossing, successfully. And it seem that AC_SYS_LARGEFILE suplies this now. Yes, and with newer autotools the AC_CHECK_SIZEOF macros are cross-build friendly so they do not need to be cached. But that requires packages to be switched to use new autootols. And indeed current parted does use AC_SYS_LARGEFILE to set this so the above stanza is no longer needed. I've fixed all that. Every other variable in this package could do with similar review... I skimmed over them before filing the bug, and seemed more or less fine. Ideally we would not need any of the sizeof ones, but packages still using old autotools might FTCBFS if removed. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776010: dpkg-cross: Can generate broken binaries due to off_t vs LFS disconnect
+++ Guillem Jover [2015-01-22 18:22 +0100] wrote: [moving to debian-cross which I think is now the best list for this stuff] Some of the config.site files define a value for ac_cv_sizeof_off_t, but that value is wrong as it depends on whether the package is going to be built with LFS enabled (through AC_SYS_LARGEFILE for example). Unfortunately this is unfixable through a config.site deployment as the LFS checks are performed way later than when the config cache files have been loaded, so the value cannot be assigned depending on LFS. Those values would need to be removed from the config.site files, and packages that lack the value during cross-compilation would need to be updated to use a more recent autoconf which is able to compute such sizeof values even when cross-compiling. OK. that's easy enough to do. It tends to occur twice. Once unconditionally, and once in: # parted if [ $PACKAGE = parted -o $PACKAGE_NAME = GNU parted ]; then ac_cv_sizeof_off_t=8 fi Does parted know if it is being compiled with LFS or not? I presume not, as LFS is a kernel feature, right(?), which may or may not be enabled. I was just wondering if there was any justification for leaving this in. I presume it's just as wrong in this per-package conditional, as it is 'bare'? There are a lot of values in dpkg-cross site.config that _could_ be wrong. The setting are set are set for 'debian, with this glibc and standard kernel'. Is that in fact a fixed value for LFS? (which would be a possible excuse for leaving it in). But we shouldn't be keeping any values which can in fact be determined at build time, even when crossing, successfully. And it seem that AC_SYS_LARGEFILE suplies this now. And indeed current parted does use AC_SYS_LARGEFILE to set this so the above stanza is no longer needed. I've fixed all that. Every other variable in this package could do with similar review... Even though I know dpkg-cross is considered completely deprecated and that it should be left to die, the config.site support is something that is supposed to move elsewhere AFAIK, so that's the reason I've bothered reporting this at all. Yes, some functionality something like this needs to live somewhere. The design is still up for grabs. For now dpkg-cross is all we have. Wookey -- Principal hats: Linaro, Debian, Wookware, ARM http://wookware.org/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774844: new pre-dependency: perl{,-base,-modules} - dpkg (= 1.17.17)
On Mon, Jan 19, 2015 at 11:15:04AM +0100, Guillem Jover wrote: [ CCing debian-release. ] [keeping the CC] On Sun, 2015-01-18 at 20:12:55 +0200, Niko Tyni wrote: In order to fix trigger related wheezy-jessie upgrade failures in xfonts-traditional (#774844, cc'd), I intend to make the main perl binary packages (perl, perl-base, and perl-modules) Pre-Depend on dpkg (= 1.17.17), which has this change: * Defer trigger processing if the package does not fulfill dependencies. Closes: #671711 Together with making the jessie perl-modules and perl-base Break the wheezy perl, this should ensure that the xfonts-traditional trigger will not run when perl is in a broken state during upgrades. Please see the #774844 bug log for details, and let me know if you have objections or other suggestions. I've not looked into the details yet, but just to comment that there's been talk about possibly reverting that fix, because in some error situations it can get apt into an unrecoverable state (#774124). :( Of course reverting that fix brings back all upgrade issues related to trigger processing w/o the required dependencies. Which are probably more, and easier to get into. (I guess this just calls for both a fixed apt, and a dpkg that workarounds any such situation.) Thanks. So do you think I should wait for that to be resolved first? AFAICS the worst that could happen with such a revert is that the perl Pre-Depends+Breaks fix stops working and xfonts-traditional 'postinst triggered' functionality needs to be changed to survive missing dependencies. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775776: polarssl: diff for NMU version 1.3.9-2.1
Control: tags 775776 + pending Dear maintainer, I've prepared an NMU for polarssl (versioned as 1.3.9-2.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards, Salvatore diff -Nru polarssl-1.3.9/debian/changelog polarssl-1.3.9/debian/changelog --- polarssl-1.3.9/debian/changelog 2014-11-07 10:31:12.0 +0100 +++ polarssl-1.3.9/debian/changelog 2015-01-22 17:53:27.0 +0100 @@ -1,3 +1,12 @@ +polarssl (1.3.9-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Add CVE-2015-1182.patch patch. +CVE-2015-1182: Denial of service and possible remote code execution +using crafted certificates. (Closes: #775776) + + -- Salvatore Bonaccorso car...@debian.org Wed, 21 Jan 2015 22:09:05 +0100 + polarssl (1.3.9-2) unstable; urgency=medium * Disabled POLARSSL_SSL_PROTO_SSL3 at compile time to prevent potential diff -Nru polarssl-1.3.9/debian/patches/CVE-2015-1182.patch polarssl-1.3.9/debian/patches/CVE-2015-1182.patch --- polarssl-1.3.9/debian/patches/CVE-2015-1182.patch 1970-01-01 01:00:00.0 +0100 +++ polarssl-1.3.9/debian/patches/CVE-2015-1182.patch 2015-01-22 17:53:27.0 +0100 @@ -0,0 +1,33 @@ +Description: Remote attack using crafted certificates + During the parsing of a ASN.1 sequence, a pointer in the linked list of + asn1_sequence is not initialized by asn1_get_sequence_of(). In case an + error occurs during parsing of the list, a situation is created where + the uninitialized pointer is passed to polarssl_free(). + . + This sequence can be triggered when a PolarSSL entity is parsing a + certificate. So practically this means clients when receiving a + certificate from the server or servers in case they are actively asking + for a client certificate. + . + Depending on the attackers knowledge of the system under attack, this + results at the lowest into a denial of service, and at the most a + possible remote code execution. + . + CVE-2015-1182 +Origin: upstream, https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 +Bug-Debian: https://bugs.debian.org/775776 +Forwarded: not-needed +Author: Salvatore Bonaccorso car...@debian.org +Last-Update: 2015-01-21 + +--- a/library/asn1parse.c b/library/asn1parse.c +@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char + if( cur-next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++memset( cur-next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur-next; + } + } diff -Nru polarssl-1.3.9/debian/patches/series polarssl-1.3.9/debian/patches/series --- polarssl-1.3.9/debian/patches/series 2014-08-31 14:20:13.0 +0200 +++ polarssl-1.3.9/debian/patches/series 2015-01-22 17:53:27.0 +0100 @@ -1,2 +1,3 @@ 01-config.patch 02-makefile-destdir-fix.patch +CVE-2015-1182.patch
Processed: polarssl: diff for NMU version 1.3.9-2.1
Processing control commands: tags 775776 + pending Bug #775776 [src:polarssl] polarssl: CVE-2015-1182: Remote attack using crafted certificates Added tag(s) pending. -- 775776: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775776 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776007: buffer overrun in acknowledge.c(gi)
Re: To Debian Bug Tracking System 2015-01-22 20150122161925.ga23...@msg.df7cb.de Source: xymon Version: 4.3.17-1 Severity: grave Tags: security patch pending web/acknowledge.c uses a string twice in a format string, but only allocates memory for one copy. The attached patch fixes this. Fwiw, the CGI is only accessible for authenticated admin users, so the consequences of the issue aren't as bad as they could be. Christoph -- c...@df7cb.de | http://www.df7cb.de/ signature.asc Description: Digital signature
Processed: Bug #772567 is serious
Processing commands for cont...@bugs.debian.org: severity 772567 serious Bug #772567 [brasero] brasero: Brasero ejects blank CD before even starting burning audio CD Severity set to 'serious' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 772567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772567 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775970: jasper: diff for NMU version 1.900.1-debian1-2.4
Control: tags 775970 + pending
Hi Roland,
I've prepared an NMU for jasper (versioned as 1.900.1-debian1-2.4) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -Nru jasper-1.900.1-debian1/debian/changelog jasper-1.900.1-debian1/debian/changelog
--- jasper-1.900.1-debian1/debian/changelog 2014-12-21 10:31:44.0 +0100
+++ jasper-1.900.1-debian1/debian/changelog 2015-01-22 18:35:26.0 +0100
@@ -1,3 +1,14 @@
+jasper (1.900.1-debian1-2.4) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add 07-CVE-2014-8157.patch patch.
+CVE-2014-8157: dec-numtiles off-by-one check in jpc_dec_process_sot().
+(Closes: #775970)
+ * Add 08-CVE-2014-8158.patch patch.
+CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)
+
+ -- Salvatore Bonaccorso car...@debian.org Thu, 22 Jan 2015 17:09:24 +0100
+
jasper (1.900.1-debian1-2.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru jasper-1.900.1-debian1/debian/patches/07-CVE-2014-8157.patch jasper-1.900.1-debian1/debian/patches/07-CVE-2014-8157.patch
--- jasper-1.900.1-debian1/debian/patches/07-CVE-2014-8157.patch 1970-01-01 01:00:00.0 +0100
+++ jasper-1.900.1-debian1/debian/patches/07-CVE-2014-8157.patch 2015-01-22 18:35:26.0 +0100
@@ -0,0 +1,19 @@
+Description: CVE-2014-8157: dec-numtiles off-by-one check in jpc_dec_process_sot()
+Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179282
+Bug-Debian: https://bugs.debian.org/775970
+Forwarded: not-needed
+Author: Salvatore Bonaccorso car...@debian.org
+Last-Update: 2015-01-22
+
+--- a/src/libjasper/jpc/jpc_dec.c
b/src/libjasper/jpc/jpc_dec.c
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ dec-curtileendoff = 0;
+ }
+
+- if (JAS_CAST(int, sot-tileno) dec-numtiles) {
++ if (JAS_CAST(int, sot-tileno) = dec-numtiles) {
+ jas_eprintf(invalid tile number in SOT marker segment\n);
+ return -1;
+ }
diff -Nru jasper-1.900.1-debian1/debian/patches/08-CVE-2014-8158.patch jasper-1.900.1-debian1/debian/patches/08-CVE-2014-8158.patch
--- jasper-1.900.1-debian1/debian/patches/08-CVE-2014-8158.patch 1970-01-01 01:00:00.0 +0100
+++ jasper-1.900.1-debian1/debian/patches/08-CVE-2014-8158.patch 2015-01-22 18:35:26.0 +0100
@@ -0,0 +1,336 @@
+Description: CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c
+Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8158.patch
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179298
+Bug-Debian: https://bugs.debian.org/775970
+Forwarded: not-needed
+Author: Salvatore Bonaccorso car...@debian.org
+Last-Update: 2015-01-22
+
+--- a/src/libjasper/jpc/jpc_qmfb.c
b/src/libjasper/jpc/jpc_qmfb.c
+@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t {
+@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numcols = 2) {
+ hstartcol = (numcols + 1 - parity) 1;
+@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t {
+@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows = 2) {
+ hstartcol = (numrows + 1 - parity) 1;
+@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
Processed: jasper: diff for NMU version 1.900.1-debian1-2.4
Processing control commands: tags 775970 + pending Bug #775970 [src:jasper] jasper: CVE-2014-8157 CVE-2014-8158 Added tag(s) pending. -- 775970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775970 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772567: Bugs #734517 and #772567 are essentially the same
severity 734517 serious severity 772567 serious merge 734517 772567 thanks Both bugs will be fixed as soon we put brasero-cdrkit in Recommends. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Bugs #734517 and #772567 are essentially the same
Processing commands for cont...@bugs.debian.org: severity 734517 serious Bug #734517 [brasero] brasero: suggest brasero-cdrkit Severity set to 'serious' from 'wishlist' severity 772567 serious Bug #772567 [brasero] brasero: Brasero ejects blank CD before even starting burning audio CD Ignoring request to change severity of Bug 772567 to the same value. merge 734517 772567 Bug #734517 [brasero] brasero: suggest brasero-cdrkit Bug #772567 [brasero] brasero: Brasero ejects blank CD before even starting burning audio CD Marked as found in versions brasero/3.8.0-2. Bug #734517 [brasero] brasero: suggest brasero-cdrkit Marked as found in versions brasero/3.11.4-1. Merged 734517 772567 thanks Stopping processing here. Please contact me if you need assistance. -- 734517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734517 772567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772567 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772567: Proposed patch for Bug #772567
Attached proposed patch.
Kind brasero maintainers and release managers:
Please consider applying the patch for jessie.
We might better have the brasero-cdrkit package installed in a few
systems that do not really need it than having to decipher this
completely strange error message:
Checking session consistency (brasero_burn_check_session_consistency
brasero-burn.c:1739)
Unsupported type of task operation
Session error : Ocurrió un error interno (brasero_burn_record
brasero-burn.c:2856)
on systems that actually *do* need it.diff --git a/debian/control b/debian/control
index 74e8a2a..4e2bf47 100644
--- a/debian/control
+++ b/debian/control
@@ -50,7 +50,8 @@ Depends: ${shlibs:Depends},
gvfs,
libbrasero-media3-1 (= ${binary:Version}),
brasero-common (= ${source:Version})
-Recommends: yelp
+Recommends: yelp,
+brasero-cdrkit
Suggests: vcdimager,
libdvdcss2,
tracker
diff --git a/debian/control.in b/debian/control.in
index 4882589..f7b23c6 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -46,7 +46,8 @@ Depends: ${shlibs:Depends},
gvfs,
libbrasero-media3-1 (= ${binary:Version}),
brasero-common (= ${source:Version})
-Recommends: yelp
+Recommends: yelp,
+brasero-cdrkit
Suggests: vcdimager,
libdvdcss2,
tracker
Bug#775114: patch has accepted upstream
The patch for #775114 has gone accepted upstream: https://git.reviewboard.kde.org/r/120119/ Regads, sandro -- Sandro Knauß Software Developer Kolab Systems AG Zürich, Switzerland e: kna...@kolabsys.com t: +41 43 501 66 91 w: http://kolabsys.com pgp: CE81539E Sandro Knauß signature.asc Description: This is a digitally signed message part.
Processed: found 688250 in testing/None, unarchiving 709967, found 709967 in testing/None, closing 709967 ...
Processing commands for cont...@bugs.debian.org:
found 688250 testing/None
Bug #688250 [piuparts.debian.org] [bug for tracking] modifies conffiles bugs
for packages in squeeze that have been removed afterwards
The source testing and version None do not appear to match any binary packages
Marked as found in versions testing/None.
unarchive 709967
Bug #709967 {Done: Andreas Beckmann a...@debian.org}
[sun-java5-doc,sun-java6-doc] sun-java[56]-doc: download location no longer
available
Warning: Unknown package 'sun-java5-doc'
Warning: Unknown package 'sun-java6-doc'
Unarchived Bug 709967
Warning: Unknown package 'sun-java5-doc'
Warning: Unknown package 'sun-java6-doc'
found 709967 testing/None
Bug #709967 {Done: Andreas Beckmann a...@debian.org}
[sun-java5-doc,sun-java6-doc] sun-java[56]-doc: download location no longer
available
Warning: Unknown package 'sun-java5-doc'
Warning: Unknown package 'sun-java6-doc'
The source testing and version None do not appear to match any binary packages
Marked as found in versions testing/None and reopened.
Warning: Unknown package 'sun-java5-doc'
Warning: Unknown package 'sun-java6-doc'
close 709967
Bug #709967 [sun-java5-doc,sun-java6-doc] sun-java[56]-doc: download location
no longer available
Warning: Unknown package 'sun-java5-doc'
Warning: Unknown package 'sun-java6-doc'
Marked Bug as done
Warning: Unknown package 'sun-java5-doc'
Warning: Unknown package 'sun-java6-doc'
unarchive 595593
Bug #595593 {Done: Andreas Beckmann deb...@abeckmann.de} [fossology]
fossology: fails to install
Unarchived Bug 595593
found 595593 testing/None
Bug #595593 {Done: Andreas Beckmann deb...@abeckmann.de} [fossology]
fossology: fails to install
The source testing and version None do not appear to match any binary packages
Marked as found in versions testing/None and reopened.
close 595593
Bug #595593 [fossology] fossology: fails to install
Marked Bug as done
unarchive 668791
Bug #668791 {Done: Debian FTP Masters ftpmas...@ftp-master.debian.org}
[multex-bin] multex-bin: fails to install: The format file of `multex' is NOT
built successfully.
Unarchived Bug 668791
found 668791 testing/None
Bug #668791 {Done: Debian FTP Masters ftpmas...@ftp-master.debian.org}
[multex-bin] multex-bin: fails to install: The format file of `multex' is NOT
built successfully.
The source testing and version None do not appear to match any binary packages
Marked as found in versions testing/None and reopened.
close 668791
Bug #668791 [multex-bin] multex-bin: fails to install: The format file of
`multex' is NOT built successfully.
Marked Bug as done
unarchive 574220
Bug #574220 {Done: Andreas Beckmann deb...@abeckmann.de}
[firebird2.0-classic] firebird2.0-classic: package purge (after dependencies
removal) fails
Warning: Unknown package 'firebird2.0-classic'
Unarchived Bug 574220
Warning: Unknown package 'firebird2.0-classic'
found 574220 testing/None
Bug #574220 {Done: Andreas Beckmann deb...@abeckmann.de}
[firebird2.0-classic] firebird2.0-classic: package purge (after dependencies
removal) fails
Warning: Unknown package 'firebird2.0-classic'
The source testing and version None do not appear to match any binary packages
Marked as found in versions testing/None and reopened.
Warning: Unknown package 'firebird2.0-classic'
close 574220
Bug #574220 [firebird2.0-classic] firebird2.0-classic: package purge (after
dependencies removal) fails
Warning: Unknown package 'firebird2.0-classic'
Marked Bug as done
Warning: Unknown package 'firebird2.0-classic'
unarchive 574228
Bug #574228 {Done: Andreas Beckmann deb...@abeckmann.de} [mediamate]
mediamate: package purge (after dependencies removal) fails
Warning: Unknown package 'mediamate'
Unarchived Bug 574228
Warning: Unknown package 'mediamate'
found 574228 testing/None
Bug #574228 {Done: Andreas Beckmann deb...@abeckmann.de} [mediamate]
mediamate: package purge (after dependencies removal) fails
Warning: Unknown package 'mediamate'
The source testing and version None do not appear to match any binary packages
Marked as found in versions testing/None and reopened.
Warning: Unknown package 'mediamate'
close 574228
Bug #574228 [mediamate] mediamate: package purge (after dependencies removal)
fails
Warning: Unknown package 'mediamate'
Marked Bug as done
Warning: Unknown package 'mediamate'
unarchive 702055
Bug #702055 {Done: Andreas Beckmann a...@debian.org}
[libpils0,libpils-dev,libstonith0,libstonith-dev] libpils0, libpils-dev,
libstonith0, libstonith-dev: transitional packages uninstallable in lenny
Warning: Unknown package 'libpils0'
Warning: Unknown package 'libpils-dev'
Warning: Unknown package 'libstonith0'
Warning: Unknown package 'libstonith-dev'
Unarchived Bug 702055
Warning: Unknown package 'libpils0'
Warning: Unknown package 'libpils-dev'
Warning: Unknown package 'libstonith0'
Warning: Unknown package 'libstonith-dev'
found 702055 testing/None
Bug #702055 {Done: Andreas Beckmann a...@debian.org}
Processed: Re: banshee: Banshee freezes for 2-3 minutes
Processing control commands: severity -1 grave Bug #766560 [banshee] banshee: Banshee freezes for 2-3 minutes during startup/searching/browsing after recent libsqlite3-0 update Severity set to 'grave' from 'important' -- 766560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766560 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776010: dpkg-cross: Can generate broken binaries due to off_t vs LFS disconnect
Package: dpkg-cross Version: 2.6.11 Severity: serious Hi! Some of the config.site files define a value for ac_cv_sizeof_off_t, but that value is wrong as it depends on whether the package is going to be built with LFS enabled (through AC_SYS_LARGEFILE for example). Unfortunately this is unfixable through a config.site deployment as the LFS checks are performed way later than when the config cache files have been loaded, so the value cannot be assigned depending on LFS. Those values would need to be removed from the config.site files, and packages that lack the value during cross-compilation would need to be updated to use a more recent autoconf which is able to compute such sizeof values even when cross-compiling. Even though I know dpkg-cross is considered completely deprecated and that it should be left to die, the config.site support is something that is supposed to move elsewhere AFAIK, so that's the reason I've bothered reporting this at all. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
I started to search information about this 2 days ago, but so far I haven't found any indication that these would affect MariaDB, though I haven't got the definitive final reply from mariadb devs confirming so either. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776004: marked as done (qemu-system-x86: fails to install: dpkg-maintscript-helper: error: missing arguments after --)
Your message dated Fri, 23 Jan 2015 07:48:25 + with message-id e1yeyyf-0001jp...@franck.debian.org and subject line Bug#776004: fixed in qemu 1:2.2+dfsg-4exp has caused the Debian Bug report #776004, regarding qemu-system-x86: fails to install: dpkg-maintscript-helper: error: missing arguments after -- to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776004: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776004 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: qemu-system-x86 Version: 1:2.2+dfsg-3exp Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install. As per definition of the release team this makes the package too buggy for a release, thus the severity. From the attached log (scroll to the bottom...): Selecting previously unselected package qemu-system-x86. (Reading database ... 8743 files and directories currently installed.) Preparing to unpack .../qemu-system-x86_1%3a2.2+dfsg-3exp_amd64.deb ... dpkg-maintscript-helper: error: missing arguments after -- Use 'dpkg-maintscript-helper help' for program usage information. dpkg: error processing archive /var/cache/apt/archives/qemu-system-x86_1%3a2.2+dfsg-3exp_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 1 dpkg-maintscript-helper: error: missing arguments after -- Use 'dpkg-maintscript-helper help' for program usage information. dpkg: error while cleaning up: subprocess new post-removal script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/qemu-system-x86_1%3a2.2+dfsg-3exp_amd64.deb cheers, Andreas qemu-system-x86_1:2.2+dfsg-3exp.log.gz Description: application/gzip ---End Message--- ---BeginMessage--- Source: qemu Source-Version: 1:2.2+dfsg-4exp We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev m...@tls.msk.ru (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jan 2015 20:33:38 +0300 Source: qemu Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.2+dfsg-4exp Distribution: experimental Urgency: medium Maintainer: Debian QEMU Team pkg-qemu-de...@lists.alioth.debian.org Changed-By: Michael Tokarev m...@tls.msk.ru Description: qemu - fast processor emulator qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 776004 Changes: qemu (1:2.2+dfsg-4exp) experimental; urgency=medium . * fix a brown-paper bag bug removing the qemu-system-x86 initscript (Closes: #776004) Checksums-Sha1: b133ab490e85cff06015302d8111c88eb94b0849 5151 qemu_2.2+dfsg-4exp.dsc c0f9458d8caf5fd1fb5533d5a739953147d267e6 59672 qemu_2.2+dfsg-4exp.debian.tar.xz Checksums-Sha256: 744354ae0d9574e0f99c10879d1a41b2c097ef2e8caca138ccf14e2c3ba2a631 5151 qemu_2.2+dfsg-4exp.dsc a13eb9eae02e5af494f48cf28021fae848d28a9fcde9b348551884d1e2fd5dcc 59672 qemu_2.2+dfsg-4exp.debian.tar.xz Files:
Bug#774844: xfonts-traditional: fails to upgrade from 'wheezy': Can't locate File/Find.pm in @INC
On Mon, Jan 19, 2015 at 05:09:31PM +, Ian Jackson wrote: Niko Tyni writes (Re: Bug#774844: xfonts-traditional: fails to upgrade from 'wheezy': Can't locate File/Find.pm in @INC): My point was that this is potentially a much wider issue, not limited to perl. I should reply to this. You are right that it is, potentially, a wider issue. But it mostly occurs when a dependency is indirected through an intermediate package. That is, A uses some feature in C, but the dependency is declared on B which depends on C. I don't think this indirection is the key here. The same issue could just as well have happened if the xfonts-traditional postinst functionality needed for example Time::Piece (which is in the perl package.) In that case the dependency on perl would be direct, but the script would fail in exactly the same way when a newer perl-modules is unpacked - because Time::Piece needs Time::Local from perl-modules, and that wouldn't be on the search path anymore. I suspect it has more to do with the circular dependency between perl and perl-modules. We see the bug with xfonts-traditional because both (a) it has a trigger and (b) luck means that the usual ordering exposes the bug. But as I explained earlier, this situation is not limited to packages with triggers. It can be repro'd with xfonts-traditional without triggers being involved. I don't quite buy this argument about triggers not being involved. Consider, in a wheezy chroot: # apt-get install file # dpkg --unpack libmagic1_5.22+15-1_amd64.deb # from sid # file /usr/bin/perl file: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.14' not found (required by /usr/lib/x86_64-linux-gnu/libmagic.so.1) file: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.15' not found (required by /usr/lib/x86_64-linux-gnu/libmagic.so.1) # dpkg -l file [...] ii file 5.11-2+deb7u6amd64Determines file type using magic numbers In this situation dpkg would agree to install and configure a package that Depends on 'file' and uses that command in 'postinst configure', but the configure step would fail. Does that imply that the new libmagic1 package should Break older versions of file? I don't think that makes sense. So why does it after s/file/perl/ and s/libmagic1/perl-modules/ ? It looks to me like this new Breaks: requirement arises from the dpkg triggers implementation and possibly concerns only circular dependencies. The loop breaking logic that looks for postinst scripts (policy 7.2) seems related. Clearly we don't have this for triggers, only for the configure step. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776034: fsck runs in parallel on same physical disk
Package: systemd Version: 215-8 Severity: serious I have a server with many LVM logical volumes on top of the same RAID1 md device on two spindles. At boot, fsck appeared to be starting on many of the LVs simultaneously. There was a horrendous sound of disk head movement from the server. This also makes the whole fsck process slower and therefore the boot process is slower. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Hi Otto, On Fri, Jan 23, 2015 at 08:46:46AM +0200, Otto Kekäläinen wrote: I started to search information about this 2 days ago, but so far I haven't found any indication that these would affect MariaDB, though I haven't got the definitive final reply from mariadb devs confirming so either. Thanks for the status update! Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
