Bug#775871: marked as done (torbrowser-launcher: TorBrowser Bundle signing key changed)
Your message dated Tue, 27 Jan 2015 13:18:31 + with message-id e1yg62j-0002qr...@franck.debian.org and subject line Bug#775871: fixed in torbrowser-launcher 0.1.9-1~experimental1 has caused the Debian Bug report #775871, regarding torbrowser-launcher: TorBrowser Bundle signing key changed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775871: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775871 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: torbrowser-launcher Version: 0.1.7-1 Severity: important The Tor Project changed their Tor Browser Bundle signing key yesterday. Thus, downloading or updating TBB when using torbrowser-launcher will fail. Upstream version 0.1.8 fixes this issue. ---End Message--- ---BeginMessage--- Source: torbrowser-launcher Source-Version: 0.1.9-1~experimental1 We believe that the bug you reported is fixed in the latest version of torbrowser-launcher, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen hol...@debian.org (supplier of updated torbrowser-launcher package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 27 Jan 2015 13:42:05 +0100 Source: torbrowser-launcher Binary: torbrowser-launcher Architecture: source Version: 0.1.9-1~experimental1 Distribution: experimental Urgency: medium Maintainer: Anonymity Tools Debian Maintainers pkg-anonymity-to...@lists.alioth.debian.org Changed-By: Holger Levsen hol...@debian.org Description: torbrowser-launcher - helps download, update and run the Tor Browser Bundle Closes: 775871 775891 Changes: torbrowser-launcher (0.1.9-1~experimental1) experimental; urgency=medium . * New upstream release. . torbrowser-launcher (0.1.8-1) unstable; urgency=medium . * New upstream version: * featuring new signing key. (Closes: #775871) * handle new TBB alpha and beta versioning. (Closes: #775891) Checksums-Sha1: 637fec055d54bf8c035e73966ff2e799ce9cb061 2260 torbrowser-launcher_0.1.9-1~experimental1.dsc f0cdf6d466b5636253b60abe70cc2488c8ba3307 309216 torbrowser-launcher_0.1.9.orig.tar.xz a410822016d8a28d3ef75fe7efa2d158d6896fee 6344 torbrowser-launcher_0.1.9-1~experimental1.debian.tar.xz Checksums-Sha256: 3de639c7d384cf8394ce5371944df5785d259206f3e896ba49c44e3273abcc80 2260 torbrowser-launcher_0.1.9-1~experimental1.dsc b5e345ef7017719f916e753a7ec97eca20e88dc3490ec08aa87b356182abfe39 309216 torbrowser-launcher_0.1.9.orig.tar.xz f7382dfa6f5280725c2ceb9a9db37dc6b62fab4bf1ac7fa21541dc0b7a80da86 6344 torbrowser-launcher_0.1.9-1~experimental1.debian.tar.xz Files: bc057b2780e79117d014007607c7004c 2260 contrib/python optional torbrowser-launcher_0.1.9-1~experimental1.dsc 1e0b5c07ac51a72ca13f8e10baaad777 309216 contrib/python optional torbrowser-launcher_0.1.9.orig.tar.xz af23a9f8548a684d6cf199e65e267cd8 6344 contrib/python optional torbrowser-launcher_0.1.9-1~experimental1.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBVMeKzAkauFYGmqocAQrtPA//Sxkd3L95gqgtohIC50Zp7lnHb5HnmBag eCAI0W+975KTwg6X4D7mwacqdzXlsOH4KlDnmnYqEHW6BLk8BA0TyY/KG8VVWXlE p1WztZoO0kgUSsN7XRZ8F0kuKH/YRG9ph5teVwPgxfbNrKKSr2N7hOnwrnS/O17u VuCtdRYVtdSInCPdzUJ3nG9LkHxLFb5OjFPUMXrEqdkasNK9nL4o5grjSD7jfns5 NmuSKh7yXDoS0A0pVrIzmUdMsOzkQ5UryRNvT8YCzptikR2i/NHd2fAGD7uHzb09 UElA7ZxrMX/MQc7GGpzN8YYd8L0zV/BQmC1/lT9JA3bHnOBLE85YStn9xCLe0Gag 0hEjb3c1dBukTW6/ATrGwsMG+SWuQsORY+Y69E1x49IxaCWEEz3BmdkM9DYNbCZ1 Yj+aKdSYBgboh1WEPWaidrRv5pBbeZQwkqKo8EB+diuQhyyoFhosI0fO1X8OvuiU +OyDQRxo8nmfBwSAKpV8AXAKQGmtMwd1lBk2ZE8cC/1wqoLFL830Go9JgmwT3jKI WN41Oj0Urs8lcwyC0o/qg/IA63hkQ2J9qPPJ3MpT/YQEPfK1wNGGMEs+aOqUaqGq iOfOCCOFfTW72jRMmMItpCNcw/WsaFYwPTE9hVCLVg41PeWkO/Ar3OJV6lJhJnbm MnH7b2rwU0U= =89RB -END PGP SIGNATUREEnd Message---
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi Aron, can you please also followup on squeeze-bpo? (might need a kbuild backport to make it build) cheers, (thanks) G. Il Martedì 27 Gennaio 2015 13:57, Aron Xu happyaron...@gmail.com ha scritto: I'll follow-up in wheezy-backports this weekend, at that time it should land in jessie already. Best, Aron On Tue, Jan 27, 2015 at 6:21 PM, Moritz Mühlenhoff j...@inutil.org wrote: On Mon, Jan 26, 2015 at 09:14:55PM +0530, Ritesh Raj Sarraf wrote: On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote: On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. For Wheezy, it is building right now. Once the build is complete, I'll push it to s-p-u. And send you the debdiff. Please find attached the debdiff. Please give me an ACK, and then I'll do the upload. Looks good to me. Please upload to security-master, I'll take care of the update. Cheers, Moritz -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On 01/27/2015 03:51 PM, Moritz Mühlenhoff wrote: Please find attached the debdiff. Please give me an ACK, and then I'll do the upload. Looks good to me. Please upload to security-master, I'll take care of the update. Thanks Moritz. The upload is done. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System signature.asc Description: OpenPGP digital signature
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
I'll check, if that's not too complicated I'll do it. Cheers, Aron -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774328: [Pkg-samba-maint] Bug#774328: ctdb: Failed to start ctdb.service: Unit ctdb.service failed to load: No such file or directory.
2015-01-16 9:20 GMT+01:00 Martin Schwenke mar...@meltin.net:
On Tue, 13 Jan 2015 11:26:48 +0100, Mathieu Parent
math.par...@gmail.com wrote:
2014-12-31 23:16 GMT+01:00 Martin Schwenke mar...@meltin.net:
# systemctl start ctdb
Failed to start ctdb.service: Unit ctdb.service failed to load: No such
file or directory.
[...]
Couldn't reproduce here. But I need to test again in a clean VM.
Yikes! :-(
Still not reproducable with:
- a clean VM
- apt-get install ctdb
- sed -i 's/^CTDB_RECOVERY_LOCK/#CTDB_RECOVERY_LOCK/' /etc/default/ctdb
- edit /etc/ctdb/nodes (a one node cluster)
- touch /etc/ctdb/public_addresses
- sudo systemctl start ctdb
- wait ...
- ctdb status - OK (this node)
Anything relevant in /var/log/{syslog,ctdb/log.ctdb}? journalctl -u
ctdb.service?
No, nothing at all. It looks like it is failing somewhere in systemd.
It's /var/log/ctdb/log.ctdb. Have you checked it too?
Well, I do get this from selinux:
Jan 16 18:52:20 rover kernel: audit: type=1107 audit(1421394740.536:41175):
pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='Unknown permission start for class system exe=/lib/systemd/systemd
sauid=0 hostname=? addr=? terminal=?'
However, I am running in *permissive* mode, so selinux shouldn't be
getting in the way:
# sestatus | grep -i mode
Current mode: permissive
Mode from config file: permissive
My gut is telling me that this has something to do with the selinux
message... but how can this happen in permissive mode?
Was this machine migrated from wheezy? Do you have rsyslog installed?
Yes, this machine was probably upgraded from wheezy. I have rsyslog
installed.
Do you know if there's a way of getting some debug out of systemd?
What journalctl --unit ctdb.service says ?
Is there any red line in systemctl list-units?
Can your try to reboot with sysvinit?
...
Regards
--
Mathieu
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774328: Tagging bug
tag 774328 + moreinfo unreproducible help severity 774328 important thanks I'm lowering it since it's not reproducible. Regards -- Mathieu Parent -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Tagging bug
Processing commands for cont...@bugs.debian.org: tag 774328 + moreinfo unreproducible help Bug #774328 [ctdb] ctdb: Failed to start ctdb.service: Unit ctdb.service failed to load: No such file or directory. Added tag(s) unreproducible, help, and moreinfo. severity 774328 important Bug #774328 [ctdb] ctdb: Failed to start ctdb.service: Unit ctdb.service failed to load: No such file or directory. Severity set to 'important' from 'grave' thanks Stopping processing here. Please contact me if you need assistance. -- 774328: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776410: linux: FTBFS on arm64 - find: `debian/zlib-modules-3.16.0-4-arm64-di': No such file or directory
Source: linux Version: 3.16.7-ckt4-1 Severity: serious Hi, The linux source package FTBFS on arm64[1]. I have include the (hopefully) relevant part of the log below: These modules from 3.16.0-4-arm64 are unpackaged: kernel/arch/arm64/crypto/aes-ce-blk.ko [... long list of .ko files ...] kernel/sound/usb/snd-usbmidi-lib.ko kernel-wedge strip-modules 3.16.0-4-arm64 kernel-wedge check kernel-image-3.16.0-4-arm64-di nic-modules-3.16.0-4-arm64-di nic-wireless-modules-3.16.0-4-arm64-di nic-shared-modules-3.16.0-4-arm64-di ppp-modules-3.16.0-4-arm64-di cdrom-core-modules-3.16.0-4-arm64-di scsi-core-modules-3.16.0-4-arm64-di scsi-modules-3.16.0-4-arm64-di loop-modules-3.16.0-4-arm64-di btrfs-modules-3.16.0-4-arm64-di ext4-modules-3.16.0-4-arm64-di isofs-modules-3.16.0-4-arm64-di jfs-modules-3.16.0-4-arm64-di xfs-modules-3.16.0-4-arm64-di fat-modules-3.16.0-4-arm64-di md-modules-3.16.0-4-arm64-di multipath-modules-3.16.0-4-arm64-di usb-modules-3.16.0-4-arm64-di usb-storage-modules-3.16.0-4-arm64-di input-modules-3.16.0-4-arm64-di event-modules-3.16.0-4-arm64-di nic-usb-modules-3.16.0-4-arm64-di sata-modules-3.16.0-4-arm64-di core-modules-3.16.0-4-arm64-di crc-modules-3.16.0-4-arm64-di crypto-modules-3.16.0-4-arm64-di crypto-dm-modules-3.16.0-4-arm64-di efi-modules-3.16.0-4-arm64-di ata-modules-3.16.0-4-arm64-di mmc-modules-3.16.0-4-arm64-di nbd-module s-3.16.0-4-arm64-di squashfs-modules-3.16.0-4-arm64-di virtio-modules-3.16.0-4-arm64-di uinput-modules-3.16.0-4-arm64-di zlib-modules-3.16.0-4-arm64-di udf-modules-3.16.0-4-arm64-di fuse-modules-3.16.0-4-arm64-di find: `debian/zlib-modules-3.16.0-4-arm64-di': No such file or directory zlib-modules-3.16.0-4-arm64-di will be empty make[2]: *** [install-udeb_arm64] Error 1 make[1]: *** [binary-arch_arm64] Error 2 debian/rules.real:426: recipe for target 'install-udeb_arm64' failed make[2]: Leaving directory '/«PKGBUILDDIR»' debian/rules.gen:34: recipe for target 'binary-arch_arm64' failed make[1]: Leaving directory '/«PKGBUILDDIR»' make: *** [binary-arch] Error 2 debian/rules:42: recipe for target 'binary-arch' failed dpkg-buildpackage: error: fakeroot debian/rules binary-arch gave error exit status 2 ~Niels [1] https://buildd.debian.org/status/fetch.php?pkg=linuxarch=arm64ver=3.16.7-ckt4-1stamp=1421386740 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
2015-01-27 8:09 GMT+02:00 Salvatore Bonaccorso car...@debian.org: Thanks for the update and checking with upstream regarding the two other CVEs. 10.0.16 seems now avaiable[1] (even though not yet announced on the webpage itself). [1] https://downloads.mariadb.com/files/MariaDB/mariadb-10.0.16/source 10.0.16 has now been officially announced and I've updated both the master and jessie branches of the Debian packaging repo: http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/ Local builds pass OK. Currently I am running with the full test suite etc and if they pass I'll upload master to experimental, and if it is fully OK, I'll update jessie branch to unstable. As Jessie is not released, there is no jessie-security upload target yet, right? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Hi Otto, On Tue, Jan 27, 2015 at 09:20:51PM +0200, Otto Kekäläinen wrote: 2015-01-27 8:09 GMT+02:00 Salvatore Bonaccorso car...@debian.org: Thanks for the update and checking with upstream regarding the two other CVEs. 10.0.16 seems now avaiable[1] (even though not yet announced on the webpage itself). [1] https://downloads.mariadb.com/files/MariaDB/mariadb-10.0.16/source 10.0.16 has now been officially announced and I've updated both the master and jessie branches of the Debian packaging repo: http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/ Local builds pass OK. Currently I am running with the full test suite etc and if they pass I'll upload master to experimental, and if it is fully OK, I'll update jessie branch to unstable. As Jessie is not released, there is no jessie-security upload target yet, right? Yes right, so release team needs to ack it and give an unblock for it. I hope this will be not problem, so that we can have alreayd mariadb-10.0/10.0.16-1 in jessie. Thanks for your work and keeping us up-to-date, Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775970: marked as done (jasper: CVE-2014-8157 CVE-2014-8158)
Your message dated Tue, 27 Jan 2015 18:18:44 + with message-id e1ygaiq-0001th...@franck.debian.org and subject line Bug#775970: fixed in jasper 1.900.1-debian1-2.4 has caused the Debian Bug report #775970, regarding jasper: CVE-2014-8157 CVE-2014-8158 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775970 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libjasper1 Version: 1.900.1-13+deb7u2 Severity: grave Tags: security upstream Justification: user security hole From: http://www.ocert.org/advisories/ocert-2015-001.html The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted jp2 file can be used to trigger the vulnerabilities. -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libjasper1 depends on: ii libc6 2.13-38+deb7u6 ii libjpeg8 8d-1+deb7u1 ii multiarch-support 2.13-38+deb7u6 libjasper1 recommends no packages. Versions of packages libjasper1 suggests: pn libjasper-runtime none -- no debconf information ---End Message--- ---BeginMessage--- Source: jasper Source-Version: 1.900.1-debian1-2.4 We believe that the bug you reported is fixed in the latest version of jasper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso car...@debian.org (supplier of updated jasper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 22 Jan 2015 17:09:24 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-debian1-2.4 Distribution: unstable Urgency: high Maintainer: Roland Stigge sti...@antcom.de Changed-By: Salvatore Bonaccorso car...@debian.org Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Closes: 775970 Changes: jasper (1.900.1-debian1-2.4) unstable; urgency=high . * Non-maintainer upload. * Add 07-CVE-2014-8157.patch patch. CVE-2014-8157: dec-numtiles off-by-one check in jpc_dec_process_sot(). (Closes: #775970) * Add 08-CVE-2014-8158.patch patch. CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970) Checksums-Sha1: 671278302ddba443c2bf1a4239d7cdedb235d78b 1927 jasper_1.900.1-debian1-2.4.dsc 8edf28dab43a88903de4ca70c2753a6e45273a79 29504 jasper_1.900.1-debian1-2.4.debian.tar.xz Checksums-Sha256: 8d5f2e8de142c57220df75e965ea07628a2c70e20d87c3d25c82a10bafa9326e 1927 jasper_1.900.1-debian1-2.4.dsc 64781a9307c5aee8c69c7ab78b699f67310172ec4a42202f50555c2a514f3249 29504 jasper_1.900.1-debian1-2.4.debian.tar.xz Files: 75490a9daf5859a8084e204dac1777e7 1927 graphics optional jasper_1.900.1-debian1-2.4.dsc 5005a6124ed2d705e1beb7ea0e385c9e 29504 graphics optional jasper_1.900.1-debian1-2.4.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUwTYeAAoJEAVMuPMTQ89ENagP/214vYQw1pR+3aIHpuemWss+ zDAJwIUDowHg7wMHpbA99YBjjbu2B7q7TGIJMP9+9ZIfA/ma+vHGPXaEbl8wUi16 BURBhxkYTZOId/B4pfpDcfIuFs2VluWMBmzQ9Eyuxxqs03rNAil1eh7Xzw9exZPU EEFZvM0slBkjVYGP9vh0hOO7U3xM5nLUp4LrjbZ5YoTj0CUW8najIRRLmWC+jf30 HvqNQqV6AvqXXEwPtkO3GzJevZ3bgrmiASf1930UPeobLgZlSsaWACbZrbMoJrim jJtzZ5Km8u/LcOseMYVMmLMA6526uizx1IpJ82LnYOLllLLeB+LxwGPPfBwtmDfn ECOUBJfMnt9L+SE+DG5rlt7JACl3Gicc5yPbzXN0SqUdXwNjGay6BsZl28cq3Yxt sT3asePa/f+q/wkJ5eYuE8mnsAgGMcZ9DTA705dIESDAqZ2NGhxYj4TMDes/pb6H 6AWUcVofVTLm60N07KDvphN/fqPpC2zSYyv8kOVO5YhjBYjTGBZJ056yotcN7y7q m3ijV2ApfkPiGd67+tYVbERSD17gYYglSeHApMkUuwlQrcdrdU31UFRVxpP/2nCq
Bug#745195: status
Control: tag -1 + pending I've upgraded this bug to RC status because it is a regression from wheezy. It is especially bad because it may bite some reverse dependencies that use unrtf as part of a processing chain. Salvatore Bonaccorso has already proposed a fix for this bug, based on the upstream fix in newer versions. WM -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: status
Processing control commands: tag -1 + pending Bug #745195 [unrtf] unrtf 0.21 outputs hex.junk to stdout Added tag(s) pending. -- 745195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745195 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775785: trac-mercurial 1.0.0.4
On Tue, Jan 20, 2015 at 02:12:41AM +0100, Johannes Weißl wrote: An alternative would be to directly package version 1.0.0.4 (c91c42e), which contains a few more compatibility fixes for mercurial 3.x (for bugs which I didn't encounter, but other users have): http://trac.edgewall.org/wiki/TracMercurial#Releases But I don't know if this is allowed during by the freeze policy. The diff is quite large and contains unrelated changes like removing trailing whitespace so it would be better to package the older version with appropriate changes added as patches per-commit or a single patch). -- WBR, wRAR signature.asc Description: Digital signature
Bug#775851: marked as done (geoip-generator produces faulty v6/city database)
Your message dated Tue, 27 Jan 2015 18:33:28 + with message-id e1ygax6-0003yw...@franck.debian.org and subject line Bug#775851: fixed in geoip 1.6.4-2 has caused the Debian Bug report #775851, regarding geoip-generator produces faulty v6/city database to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775851: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775851 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: gdnsd Version: 2.1.0-1 Severity: serious Tags: jessie sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20150117 qa-ftbfs Justification: FTBFS in jessie on amd64 Hi, During a rebuild of all packages in jessie (in a jessie chroot, not a sid chroot), your package failed to build on amd64. Relevant part (hopefully): make[6]: Entering directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' ASDIR=/«PKGBUILDDIR»/plugins/meta/libgdmaps/t ABDIR=/«PKGBUILDDIR»/plugins/meta/libgdmaps/t GEOLITE_FILES=LICENSE.txt GeoIP-20111210.dat GeoIPv6-20111210.dat GeoLiteCity-20111210.dat GeoLiteCityv6-20111210.dat regioncodes-20130115.csv TLIST=t00_v4db t01_v6db t02_v4citydb t03_v6citydb t04_v64db t05_v64citydb t06_v4nets t07_v6nets t08_cityauto t09_complex t10_def t11_def2 t12_defnone t13_castatdef t14_missingcoords t15_nogeo t99_loadonly t16_extnets t17_extn_empty t18_extn_all t19_extn_allg t20_extn_allgs t21_extn_subs t22_nets_corner t23_gn_corner ./trunner.sh Skipping GeoIP-based libgdmaps unit tests; missing GeoLite data. If you care to run these, execute 'make check-download' before 'make check' (This will download several megabytes of data from the public Internet!) If you wish to test basic loading success for arbitrary local GeoIP databases with plugin_geoip, please specify a list of absolute pathnames in $GDMAPS_GEOIP_TEST_LOAD By default, tests will be run against all of the following that exist and are readable in /usr/share/GeoIP/: GeoIP.dat GeoIPv6.dat GeoIPCity.dat GeoIPCityv6.dat GeoLiteCity.dat GeoLiteCityv6.dat Running test t15_nogeo ... Running test t17_extn_empty ... Running test t18_extn_all ... Running test t21_extn_subs ... Running test t22_nets_corner ... Checking basic database load on file /usr/share/GeoIP/GeoIP.dat ... OK Checking basic database load on file /usr/share/GeoIP/GeoIPv6.dat ... Load-only test on file '/usr/share/GeoIP/GeoIPv6.dat' failed w/ exit status 134; Test Output: info: Loading configuration from '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/config' info: plugin_geoip: map 'my_prod_map': Processing GeoIP database '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/geoip/loadonly.dat' error: plugin_geoip: map 'my_prod_map': Error traversing GeoIP database, corrupt? error: plugin_geoip: map 'my_prod_map': (Re-)loading geoip database '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/geoip/loadonly.dat' failed! fatal: plugin_geoip: map 'my_prod_map': cannot continue initial load Aborted make[6]: *** [check-local] Error 99 Makefile:1029: recipe for target 'check-local' failed make[6]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' make[5]: *** [check-am] Error 2 Makefile:899: recipe for target 'check-am' failed make[5]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' make[4]: *** [check-recursive] Error 1 Makefile:494: recipe for target 'check-recursive' failed make[4]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps' make[3]: *** [check-recursive] Error 1 Makefile:536: recipe for target 'check-recursive' failed make[3]: Leaving directory '/«PKGBUILDDIR»/plugins/meta' make[2]: *** [check-recursive] Error 1 Makefile:392: recipe for target 'check-recursive' failed make[2]: Leaving directory '/«PKGBUILDDIR»/plugins' make[1]: *** [check-recursive] Error 1 Makefile:501: recipe for target 'check-recursive' failed make[1]: Leaving directory '/«PKGBUILDDIR»' dh_auto_test: make -j1 test returned exit code 2 The full build log is available from: http://aws-logs.debian.net/ftbfs-logs/2015/01/17/gdnsd_2.1.0-1_jessie.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on EC2 VM instances from Amazon Web Services, using a clean, minimal and up-to-date chroot. Every failed build was retried once to eliminate random failures. ---End Message--- ---BeginMessage--- Source: geoip Source-Version: 1.6.4-2 We believe that the bug you reported is fixed in the latest version of geoip, which
Processed: found 774898 in 1.7.0-3.2
Processing commands for cont...@bugs.debian.org: # Also present in testing based on the diff between sid and testing found 774898 1.7.0-3.2 Bug #774898 [macchanger] fails to detect silent driver failure to change MAC Marked as found in versions macchanger/1.7.0-3.2. thanks Stopping processing here. Please contact me if you need assistance. -- 774898: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774898 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 745195 is serious
Processing commands for cont...@bugs.debian.org: severity 745195 serious Bug #745195 [unrtf] unrtf 0.21 outputs hex.junk to stdout Severity set to 'serious' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 745195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745195 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776409: —Bug#767832— not fixed in cryptsetup 2:1.6.6-4 nor 2:1.6.6-5
Package: initramfs-tools Version: 0.118_all Severity: Critical Hi, Unfortunately, the 767832 bug still relevant with : * cryptsetup 2:1.6.6-5amd64 * initramfs-tools 0.118 My system does not start automatically after entering the password for unlocking the root partition. I have to unlock manually /usr (from initramfs ), and then do CTRL + D or typing «exit». Finally, my system boot perfectly with initramfs-tools_0.116_all.deb. Here what I get before booting manually initramfs-tools_0.118_all.deb, : / // / /Decompressiong Linux… Parsing ELF… done.// //Booting the kernel.// //Loading, please wait...// //Please unlock disk sda1_crypt:// //cryptsetup: sda1_crypt set up successfully// //fsck from util-linux 2.25.2// ///dev/mapper/sda1_crypt: clean, 7869/170688 files, 89041/682752 blocks// //Gave up waiting for /usr device. Common problems:// // - Boot args (cat /proc/cmdline)// // - Check rootdelay= (did the system wait long enough?)// // - Missing modules (cat /proc/modules; ls /dev)// //ALERT! /dev/mapper/sda5_crypt does not exist. Dropping to a shell!// //modprobe: module ehci-orion not found in modules.dep// // // //BusyBox v1.22.1 (Debian 1:1.22.0-9) built-in shell (ash)// //Enter 'help' for a list of built-in commands./ Kind regards. ---BeginMessage--- This is an automatic notification regarding your Bug report which was filed against the cryptsetup package: #767832: cryptsetup: does not decrypt a split /usr as required by initramfs-tools = 0.118 It has been closed by Jonas Meurer m...@debian.org. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Jonas Meurer m...@debian.org by replying to this email. -- 767832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767832 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: cryptsetup Source-Version: 2:1.6.6-4 We believe that the bug you reported is fixed in the latest version of cryptsetup, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 767...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Meurer m...@debian.org (supplier of updated cryptsetup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 17 Dec 2014 14:24:41 +0100 Source: cryptsetup Binary: cryptsetup cryptsetup-bin libcryptsetup4 libcryptsetup-dev cryptsetup-udeb libcryptsetup4-udeb Architecture: source amd64 Version: 2:1.6.6-4 Distribution: unstable Urgency: medium Maintainer: Debian Cryptsetup Team pkg-cryptsetup-de...@lists.alioth.debian.org Changed-By: Jonas Meurer m...@debian.org Description: cryptsetup - disk encryption support - startup scripts cryptsetup-bin - disk encryption support - command line tools cryptsetup-udeb - disk encryption support - commandline tools (udeb) (udeb) libcryptsetup-dev - disk encryption support - development files libcryptsetup4 - disk encryption support - shared library libcryptsetup4-udeb - disk encryption support - shared library (udeb) (udeb) Closes: 764564 767832 768407 Changes: cryptsetup (2:1.6.6-4) unstable; urgency=medium . [ Simon McVittie ] * debian/initramfs/cryptroot-script: decrypt /usr as well as / so that split-/usr will work with initramfs-tools (= 0.118). (closes: #767832) . [ Jonas Meurer ] * debian/cryptdisks.funcctions: check for cryptdisks-udev initscript before actually invoking 'status' on it. It's only useful in ubuntu+upstart environment anyway. (closes: #764564) * debian/askpas.c: fix systemd_read() to really strip trailing newline from input. Thanks to Quentin Lefebvre for report and patch. (closes: #768407) Checksums-Sha1: 936823b42885dcd6f9f707eea950c1ecf5333441 2624 cryptsetup_1.6.6-4.dsc 42b656a159c463aed36c2eaad44ad3833e22 82848 cryptsetup_1.6.6-4.debian.tar.xz 01b311e05c39dfffc887cbe008d9d3607ed71dfa 159436 cryptsetup_1.6.6-4_amd64.deb 602f9940f314c71dede8b4fd8ef81a19856b3a79 175504 cryptsetup-bin_1.6.6-4_amd64.deb 462b154b510fc695512082aa39fe067758405504 103142 libcryptsetup4_1.6.6-4_amd64.deb 079c0e89dc8b261f6484a228d1b3bb145d7b3fb7 49720 libcryptsetup-dev_1.6.6-4_amd64.deb e622e08734147050239fdafc63481b40378e51fc 36700 cryptsetup-udeb_1.6.6-4_amd64.udeb 65cd68dd5561bcc8068bd62187e04038e0d17a67 64828 libcryptsetup4-udeb_1.6.6-4_amd64.udeb Checksums-Sha256: d7126c3675793555c8d7fa084505cf0a4dbfaa80e2903379afd21036489d9074 2624 cryptsetup_1.6.6-4.dsc
Bug#775638: marked as done (IPv6 database is corrupt)
Your message dated Tue, 27 Jan 2015 18:48:36 + with message-id e1ygbbk-000582...@franck.debian.org and subject line Bug#775638: fixed in geoip-database 20141027-2 has caused the Debian Bug report #775638, regarding IPv6 database is corrupt to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775638: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: gdnsd Version: 2.1.0-1 Severity: serious Tags: jessie sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20150117 qa-ftbfs Justification: FTBFS in jessie on amd64 Hi, During a rebuild of all packages in jessie (in a jessie chroot, not a sid chroot), your package failed to build on amd64. Relevant part (hopefully): make[6]: Entering directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' ASDIR=/«PKGBUILDDIR»/plugins/meta/libgdmaps/t ABDIR=/«PKGBUILDDIR»/plugins/meta/libgdmaps/t GEOLITE_FILES=LICENSE.txt GeoIP-20111210.dat GeoIPv6-20111210.dat GeoLiteCity-20111210.dat GeoLiteCityv6-20111210.dat regioncodes-20130115.csv TLIST=t00_v4db t01_v6db t02_v4citydb t03_v6citydb t04_v64db t05_v64citydb t06_v4nets t07_v6nets t08_cityauto t09_complex t10_def t11_def2 t12_defnone t13_castatdef t14_missingcoords t15_nogeo t99_loadonly t16_extnets t17_extn_empty t18_extn_all t19_extn_allg t20_extn_allgs t21_extn_subs t22_nets_corner t23_gn_corner ./trunner.sh Skipping GeoIP-based libgdmaps unit tests; missing GeoLite data. If you care to run these, execute 'make check-download' before 'make check' (This will download several megabytes of data from the public Internet!) If you wish to test basic loading success for arbitrary local GeoIP databases with plugin_geoip, please specify a list of absolute pathnames in $GDMAPS_GEOIP_TEST_LOAD By default, tests will be run against all of the following that exist and are readable in /usr/share/GeoIP/: GeoIP.dat GeoIPv6.dat GeoIPCity.dat GeoIPCityv6.dat GeoLiteCity.dat GeoLiteCityv6.dat Running test t15_nogeo ... Running test t17_extn_empty ... Running test t18_extn_all ... Running test t21_extn_subs ... Running test t22_nets_corner ... Checking basic database load on file /usr/share/GeoIP/GeoIP.dat ... OK Checking basic database load on file /usr/share/GeoIP/GeoIPv6.dat ... Load-only test on file '/usr/share/GeoIP/GeoIPv6.dat' failed w/ exit status 134; Test Output: info: Loading configuration from '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/config' info: plugin_geoip: map 'my_prod_map': Processing GeoIP database '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/geoip/loadonly.dat' error: plugin_geoip: map 'my_prod_map': Error traversing GeoIP database, corrupt? error: plugin_geoip: map 'my_prod_map': (Re-)loading geoip database '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/geoip/loadonly.dat' failed! fatal: plugin_geoip: map 'my_prod_map': cannot continue initial load Aborted make[6]: *** [check-local] Error 99 Makefile:1029: recipe for target 'check-local' failed make[6]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' make[5]: *** [check-am] Error 2 Makefile:899: recipe for target 'check-am' failed make[5]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' make[4]: *** [check-recursive] Error 1 Makefile:494: recipe for target 'check-recursive' failed make[4]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps' make[3]: *** [check-recursive] Error 1 Makefile:536: recipe for target 'check-recursive' failed make[3]: Leaving directory '/«PKGBUILDDIR»/plugins/meta' make[2]: *** [check-recursive] Error 1 Makefile:392: recipe for target 'check-recursive' failed make[2]: Leaving directory '/«PKGBUILDDIR»/plugins' make[1]: *** [check-recursive] Error 1 Makefile:501: recipe for target 'check-recursive' failed make[1]: Leaving directory '/«PKGBUILDDIR»' dh_auto_test: make -j1 test returned exit code 2 The full build log is available from: http://aws-logs.debian.net/ftbfs-logs/2015/01/17/gdnsd_2.1.0-1_jessie.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on EC2 VM instances from Amazon Web Services, using a clean, minimal and up-to-date chroot. Every failed build was retried once to eliminate random failures. ---End Message--- ---BeginMessage--- Source: geoip-database Source-Version: 20141027-2 We believe that the bug you reported is fixed in the latest version of
Bug#776410: marked as done (linux: FTBFS on arm64 - find: `debian/zlib-modules-3.16.0-4-arm64-di': No such file or directory)
Your message dated Tue, 27 Jan 2015 19:20:27 + with message-id 1422386427.2709.1.ca...@decadent.org.uk and subject line Re: Bug#776410: linux: FTBFS on arm64 - find: `debian/zlib-modules-3.16.0-4-arm64-di': No such file or directory has caused the Debian Bug report #776410, regarding linux: FTBFS on arm64 - find: `debian/zlib-modules-3.16.0-4-arm64-di': No such file or directory to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776410: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776410 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: linux Version: 3.16.7-ckt4-1 Severity: serious Hi, The linux source package FTBFS on arm64[1]. I have include the (hopefully) relevant part of the log below: These modules from 3.16.0-4-arm64 are unpackaged: kernel/arch/arm64/crypto/aes-ce-blk.ko [... long list of .ko files ...] kernel/sound/usb/snd-usbmidi-lib.ko kernel-wedge strip-modules 3.16.0-4-arm64 kernel-wedge check kernel-image-3.16.0-4-arm64-di nic-modules-3.16.0-4-arm64-di nic-wireless-modules-3.16.0-4-arm64-di nic-shared-modules-3.16.0-4-arm64-di ppp-modules-3.16.0-4-arm64-di cdrom-core-modules-3.16.0-4-arm64-di scsi-core-modules-3.16.0-4-arm64-di scsi-modules-3.16.0-4-arm64-di loop-modules-3.16.0-4-arm64-di btrfs-modules-3.16.0-4-arm64-di ext4-modules-3.16.0-4-arm64-di isofs-modules-3.16.0-4-arm64-di jfs-modules-3.16.0-4-arm64-di xfs-modules-3.16.0-4-arm64-di fat-modules-3.16.0-4-arm64-di md-modules-3.16.0-4-arm64-di multipath-modules-3.16.0-4-arm64-di usb-modules-3.16.0-4-arm64-di usb-storage-modules-3.16.0-4-arm64-di input-modules-3.16.0-4-arm64-di event-modules-3.16.0-4-arm64-di nic-usb-modules-3.16.0-4-arm64-di sata-modules-3.16.0-4-arm64-di core-modules-3.16.0-4-arm64-di crc-modules-3.16.0-4-arm64-di crypto-modules-3.16.0-4-arm64-di crypto-dm-modules-3.16.0-4-arm64-di efi-modules-3.16.0-4-arm64-di ata-modules-3.16.0-4-arm64-di mmc-modules-3.16.0-4-arm64-di nbd-module s-3.16.0-4-arm64-di squashfs-modules-3.16.0-4-arm64-di virtio-modules-3.16.0-4-arm64-di uinput-modules-3.16.0-4-arm64-di zlib-modules-3.16.0-4-arm64-di udf-modules-3.16.0-4-arm64-di fuse-modules-3.16.0-4-arm64-di find: `debian/zlib-modules-3.16.0-4-arm64-di': No such file or directory zlib-modules-3.16.0-4-arm64-di will be empty make[2]: *** [install-udeb_arm64] Error 1 make[1]: *** [binary-arch_arm64] Error 2 debian/rules.real:426: recipe for target 'install-udeb_arm64' failed make[2]: Leaving directory '/«PKGBUILDDIR»' debian/rules.gen:34: recipe for target 'binary-arch_arm64' failed make[1]: Leaving directory '/«PKGBUILDDIR»' make: *** [binary-arch] Error 2 debian/rules:42: recipe for target 'binary-arch' failed dpkg-buildpackage: error: fakeroot debian/rules binary-arch gave error exit status 2 ~Niels [1] https://buildd.debian.org/status/fetch.php?pkg=linuxarch=arm64ver=3.16.7-ckt4-1stamp=1421386740 ---End Message--- ---BeginMessage--- Version: 3.16.7-ckt4-2 Just uploading the fix... Ben. -- Ben Hutchings When in doubt, use brute force. - Ken Thompson signature.asc Description: This is a digitally signed message part ---End Message---
Processed: Blocking
Processing commands for cont...@bugs.debian.org: block 775114 by 775745 Bug #775114 [libkdeui5] [libkdeui5] KRecursiveFilterProxyModel: The model was not working properly 775114 was not blocked by any bugs. 775114 was not blocking any bugs. Added blocking bug(s) of 775114: 775745 thanks Stopping processing here. Please contact me if you need assistance. -- 775114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Here is the reply from a MariaDB core developer: 2015-01-26 21:39 GMT+02:00 Sergei Golubchik s...@mariadb.org: Hi, Otto! On Jan 26, Otto Kekäläinen wrote: Hello Sergei! The page https://mariadb.com/kb/en/mariadb/security/ does not mention the ones Salvatore asks about below: 0385 and 0409. Any info on them? Salvatore is right - these bugs are 5.6 only and we don't have Server : Optimizer and Server : Pluggable Auth 5.6 code in MariaDB-10.x Generally from all 5.6-only MySQL bugs only InnoDB issues apply to MariaDB-10.x. Hmm, I've just checked the source code patch between 5.6.21 and 5.6.22 - there were *no* changes to the pluggable authentication code. None whatsoever. I don't know what Oracle means by CVE-2015-0385 Server: Pluggable Auth 5.6.21 and earlier -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On 01/26/2015 10:51 PM, Moritz Mühlenhoff wrote:
Moritz,
For unstable, I've pushed the upload an d asked for an exception.
I've added the VMSVGA fixes to the security tracker, but there are also
two issues in Core, which apply to wheezy/jessie:
Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418?
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Frank from Oracle had mentioned that those 2 CVEs do not affect 4.3.x.
(Please see attached email).
For Wheezy, those CVE patches are included.
TO quote Frank and Gianfranco's conversation:
CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older)
CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older)
do you have any patch for = 4.2.x then?
Attached.
--
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System
---BeginMessage---
Hi Gianfranco,
On Wednesday 21 January 2015 14:28:53 Gianfranco Costamagna wrote:
the most CVEs from that CPU are related to the experimental VMSVGA
implementation. This code is not documented and not announced and
regular users will not use it. Therefore I suggest you to just disable
that code by setting
VBOX_WITH_VMSVGA=
VBOX_WITH_VMSVGA3D=
This will automatically omit CVE-2014-6595, CVE-2014-6590, CVE-2014-6589,
CVE-2014-6588 and CVE-2015-0427. The actual patch to fix this code is a bit
lengthy, therefore disabling this code is IMO the best solution.
I presume starting from version 4.0 everything needs to be patched by
disabling it?
that code does only exist in VBox 4.3.x, older branches are not affected.
CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older)
CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older)
do you have any patch for = 4.2.x then?
Attached.
4.0.10 4.1.12 4.1.18 4.3.10 4.3.14 4.3.18
These patches are against the latest code in the respective branches but
I hope they apply to these old versions. Sorry but it's not possible to
support such old versions, we only support the latest versions of a
specific branch.
4.3.20 (not affected at all I presume)
Correct, already contains fixes for all these problems.
Frank
--
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Geschäftsführer: Jürgen Kunz
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val MaherIndex: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp
===
--- src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342)
+++ src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95343)
@@ -1290,7 +1290,13 @@
if (rc2 == VERR_SEM_BUSY)
return (uErrorCode X86_TRAP_PF_RW) ? VINF_IOM_HC_MMIO_WRITE : VINF_IOM_HC_MMIO_READ;
#endif
-VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, uErrorCode, pCtxCore, GCPhysFault, iomMMIOGetRange(pVM-iom.s, GCPhysFault));
+PIOMMMIORANGE pRange = iomMMIOGetRange(pVM-iom.s, GCPhysFault);
+if (RT_UNLIKELY(!pRange))
+{
+iomUnlock(pVM);
+return VERR_IOM_MMIO_RANGE_NOT_FOUND;
+}
+VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, uErrorCode, pCtxCore, GCPhysFault, pRange);
iomUnlock(pVM);
return VBOXSTRICTRC_VAL(rcStrict);
}
Index: include/VBox/hwacc_vmx.h
===
--- include/VBox/hwacc_vmx.h (revision 96156)
+++ include/VBox/hwacc_vmx.h (revision 96157)
@@ -519,6 +519,12 @@
#define VMX_EXIT_WBINVD 54
/** 55 XSETBV. Guest software attempted to execute XSETBV. */
#define VMX_EXIT_XSETBV 55
+/** 57 RDRAND. Guest software attempted to execute RDRAND. */
+#define VMX_EXIT_RDRAND 57
+/** 58 INVPCID. Guest software attempted to execute INVPCID. */
+#define VMX_EXIT_INVPCID58
+/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */
+#define VMX_EXIT_VMFUNC 59
/** @} */
Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp
===
--- src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96156)
+++ src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96157)
@@ -4036,6 +4036,10 @@
case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */
case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */
case VMX_EXIT_VMXON:/* 27 Guest software executed VMXON. */
+case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */
+case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */
+case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */
+case
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi Moritz, please read carefully this thread :) Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418? jessie is not affected, and wheezy has already the patch on this thread the two CVEs are for VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28 so 4.3 not affected. Since jessie is already pending fixed, I propose to go for wheezy with the above one. cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Hi Otto, On Tue, Jan 27, 2015 at 10:01:09AM +0200, Otto Kekäläinen wrote: Here is the reply from a MariaDB core developer: 2015-01-26 21:39 GMT+02:00 Sergei Golubchik s...@mariadb.org: Hi, Otto! On Jan 26, Otto Kekäläinen wrote: Hello Sergei! The page https://mariadb.com/kb/en/mariadb/security/ does not mention the ones Salvatore asks about below: 0385 and 0409. Any info on them? Salvatore is right - these bugs are 5.6 only and we don't have Server : Optimizer and Server : Pluggable Auth 5.6 code in MariaDB-10.x Generally from all 5.6-only MySQL bugs only InnoDB issues apply to MariaDB-10.x. Hmm, I've just checked the source code patch between 5.6.21 and 5.6.22 - there were *no* changes to the pluggable authentication code. None whatsoever. I don't know what Oracle means by CVE-2015-0385 Server: Pluggable Auth 5.6.21 and earlier Thanks, have updated the security-tracker information about these. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#621786: mdadm: invalid pointer or memory corruption on armel system
Hi, Sorry for the late answer, I'm not using this email address very often... You can close this issue, I believe this was more hardware related. I don't remember to encounter this issue since a while and now I'm using a new hardware. Thanks, Arnaud On 05/12/2014 15:59, Michael Tokarev wrote: On Fri, 08 Apr 2011 23:14:29 +0200 Arnaud arnaud.desm...@googlemail.com wrote: Package: mdadm Version: 3.1.4.1-0 Severity: critical Justification: breaks the whole system One month ago I tried to install Debian Squeeze on my QNAP TS-409 nas (see configuration bellow). During the installation process I saw an error message like invalid pointer or memory corruption, but the installer continue and ends as if nothing happened. After reboot I couldn't access anymore to the system. Then I plugged in a serial console to see what happened and the system couldn't start because it failed to find the root filesystem. In fact the mdadm tool crashed and randomly the error was one of the following after each reboot: - *** glibc detected *** /sbin/mdadm: munmap_chunk(): invalid pointer: 0x00089c00 *** - *** glibc detected *** /sbin/mdadm: malloc(): memory corruption: 0x0008b660 *** - double free [...] So, are there any news on all this? I don't have an affected hardware and have no idea how it all related to mtdblock devices. Has anything changed since squeeze? Can this bug be reproduced on to-be-jessie? We've a critical bug for several years... Thanks, /mjt
Bug#776400: marked as done (grub-ieee1275: ppc64el-disable-vsx.patch applied to 32-bit kernel.img causes exception at 0x20000008 (mtmsrd 0))
Your message dated Tue, 27 Jan 2015 21:50:11 +
with message-id e1yge1t-rm...@franck.debian.org
and subject line Bug#776400: fixed in grub2 2.02~beta2-21
has caused the Debian Bug report #776400,
regarding grub-ieee1275: ppc64el-disable-vsx.patch applied to 32-bit kernel.img
causes exception at 0x2008 (mtmsrd 0)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
776400: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776400
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: grub-ieee1275
Version: 2.02~beta2-20
Severity: grave
Justification: renders package unusable
Dear Maintainer,
On a powerpc g4 (mac) system I am trying to switch from yaboot to grub.
The provided image always faults 8 bytes in. Looking at the patches for
grub I see ppc64el-disable-vsx.patch
http://anonscm.debian.org/cgit/pkg-grub/grub.git/tree/debian/patches/ppc64el-disable-vsx.patch?id=debian/2.02.beta2-20
is causing the problem with the mtmsrd instruction.
I think the solution is to not apply this patch for 32-bit builds.
Thanks
-Mark
-- Package-specific info:
*** BEGIN /proc/mounts
/dev/mapper/vg2TB-root2TB / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
/dev/mapper/vg2TB-tmp2TB /tmp ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-boot2TB /boot ext4 rw,relatime,data=ordered 0 0
/dev/mapper/vg2TB-usr2TB /usr ext4 rw,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-tftpboot2TB /tftpboot ext4 rw,relatime,data=ordered 0 0
/dev/mapper/vg2TB-src2TB /src ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-opt2TB /opt ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-home2TB /home ext4 rw,nosuid,relatime,data=ordered 0 0
/dev/mapper/vg2TB-obj2TB /obj ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-upload2TB /upload ext4 rw,nosuid,nodev,relatime,data=ordered
0 0
*** END /proc/mounts
*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ ${next_entry} ] ; then
set default=${next_entry}
set next_entry=
save_env next_entry
set boot_once=true
else
set default=0
fi
if [ x${feature_menuentry_id} = xy ]; then
menuentry_id_option=--id
else
menuentry_id_option=
fi
export menuentry_id_option
if [ ${prev_saved_entry} ]; then
set saved_entry=${prev_saved_entry}
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z ${boot_once} ]; then
saved_entry=${chosen}
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod part_gpt
insmod diskfilter
insmod mdraid1x
insmod lvm
insmod ext2
set
root='lvmid/rryS8H-OjOu-XGJ4-B6WS-vFv0-Y11Y-skD2O6/3k1lNp-bA8O-z624-ZhND-OCg7-p0FF-3cmxAS'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/rryS8H-OjOu-XGJ4-B6WS-vFv0-Y11Y-skD2O6/3k1lNp-bA8O-z624-ZhND-OCg7-p0FF-3cmxAS'
f0cca1bf-40ee-46ad-bb93-49f3cd18e34d
else
search --no-floppy --fs-uuid --set=root f0cca1bf-40ee-46ad-bb93-49f3cd18e34d
fi
font=/share/grub/unicode.pf2
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
if [ ${recordfail} = 1 ] ; then
set timeout=-1
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/02_preload_wip ###
insmod part_apple
insmod ext2
### END /etc/grub.d/02_preload_wip ###
### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload=${1}
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu
--class os
Bug#776415: kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption
Package: kfreebsd-10 Version: 10.1~svn274115-1 Severity: grave Tags: security patch Hi, A kernel memory disclosure/corruption vulnerability was announced, in the FreeBSD kernel's implementation of SCTP: https://security.FreeBSD.org/advisories/FreeBSD-SA-15:02.kmem.asc This could affect the kfreebsd-10 package if SCTP is used. A patch from upstream should be uploaded soon fixing this. kfreebsd-9 in stable is not affected, since the last security upload 9.0-10+deb70.8 already disabled this protocol. kfreebsd-8 does not receive regular security updates, but we may decide to disable SCTP there too. kfreebsd-11 experimental will be affected until updated to a newer snapshot. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775114: marked as done ([libkdeui5] KRecursiveFilterProxyModel: The model was not working properly)
Your message dated Tue, 27 Jan 2015 21:51:29 + with message-id e1yge2j-0001hv...@franck.debian.org and subject line Bug#775114: fixed in kde4libs 4:4.14.2-5 has caused the Debian Bug report #775114, regarding [libkdeui5] KRecursiveFilterProxyModel: The model was not working properly to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libkdeui5 Version: 4:4.14.2-4 Severity: important Tags: patch While testing the new kontact, we found a bug in kdeui, that makes randomly crash kmail,kaddressbook while starting. We created an patch [0] to solve this problem. It would be great if that patch can be part of the stable relase of debian. For us it would make our life easier to to ship kdelibs on our own. If there is anything I can do making this patch entering debian, please give me feedback. Regads, sandro [0] https://github.com/kolab-groupware/kdelibs/commit/42bd1a3e7af9d896c5c3f697a23bd7ed0b2314b8 The git commit message: The model was not working properly and didn't include all items under some circumstances. This patch fixes the following scenarios in particular: * The change in sourceDataChanged is required to fix the shortcut condition. The idea is that if the parent is already part of the model (it must be if acceptRow returns true), we can directly invoke dataChanged on the parent, resulting in the changed index getting reevaluated. However, because the recursive filterAcceptsRow version was used the shortcut was also used when only the current index matches the filter and the parent index is in fact not yet in the model. In this case we failed to call dataChanged on the right index and thus the complete branch was never added to the model. * The change in refreshAscendantMapping is required to include indexes that were included by descendants. The intended way how this was supposed to work is that we traverse the tree upwards and find the last index that is not yet part of the model. We would then call dataChanged on that index causing it and its descendants to get reevaluated. However, acceptRow does not reflect wether an index is already in the model or not. Consider the following model: - A - B - C - D If C is include in the model by default but D not and A B only gets included due to C, we have the following model: - A - B - C - D If we then call refreshAscendantsMapping on D it will not consider B as already being part of the model. This results in the toplevel index A being considered lastAscendant, and a call to dataChanged on A results in a reevaluation of A only, which is already in the model. Thus D never gets added to the model. Unfortunately there is no way to probe QSortFilterProxyModel for indexes that are already part of the model. Even the const mapFromSource internally creates a mapping when called, and thus instead of revealing indexes that are not yet part of the model, it silently creates a mapping (without issuing the relevant signals!). As the only possible workaround we have to issues dataChanged for all ancestors which is ignored for indexes that are not yet mapped, and results in a rowsInserted signal for the correct indexes. It also results in superfluous dataChanged signals, since we don't know when to stop, but at least we have a properly behaving model this way. -- Sandro Knauß Software Developer Kolab Systems AG Zürich, Switzerland e: kna...@kolabsys.com t: +41 43 501 66 91 w: http://kolabsys.com pgp: CE81539E Sandro Knauß signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: kde4libs Source-Version: 4:4.14.2-5 We believe that the bug you reported is fixed in the latest version of kde4libs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sandro Knauß b...@sandroknauss.de (supplier of updated kde4libs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 19 Jan 2015
Bug#776400: grub-ieee1275: ppc64el-disable-vsx.patch applied to 32-bit kernel.img causes exception at 0x20000008 (mtmsrd 0)
On Tue, Jan 27, 2015 at 11:17:04AM -0600, Mark wrote: On a powerpc g4 (mac) system I am trying to switch from yaboot to grub. The provided image always faults 8 bytes in. Looking at the patches for grub I see ppc64el-disable-vsx.patch http://anonscm.debian.org/cgit/pkg-grub/grub.git/tree/debian/patches/ppc64el-disable-vsx.patch?id=debian/2.02.beta2-20 is causing the problem with the mtmsrd instruction. I think the solution is to not apply this patch for 32-bit builds. Thanks. I prefer not to apply patches conditionally. However, it should be sufficient to use the mtmsr instruction rather than mtmsrd; the bit we're trying to change is in the bottom 32 bits of the MSR in any case. Please could you test version 2.02~beta2-21 when it becomes available in unstable (I'm preparing the upload now), and report how it behaves for you? Thanks, -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
Control: severity -1 important Michael Milligan wrote: Package: partman-zfs Version: 42 Severity: grave Tags: d-i Justification: renders package unusable for ZFS-based install (which is probably the reason someone is trying Debian/kFreeBSD .. to use ZFS) Since this is a kfreebsd-any package, and we're not part of the official stable release, I have to lower this to non-RC severity. We should still fix it for the GNU/kFreeBSD release though. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
Processing control commands: severity -1 important Bug #775395 [partman-zfs] partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror Severity set to 'important' from 'grave' -- 775395: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775395 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776416: kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability
Package: kfreebsd-10 Version: 10.1~svn274115-1 Severity: grave Tags: security patch Hi, A unprivileged local DoS was reported in the FreeBSD kernel implementation of SCTP: https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc This only affects systems serving SCTP connections. A patch from upstream should be uploaded soon fixing this in kfreebsd-10. kfreebsd-9 in stable is not affected, since the last security upload 9.0-10+deb70.8 disabled this protocol. kfreebsd-8 does not receive regular security updates, but we may decide to disable SCTP there too. (It's expected nobody would be using SCTP in GNU/kFreeBSD squeeze or prior, because no userland tools had been ported yet). -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Unblock
Processing commands for cont...@bugs.debian.org: unblock 775114 by 775745 Bug #775114 [libkdeui5] [libkdeui5] KRecursiveFilterProxyModel: The model was not working properly 775114 was blocked by: 775745 775114 was not blocking any bugs. Removed blocking bug(s) of 775114: 775745 thanks Stopping processing here. Please contact me if you need assistance. -- 775114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776422: [systemd] power button does poweroff instead of STR after each upgrade of systemd
Package: systemd Version: 215-10 Severity: grave Justification: causes data loss I configured the power button to do STR in KDE. After each upgrade of systemd the power button does poweroff instead causing loss of unsaved work. This did not happen before the introduction of systemd as a replacement for $everything, so I have to guess systemd is the problem; please reassign if you know better. Regards Timo --- System information. --- Architecture: amd64 Kernel: Linux 3.16.0-4-amd64 Debian Release: 8.0 900 testing http.debian.net 800 unstablehttp.debian.net --- Package information. --- Depends (Version) | Installed =-+-== libacl1 (= 2.2.51-8) | 2.2.52-2 libaudit1(= 1:2.2.1) | 1:2.4-1+b1 libblkid1 (= 2.17.2) | 2.25.2-4.1 libcap2 (= 1:2.10) | 1:2.24-6 libcryptsetup4 (= 2:1.4.3) | 2:1.6.6-4 libdbus-1-3(= 1.1.1) | 1.8.12-3 libkmod2 (= 5~) | 18-3 libpam0g(= 0.99.7.1) | 1.1.8-3.1 libselinux1(= 2.1.9) | 2.3-2 libsystemd-journal0 (= 208-8) | libudev1 (= 189) | 215-10 libwrap0 (= 7.6-4~) | 7.6.q-25 libsystemd-login0 (= 208-8) | util-linux (= 2.19.1-2) | 2.25.2-4.1 initscripts (= 2.88dsf-53.2) | 2.88dsf-58 sysv-rc | 2.88dsf-58 udev | 215-10 acl | 2.2.52-2 adduser | 3.113+nmu3 libcap2-bin | 1:2.24-6 Recommends (Version) | Installed =-+-=== libpam-systemd| 215-10 Suggests(Version) | Installed =-+-=== systemd-ui| --- Output from package bug script --- signature.asc Description: This is a digitally signed message part.
Processed: Re: Bug#776415: kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption
Processing commands for cont...@bugs.debian.org: tags 776415 + pending Bug #776415 [kfreebsd-10] kfreebsd-10: CVE-2014-8612: SCTP kernel mem disclosure/corruption Added tag(s) pending. tags 776416 + pending Bug #776416 [kfreebsd-10] kfreebsd-10: CVE-2014-8613: SCTP stream reset vulnerability Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 776415: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776415 776416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776416 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775395: partman-zfs in d-i jessie image does not create grub-compatible /boot ZFS mirror
Hi, Michael Milligan wrote: But installing Grub failed with unknown filesystem. In troubleshooting the issue, it seems grub2 (version currently is 2.02~beta2-19) does not recognize the feature@lz4_compress option (and had been previously reported) of the ZFS pools that kFreeBSD kernel 10.1 creates. Thanks for the report. It is actually expected that grub2 since 2.02 should understand these feature flags, including LZ4 compression. I thought it was working for me when I last tested. Hopefully this can be figured out without having to default to using -d (disabling new features including LZ4 metadata compression). Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770009: Backtrace for the hang
I've run the build on the MIPS portebox. It hangs on the first SVG to PNG conversion. Here is a full backtrace. The process is for now stopped on the porterbox; I think I can leave it for some hours more at least, if other information could be useful. Hope it helps, Vincent -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#776422: [systemd] power button does poweroff instead of STR after each upgrade of systemd
Processing control commands: severity -1 normal Bug #776422 [systemd] [systemd] power button does poweroff instead of STR after each upgrade of systemd Severity set to 'normal' from 'grave' tags -1 moreinfo unreproducible Bug #776422 [systemd] [systemd] power button does poweroff instead of STR after each upgrade of systemd Added tag(s) unreproducible and moreinfo. -- 776422: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776422 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776422: [systemd] power button does poweroff instead of STR after each upgrade of systemd
control: severity -1 normal control: tags -1 moreinfo unreproducible Am 27.01.2015 um 22:40 schrieb Timo Weingärtner: Package: systemd Version: 215-10 Severity: grave Justification: causes data loss I configured the power button to do STR in KDE. After each upgrade of systemd the power button does poweroff instead causing loss of unsaved work. This did not happen before the introduction of systemd as a replacement for $everything, so I have to guess systemd is the problem; please reassign if you know better. Please provide more information why you think there is a bug in systemd. The current information you provided is not sufficient to make an analysis of the problem. My uneducated guess would be, that KDE does not deal with logind being restarted as part of the upgrade. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#776400: grub-ieee1275: ppc64el-disable-vsx.patch applied to 32-bit kernel.img causes exception at 0x20000008 (mtmsrd 0)
On Jan 27, 2015, at 2:40 PM, Colin Watson cjwat...@debian.org wrote: On Tue, Jan 27, 2015 at 11:17:04AM -0600, Mark wrote: On a powerpc g4 (mac) system I am trying to switch from yaboot to grub. The provided image always faults 8 bytes in. Looking at the patches for grub I see ppc64el-disable-vsx.patch http://anonscm.debian.org/cgit/pkg-grub/grub.git/tree/debian/patches/ppc64el-disable-vsx.patch?id=debian/2.02.beta2-20 is causing the problem with the mtmsrd instruction. I think the solution is to not apply this patch for 32-bit builds. Thanks. I prefer not to apply patches conditionally. However, it should be sufficient to use the mtmsr instruction rather than mtmsrd; the bit we're trying to change is in the bottom 32 bits of the MSR in any case. Please could you test version 2.02~beta2-21 when it becomes available in unstable (I'm preparing the upload now), and report how it behaves for you? Thanks, -- Colin Watson [cjwat...@debian.org] I have confirmed that the updated build fixes this problem. Thanks! -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776388: chromium does not start at all
Package: chromium Version: 40.0.2214.91-1 Severity: serious chromium does not start at all in my machine. Instead, when started from a terminal, it writes tons of messages like this: [2755:2755:0127/145321:ERROR:gles2_cmd_decoder.cc(3952)] Error: 5 for Command kResizeCHROMIUM ^C[2755:2755:0127/145322:ERROR:gles2_cmd_decoder.cc(3823)] GLES2DecoderImpl: Context lost because context no longer current after resize callback. in an endless loop. The only special thing about my system is that 3D acceletarion does not work properly and I have to use libgl1-mesa-swx11 instead of libgl1-mesa-glx (see Bug#763890). In either case, I would expect a more meaningful error message, not the current behaviour. I've tested both the version of chromium in jessie 39.0.2171.71-2 and the one in unstable 40.0.2214.91-1 and none of them start at all. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775970: marked as done (jasper: CVE-2014-8157 CVE-2014-8158)
Your message dated Tue, 27 Jan 2015 22:21:17 + with message-id e1ygevz-0005n4...@franck.debian.org and subject line Bug#775970: fixed in jasper 1.900.1-7+squeeze4 has caused the Debian Bug report #775970, regarding jasper: CVE-2014-8157 CVE-2014-8158 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775970 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libjasper1 Version: 1.900.1-13+deb7u2 Severity: grave Tags: security upstream Justification: user security hole From: http://www.ocert.org/advisories/ocert-2015-001.html The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted jp2 file can be used to trigger the vulnerabilities. -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libjasper1 depends on: ii libc6 2.13-38+deb7u6 ii libjpeg8 8d-1+deb7u1 ii multiarch-support 2.13-38+deb7u6 libjasper1 recommends no packages. Versions of packages libjasper1 suggests: pn libjasper-runtime none -- no debconf information ---End Message--- ---BeginMessage--- Source: jasper Source-Version: 1.900.1-7+squeeze4 We believe that the bug you reported is fixed in the latest version of jasper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz deb...@alteholz.de (supplier of updated jasper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 27 Jan 2015 20:20:04 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source i386 Version: 1.900.1-7+squeeze4 Distribution: squeeze-lts Urgency: high Maintainer: Roland Stigge sti...@antcom.de Changed-By: Thorsten Alteholz deb...@alteholz.de Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - The JasPer JPEG-2000 runtime library Closes: 775970 Changes: jasper (1.900.1-7+squeeze4) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * Add 07-CVE-2014-8157.patch patch. CVE-2014-8157: dec-numtiles off-by-one check in jpc_dec_process_sot(). (Closes: #775970) * Add 08-CVE-2014-8158.patch patch. CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970) Checksums-Sha1: 7cd93b0068da7d2a7d293ebeaa7b17ef70bb75ce 1844 jasper_1.900.1-7+squeeze4.dsc a20dc389f5962661b7ab81777c8316f8faee3a99 1143400 jasper_1.900.1.orig.tar.gz b3f592bf84e9ba221f3cbe7e81a3d38e5d394071 54228 jasper_1.900.1-7+squeeze4.diff.gz 72e169e5908ddea8375580fbd38bb8fa2e89317a 145940 libjasper1_1.900.1-7+squeeze4_i386.deb 85ce0dfbd3df7415961a03b8f27f3543e3ecc84b 551340 libjasper-dev_1.900.1-7+squeeze4_i386.deb 03609b3e519ed38cf1c9a28dfcaea888a5c68568 24162 libjasper-runtime_1.900.1-7+squeeze4_i386.deb Checksums-Sha256: d080a0ffd1cccb2323bed63fcf78cd5d262235e07f15eeff1e6b01c36f39cd55 1844 jasper_1.900.1-7+squeeze4.dsc 6cf104e2811f6088ca1dc76d87dd27c55178d3ccced20db8858d28ae22911a94 1143400 jasper_1.900.1.orig.tar.gz 9dd7b1bb053c718db3dda72f52afaf639e6c183b3953e515104f3413d88ab3e3 54228 jasper_1.900.1-7+squeeze4.diff.gz 168e7a467e0ff035a81bd9c573a4d76088d9460da9f4e75a9789b3fea37864d6 145940 libjasper1_1.900.1-7+squeeze4_i386.deb 578f96892bc2b85fb06030fbadf68c762c603bd7753f7cf3c35ffb40e6741412 551340 libjasper-dev_1.900.1-7+squeeze4_i386.deb 2fef285147853a988650e7bf9e2c6f364a405f9279198c57eeac95d701478962 24162 libjasper-runtime_1.900.1-7+squeeze4_i386.deb Files: 723dcee390db604c6c4ad3a7f1294ed8 1844 graphics optional jasper_1.900.1-7+squeeze4.dsc 4ae3dd938fd15f22f30577db5c9f27e9
Processed: bug 775990
Processing commands for cont...@bugs.debian.org: tags 775990 +patch Bug #775990 [akonadi-backend-sqlite] [akonadi-backend-sqlite] Akonadi reports deadlocks Added tag(s) patch. severity 775990 grave Bug #775990 [akonadi-backend-sqlite] [akonadi-backend-sqlite] Akonadi reports deadlocks Severity set to 'grave' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 775990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775990 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770009: Backtrace for the hang
With the backtrace...
On Tue, Jan 27, 2015 at 10:13 PM, Vincent Fourmond fourm...@debian.org wrote:
I've run the build on the MIPS portebox. It hangs on the first SVG
to PNG conversion. Here is a full backtrace. The process is for now
stopped on the porterbox; I think I can leave it for some hours more
at least, if other information could be useful.
Hope it helps,
Vincent
Thread 2 (Thread 0x762ca460 (LWP 14695)):
#0 GetOpacityPixel (stroke_opacity=synthetic pointer, y=590, x=139,
fill_rule=EvenOddRule,
fill=MagickTrue, mid=0.62537187436756381, polygon_info=0x840ed8) at
../../magick/draw.c:3806
beta = optimized out
subpath_opacity = optimized out
p = 0x852198
q = optimized out
j = 1
winding_number = -1
alpha = optimized out
distance = optimized out
i = optimized out
#1 DrawPolygonPrimitive._omp_fn.3 () at ../../magick/draw.c:4027
q = optimized out
id = optimized out
fill_opacity = optimized out
stroke_color = {blue = 65535, green = 65535, red = 65535, opacity =
65535}
x = 139
stroke_opacity = optimized out
fill_color = {blue = 65535, green = 65535, red = 65535, opacity = 0}
start = optimized out
stop = 683
y = 590
draw_info = 0x8508a0
image_view = 0x841240
mid = 0.62537187436756381
exception = 0x873788
fill = MagickTrue
polygon_info = 0x832e10
bounds = {x1 = 0, y1 = 0, x2 = 683, y2 = 707}
start = 0
stop = 707
status = MagickTrue
warning: GDB can't find the start of the function at 0x7724e63e.
GDB is unable to find the start of the function at 0x7724e63e
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
This problem is most likely caused by an invalid program counter or
stack pointer.
However, if you think GDB should simply search farther back
from 0x7724e63e for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
#2 0x7724e640 in ?? () from /usr/lib/mips-linux-gnu/libgomp.so.1
No symbol table info available.
Thread 1 (Thread 0x76f7f000 (LWP 14680)):
#0 0x77b29230 in GetOpacityPixel (stroke_opacity=synthetic pointer, y=584,
x=589, fill_rule=EvenOddRule,
fill=MagickTrue, mid=0.62537187436756381, polygon_info=0x840588) at
../../magick/draw.c:3714
beta = optimized out
subpath_opacity = 0
p = 0x851d50
q = optimized out
j = 0
winding_number = optimized out
alpha = optimized out
distance = optimized out
i = 1
#1 DrawPolygonPrimitive._omp_fn.3 () at ../../magick/draw.c:4027
q = 0x765d85a8
id = optimized out
fill_opacity = optimized out
stroke_color = {blue = 65535, green = 65535, red = 65535, opacity =
65535}
x = 589
stroke_opacity = 0
fill_color = {blue = 65535, green = 65535, red = 65535, opacity = 0}
start = optimized out
stop = 683
y = 584
draw_info = 0x8508a0
image_view = 0x841240
mid = 0.62537187436756381
exception = 0x873788
fill = MagickTrue
polygon_info = 0x832e10
bounds = {x1 = 0, y1 = 0, x2 = 683, y2 = 707}
start = 0
stop = 707
status = MagickTrue
#2 0x772499c8 in GOMP_parallel () from /usr/lib/mips-linux-gnu/libgomp.so.1
No symbol table info available.
#3 0x77b2776c in DrawPolygonPrimitive (image=0x8705b8, draw_info=0x8508a0,
primitive_info=0x884b18)
at ../../magick/draw.c:3985
image_view = 0x841240
mid = 0.62537187436756381
exception = 0x873788
fill = MagickTrue
status = MagickTrue
polygon_info = optimized out
p = optimized out
i = optimized out
bounds = {x1 = 0, y1 = 0, x2 = 683, y2 = 707}
start = 0
stop = 707
__PRETTY_FUNCTION__ = DrawPolygonPrimitive
__func__ = DrawPolygonPrimitive
#4 0x77b30bf0 in DrawPrimitive (image=0x8705b8, draw_info=0x8508a0,
primitive_info=0x884b18)
at ../../magick/draw.c:4619
mid = optimized out
scale = optimized out
clone_info = optimized out
image_view = 0x840f00
exception = 0x873788
status = 1
i = optimized out
x = optimized out
y = optimized out
__func__ = DrawPrimitive
#5 0x77b33c78 in DrawImage (image=0x8705b8, draw_info=0x882c20) at
../../magick/draw.c:3156
affine = {sx = 1, rx = 0, ry = 0, sy = 1, tx = 0, ty = 0}
current = {sx = 1.25068752, rx = 0, ry = 0, sy =
-1.2507, tx = -38.9392,
ty = 838.7894819207}
key = '\000' repeats 2636 times...
keyword = path, '\000' repeats 2868 times...
geometry =
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On Mon, Jan 26, 2015 at 09:14:55PM +0530, Ritesh Raj Sarraf wrote: On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote: On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. For Wheezy, it is building right now. Once the build is complete, I'll push it to s-p-u. And send you the debdiff. Please find attached the debdiff. Please give me an ACK, and then I'll do the upload. Looks good to me. Please upload to security-master, I'll take care of the update. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On Tue, Jan 27, 2015 at 09:53:45AM +, Gianfranco Costamagna wrote: Hi Moritz, please read carefully this thread :) Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418? jessie is not affected, and wheezy has already the patch on this thread the two CVEs are for VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28 so 4.3 not affected. Since jessie is already pending fixed, I propose to go for wheezy with the above one. cheers, Thanks, I've updated the security tracker. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754565: moodle removal
Hi, I don't think removal of moodle right now is a sane thing. I'll upload a final 2.7.2 package to unstable within about 5 weeks. There has been a private discussion between me, Thijs Kinkhorst and Moritz Mühlenhoff about this. Thanks, Bye, Joost -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754565: moodle removal
On Tue, Jan 27, 2015 at 11:21:22AM +0100, Joost van Baal-Ilić wrote: Hi, I don't think removal of moodle right now is a sane thing. I'll upload a final 2.7.2 package to unstable within about 5 weeks. There has been a private discussion between me, Thijs Kinkhorst and Moritz Mühlenhoff about this. FWIW, my preliminary work is available from http://mdcc.cx/tmp/moodle/ . Bye, Joost -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#734303: Not to be released with jessie
On Sun, Jan 05, 2014 at 06:34:55PM +, Dominic Hargreaves wrote: Source: movabletype-opensource Version: 5.2.7+dfsg-1 Severity: serious Justification: maintainer Support of MTOS by upstream (at least in the English speaking community) is now very sketchy. The security update announced at http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html in November has still not materialised except in the Japanese language website of Six Apart: http://www.movabletype.jp/blog/_601529.html According to http://www.movabletype.jp/life_cycle_policy.html 5.2.x, the last open source version of MT, will be EOL in 2015/9/30, which is during the likely support lifetime of jessie. Therefore I don't believe that we can support MT in Debian for the next release. Shall we remove it from unstable now? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775356: marked as done (resolvconf: bashisms in /etc/dhcp/dhclient-enter-hooks.d/resolvconf: shopt and [[ ... ]])
Your message dated Tue, 27 Jan 2015 11:03:54 + with message-id e1yg3w2-0003g9...@franck.debian.org and subject line Bug#775356: fixed in resolvconf 1.76.1 has caused the Debian Bug report #775356, regarding resolvconf: bashisms in /etc/dhcp/dhclient-enter-hooks.d/resolvconf: shopt and [[ ... ]] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775356: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775356 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: resolvconf Severity: serious Version: 1.76 Tags: ipv6 Justification: breaks IPv6 networking / bashism in '#!/bin/sh' sourced script (Policy §10.4) Dear Thomas, on a fresh Jessie installation, the file /etc/dhcp/dhclient-enter-hooks.d/resolvconf is sourced by isc-dhcp-client's /sbin/dhclient-script which has a #!/bin/sh shebang line (since 4.3.1-2 / 27th of September 2014 / Shellshock) on which resolvconf has no influence. But /etc/dhcp/dhclient-enter-hooks.d/resolvconf contains two bashisms which only appear if DHCPv6 is in use: # dhclient -6 eth0 /sbin/dhclient-script: 55: /sbin/dhclient-script: shopt: not found /sbin/dhclient-script: 60: /sbin/dhclient-script: [[: not found /sbin/dhclient-script: 60: /sbin/dhclient-script: [[: not found /sbin/dhclient-script: 60: /sbin/dhclient-script: [[: not found /sbin/dhclient-script: 68: /sbin/dhclient-script: shopt: not found # The affected lines are: https://sources.debian.net/src/resolvconf/1.76/etc/dhcp/dhclient-enter-hooks.d/resolvconf/#L55 and https://sources.debian.net/src/resolvconf/1.76/etc/dhcp/dhclient-enter-hooks.d/resolvconf/#L60 Purging resolvconf fixes the issue. I may come up with a proper patch later. But something like 'printf %s $nameserver | grep -qi ^fe80::' as test in the if clause should do the trick. (Thanks to Goswin Brederlow for the idea!) P.S.: No wicd involved this time. ;-) -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages resolvconf depends on: ii debconf [debconf-2.0] 1.5.55 ii ifupdown 0.7.52 ii init-system-helpers1.22 ii initscripts2.88dsf-58 ii lsb-base 4.1+Debian13+nmu1 resolvconf recommends no packages. resolvconf suggests no packages. -- debconf-show failed -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'buildd-unstable'), (400, 'stable'), (110, 'experimental'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.17-rc5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) ---End Message--- ---BeginMessage--- Source: resolvconf Source-Version: 1.76.1 We believe that the bug you reported is fixed in the latest version of resolvconf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Hood jdth...@gmail.com (supplier of updated resolvconf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 23 Jan 2015 21:46:34 +0100 Source: resolvconf Binary: resolvconf Architecture: source all Version: 1.76.1 Distribution: unstable Urgency: medium Maintainer: resolvconf maintainers resolvconf-de...@lists.alioth.debian.org Changed-By: Thomas Hood jdth...@gmail.com Description: resolvconf - name server information handler Closes: 775356 Changes: resolvconf (1.76.1) unstable; urgency=medium . * [eb81ca0] Eliminate bashisms. Thanks to Michael Gilbert (Closes: #775356) Checksums-Sha1: 3a0c954a1fcf62b6402ae46c0c8468ebc3b749c8 1712 resolvconf_1.76.1.dsc bfa94c839d8df041c36a1ad7f7371ab262b72bdb 72328 resolvconf_1.76.1.tar.xz bd9fb92a2676b76d50d69739a047c0701d11ca95 78064 resolvconf_1.76.1_all.deb Checksums-Sha256:
Bug#776007: buffer overrun in acknowledge.c(gi)
On Thu, Jan 22, 2015 at 06:00:54PM +0100, Christoph Berg wrote: Re: To Debian Bug Tracking System 2015-01-22 20150122161925.ga23...@msg.df7cb.de Source: xymon Version: 4.3.17-1 Severity: grave Tags: security patch pending web/acknowledge.c uses a string twice in a format string, but only allocates memory for one copy. The attached patch fixes this. Fwiw, the CGI is only accessible for authenticated admin users, so the consequences of the issue aren't as bad as they could be. I think it's sufficient if we fix this in a point update, can you take care of that? Has this been forwarded upstream? Since it's public we cannot assign a CVE from the Debian CNA pool any more, so this will need to go through the oss-security mailing list. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776007: buffer overrun in acknowledge.c(gi)
Hi Moritz, Moritz Mühlenhoff wrote: I think it's sufficient if we fix this in a point update, can you take care of that? Do you think of Jessie or Wheezy? As far as I can see, Wheezy is not affected: https://sources.debian.net/src/xymon/4.3.0%7Ebeta2.dfsg-9.1/web/bb-ack.c/#L248 Has this been forwarded upstream? Christoph told me on IRC that upstream is aware of it and has patched it in SVN, too. I just digged around in upstream's SVN repository and I think this is the upstream fix: http://sourceforge.net/p/xymon/code/7483/ Actually upstream fixed it in his latest release (4.3.18, September 2014) according to SVN: http://sourceforge.net/p/xymon/mailman/message/32876426/ But that version was never released, neither on SourceForge (http://sourceforge.net/projects/xymon/files/Xymon/) nor on the web page (https://www.xymon.com/) as both still list 4.3.17 as most recent release -- which is also the reason why I only discovered now that there actually is a new upstream release. On the mailing list there is a thread asking about the status of 4.3.18 and someone found a tar ball at https://www.xymon.com/patches/. At least the FreeBSD port maintainer doesn't seem to consider that one official according to http://lists.xymon.com/archive/2014-November/040653.html Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775851: marked as done (geoip-generator produces faulty v6/city database)
Your message dated Tue, 27 Jan 2015 11:33:26 + with message-id e1yg4oc-000703...@franck.debian.org and subject line Bug#775851: fixed in geoip 1.6.2-4 has caused the Debian Bug report #775851, regarding geoip-generator produces faulty v6/city database to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775851: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775851 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: gdnsd Version: 2.1.0-1 Severity: serious Tags: jessie sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20150117 qa-ftbfs Justification: FTBFS in jessie on amd64 Hi, During a rebuild of all packages in jessie (in a jessie chroot, not a sid chroot), your package failed to build on amd64. Relevant part (hopefully): make[6]: Entering directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' ASDIR=/«PKGBUILDDIR»/plugins/meta/libgdmaps/t ABDIR=/«PKGBUILDDIR»/plugins/meta/libgdmaps/t GEOLITE_FILES=LICENSE.txt GeoIP-20111210.dat GeoIPv6-20111210.dat GeoLiteCity-20111210.dat GeoLiteCityv6-20111210.dat regioncodes-20130115.csv TLIST=t00_v4db t01_v6db t02_v4citydb t03_v6citydb t04_v64db t05_v64citydb t06_v4nets t07_v6nets t08_cityauto t09_complex t10_def t11_def2 t12_defnone t13_castatdef t14_missingcoords t15_nogeo t99_loadonly t16_extnets t17_extn_empty t18_extn_all t19_extn_allg t20_extn_allgs t21_extn_subs t22_nets_corner t23_gn_corner ./trunner.sh Skipping GeoIP-based libgdmaps unit tests; missing GeoLite data. If you care to run these, execute 'make check-download' before 'make check' (This will download several megabytes of data from the public Internet!) If you wish to test basic loading success for arbitrary local GeoIP databases with plugin_geoip, please specify a list of absolute pathnames in $GDMAPS_GEOIP_TEST_LOAD By default, tests will be run against all of the following that exist and are readable in /usr/share/GeoIP/: GeoIP.dat GeoIPv6.dat GeoIPCity.dat GeoIPCityv6.dat GeoLiteCity.dat GeoLiteCityv6.dat Running test t15_nogeo ... Running test t17_extn_empty ... Running test t18_extn_all ... Running test t21_extn_subs ... Running test t22_nets_corner ... Checking basic database load on file /usr/share/GeoIP/GeoIP.dat ... OK Checking basic database load on file /usr/share/GeoIP/GeoIPv6.dat ... Load-only test on file '/usr/share/GeoIP/GeoIPv6.dat' failed w/ exit status 134; Test Output: info: Loading configuration from '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/config' info: plugin_geoip: map 'my_prod_map': Processing GeoIP database '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/geoip/loadonly.dat' error: plugin_geoip: map 'my_prod_map': Error traversing GeoIP database, corrupt? error: plugin_geoip: map 'my_prod_map': (Re-)loading geoip database '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t/testroot/etc/geoip/loadonly.dat' failed! fatal: plugin_geoip: map 'my_prod_map': cannot continue initial load Aborted make[6]: *** [check-local] Error 99 Makefile:1029: recipe for target 'check-local' failed make[6]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' make[5]: *** [check-am] Error 2 Makefile:899: recipe for target 'check-am' failed make[5]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps/t' make[4]: *** [check-recursive] Error 1 Makefile:494: recipe for target 'check-recursive' failed make[4]: Leaving directory '/«PKGBUILDDIR»/plugins/meta/libgdmaps' make[3]: *** [check-recursive] Error 1 Makefile:536: recipe for target 'check-recursive' failed make[3]: Leaving directory '/«PKGBUILDDIR»/plugins/meta' make[2]: *** [check-recursive] Error 1 Makefile:392: recipe for target 'check-recursive' failed make[2]: Leaving directory '/«PKGBUILDDIR»/plugins' make[1]: *** [check-recursive] Error 1 Makefile:501: recipe for target 'check-recursive' failed make[1]: Leaving directory '/«PKGBUILDDIR»' dh_auto_test: make -j1 test returned exit code 2 The full build log is available from: http://aws-logs.debian.net/ftbfs-logs/2015/01/17/gdnsd_2.1.0-1_jessie.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on EC2 VM instances from Amazon Web Services, using a clean, minimal and up-to-date chroot. Every failed build was retried once to eliminate random failures. ---End Message--- ---BeginMessage--- Source: geoip Source-Version: 1.6.2-4 We believe that the bug you reported is fixed in the latest version of geoip, which
Processed: your mail
Processing commands for cont...@bugs.debian.org: tag 755633 + pending Bug #755633 [src:sorl-thumbnail] sorl-thumbnail: Please ensure it works with Django 1.7 Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 755633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754565: moodle removal
On 27/01/15 21:27, Joost van Baal-Ilić wrote: On Tue, Jan 27, 2015 at 11:21:22AM +0100, Joost van Baal-Ilić wrote: Hi, I don't think removal of moodle right now is a sane thing. I'll upload a final 2.7.2 package to unstable within about 5 weeks. There has been a private discussion between me, Thijs Kinkhorst and Moritz Mühlenhoff about this. FWIW, my preliminary work is available from http://mdcc.cx/tmp/moodle/ . That's great! I'm glad to hear that it's still being worked on. Sorry for the RM request - I tried to call for maintainers before filing it a week ago and I didn't find a single person that wanted to put in the work to keep it. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776007: buffer overrun in acknowledge.c(gi)
On Tue, Jan 27, 2015 at 12:34:09PM +0100, Axel Beckert wrote: Hi Moritz, Moritz Mühlenhoff wrote: I think it's sufficient if we fix this in a point update, can you take care of that? Do you think of Jessie or Wheezy? As far as I can see, Wheezy is not affected: https://sources.debian.net/src/xymon/4.3.0%7Ebeta2.dfsg-9.1/web/bb-ack.c/#L248 I hadn't checked the status in jessie yet, but I just did and you're right: Wheezy/Squeeze is not affected. For jessie we can follow the usual upload/unblock procedure. Has this been forwarded upstream? Christoph told me on IRC that upstream is aware of it and has patched it in SVN, too. I just digged around in upstream's SVN repository and I think this is the upstream fix: http://sourceforge.net/p/xymon/code/7483/ Actually upstream fixed it in his latest release (4.3.18, September 2014) according to SVN: http://sourceforge.net/p/xymon/mailman/message/32876426/ But that version was never released, neither on SourceForge (http://sourceforge.net/projects/xymon/files/Xymon/) nor on the web page (https://www.xymon.com/) as both still list 4.3.17 as most recent release -- which is also the reason why I only discovered now that there actually is a new upstream release. On the mailing list there is a thread asking about the status of 4.3.18 and someone found a tar ball at https://www.xymon.com/patches/. At least the FreeBSD port maintainer doesn't seem to consider that one official according to http://lists.xymon.com/archive/2014-November/040653.html Ok, I'll request a CVE on oss-security. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770009: Backtrace for the hang
Le 27 janv. 2015 22:15, Vincent Fourmond fourm...@debian.org a écrit : I've run the build on the MIPS portebox. It hangs on the first SVG to PNG conversion. Here is a full backtrace. The process is for now stopped on the porterbox; I think I can leave it for some hours more at least, if other information could be useful. Smell like an openmp bug ny memory they are a enviroment variable to disable openmp. We could try Hope it helps, Vincent
Bug#776257: Fails to apply patch with dangling symlink
Michael Biebl [2015-01-26 1:55 +0100]: the latest update of patch broke the systemd package and causes it to FTBFS: BTW, at least glibc is also affected, and judging by the recent slew of autopkgtest failures in Ubuntu there's some more. We really need to get this fixed fast. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775788: Build-Attempted of icedove on powerpc-unicamp-01
Hello Wouter, the build of icedove 31.4.0-2 is broken again on powerpc-unicamp-01 (as expected). Could you please reschedule the build on another powerpc buildd again? Christoph has fixed a RC bug [6] with this version of icedove and by this it is important for us to get this version of icedove into testing. Thanks! (I don't have cut up the old mail because I added the RC bug about FTBFS on powerpc [7] to the CC list of this mail.) Am 22.01.2015 um 21:20 schrieb Carsten Schoenert: Hello Wouter, Am 20.01.2015 um 00:58 schrieb Wouter Verhelst: Could this problem depends on the autobuilder powerpc-unicamp-01? Possibly, but I don't think it's a configuration issue on the buildd or some such. All buildd hosts these days use throwaway chroots; that means that if the issue occurs, it *should* also occur in a clean chroot. Looking at the buildd log, we see: jemallocCompile-time page size does not divide the runtime one. which to me smells like an incorrect assumption either in jemalloc or in the code that uses jemalloc. But I'm not sure; I don't know what the message means. In the past from time to time we had build issues related to jemalloc [1], but Mozilla has worked on the code, probably initiated by Mike Hommey [3-5]. This message is produced by a simple check if the pagesize is different to internal result check. On powerpc (and other platforms as well) the source is setting a definition of MALLOC_STATIC_SIZES to 1 because the code should be compiled as compile-time constants for performance reasons. This means later that some things are hardcoded and hasn't to detect by the CPU and the system, but the jemalloc compiler is proofing later the environment [2] before it will translate the code. But exactly here on this on the buildd this check was failing. But how the jemalloc thing is exactly working ... I also don't know. :) And finally could you schedule a rebuild of icedove on another autobuilder? We could randomly disable icedove on some buildd hosts and not on others if it really FTBFS due to hardware, but I'd prefer to see the root cause found and (hopefully) fixed. We don't currently know what the problem is, though. I don't know if you have done some buildd's disabled for the icedove packages, but last night a build on host 'parry' was successful! That's because Christoph was meaning that there could be something different to the porter box. It would be interesting to found out what the differences are to the other buildd. [1] https://sources.debian.net/src/icedove/31.4.0-1/mozilla/memory/mozjemalloc/jemalloc.c/ [2] https://sources.debian.net/src/icedove/31.4.0-1/mozilla/memory/mozjemalloc/jemalloc.c/#L1085 [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708331 [4] https://bugzilla.mozilla.org/show_bug.cgi?id=825165 [5] https://bugzilla.mozilla.org/show_bug.cgi?id=840242 [6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770008 [7] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775788 -- Regards Carsten Schoenert signature.asc Description: OpenPGP digital signature
Bug#770009: Backtrace for the hang
Le 28 janv. 2015 08:00, roucaries bastien roucaries.bastien+deb...@gmail.com a écrit : Le 27 janv. 2015 22:15, Vincent Fourmond fourm...@debian.org a écrit : I've run the build on the MIPS portebox. It hangs on the first SVG to PNG conversion. Here is a full backtrace. The process is for now stopped on the porterbox; I think I can leave it for some hours more at least, if other information could be useful. Smell like an openmp bug ny memory they are a enviroment variable to disable openmp. We could try OMP_thread_limit=1 Hope it helps, Vincent
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
I'll follow-up in wheezy-backports this weekend, at that time it should land in jessie already. Best, Aron On Tue, Jan 27, 2015 at 6:21 PM, Moritz Mühlenhoff j...@inutil.org wrote: On Mon, Jan 26, 2015 at 09:14:55PM +0530, Ritesh Raj Sarraf wrote: On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote: On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. For Wheezy, it is building right now. Once the build is complete, I'll push it to s-p-u. And send you the debdiff. Please find attached the debdiff. Please give me an ACK, and then I'll do the upload. Looks good to me. Please upload to security-master, I'll take care of the update. Cheers, Moritz -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: closing 769346
Processing commands for cont...@bugs.debian.org: close 769346 Bug #769346 [jspwiki] jspwiki: switch to tomcat8 (or tomcat7) Marked Bug as done thanks Stopping processing here. Please contact me if you need assistance. -- 769346: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769346 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: fixed 769346 in 2.8.0-6
Processing commands for cont...@bugs.debian.org: fixed 769346 2.8.0-6 Bug #769346 [jspwiki] jspwiki: switch to tomcat8 (or tomcat7) Marked as fixed in versions jspwiki/2.8.0-6. thanks Stopping processing here. Please contact me if you need assistance. -- 769346: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769346 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Package: libc6 Version: 2.19-13 Severity: grave Tags: security upstream Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, as this has been made public, let's fix it quickly (it might even be a critical as this is remote): From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application. Upstream patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd Public announcement: http://www.frsag.org/pipermail/frsag/2015-January/005722.html Cheers, Ondrej - -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libc6 depends on: ii libgcc1 1:4.9.1-19 libc6 recommends no packages. Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.55 pn glibc-doc none ii locales2.19-13 ii locales-all [locales] 2.19-13 - -- debconf information excluded -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJUx6oxXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK 56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076 rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq 5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0 0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W YB3rV1cN3Um3W6f+8SoB =g7tZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776392: absence of default opt-cmd-flags makes connections fail
Package: apt-dater Version: 1.0.1+git20150119-1 Severity: serious apt-dater by default sets an empty (commented out) options file. after adding hosts, all connections failed because the commands were like this (transcript's command file): /usr/bin/ssh (null) -l chrysn hephaistos.amsuess.com with typescripts like that: ssh: Could not resolve hostname (null): Name or service not known after checking the lib/cmd script in the source coe and setting all the per-host settings, it turned out that the (null) comes from the $AD_SSH_OPTFLAGS variable there. setting ssh opt-cmd-flags=-t/ (or any other value) in apt-dater.xml works around the issue, but that should really not be necessary, and opt-cmd-flags should be initialized to instead of (null). (or, better, to -t, depending on how essential it is, but it seems like it). best regards chrysn -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages apt-dater depends on: ii libc6 2.19-13 ii libglib2.0-02.42.1-1 ii libncursesw55.9+20140913-1+b1 ii libpopt01.16-10 ii libtcl8.5 8.5.17-1 ii libtinfo5 5.9+20140913-1+b1 ii libxml2 2.9.2+dfsg1-1+b1 ii lockfile-progs 0.1.17 ii openssh-client 1:6.7p1-3 ii screen 4.2.1-3 apt-dater recommends no packages. Versions of packages apt-dater suggests: ii apt-dater-host 1.0.0-2 ii xsltproc1.1.28-2+b2 -- no debconf information -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom signature.asc Description: Digital signature
Processed: reopening 776391, found 776391 in 2.13-38+deb7u6
Processing commands for cont...@bugs.debian.org:
# Reopen and add stable as oldstable and stable diverged
reopen 776391
Bug #776391 {Done: Florian Weimer f...@deneb.enyo.de} [eglibc]
[CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Bug reopened
Ignoring request to alter fixed versions of bug #776391 to the same values
previously set
found 776391 2.13-38+deb7u6
Bug #776391 [eglibc] [CVE-2015-0235]: heap-based buffer overflow in
__nss_hostname_digits_dots()
There is no source info for the package 'eglibc' at version '2.13-38+deb7u6'
with architecture ''
Unable to make a source version for version '2.13-38+deb7u6'
Marked as found in versions 2.13-38+deb7u6.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
776391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#686877: marked as done (libtomcat-maven-plugin-java: please migrate to Tomcat 7)
Your message dated Tue, 27 Jan 2015 15:49:44 + with message-id e1yg8oe-0004pp...@franck.debian.org and subject line Bug#686877: fixed in tomcat-maven-plugin 1.1-2.2 has caused the Debian Bug report #686877, regarding libtomcat-maven-plugin-java: please migrate to Tomcat 7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686877 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libtomcat-maven-plugin-java Version: 1.1-2 Severity: normal libtomcat-maven-plugin-java depends on libtomcat6-java, leading to indirect conflicts with packages such as Eclipse 3.8 that depend on libtomcat7-java. (The Tomcat packages cannot coexist because both ship unversioned symlinks.) Could you please look into joining Eclipse on libtomcat7-java? Thanks! -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libtomcat-maven-plugin-java depends on: ii libcommons-codec-java 1.6-1 ii libmaven2-core-java 2.2.1-8 ii libplexus-archiver-java 1.0~alpha12-3 ii libplexus-classworlds-java 1.5.0-4 ii libplexus-utils-java1:1.5.15-4 ii libtomcat6-java 6.0.35-4 ii libwagon-java 1.0.0-2 libtomcat-maven-plugin-java recommends no packages. libtomcat-maven-plugin-java suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: tomcat-maven-plugin Source-Version: 1.1-2.2 We believe that the bug you reported is fixed in the latest version of tomcat-maven-plugin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 686...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg ebo...@apache.org (supplier of updated tomcat-maven-plugin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 27 Jan 2015 16:26:54 +0100 Source: tomcat-maven-plugin Binary: libtomcat-maven-plugin-java Architecture: source all Version: 1.1-2.2 Distribution: unstable Urgency: medium Maintainer: David Paleino da...@debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: libtomcat-maven-plugin-java - Tomcat Maven plugin Closes: 686877 Changes: tomcat-maven-plugin (1.1-2.2) unstable; urgency=medium . * Non-maintainer upload. * Build with tomcat7 instead of tomcat6 (Closes: #686877) * Standards-Version updated to 3.9.6 (no changes) Checksums-Sha1: da57bd7d3bf44bcb3b035990f827a60551c69e0c 2130 tomcat-maven-plugin_1.1-2.2.dsc 17552a31c4274ac1746cde643b9cbf61a84d115c 3700 tomcat-maven-plugin_1.1-2.2.debian.tar.xz 234f1c0bd1b3343e0782e324bc7d6427f0f6bce4 54376 libtomcat-maven-plugin-java_1.1-2.2_all.deb Checksums-Sha256: df8c02fdcc53ef9e57f70f6af9b8edc4864a81d5ecc5d397abc34b1f93fa2af9 2130 tomcat-maven-plugin_1.1-2.2.dsc 3e5e11d4c3e187b283353b40ff2d80a6fe1ff67ce223bb7c2d57c550ee8da3de 3700 tomcat-maven-plugin_1.1-2.2.debian.tar.xz 6f0cedbd2eef81b6451d1976f9e1d4225675da641100923a8e183483de6b53f2 54376 libtomcat-maven-plugin-java_1.1-2.2_all.deb Files: 4748018dfa471360c1621e6776cf5e35 2130 java extra tomcat-maven-plugin_1.1-2.2.dsc 53bffecf2090c9c576387282365620bd 3700 java extra tomcat-maven-plugin_1.1-2.2.debian.tar.xz 127bc3a5753774f34fe9ee9d79197c03 54376 java extra libtomcat-maven-plugin-java_1.1-2.2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUx69+AAoJEPUTxBnkudCsJToP+gInHF1BrVCwTSQrOvfkVpXp Zkd7Jcg8e6ELh2DARQVCPZ43egjfmHiNZCzFxb1AW4uDlPCLp957oFpAjnNOjtb0 AbfeiNFeyuNtfYX8Z1Wm1EnzSandAlNoW9KjHP/dlfzWg53abgU99Q7THpQ8PIKY HKuoxle3OHS2DV9vE4m+JC39wFvzJVDEscCjkkgUS883+Br6iQ7QMOLweswDxQCZ hAim8lmt0ZSHNaiOmNOcb0suY+SMmQb/peEJRVcEnx6zkUv9T4TBmueateqoUe+D 6mhCwnLlV2co2iPl0WoUGfe+RUyXT/VPiPzab2RV4FiOztT2peacHHZeM8SERIok +Oao1gruztqogzD0lebzpk8R2ydHuuDO1Zof3WXUIf2bc5zTteG4k03jllCySKAd
Processed: reassign 776391 to eglibc
Processing commands for cont...@bugs.debian.org:
# Fixed in glibc in sid/testing, reassigning to eglibc
# Assuming oldstable to be affected
reassign 776391 eglibc 2.11.3-4
Bug #776391 {Done: Florian Weimer f...@deneb.enyo.de} [libc6]
[CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Bug reassigned from package 'libc6' to 'eglibc'.
No longer marked as found in versions glibc/2.19-13.
No longer marked as fixed in versions 2.18-1.
Bug #776391 {Done: Florian Weimer f...@deneb.enyo.de} [eglibc]
[CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
There is no source info for the package 'eglibc' at version '2.11.3-4' with
architecture ''
Unable to make a source version for version '2.11.3-4'
Marked as found in versions 2.11.3-4.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
776391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#709910: marked as done (squid: postinst uses /usr/share/doc content (Policy 12.3))
Your message dated Tue, 27 Jan 2015 15:20:59 +
with message-id e1yg7wp-if...@franck.debian.org
and subject line Bug#709910: fixed in squid 2.7.STABLE9-5
has caused the Debian Bug report #709910,
regarding squid: postinst uses /usr/share/doc content (Policy 12.3)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
709910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709910
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: squid
Version: 2.7.STABLE9-4.1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
a test with piuparts revealed that your package uses files from
/usr/share/doc in its maintainer scripts which is a violation of
Policy 12.3: Packages must not require the existence of any files in
/usr/share/doc/ in order to function.
http://www.debian.org/doc/debian-policy/ch-docs.html#s12.3
These files must be moved to /usr/share/$PACKAGE and may be symlinked
from /usr/share/doc/$PACKAGE.
This piuparts tests prevents the installation of (most) files into
/usr/share/doc with 'dpkg --path-exclude=...'.
From the attached log (scroll to the bottom...):
Selecting previously unselected package squid.
(Reading database ... 10332 files and directories currently installed.)
Unpacking squid (from .../squid_2.7.STABLE9-4.1_amd64.deb) ...
Setting up squid (2.7.STABLE9-4.1) ...
cp: cannot stat '/usr/share/doc/squid/examples/squid.conf': No such file or
directory
dpkg: error processing squid (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
squid
Cheers,
Andreas
squid_2.7.STABLE9-4.1.log.gz
Description: GNU Zip compressed data
---End Message---
---BeginMessage---
Source: squid
Source-Version: 2.7.STABLE9-5
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 709...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano lu...@debian.org (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 27 Jan 2015 13:20:52 +0100
Source: squid
Binary: squid squid-common
Architecture: source all amd64
Version: 2.7.STABLE9-5
Distribution: unstable
Urgency: medium
Maintainer: Luigi Gangitano lu...@debian.org
Changed-By: Luigi Gangitano lu...@debian.org
Description:
squid - Internet object cache (WWW proxy cache)
squid-common - Internet object cache (WWW proxy cache) - common files
Closes: 631514 660626 709910 738557 776194
Changes:
squid (2.7.STABLE9-5) unstable; urgency=medium
.
* Urgency medium due to security issues
.
* debian/patches/70-CVE-2014-3609
- Fixes DoS in request processing, thanks to Sebastien Delafond
(Closes: #776194) (Ref: SQUID-2014:2, CVE-2014-3609)
.
* debian/control
- Removed dependency on hardening-wrapper and dpatch
- Added dependency on quilt
- Bumped Standard-Versions to 3.9.6, fixing missing target in rules
.
* debian/rules
- Added dpkg-buildflags usage from dpkg-dev
- Added missing targets build-arch, build-indep
- Moved standard config file to /usr/share/squid (Closes: #709910)
.
* debian/patches/*
- Converted to quilt patch handling
.
* debian/{config,postinst}
- Fix upgrade failures where cache_dir type of null is in use by
checking that cache_dir points at a real directory or symbolic
link, thanks to James Page (Closes: #631514).
.
* debian/squid.rc
- Removed hardcoded config path, thanks to Oleg (Closes: #738557)
.
* debian/po/tr.po
- Added Turkish debconf transaltion, thanks to Atila KOÇ (Closes: #660626)
Checksums-Sha1:
f679c1fd5c7a710b550ac3a25c276aaf61777479 1841 squid_2.7.STABLE9-5.dsc
af3c0fd99a5b9d02d2847f1b51c1080870138c38 306799 squid_2.7.STABLE9-5.diff.gz
686dea8ef27f1b310fa24172332d203782f66be8 352910
squid-common_2.7.STABLE9-5_all.deb
896a84a3588d2ed1f1670bdfcd1636f2d6618679 666806 squid_2.7.STABLE9-5_amd64.deb
Checksums-Sha256:
4343fd0d19accf725e9f9be679357c31c9bcd68d972fb4232e008aa6e23e0925 1841
Bug#776391: marked as done ([CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots())
Your message dated Tue, 27 Jan 2015 16:40:15 +0100 with message-id 877fw81bc0@mid.deneb.enyo.de and subject line Re: Bug#776391: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots() has caused the Debian Bug report #776391, regarding [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots() to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libc6 Version: 2.19-13 Severity: grave Tags: security upstream Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, as this has been made public, let's fix it quickly (it might even be a critical as this is remote): From: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application. Upstream patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd Public announcement: http://www.frsag.org/pipermail/frsag/2015-January/005722.html Cheers, Ondrej - -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libc6 depends on: ii libgcc1 1:4.9.1-19 libc6 recommends no packages. Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.55 pn glibc-doc none ii locales2.19-13 ii locales-all [locales] 2.19-13 - -- debconf information excluded -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJUx6oxXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTUsQAKiKMrTsD8TQApyJ84sUFUuy Tx0SBQsLlFGGH5Z076/469hU3ydkUl/36Q41lvYs2R/GSVxxh+TzUuBln9LeYlZK 56HYuYIMQMstINLgJONinl0h6mPE7qQN6F+TFcsoNkaKAQW0xFuNon1qTyXKkTgl XpZJf27HDsy9EMQckEybPGxA7TSpbSelVd7Z44NEklan+RSG17s6hPpj830Qa076 rg7DBG3qhh6RQQkUZx67iS5uTJ6JzTeKjJ1IMdr6sHnwc2MW1WTFU5UpEZq4yqDD wQ7Ct3wME+3ZKPyXDF1ql3FS5N1/X5v6lAQ/PGHPcKb+5H8zAsaPFOxEg+VegXbI QXt9jPVRI3VCtD2/1X+ctRXFgll+tEMimtFT99FAbJHv4YdqbJ0KHGSyV+PDs+wq 5BAlBzTNqSkbhqEWDY4tLgtntG9ryCheU9E4JIamo2QZxxDHJ44X+9nwq7c7H5I0 0c8iKCgMXAaIQmtgCcnpnDPpFXbNi978oiRmMJRk/CwXkmeq2UqfJIJnEqieAeru ZcQpFFTyioxTfYOWj1iIyV9wpZIjKW9UkYpPH5IYZAhjSqAgKlnJsk+DVytQwhCw IM2pDzr1WeotdnFUMkVQ1h/ZE6IXQyw4k9nf3ITJjqVvuOgygHBTo3rMr1/uKd8W YB3rV1cN3Um3W6f+8SoB =g7tZ -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- Version: 2.18-1 * Ondřej Surý: as this has been made public, let's fix it quickly (it might even be a critical as this is remote): Already fixed in jessie/sid. I've just sent out the DSA as well.---End Message---
Processed: severity of 759633 is important
Processing commands for cont...@bugs.debian.org: severity 759633 important Bug #759633 [src:tomcat-maven-plugin] tomcat-maven-plugin: Please replace dependencies on tomcat6 with tomcat8 Severity set to 'important' from 'serious' thanks Stopping processing here. Please contact me if you need assistance. -- 759633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: fixed 776391 in 2.18-1
Processing commands for cont...@bugs.debian.org: fixed 776391 2.18-1 Bug #776391 [eglibc] [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots() There is no source info for the package 'eglibc' at version '2.18-1' with architecture '' Unable to make a source version for version '2.18-1' Marked as fixed in versions 2.18-1. thanks Stopping processing here. Please contact me if you need assistance. -- 776391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776400: grub-ieee1275: ppc64el-disable-vsx.patch applied to 32-bit kernel.img causes exception at 0x20000008 (mtmsrd 0)
Package: grub-ieee1275
Version: 2.02~beta2-20
Severity: grave
Justification: renders package unusable
Dear Maintainer,
On a powerpc g4 (mac) system I am trying to switch from yaboot to grub.
The provided image always faults 8 bytes in. Looking at the patches for
grub I see ppc64el-disable-vsx.patch
http://anonscm.debian.org/cgit/pkg-grub/grub.git/tree/debian/patches/ppc64el-disable-vsx.patch?id=debian/2.02.beta2-20
is causing the problem with the mtmsrd instruction.
I think the solution is to not apply this patch for 32-bit builds.
Thanks
-Mark
-- Package-specific info:
*** BEGIN /proc/mounts
/dev/mapper/vg2TB-root2TB / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
/dev/mapper/vg2TB-tmp2TB /tmp ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-boot2TB /boot ext4 rw,relatime,data=ordered 0 0
/dev/mapper/vg2TB-usr2TB /usr ext4 rw,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-tftpboot2TB /tftpboot ext4 rw,relatime,data=ordered 0 0
/dev/mapper/vg2TB-src2TB /src ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-opt2TB /opt ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-home2TB /home ext4 rw,nosuid,relatime,data=ordered 0 0
/dev/mapper/vg2TB-obj2TB /obj ext4 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/mapper/vg2TB-upload2TB /upload ext4 rw,nosuid,nodev,relatime,data=ordered
0 0
*** END /proc/mounts
*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ ${next_entry} ] ; then
set default=${next_entry}
set next_entry=
save_env next_entry
set boot_once=true
else
set default=0
fi
if [ x${feature_menuentry_id} = xy ]; then
menuentry_id_option=--id
else
menuentry_id_option=
fi
export menuentry_id_option
if [ ${prev_saved_entry} ]; then
set saved_entry=${prev_saved_entry}
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z ${boot_once} ]; then
saved_entry=${chosen}
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod part_gpt
insmod diskfilter
insmod mdraid1x
insmod lvm
insmod ext2
set
root='lvmid/rryS8H-OjOu-XGJ4-B6WS-vFv0-Y11Y-skD2O6/3k1lNp-bA8O-z624-ZhND-OCg7-p0FF-3cmxAS'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/rryS8H-OjOu-XGJ4-B6WS-vFv0-Y11Y-skD2O6/3k1lNp-bA8O-z624-ZhND-OCg7-p0FF-3cmxAS'
f0cca1bf-40ee-46ad-bb93-49f3cd18e34d
else
search --no-floppy --fs-uuid --set=root f0cca1bf-40ee-46ad-bb93-49f3cd18e34d
fi
font=/share/grub/unicode.pf2
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
if [ ${recordfail} = 1 ] ; then
set timeout=-1
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/02_preload_wip ###
insmod part_apple
insmod ext2
### END /etc/grub.d/02_preload_wip ###
### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload=${1}
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu
--class os $menuentry_id_option
'gnulinux-simple-8c4f6b3f-19ad-4af2-8bd0-23d8604b6db4' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod part_gpt
insmod diskfilter
insmod mdraid1x
insmod lvm
insmod ext2
set
root='lvmid/rryS8H-OjOu-XGJ4-B6WS-vFv0-Y11Y-skD2O6/nDEBWZ-muEF-QXhl-5oxr-5MB9-gAIE-xpnOgW'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root
--hint='lvmid/rryS8H-OjOu-XGJ4-B6WS-vFv0-Y11Y-skD2O6/nDEBWZ-muEF-QXhl-5oxr-5MB9-gAIE-xpnOgW'
059e3a8d-ced6-43f8-babb-f14e35e80707
else
search --no-floppy --fs-uuid --set=root
059e3a8d-ced6-43f8-babb-f14e35e80707
fi
echo'Loading Linux 3.16.0-4-powerpc ...'
linux /vmlinux-3.16.0-4-powerpc root=/dev/mapper/vg2TB-root2TB ro
Processed: fixed 776391 in 2.13-38+deb7u7
Processing commands for cont...@bugs.debian.org: fixed 776391 2.13-38+deb7u7 Bug #776391 [eglibc] [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots() There is no source info for the package 'eglibc' at version '2.13-38+deb7u7' with architecture '' Unable to make a source version for version '2.13-38+deb7u7' Marked as fixed in versions 2.13-38+deb7u7. thanks Stopping processing here. Please contact me if you need assistance. -- 776391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776251: ack-grep fails to install due to diversion problem
Le 26 Jan 2015 15:17, gregor herrmann a écrit: On Mon, 26 Jan 2015 01:01:03 +0100, Axel Beckert wrote: $ dpkg-divert --list *ack* local diversion of /usr/bin/ack-grep to /usr/bin/ack ^ ... which backs my assumption that a _local_ diversion (i.e. none made by a package) is the cause. That's my interpretation as well. I don't remember having made such a diversion by myself, but anyway it is probably the case. I tend to close this issue as invalid/wontfix since the cause is a local (common(*) but so far unsupported) modification of the package. IMHO it has nothing to do with the package itself. But I'd like to hear comments from others from others (especially the Debian Perl Team and the Release Team) first, too. I agree with the wontfix+close. If they agree, I can imagine to add a diversion detection and then removal to ack-grep's preinst script despite the package never used a diversion. But I'm a) unsure if it's ok for a package to remove a _local_ diversion, and Hm; rather not. Maybe a warning might be ok. b) if it's a good idea to introduce such a change that late in the freeze. Probably not. Just a note somewhere would be enough I guess. Best, Olivier -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775776: marked as done (polarssl: CVE-2015-1182: Remote attack using crafted certificates)
Your message dated Tue, 27 Jan 2015 17:19:00 + with message-id e1yg9n2-00088s...@franck.debian.org and subject line Bug#775776: fixed in polarssl 1.3.9-2.1 has caused the Debian Bug report #775776, regarding polarssl: CVE-2015-1182: Remote attack using crafted certificates to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775776: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775776 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: polarssl Version: 1.3.9-2 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for polarssl. CVE-2015-1182[0]: Remote attack using crafted certificates If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1182 [1] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ---End Message--- ---BeginMessage--- Source: polarssl Source-Version: 1.3.9-2.1 We believe that the bug you reported is fixed in the latest version of polarssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso car...@debian.org (supplier of updated polarssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jan 2015 22:09:05 +0100 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source amd64 Version: 1.3.9-2.1 Distribution: unstable Urgency: high Maintainer: Roland Stigge sti...@antcom.de Changed-By: Salvatore Bonaccorso car...@debian.org Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Closes: 775776 Changes: polarssl (1.3.9-2.1) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2015-1182.patch patch. CVE-2015-1182: Denial of service and possible remote code execution using crafted certificates. (Closes: #775776) Checksums-Sha1: d8f9dacdfe1e00c0cb41319b40fae41307750a57 1833 polarssl_1.3.9-2.1.dsc 13fb803bac2b1e3a83ec90ab7f7cf753a0b5ada6 5612 polarssl_1.3.9-2.1.debian.tar.xz Checksums-Sha256: 017aa7fce9f8d61df4d0a4f5fbb9c91a5c1a797999e1672737bc324ea6e8dbe5 1833 polarssl_1.3.9-2.1.dsc 99ff3fb51beca52bc6b522e0ce42a95d424f67146223e58726fbc5a99ec522e8 5612 polarssl_1.3.9-2.1.debian.tar.xz Files: 7ae3d2b06b11bdb6e33f6cfe483d8199 1833 libs optional polarssl_1.3.9-2.1.dsc 5a1f98fc7c48751d2912d115981dcb18 5612 libs optional polarssl_1.3.9-2.1.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUwSvUAAoJEAVMuPMTQ89E/kIP/1PLKNLpyu6CkAM1LcVaJELD oKnGUE6Nmb/832CE9oPwnwz412ds3EyofR7ATr1dNnShcpgzw0iho5sBqKmjdMkd f8RWcdkknTturZKj9JkOa927/FDcVURCGtUaYRfVVYk2LUX71qjvNEKdMARr60jk 57AWBPWKtDBEpDs67lavL/+W4FoOgQujEDySQFQsuVpkPWOg+Bj/LaE7TBkz0NEE ePaN38/gOgQcjr7zp4fFK+KfOV9B5Q5DHSk7wiWhsCvBhqXlqKC39oFfPeRBzWjt 6V61OToDP+0yb3vkG1d+z3yLRPqss2SZ5+HT02Nq9t/jt50uJGn7Wy5C+nW8NYOc lvjRlyecdeIgQ7p4VQ8oA5cACdcz46C3SZZua7Sx7ek0yfTlYTnxV5XpYSuyJnV9 BgnI20o4fZl5suNcA0lZVa2J/s0jJUBg3+RiC0dJFUB4NDFCTTypt7jp+w6DPX3a 5VYERWqL4Pe26+QJ8rFJg2dMO+Nh2jAIVRLT8s+DM8CVKFVRCdvZjSrrF7P+7g9l r3tZC7WUQsf39HA/qwJhaEPsQaGzQtDGl3aCQ+5hmDkFqfHT8pyxVbEtyCnd/dI9 BvjlQCsd/AV6q41WIeXXirZoPNuh50Nvqn2auKUoLzjYOGinCa9FykMtliGYO14O udKOzRvMffzQ55S1kU5v =TCvG -END PGP SIGNATUREEnd Message---
Processed: severity of 776251 is normal, tagging 776251
Processing commands for cont...@bugs.debian.org: # only systems with local modifications of non-conffiles are affected severity 776251 normal Bug #776251 [ack-grep] ack-grep fails to install due to diversion problem Severity set to 'normal' from 'grave' tags 776251 + wontfix Bug #776251 [ack-grep] ack-grep fails to install due to diversion problem Added tag(s) wontfix. thanks Stopping processing here. Please contact me if you need assistance. -- 776251: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 775439
Processing commands for cont...@bugs.debian.org: tags 775439 + sid Bug #775439 [winetricks] winetricks: vcrun2013 not installable (sha1sum mismatch) Added tag(s) sid. thanks Stopping processing here. Please contact me if you need assistance. -- 775439: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775439 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: user debian-secur...@lists.debian.org, usertagging 775901, usertagging 775873 ...
Processing commands for cont...@bugs.debian.org:
user debian-secur...@lists.debian.org
Setting user to debian-secur...@lists.debian.org (was car...@debian.org).
usertags 775901 + tracked
Usertags were: tracked.
Usertags are now: tracked.
usertags 775873 + tracked
Usertags were: tracked.
Usertags are now: tracked.
retitle 775901 patch: CVE-2015-1396: another directory traversal via symlinks
Bug #775901 {Done: Laszlo Boszormenyi (GCS) g...@debian.org} [patch] patch:
another directory traversal via symlinks
Changed Bug title to 'patch: CVE-2015-1396: another directory traversal via
symlinks' from 'patch: another directory traversal via symlinks'
retitle 775873 patch: CVE-2015-1395: directory traversal via file rename
Bug #775873 {Done: Laszlo Boszormenyi (GCS) g...@debian.org} [patch] patch:
directory traversal via file rename
Changed Bug title to 'patch: CVE-2015-1395: directory traversal via file
rename' from 'patch: directory traversal via file rename'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
775873: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873
775901: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776388: chromium does not start at all
control: severity -1 normal control: retitle -1 chromium: should conflict with libgl1-mesa-swx11 On Tue, Jan 27, 2015 at 10:13 AM, Santiago Vila wrote: The only special thing about my system is that 3D acceletarion does not work properly and I have to use libgl1-mesa-swx11 instead of libgl1-mesa-glx (see Bug#763890). Do any opengl applications actually work as expected with swx11? I tried minetest and it too didn't start. I'm happy to add a conflicts post-jessie, but there are an incredible number of other opengl applications just as likely to be incompatible with swx11, so each cannot possibly be release critical. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#776388: chromium does not start at all
Processing control commands: severity -1 normal Bug #776388 [chromium] chromium does not start at all Severity set to 'normal' from 'serious' retitle -1 chromium: should conflict with libgl1-mesa-swx11 Bug #776388 [chromium] chromium does not start at all Changed Bug title to 'chromium: should conflict with libgl1-mesa-swx11' from 'chromium does not start at all' -- 776388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776388 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
