Processed: [bts-link] source package tracker
Processing commands for cont...@bugs.debian.org: # # bts-link upstream status pull for source package tracker # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). # remote status report for #769759 (http://bugs.debian.org/769759) # Bug title: tracker-extract dumps the complete file it cannot index to stdout/stderr # * http://bugzilla.gnome.org/show_bug.cgi?id=735406 # * remote status changed: UNCONFIRMED - RESOLVED # * remote resolution changed: (?) - FIXED # * closed upstream forwarded 769759 https://bugzilla.gnome.org/show_bug.cgi?id=741137, merged-upstream: http://bugzilla.gnome.org/show_bug.cgi?id=735406 Bug #769759 [tracker-extract] tracker-extract dumps the complete file it cannot index to stdout/stderr Bug #754907 [tracker-extract] tracker-extract: Spams system logs Changed Bug forwarded-to-address to 'https://bugzilla.gnome.org/show_bug.cgi?id=741137, merged-upstream: http://bugzilla.gnome.org/show_bug.cgi?id=735406' from 'https://bugzilla.gnome.org/show_bug.cgi?id=741137' Changed Bug forwarded-to-address to 'https://bugzilla.gnome.org/show_bug.cgi?id=741137, merged-upstream: http://bugzilla.gnome.org/show_bug.cgi?id=735406' from 'https://bugzilla.gnome.org/show_bug.cgi?id=741137' tags 769759 + fixed-upstream Bug #769759 [tracker-extract] tracker-extract dumps the complete file it cannot index to stdout/stderr Bug #754907 [tracker-extract] tracker-extract: Spams system logs Added tag(s) fixed-upstream. Added tag(s) fixed-upstream. usertags 769759 - status-UNCONFIRMED Usertags were: status-UNCONFIRMED. Usertags are now: . usertags 769759 + status-RESOLVED resolution-FIXED There were no usertags set. Usertags are now: status-RESOLVED resolution-FIXED. # remote status report for #769759 (http://bugs.debian.org/769759) # Bug title: tracker-extract dumps the complete file it cannot index to stdout/stderr # * http://bugzilla.gnome.org/show_bug.cgi?id=735406 # * remote status changed: UNCONFIRMED - RESOLVED # * remote resolution changed: (?) - FIXED # * closed upstream forwarded 769759 https://bugzilla.gnome.org/show_bug.cgi?id=741137, merged-upstream: http://bugzilla.gnome.org/show_bug.cgi?id=735406 Bug #769759 [tracker-extract] tracker-extract dumps the complete file it cannot index to stdout/stderr Bug #754907 [tracker-extract] tracker-extract: Spams system logs Ignoring request to change the forwarded-to-address of bug#769759 to the same value Ignoring request to change the forwarded-to-address of bug#754907 to the same value tags 769759 + fixed-upstream Bug #769759 [tracker-extract] tracker-extract dumps the complete file it cannot index to stdout/stderr Bug #754907 [tracker-extract] tracker-extract: Spams system logs Ignoring request to alter tags of bug #769759 to the same tags previously set Ignoring request to alter tags of bug #754907 to the same tags previously set usertags 769759 - status-UNCONFIRMED Usertags were: status-RESOLVED resolution-FIXED. Usertags are now: status-RESOLVED resolution-FIXED. usertags 769759 + status-RESOLVED resolution-FIXED Usertags were: status-RESOLVED resolution-FIXED. Usertags are now: status-RESOLVED resolution-FIXED. thanks Stopping processing here. Please contact me if you need assistance. -- 754907: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754907 769759: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769759 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776131: gridengine: Should gridengine be removed from jessie?
Ondřej == Ondřej Surý ond...@sury.org writes: Ondřej Hi Roland, On Thu, Jan 29, 2015, at 13:39, Roland Ondřej Fehrenbacher wrote: My offer to take over still stands. What needs to be done to keep it in jessie? Can we package Son of Grid Engine and still get it uploaded to jessie? Ondřej Nope, the only thing you can do is fix the RC bugs to keep Ondřej the gridengine in jessie. Ok, so it'll have to go ... Ondřej So I guess it would be better to just remove it from jessie, Ondřej do the work on 8.x in unstable and use jessie-backports to Ondřej provide the usable current version to jessie users if Ondřej there's a need for it. Sounds like a reasonable plan. Cheers, Roland --- http://www.q-leap.com / http://qlustar.com --- HPC / Storage / Cloud Linux Cluster OS --- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776583: libparanamer-java: Missing parent POM
Le 29/01/2015 17:08, Markus Koschany a écrit : thanks for noticing. I think I would go for adding the --no-parent flag. Shall I update the package with this change? Hi Markus, I've updated the package in the Git repository with the --no-parent flag. I haven't uploaded it yet because I also need the Maven plugin (#776586). Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776520: marked as done (testng: jquery-1.7.1.min.js is missing from testng.jar)
Your message dated Thu, 29 Jan 2015 09:34:30 + with message-id e1ygluc-0004ww...@franck.debian.org and subject line Bug#776520: fixed in testng 6.8.8-4 has caused the Debian Bug report #776520, regarding testng: jquery-1.7.1.min.js is missing from testng.jar to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776520 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: testng Version: 6.8.8-3 Severity: grave Justification: renders package unusable When executing the unit tests of Apache Curator with testng/6.8.8-3 I got the following exception: org.apache.maven.surefire.util.SurefireReflectionException: java.lang.reflect.InvocationTargetException; nested exception is java.lang.reflect.InvocationTargetException: null java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:164) at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:110) at org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:175) at org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcessWhenForked(SurefireStarter.java:107) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:68) Caused by: java.lang.AssertionError: Couldn't find resource: jquery-1.7.1.min.js at org.testng.reporters.jq.Main.generateReport(Main.java:81) at org.testng.TestNG.generateReports(TestNG.java:1115) at org.testng.TestNG.run(TestNG.java:1074) at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:70) at org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:158) at org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:98) at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:111) ... 9 more It seems jquery-1.7.1.min.js is missing from /usr/share/java/testng.jar. This issue is fixed in testng/6.8.17-1 currently in experimental, but this should be fixed for Jessie. ---End Message--- ---BeginMessage--- Source: testng Source-Version: 6.8.8-4 We believe that the bug you reported is fixed in the latest version of testng, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill tmanc...@debian.org (supplier of updated testng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 18 Dec 2014 09:56:48 -0800 Source: testng Binary: testng Architecture: source all Version: 6.8.8-4 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: tony mancill tmanc...@debian.org Description: testng - testing framework for Java Closes: 771260 776520 Changes: testng (6.8.8-4) unstable; urgency=medium . [ tony mancill ] * Team upload. * Add explicit build-dep on ant. (Closes: #771260) . [ Eugene Zhukov ] * Add back jquery-1.7.1.min.js. (Closes: #776520) Checksums-Sha1: 8a9dc0675548821464e45b9425c1d6cd4839aff4 2050 testng_6.8.8-4.dsc fdfd7fee8279928093ae2da4a739bef9d350fff8 66900 testng_6.8.8-4.debian.tar.xz 22cb3f1085e60381f4e408e12d3a963d3019aff2 786698 testng_6.8.8-4_all.deb Checksums-Sha256: 282a9197d774a3fed77b740c51cac3a28a8bc97919242c0aee08f523b10bba28 2050 testng_6.8.8-4.dsc 1aa1c7c5902957b5813d6194878d298eadd7de28d60613c72c3d0038cd7a25fe 66900 testng_6.8.8-4.debian.tar.xz 1b9e38e882f0c85b4c5997c9a19fc4a4b2350831869bc7adae98d51b39966be2 786698 testng_6.8.8-4_all.deb Files:
Bug#775801: tomcat7: update ecj.jar also to avoid java.util.Map$Entry cannot be resolved error during jsp compilation
Dear Emmanuel, On a different installation of debian stable, Christian did the following: 1) apt-get upgrade --- libecj-java was unchanged 2) install tomcat7.056 libtomcat7-java:all 7.0.28-4+deb7u1 = 7.0.56-1~bpo70+2 tomcat7-common:all 7.0.28-4+deb7u1 = 7.0.56-1~bpo70+2 tomcat7:all 7.0.28-4+deb7u1 = 7.0.56-1~bpo70+2 3) tried to run tomcat, but the Map$Entry cannot be resolved problem was there 4) then Christian did apt-get -t wheezy-backports install libecj-java --libecj-java:all 3.5.1-3 = 3.10.1-1~bpo70+1 5) now the problem no longer occurs So, I guess in your backport the dependency for this is missing? Ralf -Original Message- From: Emmanuel Bourg [mailto:emmanuel.bo...@gmail.com] On Behalf Of Emmanuel Bourg Sent: Dienstag, 20. Januar 2015 10:36 To: Ralf Hauser; 775...@bugs.debian.org Subject: Re: Bug#775801: tomcat7: update ecj.jar also to avoid java.util.Map$Entry cannot be resolved error during jsp compilation Hi Ralf, Thank you for the report. Could you install the libecj-java/3.10.1-1 package from the wheezy-backports and try again please? It contains the version 4.4 used by Tomcat upstream and is likely to fix this issue. Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776137: sudo: fails to switch between sudo and sudo-ldap: chown: cannot access '/etc/sudoers': No such file or directory
Hi Andreas, I'm not quite sure we're on the same page yet, but I'm also not 100% confident that I'm in the right. So here are some additional thoughts: On 2015-01-29 09:31, Andreas Beckmann wrote: And while switching sudo-sudo-ldap the following happens: sudo gets removed, conffile remains sudo-ldap.preinst gets called with no previous version, so the conffile handling is activated - the md5sum matches that one from wheezy and therefore /etc/sudoers is moved aside It's moved aside if, and only if, /etc/sudoers is the pristine package version. So if it's moved to /etc/sudoers.pre-conffile, we know that 1. The conffile has not been modified by the user 2. The conffile has not been deleted by the user Furthermore, the only reason it is being moved is to avoid a modified conffile dialogue when the file was, in fact, not modified. sudo-ldap replaces sudo and takes over a deleted conffile I don't think so... see above: if it had been deleted (in the sense that the user rm -f'ed it), /etc/sudoers.pre-conffile would not exist (md5sum mismatch of /etc/sudoers). this is not reinstated - per policy sudo-ldap.postinst explodes on the deleted conffile. There's two cases here: Case 1: If it had been deleted (by the user), then postinst would indeed fail at the chown. Part A. of my patch addresses this issue. Case 2: if /etc/sudoers but /etc/sudoers.pre-conffile exists, then we know that we have an untouched conffile that was only temporarily moved just to avoid a modified conffile dialogue. So it must be moved back. Part B. of my patch does this. could you try how switching between sudo and sudo-ldap works if the wheezy md5sum is removed from teh preinst? With my patch applied, I tried various combinations of: 1. not touching /etc/sudoers 2. modifying /etc/sudoers 3. deleting /etc/sudoers whilst switching back-and-forth between sudo and sudo-ldap, and all did the right thing. 1. /etc/sudoers is the package maintainer's version 2. /etc/sudoers is the user-modified version 3. /etc/sudoers does not exist (and a warning is issued) Thoughts? Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775588: marked as done (darcs: Missing copyright information)
Your message dated Thu, 29 Jan 2015 09:19:42 +
with message-id e1yglgi-00023x...@franck.debian.org
and subject line Bug#775588: fixed in darcs 2.8.5-2
has caused the Debian Bug report #775588,
regarding darcs: Missing copyright information
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
775588: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775588
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: darcs
Version: 2.8.5-1
Severity: serious
Justification: Policy § 12.5
Hi,
The copyright information and the license terms for the files
src/Crypt/*
is missing from debian/copyright. One file is GPL (no
version specified, and the others are BSD-3-clause licensed.
Package haskell-hashed-storage has these files, too. The required
information can simply be copied from there.
Regards,
Christian
---End Message---
---BeginMessage---
Source: darcs
Source-Version: 2.8.5-2
We believe that the bug you reported is fixed in the latest version of
darcs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 775...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christopher Reichert creicher...@gmail.com (supplier of updated darcs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Wed, 28 Jan 2015 22:00:00 -0600
Source: darcs
Binary: darcs libghc-darcs-dev libghc-darcs-prof libghc-darcs-doc
Architecture: source all amd64
Version: 2.8.5-2
Distribution: unstable
Urgency: low
Maintainer: Debian Haskell Group
pkg-haskell-maintain...@lists.alioth.debian.org
Changed-By: Christopher Reichert creicher...@gmail.com
Description:
darcs - distributed, interactive, smart revision control system
libghc-darcs-dev - distributed, interactive, smart revision control
system${haskell:
libghc-darcs-doc - distributed, interactive, smart revision control
system${haskell:
libghc-darcs-prof - distributed, interactive, smart revision control
system${haskell:
Closes: 775588
Changes:
darcs (2.8.5-2) unstable; urgency=low
.
* Add copyright information for src/Crypt/*, Closes: bug#775588
Checksums-Sha1:
d012e6e05d34ba0e8699cfdf1893f40e728869e4 3806 darcs_2.8.5-2.dsc
48e1073b15dfc001c5e0c8ce5a175a9a87d9fe21 15100 darcs_2.8.5-2.debian.tar.xz
c20d6b1a4b1ca16021469a125afa3b77ac32caea 834244
libghc-darcs-doc_2.8.5-2_all.deb
36707acfbc99209a99a53f1c9a6daba886a86302 1843456 darcs_2.8.5-2_amd64.deb
b52c0b4396e66f15bb74b2a042c3dccee5267104 3380516
libghc-darcs-dev_2.8.5-2_amd64.deb
6a55e54e4f2773106aed0c8d4c7edf636106f879 4235226
libghc-darcs-prof_2.8.5-2_amd64.deb
Checksums-Sha256:
65ee1133456e7115d23c079dfc628f19ce00055722d8ac523fe0748158062a59 3806
darcs_2.8.5-2.dsc
c7e4b3ae5acbbb6bfea62be9102613cb3ea7e5c1e0db5e220eabad404ad0a912 15100
darcs_2.8.5-2.debian.tar.xz
2b598c03bc5dfd99dd9c84abdbc99096c0279a54cae6da098e3be59b786bbaff 834244
libghc-darcs-doc_2.8.5-2_all.deb
879f5f5211a5e34939b4598b288ab21892c6e1ecfdecd2bb205d3605037d7a47 1843456
darcs_2.8.5-2_amd64.deb
5e5a463710a9e1462001886693feb53bf1f3a0ae85368b3010cd9c0ebff913ab 3380516
libghc-darcs-dev_2.8.5-2_amd64.deb
f997179a846506c9e4da150f54c205e887d179a8f3bb95399e585f6ae2c594df 4235226
libghc-darcs-prof_2.8.5-2_amd64.deb
Files:
2f9f811e0bdce9ba5ac42088ae997d4f 3806 haskell optional darcs_2.8.5-2.dsc
1eb9961ec167bb260d6c41811acc125e 15100 haskell optional
darcs_2.8.5-2.debian.tar.xz
c0c35ebf630b6d33c7c8fa62f075d339 834244 doc optional
libghc-darcs-doc_2.8.5-2_all.deb
74ff082cc62ed736354901e46207c59f 1843456 vcs optional darcs_2.8.5-2_amd64.deb
c5f63a08010fa08a506453bfd152a9b2 3380516 haskell optional
libghc-darcs-dev_2.8.5-2_amd64.deb
e763b975cf83f9145941b1622ad762b8 4235226 haskell optional
libghc-darcs-prof_2.8.5-2_amd64.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCAAGBQJUyfTTAAoJED2QirPw+/UfWroP/2ZP2wnTIEz8SYs0ILLILAy+
wPb4fVuEJ+NVp/WPMUGBrgaV4qqf8d4ykuiulgQsW4c5n/+kvQyc6ARPu+VKJbtg
ufaSAdiXs7TKaeUmb/7J8pjsE4gGDR9vu0U2HwLSzBp8QtX5KytyoAdx8iGqZj9d
geBnBg8s9sRuhnInNTefasl9l3qIGPc+/b4ojcyCxVArDWFs7rv27/n+wE4zPfev
BQyNQD1jsHEdlWN/VhsZvUW40mJsixYwFeWJoaqyCsj+II59EM+EKd/oL1ZV8p/H
Bug#776137: sudo: fails to switch between sudo and sudo-ldap: chown: cannot access '/etc/sudoers': No such file or directory
Hi Christian, thanks for looking into this. What we have here is a conffile shared between two packages that Conflicts+Replaces each other. That's even more weird than placing conffiles in multi-arch:same packages ... at least they don't ship different versions (but they did in lenny ...) I think the conffiles part should be factored out to a separate package (e.g. sudoers). But probably not for jessie :-) If I see this correctly, in wheezy /etc/sudoers finally became a conffile. So the preinst scripts are wrong - they should not touch (or move around) the unmodified wheezy conffile. And while switching sudo-sudo-ldap the following happens: sudo gets removed, conffile remains sudo-ldap.preinst gets called with no previous version, so the conffile handling is activated - the md5sum matches that one from wheezy and therefore /etc/sudoers is moved aside sudo-ldap replaces sudo and takes over a deleted conffile this is not reinstated - per policy sudo-ldap.postinst explodes on the deleted conffile. could you try how switching between sudo and sudo-ldap works if the wheezy md5sum is removed from teh preinst? Andreas On 2015-01-28 23:56, Christian Kastner wrote: Control: tags -1 + patch On Sat, 24 Jan 2015 12:05:52 +0100 Andreas Beckmann a...@debian.org wrote: The upgrade to jessie with sudo-ldap/jessie went smooth, and thereafter I wanted to switch to sudo/jessie, which failed due to missing /etc/sudoers, the problem is reproducible in plain jessie, too: # apt-get install sudo snip WARNING: /etc/sudoers not present! chown: cannot access '/etc/sudoers': No such file or directory dpkg: error processing package sudo (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: sudo E: Sub-process /usr/bin/dpkg returned an error code (1) The problem stems from the solution used to avoid an unnecessary action prompt for a conffile change when in fact there was no change. See bugs #636049, #612532, #660594. 1. Each respective preinst checks, via md5sum, if /etc/sudoers has changed. Iff not, it is moved to a temporary location at /etc/sudoers.pre-conffile. 2. Each respective postinst checks whether /etc/sudoers is present, and warns if it isn't (see WARNING quoted above). 3. Then follows an unconditional chown of /etc/sudoers, and when this fails, postinst aborts because of set -e. This is the first problem. It is of course possible for this file to be generally absent (it's a conffile, and the user might have forcefully removed it), so this chown should be guarded by a test for existence. Is sudo useful at all if /etc/sudoers is missing? 3. Later on, there is an attempted to remove the temporarily renamed /etc/sudoers.pre-conffile mentioned above: # if we've gotten this far .. remove the saved, unchanged old sudoers file rm -f /etc/sudoers.pre-conffile that is an *old* pristine sudoer that was not a conffile This I don't understand. Why remove it? This file can only exist because of step 1. above, and if it exists, the purpose was to just temporarily move it out of the way to avoid a conffile-change question. Why is it being removed now? Shouldn't it just be moved back in step 2.? dpkg should have installed a new sudoers (that is now a conffile) the .pre-conffile is a backup that should be restored in failed-upgrade or removed in postinst, so the intention is right, just the preinst should not have touch a conffile Please find attached a debdiff against the version in t-p-u that A. Makes the chmod/chown conditional on the existence of /etc/sudoers maybe its better to explode here if sudoers does not exist - I assume sudo will be nonfunctional without it B. When /etc/sudoers.pre-conffile exists, moves it back to /etc/sudoers. This is done unconditionally since the very existence of /etc/sudoers.pre-conffile implies that it is the pristine package version (recall the md5sum check above). So the user did not delete or change /etc/sudoers, and we want it back. there was never the intention to restore this in a pre-conffile to conffile upgrade case ... I'm confident that change A. is correct and necessary, but change B. depends on whether I understood the problem the code is trying to solve correctly! I tested this with various combinations (pristine, changed, deleted /etc/sudoers), and TTBOMYK the result is policy-conform. Additional testing would be highly appreciated, though. Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775801: tomcat7: update ecj.jar also to avoid java.util.Map$Entry cannot be resolved error during jsp compilation
Hi Ralf, Thank you for the feedback. You are right, I'll update the tomcat7 backport and specify the version of ecj expected. Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776520: testng: jquery-1.7.1.min.js is missing from testng.jar
It seems jquery-1.7.1.min.js is missing from /usr/share/java/testng.jar. This is correct. The build process was tweaked back and forth first to exclude, then to include it. The end result is that current binary in Jessie doesn't include it, but the source package does include it. So, apt-get source testng in Jessie/unstable and then debuild, produces binary with jquery-1.7.1.min.js. Eugene -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776565: Booting does not currently work
Package: di-netboot-assistant Version: 0.38a Severity: serious The pxelinux.0 file installed by di-netboot-assistant does not work. Before it even asks for pxelinux.cfg/* files, it seeks ldlinux.c32 (cf. #750586), but the menu defined in pxelinux.cfg/default eventually sets the search path, so this is a catch-22 that somehow needs to be broken. pxelinux.0 should probably not need to load ldlinux.c32 at this stage until the user made a selection in the menu. If I symlink ldlinux.c32 into place, then it loads all boot-screen files (according to the tftp logs), but before displaying a menu, it then looks for libcom32.c32, which it does not find, and hence fails to load ::/debian-installer/daily/i386/boot-screens/vesamenu.c32 Symlinking this file then exposes libutil.c32 as missing. Note that the problem exists also with the pxelinux.0 file from the pxelinux package (which you could be using instead anyway…) Even if I skip the menu and tell clients to use ::/debian-installer/daily/i386/pxelinux.0 instead, the files ldlinux.c32, libcom32.c32 and libutil.c32 are being sought from ::/debian-installer/daily/i386 instead of ./boot-screens, where they live. So far I have been unable to find *anything* to make di-netboot-assistant produce a usable TFTP directory layout, even for a single architecture, without having to hand-edit files for specific clients. Hence I think this is release-critical. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages di-netboot-assistant depends on: ii curl 7.38.0-4 ii wget 1.16-3 Versions of packages di-netboot-assistant recommends: ii atftpd 0.7.git20120829-1 Versions of packages di-netboot-assistant suggests: pn dhcp3-server | udhcpd | dnsmasq none pn elilonone ii syslinux 3:6.03+dfsg-5 ii vim-addon-manager0.5.3 -- Configuration Files: /etc/di-netboot-assistant/di-netboot-assistant.conf changed: TFTP_ROOT=/srv/tftp MIRROR_REGEXPS=s=://ftp.debian.org/=://ftp.stw-bonn.de/= s=://ftp.ubuntu.com/=://ftp.hawo.stw.uni-erlangen.de/= umask 0002 /etc/di-netboot-assistant/di-sources.list changed: stable amd64 http://ftp.debian.org/dists/stable/main/installer-amd64/current/images/ netboot/netboot.tar.gz stable i386 http://ftp.debian.org/dists/stable/main/installer-i386/current/images/ netboot/netboot.tar.gz stable ia64 http://ftp.debian.org/dists/stable/main/installer-ia64/current/images/ netboot/netboot.tar.gz stable sparc http://ftp.debian.org/dists/stable/main/installer-sparc/current/images/ netboot/boot.img stable-gtk amd64 http://ftp.debian.org/dists/stable/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz stable-gtk i386 http://ftp.debian.org/dists/stable/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz wheezy amd64 http://ftp.debian.org/dists/wheezy/main/installer-amd64/current/images/ netboot/netboot.tar.gz wheezy i386 http://ftp.debian.org/dists/wheezy/main/installer-i386/current/images/ netboot/netboot.tar.gz wheezy ia64 http://ftp.debian.org/dists/wheezy/main/installer-ia64/current/images/ netboot/netboot.tar.gz wheezy sparc http://ftp.debian.org/dists/wheezy/main/installer-sparc/current/images/ netboot/boot.img wheezy-gtk amd64 http://ftp.debian.org/dists/wheezy/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz wheezy-gtk i386 http://ftp.debian.org/dists/wheezy/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz oldstable amd64 http://ftp.debian.org/dists/oldstable/main/installer-amd64/current/images/ netboot/netboot.tar.gz oldstable i386 http://ftp.debian.org/dists/oldstable/main/installer-i386/current/images/ netboot/netboot.tar.gz oldstable ia64 http://ftp.debian.org/dists/oldstable/main/installer-ia64/current/images/ netboot/netboot.tar.gz oldstable sparc http://ftp.debian.org/dists/oldstable/main/installer-sparc/current/images/ netboot/boot.img oldstable-gtk amd64 http://ftp.debian.org/dists/oldstable/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz oldstable-gtk i386 http://ftp.debian.org/dists/oldstable/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz squeeze amd64 http://ftp.debian.org/dists/squeeze/main/installer-amd64/current/images/ netboot/netboot.tar.gz squeeze i386 http://ftp.debian.org/dists/squeeze/main/installer-i386/current/images/ netboot/netboot.tar.gz squeeze ia64 http://ftp.debian.org/dists/squeeze/main/installer-ia64/current/images/ netboot/netboot.tar.gz squeeze sparc
Processed (with 2 errors): Can't reproduce in here. Involving custom environment?
Processing commands for cont...@bugs.debian.org: tags 775953 + |unreproducible Unknown tag/s: |unreproducible. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n newcomer etch etch-ignore lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie jessie-ignore stretch stretch-ignore buster buster-ignore. Bug #775953 [openntpd] openntpd if-up.d hook can cause system boot to hang indefinitely Requested to add no tags; doing nothing. severity ||775953 important Unknown command or malformed arguments to command. thanks Stopping processing here. Please contact me if you need assistance. -- 775953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775953 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776137: sudo: fails to switch between sudo and sudo-ldap: chown: cannot access '/etc/sudoers': No such file or directory
I just noticed that I completely overlooked your other comments to my original mail. Sorry about that! On 2015-01-29 09:31, Andreas Beckmann wrote: On 2015-01-28 23:56, Christian Kastner wrote: This is the first problem. It is of course possible for this file to be generally absent (it's a conffile, and the user might have forcefully removed it), so this chown should be guarded by a test for existence. Is sudo useful at all if /etc/sudoers is missing? No, but if it's missing, then the user must have removed it, and policy compels us to honor that decision. 3. Later on, there is an attempted to remove the temporarily renamed /etc/sudoers.pre-conffile mentioned above: # if we've gotten this far .. remove the saved, unchanged old sudoers file rm -f /etc/sudoers.pre-conffile that is an *old* pristine sudoer that was not a conffile Yes, this is tricky. It's not a conffile from the *old* sudo's POV. It is very much a conffile from the *new* sudo's POV, and therefore the user-preservation semantics apply (I'd say). This I don't understand. Why remove it? This file can only exist because of step 1. above, and if it exists, the purpose was to just temporarily move it out of the way to avoid a conffile-change question. Why is it being removed now? Shouldn't it just be moved back in step 2.? dpkg should have installed a new sudoers (that is now a conffile) Well, if the old sudoers md5sum matches what is in postinst, then either (a) installing the new one or (b) temporarily-renaming-and-switching the old one have the same effect, except that (a) has the unwanted modified conffile dialogue. And if the old sudoers md5sum does not match what is in postinst, sudoers has user modifications. Albeit from a time before sudoers was a conffile; but if I upgraded from squeeze to wheezy, I would absolutely expect my sudoers to be preserved regardless of that. the .pre-conffile is a backup that should be restored in failed-upgrade or removed in postinst, so the intention is right, just the preinst should not have touch a conffile Please find attached a debdiff against the version in t-p-u that A. Makes the chmod/chown conditional on the existence of /etc/sudoers maybe its better to explode here if sudoers does not exist - I assume sudo will be nonfunctional without it See above (user must have deleted it, we must comply with that) B. When /etc/sudoers.pre-conffile exists, moves it back to /etc/sudoers. This is done unconditionally since the very existence of /etc/sudoers.pre-conffile implies that it is the pristine package version (recall the md5sum check above). So the user did not delete or change /etc/sudoers, and we want it back. there was never the intention to restore this in a pre-conffile to conffile upgrade case ... I think this can be reduced to the (a) or (b) case I listed above. Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#776528: BackendException: ssh connection to user@hostname:22 failed: No authentication methods available
Processing commands for cont...@bugs.debian.org: tags 776528 + unreproducible moreinfo Bug #776528 [duplicity] BackendException: ssh connection to user@hostname:22 failed: No authentication methods available Added tag(s) unreproducible and moreinfo. severity 776528 normal Bug #776528 [duplicity] BackendException: ssh connection to user@hostname:22 failed: No authentication methods available Severity set to 'normal' from 'grave' thanks Stopping processing here. Please contact me if you need assistance. -- 776528: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776528 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776528: BackendException: ssh connection to user@hostname:22 failed: No authentication methods available
tags 776528 + unreproducible moreinfo severity 776528 normal thanks On Tue, 27 Jan 2015 15:10:34 +1300, Francois Marier writes: After upgrading from duplicity 0.6.24-2 to 0.7.01-1, my backups to an ssh host stopped working. i can't reproduce that; i've just used 0.7.01 sftp and scp backups without major problems, using sftp://me@somehost/location as well as scp://me@somehost/location. Now, if I try to run any of the duplicity commands, I get the following: BackendException: ssh connection to user@hostname:22 failed: No authenticatio n methods available looks like you need to set up ssh-agent and key auth, or use --ssh-askpass or provide the password to duplicity via FTP_PASSWORD. i've tested all three options and they work fine. it looks as if the strictness of the auth handling changed somewhere between 0.6.24 and 0.7.01, but the changelog doesn't show anything pertinent. i believe the old version fell back to interactive asking without insisting on --ssh-askpass if no suitable ssh-agent was a/v. regards az -- Alexander Zangerl + GPG Key 0xB963BD5F (or 0x42BD645D) + http://snafu.priv.at/ A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much. -- Matt Blaze signature.asc Description: Digital Signature
Processed (with 1 errors): Re: Bug#775953: openntpd if-up.d hook can cause system boot to hang indefinitely
Processing commands for cont...@bugs.debian.org: |tags 775953 + unreproducible Unknown command or malformed arguments to command. severity 775953 important Bug #775953 [openntpd] openntpd if-up.d hook can cause system boot to hang indefinitely Severity set to 'important' from 'critical' thanks Stopping processing here. Please contact me if you need assistance. -- 775953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775953 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775953: openntpd if-up.d hook can cause system boot to hang indefinitely
|tags 775953 + unreproducible severity 775953 important thanks Since I cant reproduce this on my side on a armv5 (which is not where the bug has been originally filled though), I'm lowering the severity since this appears to be a result of a possible very custom configuration around bridge and openntpd itself. (Further info is still pending on reporter side) Cheers, Dererk | -- BOFH excuse #223: The lines are all busy (busied out, that is -- why let them in to begin with?). signature.asc Description: OpenPGP digital signature
Processed: Re: [Pkg-anonymity-tools] Bug#775891: torbrowser-launcher: Tor Project changed alpha/beta versioning, now tb-l always suggests downloading alphas/betas
Processing control commands:
reopen -1
Bug #775891 {Done: Holger Levsen hol...@debian.org} [torbrowser-launcher]
torbrowser-launcher: Tor Project changed alpha/beta versioning, now tb-l always
suggests downloading alphas/betas
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions torbrowser-launcher/0.1.9-1~experimental1.
forwarded -1 https://github.com/micahflee/torbrowser-launcher/issues/169
Bug #775891 [torbrowser-launcher] torbrowser-launcher: Tor Project changed
alpha/beta versioning, now tb-l always suggests downloading alphas/betas
Set Bug forwarded-to-address to
'https://github.com/micahflee/torbrowser-launcher/issues/169'.
found -1 0.1.9-1~experimental1
Bug #775891 [torbrowser-launcher] torbrowser-launcher: Tor Project changed
alpha/beta versioning, now tb-l always suggests downloading alphas/betas
Marked as found in versions torbrowser-launcher/0.1.9-1~experimental1.
severity -1 serious
Bug #775891 [torbrowser-launcher] torbrowser-launcher: Tor Project changed
alpha/beta versioning, now tb-l always suggests downloading alphas/betas
Severity set to 'serious' from 'important'
--
775891: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775891
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775375: marked as done (python-django: CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222)
Your message dated Thu, 29 Jan 2015 11:33:49 + with message-id e1ygnm5-000761...@franck.debian.org and subject line Bug#775375: fixed in python-django 1.2.3-3+squeeze12 has caused the Debian Bug report #775375, regarding python-django: CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775375 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: python-django Version: 1.7.1-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for python-django. CVE-2015-0219[0]: WSGI header spoofing via underscore/dash conflation CVE-2015-0220[1]: Mitigated possible XSS attack via user-supplied redirect URLs CVE-2015-0221[2]: Denial-of-service attack against django.views.static.serve CVE-2015-0222[3]: Database denial-of-service with ModelMultipleChoiceField If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0219 [1] https://security-tracker.debian.org/tracker/CVE-2015-0220 [2] https://security-tracker.debian.org/tracker/CVE-2015-0221 [3] https://security-tracker.debian.org/tracker/CVE-2015-0222 [4] https://www.djangoproject.com/weblog/2015/jan/13/security/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore ---End Message--- ---BeginMessage--- Source: python-django Source-Version: 1.2.3-3+squeeze12 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog hert...@debian.org (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 28 Jan 2015 18:39:56 +0100 Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.2.3-3+squeeze12 Distribution: squeeze-lts Urgency: medium Maintainer: Chris Lamb la...@debian.org Changed-By: Raphaël Hertzog hert...@debian.org Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Closes: 775375 Changes: python-django (1.2.3-3+squeeze12) squeeze-lts; urgency=medium . * Backport multiple security fixes released in 1.4 branch: https://www.djangoproject.com/weblog/2015/jan/13/security/ - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219) - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220) - Denial-of-service attack against django.views.static.serve (CVE-2015-0221) * Also include a fix for a regression introduced by the patch for CVE-2015-0221: https://code.djangoproject.com/ticket/24158 Checksums-Sha1: a4e19ad8e3ea56a1d3c5d8c8f5feaac8eb8679da 1891 python-django_1.2.3-3+squeeze12.dsc ff188c8d5b1bdbd8f3892ad9d1af26eae846e3f2 70273 python-django_1.2.3-3+squeeze12.debian.tar.gz d587c5e226f47f83f873f9e07240aad0d566e1ff 4219974 python-django_1.2.3-3+squeeze12_all.deb 87d87e891c4456db470ceaf16ea8e1edb91c1a43 1898772 python-django-doc_1.2.3-3+squeeze12_all.deb Checksums-Sha256: 7e87aa2d4de87ec5312a80e46e5c41b2cec5725f1de20345bb443cb677dc7a77 1891 python-django_1.2.3-3+squeeze12.dsc e55a5d0987c1dbdded3a5381c523c87d3e44558f7bb45d7cf92c523319a95c06 70273 python-django_1.2.3-3+squeeze12.debian.tar.gz 2b8b8de356125d2a0e3afd451d4edfce689699904b49681d6b537c8010cf7365 4219974 python-django_1.2.3-3+squeeze12_all.deb f549a3b504c073e73a385e02f7894f9889193fc29948093e8badc598ae1a1441 1898772 python-django-doc_1.2.3-3+squeeze12_all.deb Files: 97497708e02acb6cf77b189e3eacf8b6 1891 python optional python-django_1.2.3-3+squeeze12.dsc a78e708f15953fc6bfb5d93739916a53 70273 python optional python-django_1.2.3-3+squeeze12.debian.tar.gz 5f938f3163216dd982007fcb1486510f 4219974 python optional
Bug#775356: Please test
Hi Thomas, Thomas Hood wrote: Axel, can you please install resolvconf 1.76.1 and check that it works properly? Also works without issues. i.e. no syntax errors anymore. Thanks! Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: merging #725560 and #766974
Processing commands for cont...@bugs.debian.org: # Bugs are identical (FTBFS with newer version of asterisk) forcemerge 725560 766974 Bug #725560 [src:asterisk-espeak] asterisk-espeak: FTBFS: app_espeak.c:219:13: error: dereferencing pointer to incomplete type Bug #766974 [src:asterisk-espeak] asterisk-espeak: FTBFS: fails to build with asterisk 13. Use latest version Severity set to 'serious' from 'grave' The source asterisk-espeak and version 2.1-1+b1 do not appear to match any binary packages Marked as found in versions asterisk-espeak/2.1-1. Bug #725560 [src:asterisk-espeak] asterisk-espeak: FTBFS: app_espeak.c:219:13: error: dereferencing pointer to incomplete type The source asterisk-espeak and version 2.1-1+b1 do not appear to match any binary packages Marked as found in versions asterisk-espeak/2.1-1+b1. Merged 725560 766974 thanks Stopping processing here. Please contact me if you need assistance. -- 725560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725560 766974: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: merge
Processing commands for cont...@bugs.debian.org: forcemerge 776565 759424 Bug #776565 [di-netboot-assistant] Booting does not currently work Bug #776565 [di-netboot-assistant] Booting does not currently work Added tag(s) moreinfo and patch. Bug #759424 [di-netboot-assistant] di-netboot-assistant: please update package for jessie / new syslinux Severity set to 'serious' from 'important' Marked as found in versions di-netboot-assistant/0.38a. Merged 759424 776565 thanks Stopping processing here. Please contact me if you need assistance. -- 759424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759424 776565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776131: gridengine: Should gridengine be removed from jessie?
Hi Roland, On Thu, Jan 29, 2015, at 13:39, Roland Fehrenbacher wrote: My offer to take over still stands. What needs to be done to keep it in jessie? Can we package Son of Grid Engine and still get it uploaded to jessie? Nope, the only thing you can do is fix the RC bugs to keep the gridengine in jessie. So I guess it would be better to just remove it from jessie, do the work on 8.x in unstable and use jessie-backports to provide the usable current version to jessie users if there's a need for it. Cheers, -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776131: gridengine: Should gridengine be removed from jessie?
Ondřej == Ondřej Surý ond...@sury.org writes: Hi Ondřej, Salvatore, I haven't done anything yet since nobody answered to my requests on alioth and I've been busy since. Ondřej Hi Salvatore, given this thread: Ondřej http://lists.alioth.debian.org/pipermail/pkg-gridengine-devel/2014-October/thread.html Ondřej and no response here: Ondřej https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703256 Ondřej I would suggest that gridengine should be removed from Ondřej Debian and reintroduced when there's somebody who will Ondřej activelly maintain it. Ccing the folks who expressed Ondřej interest in taking over and logol package that would be Ondřej affected by the removal. My offer to take over still stands. What needs to be done to keep it in jessie? Can we package Son of Grid Engine and still get it uploaded to jessie? Cheers, Roland --- http://www.q-leap.com / http://qlustar.com --- HPC / Storage / Cloud Linux Cluster OS --- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776131: gridengine: Should gridengine be removed from jessie?
Hi Salvatore, given this thread: http://lists.alioth.debian.org/pipermail/pkg-gridengine-devel/2014-October/thread.html and no response here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703256 I would suggest that gridengine should be removed from Debian and reintroduced when there's somebody who will activelly maintain it. Ccing the folks who expressed interest in taking over and logol package that would be affected by the removal. If you agree I suggest to reassign this to ftp-master as RoQA. Cheers, -- Ondřej Surý ond...@sury.org Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775687: libmspack: CHM decompression: another pointer arithmetic overflow
0.5alpha has been just released [0] with this issue fixed. If you package that one you get rid of all currently known bugs :) [0] http://www.cabextract.org.uk/libmspack/libmspack-0.5alpha.tar.gz Sebastian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776565: Booting does not currently work
also sprach Cyril Brulebois k...@debian.org [2015-01-29 16:44 +0100]: Latest news (hrm) are: [2013-07-17] Accepted 0.38a in unstable (low) (Christian Perrier) [2013-07-28] di-netboot-assistant 0.38a MIGRATED to testing (Britney) At this stage, it'd probably be a good idea to have it removed from testing; Yeah, except I'd love to have it. :( But it seems obviously broken. Let's wait another day or two and hope that maybe Christian, Franklin or Joey have a say? -- .''`. martin f. krafft madduck@d.o @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems this sentence contradicts itself -- no actually it doesn't. -- douglas hofstadter digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#776565: Booting does not currently work
martin f krafft madd...@debian.org (2015-01-29): also sprach Cyril Brulebois k...@debian.org [2015-01-29 16:44 +0100]: Latest news (hrm) are: [2013-07-17] Accepted 0.38a in unstable (low) (Christian Perrier) [2013-07-28] di-netboot-assistant 0.38a MIGRATED to testing (Britney) At this stage, it'd probably be a good idea to have it removed from testing; Yeah, except I'd love to have it. :( Work on it through stretch, backport it? But it seems obviously broken. Let's wait another day or two and hope that maybe Christian, Franklin or Joey have a say? I'm not sure it's reasonable to expect fixing di-n-a at this point of the release cycle, frankly. (I'd even go as far as moving the not a few words to the right.) Of course, I'm happy to take other opinions anyway. Mraw, KiBi. signature.asc Description: Digital signature
Bug#776131: gridengine: Should gridengine be removed from jessie?
Ondřej Surý ond...@sury.org writes: Hi Roland, On Thu, Jan 29, 2015, at 13:39, Roland Fehrenbacher wrote: My offer to take over still stands. What needs to be done to keep it in jessie? Can we package Son of Grid Engine and still get it uploaded to jessie? A previous attempt was blocked because there was no complete list of copyright holders (just like for linux, on which I based the package wording if I recall correctly). There is no such list, at least publicly available, like for many packages. I'm happy to maintain packaging or appropriate changes if that doesn't block it in future. Nope, the only thing you can do is fix the RC bugs to keep the gridengine in jessie. So I guess it would be better to just remove it from jessie, do the work on 8.x in unstable and use jessie-backports to provide the usable current version to jessie users if there's a need for it. Cheers, I don't know what the RC bugs are, but it should be removed for security reasons if it can't be updated. It doesn't ship enough to configure against a user impersonating any other with a uid above a value which is 0 in the shipped configuration, i.e. it provides remote root on all exec hosts, and probably the master. (A previous security NMU was both bogus and pointless in view of that.) libdrmaa should be handled with alternatives. (I don't know/remember why there isn't a clash with torque and slurm already.) To record it for anyone reading later: SGE releases from http://arc.liv.ac.uk/downloads/SGE/releases/ have debian-style packaging installing into /opt, and the attempt at conformant packaging is under http://arc.liv.ac.uk/repos/darcs/gridengine.debian/ via darcs, hg, or git. I thought the latter was also as a tarball, but that's currently missing, which I'll fix. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745195: fixed, but more testing intended
Just a status update on this bug: The upload of unrtf 0.21.5-3 fixes this bug, but I intend to do more testing before asking for an unblock. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771789: marked as done (libpcp-pmda-perl: uninstallable on i386: depends on perlapi-5.18.2)
Your message dated Thu, 29 Jan 2015 19:08:33 +0100 with message-id 54ca7721.2060...@thykier.net and subject line Re: [pcp] Bug#771789: libpcp-pmda-perl: uninstallable on i386: depends on perlapi-5.18.2 has caused the Debian Bug report #771789, regarding libpcp-pmda-perl: uninstallable on i386: depends on perlapi-5.18.2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 771789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771789 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libpcp-pmda-perl Version: 3.10.1 Severity: grave This package cannot be installed on i386: # apt-get install -q libpcp-pmda-perl Reading package lists... Building dependency tree... Reading state information... Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: libpcp-pmda-perl : Depends: perlapi-5.18.2 but it is not installable E: Unable to correct problems, you have held broken packages. -- Jakub Wilk ---End Message--- ---BeginMessage--- On Tue, 2 Dec 2014 18:37:55 -0500 (EST) Nathan Scott nath...@debian.org wrote: Hi Jakub, - Original Message - [...] The following packages have unmet dependencies: libpcp-pmda-perl : Depends: perlapi-5.18.2 but it is not installable E: Unable to correct problems, you have held broken packages. Oh, I have an outdated perl installation here - have upgraded it now, will be fixed by the next upload. Thanks! -- Nathan Hi Nathan, For future reference, please request a binNMU so we can schedule a rebuild in a clean environment (rather than leaving the package uninstallable for months). I have just scheduled a binNMU for libpcp-pmda-perl/i386 now (and accordingly, I am -done'ing this bug). Thanks, ~Niels PS: Thanks to Andreas Beckmann for requesting the binNMU.---End Message---
Bug#776131: gridengine: Should gridengine be removed from jessie?
Hi Ondřej, On Thu, Jan 29, 2015 at 01:23:46PM +0100, Ondřej Surý wrote: given this thread: http://lists.alioth.debian.org/pipermail/pkg-gridengine-devel/2014-October/thread.html and no response here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703256 I would suggest that gridengine should be removed from Debian and reintroduced when there's somebody who will activelly maintain it. Ccing the folks who expressed interest in taking over and logol package that would be affected by the removal. If you agree I suggest to reassign this to ftp-master as RoQA. So if I read all correctly, there is mostly an ack to have it removed. Could you also fil at the same time the bug against release.d.o to have it removed from jessie? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775102: marked as done (bitcoin: OpenSSL 1.0.1k incompatibility with Bitcoin Core)
Your message dated Thu, 29 Jan 2015 18:33:35 + with message-id e1ygtuj-0007pj...@franck.debian.org and subject line Bug#775102: fixed in bitcoin 0.9.4-1 has caused the Debian Bug report #775102, regarding bitcoin: OpenSSL 1.0.1k incompatibility with Bitcoin Core to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: bitcoin Version: 0.9.3-1 Severity: grave Justification: renders package unusable Dear Maintainer, OpenSSL version 1.0.1k made signature validation more strict, which breaks validation of the Bitcoin blockchain. See http://sourceforge.net/p/bitcoin/mailman/message/33221963/ for more detailed information. There is a patch available to work around this issue. However, for various reasons, there are several possible courses of action that may be taken. One would be to release a new version of the package with this patch, but that may not necessarily be the best thing to do. See discussion on IRC (#bitcoin-dev on freenode) for more information on some of the alternatives: http://bitcoinstats.com/irc/bitcoin-dev/logs/2015/01/11#l1420968793 -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-43-generic (SMP w/3 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Source: bitcoin Source-Version: 0.9.4-1 We believe that the bug you reported is fixed in the latest version of bitcoin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Scott Howard show...@debian.org (supplier of updated bitcoin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 29 Jan 2015 10:36:59 -0500 Source: bitcoin Binary: bitcoind bitcoin-qt Architecture: source i386 Version: 0.9.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Bitcoin Packaging Team pkg-bitcoin-de...@lists.alioth.debian.org Changed-By: Scott Howard show...@debian.org Description: bitcoin-qt - peer-to-peer network based digital currency - GUI bitcoind - peer-to-peer network based digital currency - daemon Closes: 775102 Changes: bitcoin (0.9.4-1) unstable; urgency=medium . * New upstream release. - Fixes OpenSSL 1.0.1k incompatibility FTBFS and failure to sync blockchain (Closes: 775102) * Updated debian/copyright, fixed typo in format tag, added short names to custom licenses (custom license) * Removed patches: - debian/patches/1003_qmake_cleanup.patch (unused) - debian/patches/2001_stupify_header_script.patch (no longer needed) - debian/patches/3001_debug_bts_672524.patch (unused) Checksums-Sha1: cbde8b7d39b93db9c00be38941285f189488d927 2526 bitcoin_0.9.4-1.dsc 8d31a9d8b4713ca1a7bdefdcc4304921cb31bee3 4885466 bitcoin_0.9.4.orig.tar.gz c27a84f70ae60856defafa6b95b9279edc5a0df2 24104 bitcoin_0.9.4-1.debian.tar.xz 7a14f1d4bf9c1f2b22b2d12b4563849fbb31b44a 1158392 bitcoind_0.9.4-1_i386.deb 4d2abcd7d3e6a8c0deababc270099296affd7c1a 2743296 bitcoin-qt_0.9.4-1_i386.deb Checksums-Sha256: 22a4328749f4d12f6fdec42997ee1cb08cf6795a5216ed9cd588d973e51bb4f7 2526 bitcoin_0.9.4-1.dsc e7d17bd33a51a755b2d23f3bd9f384a272d87a234d02789056b2e4b8a8a92ca1 4885466 bitcoin_0.9.4.orig.tar.gz 366b285c011a776cc8c2579d974543a8b77f1aca8b4695e679335ad6df0cee88 24104 bitcoin_0.9.4-1.debian.tar.xz d53298944c946635680e695f0f7ad64c34bac059c99661fdbb3f4b1004853b9e 1158392 bitcoind_0.9.4-1_i386.deb a0305ea997886f1ae54dbed73211451dc60063663d5e1a0d2e9c5320a0e423a3 2743296 bitcoin-qt_0.9.4-1_i386.deb Files: 330c1607f3620dbdafc538457408094b 2526 utils optional bitcoin_0.9.4-1.dsc 8f3c0c071e6c432c0c8b47bcdb8a9046 4885466 utils optional bitcoin_0.9.4.orig.tar.gz 8566f5963337e5c35766a71ff5cb34d8 24104 utils optional
Bug#745195: marked as done (unrtf 0.21 outputs hex.junk to stdout)
Your message dated Thu, 29 Jan 2015 18:34:14 + with message-id e1ygtuw-0007wn...@franck.debian.org and subject line Bug#745195: fixed in unrtf 0.21.5-3 has caused the Debian Bug report #745195, regarding unrtf 0.21 outputs hex.junk to stdout to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 745195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745195 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: unrtf Version: 0.21.5-1 when converting RTF file with images attached to text, unrtf 0.21.5 outputs huge amount of text (looks like image data in hex) to output, where unrtf 0.19.2 present in wheezy shows at the same place something like: ### picture data found, WMF type is MM_ANISOTROPIC, picture dimensions are 7842 by 2125, depth 1 you can see the example RTF file and output from both unrtf versions on: http://test.fantomas.sk/unrtf/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. ---End Message--- ---BeginMessage--- Source: unrtf Source-Version: 0.21.5-3 We believe that the bug you reported is fixed in the latest version of unrtf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 745...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Willi Mann wi...@debian.org (supplier of updated unrtf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 27 Jan 2015 20:44:22 +0100 Source: unrtf Binary: unrtf Architecture: source Version: 0.21.5-3 Distribution: unstable Urgency: medium Maintainer: Willi Mann wi...@debian.org Changed-By: Willi Mann wi...@debian.org Description: unrtf - RTF to other formats converter Closes: 745195 Changes: unrtf (0.21.5-3) unstable; urgency=medium . [ Salvatore Bonaccorso ] * Add 0006-Limit-depth-of-group-embedding.patch [SECURITY] * Add 0007-Improved-image-file-handling.patch [Required by next patch] * Add 0008-Better-processing-of-pict-including-addition-of-EMF-type.patch (RC-fix - Closes: #745195) Checksums-Sha1: f0bacf13608aa131486a6759ab88db892b79c36d 1826 unrtf_0.21.5-3.dsc 98b7ada9643e205f69da736a6dd63f267b7bcb2c 9540 unrtf_0.21.5-3.debian.tar.xz Checksums-Sha256: ff4b40a6cbdd10675a023cf84129f9006424a7a506f86e9c5b210654325dbd29 1826 unrtf_0.21.5-3.dsc 81e6475bc94cb83c44704cedd77c1c4122c7a782b81c209a1efeff3b97a97e99 9540 unrtf_0.21.5-3.debian.tar.xz Files: 88f841baf41d4c66a5bef99830161842 1826 text optional unrtf_0.21.5-3.dsc bc484fa576582c6b0a3f1ec228c1c67f 9540 text optional unrtf_0.21.5-3.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUynpHAAoJEIy+IZx0V22BVpQQALEX5jT8yZtgxmx9qz4nI+2/ iIxEn5jwRtjlo9Lb7wB7CxtXLq/45K1LgkqK0eTMIQFLeXyeUuWDFpUqUCuiV5VJ A+wndoE3oGehmlNxzgmz6PCPBDNKRh1xkpN15sOk/W5L5q5IBeywzq4xj7xXAUCn 1f/k09qP2eV0vvlgKUahmjC2x/E3Ngy9DU/41y1s9tjPbmXWePG6pvH5bkBVFJ/w O58FYgzj1xnt3gTz67tph8MLhSvaYmIYk6H5hmNHhd7jlLRsZAmJaEdHXuRmtbZL FCVicQIfQY9MdgZrJlIo3HVqO1kpaYq7Ee+ypCXKFamFTbBaYH1Nwyjl1SGaX3U2 6OQdBpUbdhL6ZmUp6W0LxMhmFzmFLErMvAjJ/gvtHbY8cRGKzTmFmCPOUAZ8yNh2 OZo9waf5nmlLG0ydeJNY1Q0iYo0kuzZlpIfpSj4KT6uR/v90m9C8C8ulNBjyVq71 Ljd9VfAXL+IyEvqfsnojCxjAB06YkkD9mWL1eBhNKibjnRbmZ0vHhfyY+aw6pSTo 48ZO9bHFXY15TFOgYbkucbbfghn8zKYgqsBJiHjmG635NnTqCc/yWrvZaO11G8Co MGQq9bRSg6qq11eivdbCXZ/6df0FsDFPWpwvnhgQL1ViAk5RGJ1eXnV6u2qJnFS7 QciKtuLu2dU3D/Poobya =fUnh -END PGP SIGNATUREEnd Message---
Bug#776583: libparanamer-java: Missing parent POM
Package: libparanamer-java Version: 2.7-1 Severity: grave Justification: renders package unusable libparanamer-java doesn't contain the parent POM (com.thoughtworks.paranamer:paranamer-parent) which is referenced in the paranamer's POM. This breaks any Maven build depending on paranamer. For example when packaging Apache Avro I got this error: [INFO] [ERROR] BUILD ERROR [INFO] [INFO] Error building POM (may not be this project's POM). Project ID: com.thoughtworks.paranamer:paranamer:bundle:debian Reason: Cannot find parent: com.thoughtworks.paranamer:paranamer-parent for project: com.thoughtworks.paranamer:paranamer:bundle:debian for project com.thoughtworks.paranamer:paranamer:bundle:debian The paranamer-parent POM should either be included in the package, or the --no-parent flag should be added to the maven-repo-helper settings to remove the reference to the parent POM. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776565: Booting does not currently work
martin f krafft madd...@debian.org (2015-01-29): Package: di-netboot-assistant Version: 0.38a Severity: serious […] So far I have been unable to find *anything* to make di-netboot-assistant produce a usable TFTP directory layout, even for a single architecture, without having to hand-edit files for specific clients. Hence I think this is release-critical. Latest news (hrm) are: [2013-07-17] Accepted 0.38a in unstable (low) (Christian Perrier) [2013-07-28] di-netboot-assistant 0.38a MIGRATED to testing (Britney) At this stage, it'd probably be a good idea to have it removed from testing; maybe someone will have some interest to get it back into shape and maintain it over the stretch release cycle. Mraw, KiBi. signature.asc Description: Digital signature
Processed: tagging 776583
Processing commands for cont...@bugs.debian.org: tags 776583 + pending Bug #776583 [libparanamer-java] libparanamer-java: Missing parent POM Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 776583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776583 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776583: libparanamer-java: Missing parent POM
On 29.01.2015 16:34, Emmanuel Bourg wrote: Package: libparanamer-java Version: 2.7-1 Severity: grave Justification: renders package unusable libparanamer-java doesn't contain the parent POM (com.thoughtworks.paranamer:paranamer-parent) which is referenced in the paranamer's POM. This breaks any Maven build depending on paranamer. For example when packaging Apache Avro I got this error: [INFO] [ERROR] BUILD ERROR [INFO] [INFO] Error building POM (may not be this project's POM). Project ID: com.thoughtworks.paranamer:paranamer:bundle:debian Reason: Cannot find parent: com.thoughtworks.paranamer:paranamer-parent for project: com.thoughtworks.paranamer:paranamer:bundle:debian for project com.thoughtworks.paranamer:paranamer:bundle:debian The paranamer-parent POM should either be included in the package, or the --no-parent flag should be added to the maven-repo-helper settings to remove the reference to the parent POM. Hi Emmanuel, thanks for noticing. I think I would go for adding the --no-parent flag. Shall I update the package with this change? Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#775681: marked as done (multiple /tmp file vulnerabilities)
Your message dated Thu, 29 Jan 2015 18:49:10 + with message-id e1ygu9o-00020g...@franck.debian.org and subject line Bug#775681: fixed in kamailio 4.2.0-2 has caused the Debian Bug report #775681, regarding multiple /tmp file vulnerabilities to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775681 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: kamailio Version: 4.2.0-1.1 Severity: important Tags: security The kamailio package now installs /etc/kamailio/kamailio-basic.cfg which can be selected via the CFGFILE= setting in /etc/default/kamailio. The configuration contains: modparam(mi_fifo, fifo_name, /tmp/kamailio_fifo) This setting is insecure and may allow local users to elevate privileges to the kamailio user. The issue extends to kamailio-advanced.cfg. It seems that this is due to an incomplete fix of #712083. Looking further, the state of /tmp file vulnerabilities in kamailio looks worrisome. Most of the results of the following command (to be executed in the kamailio source) are likely vulnerable if executed: grep '/tmp/[a-z0-9_.-]\+\(\$\$\)\?\([ ]\|$\)' -r . Granted, some of the results are examples, documentation or obsolete. But quite a few reach the default settings: * kamcmd defaults to connecting to unixs:/tmp/kamailio_ctl. * The kamailio build definitely is vulnerable as can be seen in utils/kamctl/Makefile. More research clearly is required here. Given these findings, the security team may want to veto the inclusion of kamailio in a stable release, which would be very unfortunate as kamailio is quite a unique piece of software with little competitors in its field. Helmut ---End Message--- ---BeginMessage--- Source: kamailio Source-Version: 4.2.0-2 We believe that the bug you reported is fixed in the latest version of kamailio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Victor Seva linuxman...@torreviejawireless.org (supplier of updated kamailio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 28 Jan 2015 20:43:44 +0100 Source: kamailio Binary: kamailio kamailio-dbg kamailio-geoip-modules kamailio-sqlite-modules kamailio-json-modules kamailio-memcached-modules kamailio-lua-modules kamailio-mono-modules kamailio-python-modules kamailio-redis-modules kamailio-mysql-modules kamailio-postgres-modules kamailio-cpl-modules kamailio-radius-modules kamailio-unixodbc-modules kamailio-presence-modules kamailio-perl-modules kamailio-snmpstats-modules kamailio-xmpp-modules kamailio-xml-modules kamailio-carrierroute-modules kamailio-berkeley-modules kamailio-berkeley-bin kamailio-ldap-modules kamailio-ims-modules kamailio-utils-modules kamailio-sctp-modules kamailio-java-modules kamailio-tls-modules kamailio-outbound-modules kamailio-websocket-modules kamailio-dnssec-modules kamailio-autheph-modules kamailio-extra-modules Architecture: source amd64 Version: 4.2.0-2 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org Changed-By: Victor Seva linuxman...@torreviejawireless.org Description: kamailio - very fast and configurable SIP proxy kamailio-autheph-modules - authentication using ephemeral credentials module for Kamailio kamailio-berkeley-bin - Berkeley database module for Kamailio - helper program kamailio-berkeley-modules - Berkeley database module for Kamailio kamailio-carrierroute-modules - carrierroute module for Kamailio kamailio-cpl-modules - CPL module (CPL interpreter engine) for Kamailio kamailio-dbg - very fast and configurable SIP proxy [debug symbols] kamailio-dnssec-modules - contains the dnssec module kamailio-extra-modules - extra modules for Kamailio kamailio-geoip-modules - contains the geoip module kamailio-ims-modules - IMS module for Kamailio kamailio-java-modules - contains the app_java module kamailio-json-modules - Json parser and jsonrpc modules for Kamailio kamailio-ldap-modules - LDAP modules for Kamailio kamailio-lua-modules -
Bug#776131: gridengine: Should gridengine be removed from jessie?
Dave == Dave Love d.l...@liverpool.ac.uk writes: Hi Dave, Dave Ondřej Surý ond...@sury.org writes: Hi Roland, On Thu, Jan 29, 2015, at 13:39, Roland Fehrenbacher wrote: My offer to take over still stands. What needs to be done to keep it in jessie? Can we package Son of Grid Engine and still get it uploaded to jessie? Dave A previous attempt was blocked because there was no complete Dave list of copyright holders (just like for linux, on which I Dave based the package wording if I recall correctly). There is no Dave such list, at least publicly available, like for many Dave packages. I'm happy to maintain packaging or appropriate Dave changes if that doesn't block it in future. we should be able to sort this out. So I guess it would be better to just remove it from jessie, do the work on 8.x in unstable and use jessie-backports to provide the usable current version to jessie users if there's a need for it. Dave and the attempt at conformant packaging is under Dave http://arc.liv.ac.uk/repos/darcs/gridengine.debian/ via darcs, Dave hg, or git. I think that would be the point to start. I'd be happy to make this a joint effort with you. Will not find time for it before April though. But since we're not going to get it into jessie, there's no rush ... Cheers, Roland --- http://www.q-leap.com / http://qlustar.com --- HPC / Storage / Cloud Linux Cluster OS --- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770009: Backtrace for the hang
try to add to convert command line -limit thread 1 On Thu, Jan 29, 2015 at 7:58 PM, Bastien ROUCARIES roucaries.bast...@gmail.com wrote: No what is the position of the porters ? Bastien On Wed, Jan 28, 2015 at 11:50 PM, Vincent Fourmond fourm...@debian.org wrote: On Wed, Jan 28, 2015 at 8:14 AM, Bastien ROUCARIES roucaries.bast...@gmail.com wrote: Le 28 janv. 2015 08:00, roucaries bastien roucaries.bastien+deb...@gmail.com a écrit : Le 27 janv. 2015 22:15, Vincent Fourmond fourm...@debian.org a écrit : I've run the build on the MIPS portebox. It hangs on the first SVG to PNG conversion. Here is a full backtrace. The process is for now stopped on the porterbox; I think I can leave it for some hours more at least, if other information could be useful. Smell like an openmp bug ny memory they are a enviroment variable to disable openmp. We could try OMP_thread_limit=1 Even OMP_THREAD_LIMIT=1 ./magick.sh convert /home/fourmond/tmp/imagemagick-6.8.9.9/debian/display-im6.svg \ -background none -define filter:blur=0.75 -filter Gaussian -resize $SIZE \ -gravity center -extent $SIZE \ /home/fourmond/tmp/imagemagick-6.8.9.9/debian/tmp-Q16/usr/share/icons/hicolor/$SIZE/apps/display-im6.q16.png; \ hangs... Any idea ? Vincent Hope it helps, Vincent -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775881: marked as done (mysql-5.5: Multiple security fixes from January 2015 CPU)
Your message dated Thu, 29 Jan 2015 19:17:07 + with message-id e1yguar-0005fu...@franck.debian.org and subject line Bug#775881: fixed in mysql-5.5 5.5.41-0+wheezy1 has caused the Debian Bug report #775881, regarding mysql-5.5: Multiple security fixes from January 2015 CPU to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775881: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775881 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: mysql-5.5 Version: 5.5.23-2 Severity: grave Tags: security upstream patch fixed-upstream Hi As usual at this time of the year, there was a new Oracle Patch Update including updates for MySQL, see: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL Regards, Salvatore ---End Message--- ---BeginMessage--- Source: mysql-5.5 Source-Version: 5.5.41-0+wheezy1 We believe that the bug you reported is fixed in the latest version of mysql-5.5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso car...@debian.org (supplier of updated mysql-5.5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 21 Jan 2015 20:04:11 +0100 Source: mysql-5.5 Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5 Architecture: source all amd64 Version: 5.5.41-0+wheezy1 Distribution: wheezy-security Urgency: high Maintainer: Debian MySQL Maintainers pkg-mysql-ma...@lists.alioth.debian.org Changed-By: Salvatore Bonaccorso car...@debian.org Description: libmysqlclient-dev - MySQL database development files libmysqlclient18 - MySQL database client library libmysqld-dev - MySQL embedded database development files libmysqld-pic - PIC version of MySQL embedded server development files mysql-client - MySQL database client (metapackage depending on the latest versio mysql-client-5.5 - MySQL database client binaries mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf mysql-server - MySQL database server (metapackage depending on the latest versio mysql-server-5.5 - MySQL database server binaries and system database setup mysql-server-core-5.5 - MySQL database server binaries mysql-source-5.5 - MySQL source mysql-testsuite-5.5 - MySQL testsuite Closes: 775881 Changes: mysql-5.5 (5.5.41-0+wheezy1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Imported Upstream version 5.5.41 to fix security issues: - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0411, CVE-2015-0432 (Closes: #775881) Checksums-Sha1: 45ac821c2d4d5d0a6f855ac71f3574c682dc9094 2955 mysql-5.5_5.5.41-0+wheezy1.dsc f12317efdd5b2c539ed14c7a7c69135822916419 21768300 mysql-5.5_5.5.41.orig.tar.gz eaa54765980bad71c67db272f085126eb766dc0f 376771 mysql-5.5_5.5.41-0+wheezy1.debian.tar.gz 64dbfd4227825a179164a0aa221f37262c0ed457 78442 mysql-common_5.5.41-0+wheezy1_all.deb d2483df2aae95dbb1178ac621bd6d0b8ef25d35f 76720 mysql-server_5.5.41-0+wheezy1_all.deb 6a92aaf4ac0f111dc0a080724e153763dc208893 76592 mysql-client_5.5.41-0+wheezy1_all.deb c302a139d604695fd01ca8e5970ee2ff7b5addd0 682470 libmysqlclient18_5.5.41-0+wheezy1_amd64.deb 08e19077f12cd9827474404040ccd7571fb6823c 3172918 libmysqld-pic_5.5.41-0+wheezy1_amd64.deb 562eb291d6e3fd18b5c08b6d71805dc9ad8c4051 3172868 libmysqld-dev_5.5.41-0+wheezy1_amd64.deb 082fc701d2584d706a340cef0c7b40e513e5fd43 950422 libmysqlclient-dev_5.5.41-0+wheezy1_amd64.deb e7c4ba1fee36077f9a07c257d4bc9a16bcdc407b 1890654 mysql-client-5.5_5.5.41-0+wheezy1_amd64.deb ee411794c4f7797867b3e8d9f68594f99cbb3495 3800548 mysql-server-core-5.5_5.5.41-0+wheezy1_amd64.deb f5b30e2da6f3c8975ea72a4da7b1e428cdaaafed 2099988 mysql-server-5.5_5.5.41-0+wheezy1_amd64.deb 30d6f0b1b1cdb31bed59965895bc4f6d1e48073c 4258968 mysql-testsuite-5.5_5.5.41-0+wheezy1_amd64.deb
Bug#770009: Backtrace for the hang
No what is the position of the porters ? Bastien On Wed, Jan 28, 2015 at 11:50 PM, Vincent Fourmond fourm...@debian.org wrote: On Wed, Jan 28, 2015 at 8:14 AM, Bastien ROUCARIES roucaries.bast...@gmail.com wrote: Le 28 janv. 2015 08:00, roucaries bastien roucaries.bastien+deb...@gmail.com a écrit : Le 27 janv. 2015 22:15, Vincent Fourmond fourm...@debian.org a écrit : I've run the build on the MIPS portebox. It hangs on the first SVG to PNG conversion. Here is a full backtrace. The process is for now stopped on the porterbox; I think I can leave it for some hours more at least, if other information could be useful. Smell like an openmp bug ny memory they are a enviroment variable to disable openmp. We could try OMP_thread_limit=1 Even OMP_THREAD_LIMIT=1 ./magick.sh convert /home/fourmond/tmp/imagemagick-6.8.9.9/debian/display-im6.svg \ -background none -define filter:blur=0.75 -filter Gaussian -resize $SIZE \ -gravity center -extent $SIZE \ /home/fourmond/tmp/imagemagick-6.8.9.9/debian/tmp-Q16/usr/share/icons/hicolor/$SIZE/apps/display-im6.q16.png; \ hangs... Any idea ? Vincent Hope it helps, Vincent -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776135: marked as done (wireshark: Multiple security issues in 1.12.2 and prior versions)
Your message dated Thu, 29 Jan 2015 19:17:49 + with message-id e1ygub7-0005hq...@franck.debian.org and subject line Bug#776135: fixed in wireshark 1.8.2-5wheezy14 has caused the Debian Bug report #776135, regarding wireshark: Multiple security issues in 1.12.2 and prior versions to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776135: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776135 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: wireshark Severity: serious Tags: security fixed-upstream pending Please see release notes: https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html Cheers, Balint ---End Message--- ---BeginMessage--- Source: wireshark Source-Version: 1.8.2-5wheezy14 We believe that the bug you reported is fixed in the latest version of wireshark, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Balint Reczey bal...@balintreczey.hu (supplier of updated wireshark package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 25 Jan 2015 15:42:19 +0100 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark2 libwsutil2 libwsutil-dev libwireshark-data libwireshark-dev libwiretap2 libwiretap-dev Architecture: source all amd64 Version: 1.8.2-5wheezy14 Distribution: wheezy-security Urgency: high Maintainer: Balint Reczey bal...@balintreczey.hu Changed-By: Balint Reczey bal...@balintreczey.hu Description: libwireshark-data - network packet dissection library -- data files libwireshark-dev - network packet dissection library -- development files libwireshark2 - network packet dissection library -- shared library libwiretap-dev - network packet capture library -- development files libwiretap2 - network packet capture library -- shared library libwsutil-dev - network packet dissection utilities library -- shared library libwsutil2 - network packet dissection utilities library -- shared library tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools wireshark-doc - network traffic analyzer - documentation Closes: 776135 Changes: wireshark (1.8.2-5wheezy14) wheezy-security; urgency=high . * security fixes from Wireshark 1.10.12 (Closes: #776135): - The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562) - Wireshark could crash while decypting TLS/SSL sessions. Discovered by Noam Rathaus. (CVE-2015-0564) Checksums-Sha1: 80599102dba6cedda09a9b9d3fca15b692cab23c 2952 wireshark_1.8.2-5wheezy14.dsc 70784bec993ba510c5642e5f28365a0c0aa7e416 134228 wireshark_1.8.2-5wheezy14.debian.tar.gz 603006af96c4ea82a678eb7551af76a8eea33903 3884956 wireshark-doc_1.8.2-5wheezy14_all.deb 355274a08ee6839fb07c05d90acd1006199f632e 1228748 libwireshark-data_1.8.2-5wheezy14_all.deb 1fa27a4953f7efece1343cff5d1550475ed5ce11 229430 wireshark-common_1.8.2-5wheezy14_amd64.deb 5a16650157b9f181f05c2c194f371ee44220aaaf 981248 wireshark_1.8.2-5wheezy14_amd64.deb ec3fd5bb5ab5fd875094e90dfa938a7ef0cd2804 178562 tshark_1.8.2-5wheezy14_amd64.deb c3dab7f7c66d49f863c77c912bb1bac83cccd229 177908 wireshark-dev_1.8.2-5wheezy14_amd64.deb 8b482bb79dc81b33aafd1c2d3626c9721a27acfb 28293220 wireshark-dbg_1.8.2-5wheezy14_amd64.deb 9346d07ae65c0a09bd0c3881c3127e85c455b21a 13443868 libwireshark2_1.8.2-5wheezy14_amd64.deb 961713d9138b6fe26e641bf9802b8e006b44a479 51128 libwsutil2_1.8.2-5wheezy14_amd64.deb 2cb1e5e7d3eaf27e09990a483c9ad0f321bdf7b2 50668 libwsutil-dev_1.8.2-5wheezy14_amd64.deb f97a340e0b0e1d48bb274ae3edb72181ccd350bd 907106 libwireshark-dev_1.8.2-5wheezy14_amd64.deb 992ecbda7143e339a12807bfca76c5f46b3cb4d4 191570 libwiretap2_1.8.2-5wheezy14_amd64.deb c0837fc2b69be3f45fbb6f77801e5ac0d072a4e0 70962 libwiretap-dev_1.8.2-5wheezy14_amd64.deb Checksums-Sha256:
Bug#775478: marked as done (phabricator writes configuration data under /usr)
Your message dated Thu, 29 Jan 2015 19:20:32 + with message-id e1ygudk-00062i...@franck.debian.org and subject line Bug#775478: fixed in phabricator 0~git20150129-1 has caused the Debian Bug report #775478, regarding phabricator writes configuration data under /usr to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775478 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: phabricator Version: 0~git20141101-1 Severity: serious Justification: Policy 9.1.1 Dear Maintainer, Phabricator as shipped in Debian writes its configuration under /usr/share/phabricator/conf. According to FHS ch. 4[1], /usr contains read-only data and should be shareable between systems. Please consider moving the configuration to /var/lib/phabricator and replacing /usr/share/phabricator/conf with a symlink. Regards, Apollon [1] https://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html#PURPOSE18 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) ---End Message--- ---BeginMessage--- Source: phabricator Source-Version: 0~git20150129-1 We believe that the bug you reported is fixed in the latest version of phabricator, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard Sellam richard.sel...@orvidia.fr (supplier of updated phabricator package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Jan 2015 00:15:58 +0100 Source: phabricator Binary: libphutil arcanist phabricator Architecture: source all Version: 0~git20150129-1 Distribution: unstable Urgency: medium Maintainer: Richard Sellam richard.sel...@orvidia.fr Changed-By: Richard Sellam richard.sel...@orvidia.fr Description: arcanist - Command line interface for Phabricator (review platform) libphutil - Shared library for Arcanist and Phabricator phabricator - Software engineering platform Closes: 773536 775478 775479 775803 776288 Changes: phabricator (0~git20150129-1) unstable; urgency=medium . * New snapshot release * restricted access to local config file (closes: #775479) * moved local config file to /var/lib/phabricator (closes: #775478) * switched mysql-server dependency to recommends (closes: #773536) * use /run instead of /var/run (closes: #775803) * prevent package reinstall from overwritting local changes (closes: #776288) Checksums-Sha1: b95acc8fa6c56b2ed5f2b688c977c6391ca939f9 2645 phabricator_0~git20150129-1.dsc 7cf3c1ecac97a03ed167d9380a936b7caa189bbb 369096 phabricator_0~git20150129.orig-arcanist.tar.xz f6752ef7c03bbb8ebef88f5f10290bfccc329a6d 523740 phabricator_0~git20150129.orig-libphutil.tar.xz 41819ea61e1f47cb37b8213295262d5cb6419a0d 3470672 phabricator_0~git20150129.orig.tar.xz 8be890f1a37ce90e1867c0e01179088f683f199b 26152 phabricator_0~git20150129-1.debian.tar.xz 6196c6b93eb84de29eb1d21a900a6243585c14cb 547252 libphutil_0~git20150129-1_all.deb 005c6cc7fdb6eb6a551e2f6e26adbde6de311c82 392444 arcanist_0~git20150129-1_all.deb 3a822831a13d06082db5e855a4dc8b90fdf52db9 3626574 phabricator_0~git20150129-1_all.deb Checksums-Sha256: 9535183280f4a603357bee4b61b256ee15b0458af6f464264e08d89e1fcf00ff 2645 phabricator_0~git20150129-1.dsc 946f2280b9a7513dc866d115969736ec850a081929e0df6e7892314fcd51ca82 369096 phabricator_0~git20150129.orig-arcanist.tar.xz eddb06d7c074234885bd413adfe02e509e6d653b4f654335e206cb6f3a780656 523740 phabricator_0~git20150129.orig-libphutil.tar.xz c6dc796808679e2dbcd28a98a9054ad97890d20ebba2fe9cfa495bf8dc625e83 3470672 phabricator_0~git20150129.orig.tar.xz 1fa5c6e0a621468aef9dc68d6bc95abb0e496b4ed09950c9db15cf35301f739f 26152 phabricator_0~git20150129-1.debian.tar.xz 9af9118d15c15d690ee31b89d10011c69f02369a31b7d2dfcff284edd5ab9fd0 547252
Bug#775479: marked as done (phabricator: insecure configuration permissions)
Your message dated Thu, 29 Jan 2015 19:20:32 + with message-id e1ygudk-00062o...@franck.debian.org and subject line Bug#775479: fixed in phabricator 0~git20150129-1 has caused the Debian Bug report #775479, regarding phabricator: insecure configuration permissions to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775479: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775479 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: phabricator Version: 0~git20141101-1 Severity: grave Tags: security Justification: user security hole Dear Maintainer, The local configuration created by the phabricator package under /usr/share/phabricator/conf/local is globally readable and contains sensitive information like phabricator's database credentials. Access to it should be restricted to only the necessary users (www-data and phabricator in our case). See also #775478 regarding the configuration location. Regards, Apollon -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) ---End Message--- ---BeginMessage--- Source: phabricator Source-Version: 0~git20150129-1 We believe that the bug you reported is fixed in the latest version of phabricator, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard Sellam richard.sel...@orvidia.fr (supplier of updated phabricator package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Jan 2015 00:15:58 +0100 Source: phabricator Binary: libphutil arcanist phabricator Architecture: source all Version: 0~git20150129-1 Distribution: unstable Urgency: medium Maintainer: Richard Sellam richard.sel...@orvidia.fr Changed-By: Richard Sellam richard.sel...@orvidia.fr Description: arcanist - Command line interface for Phabricator (review platform) libphutil - Shared library for Arcanist and Phabricator phabricator - Software engineering platform Closes: 773536 775478 775479 775803 776288 Changes: phabricator (0~git20150129-1) unstable; urgency=medium . * New snapshot release * restricted access to local config file (closes: #775479) * moved local config file to /var/lib/phabricator (closes: #775478) * switched mysql-server dependency to recommends (closes: #773536) * use /run instead of /var/run (closes: #775803) * prevent package reinstall from overwritting local changes (closes: #776288) Checksums-Sha1: b95acc8fa6c56b2ed5f2b688c977c6391ca939f9 2645 phabricator_0~git20150129-1.dsc 7cf3c1ecac97a03ed167d9380a936b7caa189bbb 369096 phabricator_0~git20150129.orig-arcanist.tar.xz f6752ef7c03bbb8ebef88f5f10290bfccc329a6d 523740 phabricator_0~git20150129.orig-libphutil.tar.xz 41819ea61e1f47cb37b8213295262d5cb6419a0d 3470672 phabricator_0~git20150129.orig.tar.xz 8be890f1a37ce90e1867c0e01179088f683f199b 26152 phabricator_0~git20150129-1.debian.tar.xz 6196c6b93eb84de29eb1d21a900a6243585c14cb 547252 libphutil_0~git20150129-1_all.deb 005c6cc7fdb6eb6a551e2f6e26adbde6de311c82 392444 arcanist_0~git20150129-1_all.deb 3a822831a13d06082db5e855a4dc8b90fdf52db9 3626574 phabricator_0~git20150129-1_all.deb Checksums-Sha256: 9535183280f4a603357bee4b61b256ee15b0458af6f464264e08d89e1fcf00ff 2645 phabricator_0~git20150129-1.dsc 946f2280b9a7513dc866d115969736ec850a081929e0df6e7892314fcd51ca82 369096 phabricator_0~git20150129.orig-arcanist.tar.xz eddb06d7c074234885bd413adfe02e509e6d653b4f654335e206cb6f3a780656 523740 phabricator_0~git20150129.orig-libphutil.tar.xz c6dc796808679e2dbcd28a98a9054ad97890d20ebba2fe9cfa495bf8dc625e83 3470672 phabricator_0~git20150129.orig.tar.xz 1fa5c6e0a621468aef9dc68d6bc95abb0e496b4ed09950c9db15cf35301f739f 26152 phabricator_0~git20150129-1.debian.tar.xz 9af9118d15c15d690ee31b89d10011c69f02369a31b7d2dfcff284edd5ab9fd0 547252
Bug#775803: marked as done (phabricator: /var/run/phabricator does not exist -- daemons not starting)
Your message dated Thu, 29 Jan 2015 19:20:32 + with message-id e1ygudk-00062u...@franck.debian.org and subject line Bug#775803: fixed in phabricator 0~git20150129-1 has caused the Debian Bug report #775803, regarding phabricator: /var/run/phabricator does not exist -- daemons not starting to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775803: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775803 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: phabricator Version: 0~git20141101-1 Severity: serious Justification: Policy §9.1.4 Dear Maintainer, The daemon initscript does not create /run/phabricator and as a result the daemons do not start on boot until the directory is created manually: Daemon:[2015-01-20 11:22:48] EXCEPTION: (Exception) phd requires the directory '/var/run/phabricator' to exist, but it does not exist and could not be created. Create this directory or update 'phd.pid-directory' / 'phd.log-directory' in your configuration to point to an existing directory. at [phabricator/src/applications/daemon/management/PhabricatorDaemonManagementWorkflow.php:28] While at it, it would also be better to set phd.pid-directory to /run/phabricator (instead of /var/run/phabricator) to better comply with Debian moving from /var/run to /run. Regards, Apollon -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: phabricator Source-Version: 0~git20150129-1 We believe that the bug you reported is fixed in the latest version of phabricator, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard Sellam richard.sel...@orvidia.fr (supplier of updated phabricator package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Jan 2015 00:15:58 +0100 Source: phabricator Binary: libphutil arcanist phabricator Architecture: source all Version: 0~git20150129-1 Distribution: unstable Urgency: medium Maintainer: Richard Sellam richard.sel...@orvidia.fr Changed-By: Richard Sellam richard.sel...@orvidia.fr Description: arcanist - Command line interface for Phabricator (review platform) libphutil - Shared library for Arcanist and Phabricator phabricator - Software engineering platform Closes: 773536 775478 775479 775803 776288 Changes: phabricator (0~git20150129-1) unstable; urgency=medium . * New snapshot release * restricted access to local config file (closes: #775479) * moved local config file to /var/lib/phabricator (closes: #775478) * switched mysql-server dependency to recommends (closes: #773536) * use /run instead of /var/run (closes: #775803) * prevent package reinstall from overwritting local changes (closes: #776288) Checksums-Sha1: b95acc8fa6c56b2ed5f2b688c977c6391ca939f9 2645 phabricator_0~git20150129-1.dsc 7cf3c1ecac97a03ed167d9380a936b7caa189bbb 369096 phabricator_0~git20150129.orig-arcanist.tar.xz f6752ef7c03bbb8ebef88f5f10290bfccc329a6d 523740 phabricator_0~git20150129.orig-libphutil.tar.xz 41819ea61e1f47cb37b8213295262d5cb6419a0d 3470672 phabricator_0~git20150129.orig.tar.xz 8be890f1a37ce90e1867c0e01179088f683f199b 26152 phabricator_0~git20150129-1.debian.tar.xz 6196c6b93eb84de29eb1d21a900a6243585c14cb 547252 libphutil_0~git20150129-1_all.deb 005c6cc7fdb6eb6a551e2f6e26adbde6de311c82 392444 arcanist_0~git20150129-1_all.deb 3a822831a13d06082db5e855a4dc8b90fdf52db9 3626574 phabricator_0~git20150129-1_all.deb Checksums-Sha256: 9535183280f4a603357bee4b61b256ee15b0458af6f464264e08d89e1fcf00ff 2645 phabricator_0~git20150129-1.dsc 946f2280b9a7513dc866d115969736ec850a081929e0df6e7892314fcd51ca82 369096 phabricator_0~git20150129.orig-arcanist.tar.xz
Bug#776288: marked as done (phabricator: postinst overwrites local configuration changes during reinstall/upgrade)
Your message dated Thu, 29 Jan 2015 19:20:32 + with message-id e1ygudk-000630...@franck.debian.org and subject line Bug#776288: fixed in phabricator 0~git20150129-1 has caused the Debian Bug report #776288, regarding phabricator: postinst overwrites local configuration changes during reinstall/upgrade to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776288 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: phabricator Version: 0~git20141130-1 Severity: serious Justification: Policy 10.7.3 Dear Maintainer, phabricator's postinst script uses bin/config to unconditionally set configuration parameters to the package/debconf defaults. This happens on both reinstall and upgrade and overwrites any changes performed by the administrator. According to Debian policy manual, local configuration changes performed by the administrator (using bin/config in this case) must be preserved. The easiest way to do so is to check if the parameters are already set before setting them. Regards, Apollon -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: phabricator Source-Version: 0~git20150129-1 We believe that the bug you reported is fixed in the latest version of phabricator, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard Sellam richard.sel...@orvidia.fr (supplier of updated phabricator package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Jan 2015 00:15:58 +0100 Source: phabricator Binary: libphutil arcanist phabricator Architecture: source all Version: 0~git20150129-1 Distribution: unstable Urgency: medium Maintainer: Richard Sellam richard.sel...@orvidia.fr Changed-By: Richard Sellam richard.sel...@orvidia.fr Description: arcanist - Command line interface for Phabricator (review platform) libphutil - Shared library for Arcanist and Phabricator phabricator - Software engineering platform Closes: 773536 775478 775479 775803 776288 Changes: phabricator (0~git20150129-1) unstable; urgency=medium . * New snapshot release * restricted access to local config file (closes: #775479) * moved local config file to /var/lib/phabricator (closes: #775478) * switched mysql-server dependency to recommends (closes: #773536) * use /run instead of /var/run (closes: #775803) * prevent package reinstall from overwritting local changes (closes: #776288) Checksums-Sha1: b95acc8fa6c56b2ed5f2b688c977c6391ca939f9 2645 phabricator_0~git20150129-1.dsc 7cf3c1ecac97a03ed167d9380a936b7caa189bbb 369096 phabricator_0~git20150129.orig-arcanist.tar.xz f6752ef7c03bbb8ebef88f5f10290bfccc329a6d 523740 phabricator_0~git20150129.orig-libphutil.tar.xz 41819ea61e1f47cb37b8213295262d5cb6419a0d 3470672 phabricator_0~git20150129.orig.tar.xz 8be890f1a37ce90e1867c0e01179088f683f199b 26152 phabricator_0~git20150129-1.debian.tar.xz 6196c6b93eb84de29eb1d21a900a6243585c14cb 547252 libphutil_0~git20150129-1_all.deb 005c6cc7fdb6eb6a551e2f6e26adbde6de311c82 392444 arcanist_0~git20150129-1_all.deb 3a822831a13d06082db5e855a4dc8b90fdf52db9 3626574 phabricator_0~git20150129-1_all.deb Checksums-Sha256: 9535183280f4a603357bee4b61b256ee15b0458af6f464264e08d89e1fcf00ff 2645 phabricator_0~git20150129-1.dsc 946f2280b9a7513dc866d115969736ec850a081929e0df6e7892314fcd51ca82 369096 phabricator_0~git20150129.orig-arcanist.tar.xz eddb06d7c074234885bd413adfe02e509e6d653b4f654335e206cb6f3a780656 523740 phabricator_0~git20150129.orig-libphutil.tar.xz c6dc796808679e2dbcd28a98a9054ad97890d20ebba2fe9cfa495bf8dc625e83 3470672 phabricator_0~git20150129.orig.tar.xz
Bug#776565: Booting does not currently work
also sprach Cyril Brulebois k...@debian.org [2015-01-29 18:58 +0100]: I'm not sure it's reasonable to expect fixing di-n-a at this point of the release cycle, frankly. Of course, but maybe the fix is trivial… on the other hand, I looked and tried already… there is a patch. Lemme at least verify that one on the weekend. -- .''`. martin f. krafft madduck@d.o @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems tempt not a desperate man. -- william shakespeare digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#720040: libdb6.0-java: file conflicts with libdb5.[13]-java: /usr/share/java/db.jar
libdb6.0-java has been removed (#748192), I guess this bug can be closed now? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#776260: tecnoballz: Version dependancy to libsdl-mixer1.2
Processing commands for cont...@bugs.debian.org: severity 776260 serious Bug #776260 [tecnoballz] tecnoballz: Version dependancy to libsdl-mixer1.2 Severity set to 'serious' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 776260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776611: [dirmngr] segfaults
Package: dirmngr Version: 1.1.1-4 Severity: serious --- Please enter the report below this line. --- i really do not know how to debug it, but .. it always segfaults. [ 14.070905] dirmngr[2239]: segfault at 2 ip 7f5cda9b9ff6 sp 7d09e130 error 4 in libc-2.19.so[7f5cda981000+19f000] [ 15.425365] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 15.425369] Bluetooth: BNEP filters: protocol multicast [ 15.425377] Bluetooth: BNEP socket layer initialized [ 15.461603] Bluetooth: RFCOMM TTY layer initialized [ 15.461616] Bluetooth: RFCOMM socket layer initialized [ 15.461620] Bluetooth: RFCOMM ver 1.11 [ 411.311408] systemd-default-display-manager-generator[3432]: No default display manager unit service enabled, setup is manual or a sysvinit file [ 411.524582] systemd-default-display-manager-generator[3463]: No default display manager unit service enabled, setup is manual or a sysvinit file [ 444.650080] systemd-default-display-manager-generator[5152]: No default display manager unit service enabled, setup is manual or a sysvinit file [ 444.735631] dirmngr[5172]: segfault at 2 ip 7fadea76fff6 sp 7fff21acd780 error 4 in libc-2.19.so[7fadea737000+19f000] --- System information. --- Architecture: amd64 Kernel: Linux 3.16.0-4-amd64 Debian Release: 8.0 500 wheezy-3.0 debian.tryton.org 500 testing ftp.de.debian.org 500 stable ftp.de.debian.org 500 stable apt.multi24.com 500 jessie-3.2 debian.tryton.org --- Package information. --- Depends (Version) | Installed =-+- adduser | 3.113+nmu3 lsb-base (= 3.2-13) | 4.1+Debian13+nmu1 libassuan0 (= 2.0.2) | 2.1.2-2 libc6 (= 2.15) | libgcrypt11(= 1.5.1) | libgpg-error0 (= 1.10) | libksba8 (= 1.2.0) | libldap-2.4-2 (= 2.4.7) | libpth20 (= 2.0.7) | Package's Recommends field is empty. Package's Suggests field is empty. -- Dipl.-Inf. Univ. Florian Reitmeir E-Mail: n...@multi24.com Tel: +43 650 2661660 Fax: +43 650 2661660 HP: http://net.multi24.com Amraserstr 23 6020 Innsbruck / Austria -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#770009: Backtrace for the hang
Le 29 janv. 2015 19:59, Bastien ROUCARIES roucaries.bast...@gmail.com a écrit : try to add to convert command line -limit thread 1 On Thu, Jan 29, 2015 at 7:58 PM, Bastien ROUCARIES roucaries.bast...@gmail.com wrote: No what is the position of the porters ? And a backtrace with limit thread Bastien On Wed, Jan 28, 2015 at 11:50 PM, Vincent Fourmond fourm...@debian.org wrote: On Wed, Jan 28, 2015 at 8:14 AM, Bastien ROUCARIES roucaries.bast...@gmail.com wrote: Le 28 janv. 2015 08:00, roucaries bastien roucaries.bastien+deb...@gmail.com a écrit : Le 27 janv. 2015 22:15, Vincent Fourmond fourm...@debian.org a écrit : I've run the build on the MIPS portebox. It hangs on the first SVG to PNG conversion. Here is a full backtrace. The process is for now stopped on the porterbox; I think I can leave it for some hours more at least, if other information could be useful. Smell like an openmp bug ny memory they are a enviroment variable to disable openmp. We could try OMP_thread_limit=1 Even OMP_THREAD_LIMIT=1 ./magick.sh convert /home/fourmond/tmp/imagemagick-6.8.9.9/debian/display-im6.svg \ -background none -define filter:blur=0.75 -filter Gaussian -resize $SIZE \ -gravity center -extent $SIZE \ /home/fourmond/tmp/imagemagick-6.8.9.9/debian/tmp-Q16/usr/share/icons/hicolor/$SIZE/apps/display-im6.q16.png; \ hangs... Any idea ? Vincent Hope it helps, Vincent
Bug#776137: sudo: fails to switch between sudo and sudo-ldap: chown: cannot access '/etc/sudoers': No such file or directory
On 2015-01-29 21:25, Andreas Beckmann wrote: just to make notation clear /etc/sudoers is a *configuration file*, i.e. rules of preserving user changes apply since wheezy it is also a *conffile* i.e. shipped with the package at /etc/sudoers and managed by dpkg, not to be touched by maintainer scripts before it was managed by maintainer scripts True. But as you observed in your initial report, the same bug can be triggered in a clean jessie environment, where the configuration file / conffile distinction is not a factor. As you reported: on a fresh jessie host, install sudo, and switch to sudo-ldap (or vice versa). The bug will present itself. the tricky part is to get a smooth upgrade patch from the pre-conffile stage to a conffile * with preserving user chnages * without asking useles questions I think the real bug is still that pre-conffile handling is applied to a conffile by listing the wheezy md5sum The way I see the problem, a solution for the pure-jessie case will also be a solution for the wheezy case. if dpkg installs a conffile for the first time there are three possibilities: * the file does not exist - trivial: install and record it * the file exists and is the same as being installed - record it * the file exists but is different: ask And the patch I proposed works with all these cases. But that is all beside the point, because the conffile is not being installed for the first time. The problem manifests itself during a switch, so we have a pre-existing conffile. Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776137: sudo: fails to switch between sudo and sudo-ldap: chown: cannot access '/etc/sudoers': No such file or directory
just to make notation clear /etc/sudoers is a *configuration file*, i.e. rules of preserving user changes apply since wheezy it is also a *conffile* i.e. shipped with the package at /etc/sudoers and managed by dpkg, not to be touched by maintainer scripts before it was managed by maintainer scripts the tricky part is to get a smooth upgrade patch from the pre-conffile stage to a conffile * with preserving user chnages * without asking useles questions (do not even think about downgrades, they are just unsuported) I think the real bug is still that pre-conffile handling is applied to a conffile by listing the wheezy md5sum if dpkg installs a conffile for the first time there are three possibilities: * the file does not exist - trivial: install and record it * the file exists and is the same as being installed - record it * the file exists but is different: ask Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: marked as done (virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427)
Your message dated Thu, 29 Jan 2015 21:17:09 +
with message-id e1ygwsb-0003ht...@franck.debian.org
and subject line Bug#775888: fixed in virtualbox 4.1.18-dfsg-2+deb7u4
has caused the Debian Bug report #775888,
regarding virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595
CVE-2015-0418 CVE-2015-0427
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
775888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details available yet:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Cheers,
Moritz
---End Message---
---BeginMessage---
Source: virtualbox
Source-Version: 4.1.18-dfsg-2+deb7u4
We believe that the bug you reported is fixed in the latest version of
virtualbox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 775...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ritesh Raj Sarraf r...@debian.org (supplier of updated virtualbox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Thu, 22 Jan 2015 14:21:14 +0100
Source: virtualbox
Binary: virtualbox-qt virtualbox virtualbox-dbg virtualbox-dkms
virtualbox-source virtualbox-guest-dkms virtualbox-guest-source
virtualbox-guest-x11 virtualbox-guest-utils virtualbox-fuse virtualbox-ose-qt
virtualbox-ose virtualbox-ose-dbg virtualbox-ose-dkms virtualbox-ose-source
virtualbox-ose-guest-dkms virtualbox-ose-guest-source virtualbox-ose-guest-x11
virtualbox-ose-guest-utils virtualbox-ose-fuse
Architecture: source amd64 all
Version: 4.1.18-dfsg-2+deb7u4
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Virtualbox Team
pkg-virtualbox-de...@lists.alioth.debian.org
Changed-By: Ritesh Raj Sarraf r...@debian.org
Description:
virtualbox - x86 virtualization solution - base binaries
virtualbox-dbg - x86 virtualization solution - debugging symbols
virtualbox-dkms - x86 virtualization solution - kernel module sources for dkms
virtualbox-fuse - x86 virtualization solution - virtual filesystem
virtualbox-guest-dkms - x86 virtualization solution - guest addition module
source for dk
virtualbox-guest-source - x86 virtualization solution - guest addition module
source
virtualbox-guest-utils - x86 virtualization solution - non-X11 guest utilities
virtualbox-guest-x11 - x86 virtualization solution - X11 guest utilities
virtualbox-ose - transitional package for virtualbox
virtualbox-ose-dbg - transitional package for virtualbox-dbg
virtualbox-ose-dkms - transitional package for virtualbox-dkms
virtualbox-ose-fuse - transitional package for virtualbox-fuse
virtualbox-ose-guest-dkms - transitional package for virtualbox-guest-dkms
virtualbox-ose-guest-source - transitional package for virtualbox-guest-source
virtualbox-ose-guest-utils - transitional package for virtualbox-guest-utils
virtualbox-ose-guest-x11 - transitional package for virtualbox-guest-x11
virtualbox-ose-qt - transitional package for virtualbox-qt
virtualbox-ose-source - transitional package for virtualbox-source
virtualbox-qt - x86 virtualization solution - Qt based user interface
virtualbox-source - x86 virtualization solution - kernel module source
Closes: 775888
Changes:
virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium
.
[ Frank Mehnert ]
* fix security vulnerabilities (Closes: #775888)
CVE-2015-0377, CVE-2015-0418
- debian/patches/CVE-2015-0{377,418}.patch
Checksums-Sha1:
ef5f524c6a04993767711c1e0faf64da1c86aaf5 4111
virtualbox_4.1.18-dfsg-2+deb7u4.dsc
6f92f99d13d6943bb4dea8cd2d4611f3ec0e3169 104189
virtualbox_4.1.18-dfsg-2+deb7u4.debian.tar.gz
0e1be596c8c7a44ac74c513dbfe574beaf450294 4205558
virtualbox-qt_4.1.18-dfsg-2+deb7u4_amd64.deb
28cdc4e0dd8106f7ee2ea9a44b7afc25bd0f2aaa 12691188
virtualbox_4.1.18-dfsg-2+deb7u4_amd64.deb
f04a6d378e89b311f1a5fe3ea8b24e8ea90c6930 51779400
virtualbox-dbg_4.1.18-dfsg-2+deb7u4_amd64.deb
81a30d1e958651c2ea49f592500eac389c932b13 498704
virtualbox-dkms_4.1.18-dfsg-2+deb7u4_all.deb
Processed: tagging 668736, tagging 689887
Processing commands for cont...@bugs.debian.org: # Bugfixes by NMU waiting in the deferred queue tags 668736 + pending Bug #668736 [distmp3] distmp3: unowned files after purge (policy 6.8, 10.8): etc/default/distmp3 Added tag(s) pending. tags 689887 + pending Bug #689887 [distmp3] Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2) Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 668736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668736 689887: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689887 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776063: dbus fails to upgrade rendering entire apt unusable
Hi! On Sun, 2015-01-25 at 00:45:10 +, Simon McVittie wrote: On Fri, 23 Jan 2015 at 19:04:33 +0100, Guillem Jover wrote: I think this one should be merged with the other dbus+triggers+apt bugs. I notice that before the failing upgrade, Yaroslav had dpkg 1.17.21 and apt 1.0.9.4 (if I'm reading the right status-file backup), which means he did not have the fix for https://bugs.debian.org/769609 in apt. dpkg and apt were upgraded to 1.17.23 and 1.0.9.6 earlier in the same batch that failed with this dbus trigger thing, which I assume means dbus was upgraded with the old apt (although maybe the new dpkg). AFAIR I tested with latest apt and could reproduce the issue, it also affects the apt in stable. Is the fix for https://bugs.debian.org/769609 expected to fix this particular issue, or am I misreading it? This is for another issue (leaving packages in trigger states after finishing up the apt run), and although running «dpkg --configure -a» would indeed fix the issue at hand, the problem is that apt does not recognize the problem and is unable to make progress. But the real fix would be for apt to not try to explicitly configure the packages out of order. I don't think this can be worked around in dbus, barring the removal of its triggers. (Just in case, I meant the removal of the awaiting part of the trigger, not necessarily the whole trigger.) If it's absolutely necessary, I might be able to back out the trigger for jessie, because it is *meant* to be non-essential: dbus-daemon is meant to use inotify to monitor the system services directory, and that feature works fine for me. However, I've had reports that it doesn't work for everyone, hence the trigger (and in any case it seems more predictable/deterministic to use a trigger to kick off the reload when all new packages are known to be fully in place). Besides getting an apt fix, we'd need to add a workaround for this outside of apt anyway, because the new dpkg and dbus can be upgraded and as such reinvoked from the running apt session. If apt (with a fix) got upgraded too, then although quite unfortunate and inconvenient the subsequent upgrade would not get stuck and could at least proceed. But if apt did not yet get upgraded then the upgrade would get stuck, as it currently happens. Or if dropping it down to interest-noawait would help, that isn't really semantically correct, but it's probably acceptable in practice? So if switching to interest-noawait does not seem too onerous, I'd probably prefer that to adding workarounds in dpkg, because that would require changing the semantics of some operations that might get entrenched and might be difficult to revert later on. :/ But, in this case that does mean that perhaps we might be moving the problem to some other package groups, and as I've asked before, I'd like input from the apt team on this, as in how difficult an apt fix seems to be, what's the reach of the problem for stable's apt, etc. So that we can better evaluate where and what kind of workaround would be best. Or even if an outright revert in dpkg, with the implied upgrade failures due to unsatisfied dependencies, is to be considered. But lacking that input, I guess it might be worth a try? https://bugs.debian.org/740139 is the bug report that prompted me to add the trigger, FWIW. It's unfortunate that the root cause for this problem was never discovered. :( Although even with interest-noawait, it means that dbus would be guaranteed to be restarted during the apt run, so any such breakage would be time-confined. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#403071: marked as done (mozilla messes up mailbox, loss of mails)
Your message dated Fri, 30 Jan 2015 02:45:08 +0100 with message-id 54cae224.8020...@debian.org and subject line iceape-mailnews has been removed from Debian has caused the Debian Bug report #403071, regarding mozilla messes up mailbox, loss of mails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 403071: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=403071 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mozilla-mailnews Version: 2:1.7.8-1sarge8 Severity: grave I was cleaning up my mailbox, using Search Messages to filter for certain patterns: On one of my accounts mails with a certain spam level get their subject line rewritten so one can easily see this information. I first did a search for this pattern, removing all found messages. Then I did a search on a different pattern, searching for mails delivered to one email address without having a TO: or CC: header containing this very address. I was very astonished to find a friend's mail in the results, for this friend isn't even aware of the email address or even the domain of the email address I was filtering for. When I opened this message I got something totally different -- subject matching to the search pattern before and therefore not to the subject in the results list, a different sender and a spam message. But this spam message did contain the attachment of my friend's message -- as inline text. I had to save the message to the file system, clean the body and then base64-decode the remains to get my friend's attachment back. After restarting mozilla-mailnews I couldn't find any hint of my friend's mail. And the spam message, still containing the attachment of my friend's mail, was marked new. And finally some information, which might be of help: - my friend's message was a single pdf attachment. - this message was the first message in my mailbox -- at least the first by date. I don't know if it was at the beginning of the mailbox file. I tagged this bug grave as I would have lost the message if I hadn't noticed it got attached to a mail I was to remove. bye caspar signature.asc Description: OpenPGP digital signature ---End Message--- ---BeginMessage--- Closing old bugs against iceape-mailnews since it was already removed from Debian a year ago: https://bugs.debian.org/736165 Andreas---End Message---
Processed: found 722075 in eglibc/2.11.3-4+deb6u4, found 722075 in eglibc/2.13-38+deb7u7
Processing commands for cont...@bugs.debian.org:
found 722075 eglibc/2.11.3-4+deb6u4
Bug #722075 {Done: Aurelien Jarno aure...@debian.org} [libc6] libc6:
getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423)
Marked as found in versions eglibc/2.11.3-4+deb6u4.
found 722075 eglibc/2.13-38+deb7u7
Bug #722075 {Done: Aurelien Jarno aure...@debian.org} [libc6] libc6:
getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423)
Marked as found in versions eglibc/2.13-38+deb7u7.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
722075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771971: dpkg hangs installing init during upgrade from wheezy to jessie
Hi! On Sun, 2015-01-25 at 20:34:48 +, Steve McIntyre wrote: On Sun, Jan 25, 2015 at 09:11:57PM +0100, Guillem Jover wrote: On Sun, 2015-01-25 at 14:18:03 +0100, Guillem Jover wrote: Adding -D7 to the dpkg call through apt's DPkg::options would be helpful. It would also be helpful to know which process hangs, and if it's dpkg itself an easy recipe to reproduce this? I just noticed this was a bug report from December, so I assume this was possibly one of the dpkg bugs where it was busy looing (#766242 or #766322), which is now fixed? Possibly, yes. Although those fixes migrated to testing on 2014-11-03, so I'm not sure. It would be nice to get more information of the environment at the time. But if it does not happen anymore then it might indeed be fixed already. :/ I still have my backup of the VM image at the time, so it should be possible to try upgrading it using snapshot.d.o from that time too, if it's likely to be useful. If it's not too cumbersome or might take too much of your time, it would be useful, indeed, as the timing seems wrong, and I'd expect a fixed dpkg to have been in place. So it would be nice to discard any possible remaining problems that might still be lurking around. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720040: libdb6.0-java: file conflicts with libdb5.[13]-java: /usr/share/java/db.jar
On 2015-01-29 22:49, Emmanuel Bourg wrote: libdb6.0-java has been removed (#748192), I guess this bug can be closed now? good point, somehow this was missed at the removal I hope I found and closed all the remaining db6.0 bugs Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724920: Bug#725661: pu: opencv/2.3.1+dfsg-1
2015-01-30 8:03 GMT+09:00 Adam D. Barratt a...@adam-barratt.org.uk:
Control: tags 725661 + pending
On Sat, 2015-01-17 at 11:45 +, Adam D. Barratt wrote:
On 2014-09-20 18:00, Adam D. Barratt wrote:
Control: tags 725661 +confirmed -moreinfo
On Fri, 2014-03-07 at 09:02 +0900, Nobuhiro Iwamatsu wrote:
Most of the files in modules/gpu/test/nvidia/ is DFSG Non-free.
They are also provided the latest OpenCV, but the license was changed
by
commit f0b19d4659045b00c55f849187cd657b21a13e5d.
It took a patch from commit the license was modified. And I fix the
problems in the license by applying.
Apologies for the delay in getting back to you.
Please go ahead.
Ping?
Uploaded and flagged for acceptance.
Regards,
Adam
Thanks!
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776431: marked as done (intel-microcode: Haswell-E (306f2) microcode broken in 20150107)
Your message dated Thu, 29 Jan 2015 23:03:43 + with message-id e1ygy7j-0001wl...@franck.debian.org and subject line Bug#776431: fixed in intel-microcode 3.20150121.1 has caused the Debian Bug report #776431, regarding intel-microcode: Haswell-E (306f2) microcode broken in 20150107 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 776431: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776431 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: intel-microcode Version: 3.20150107.1~bpo70+1 Hi, After installing this microcode update and rebooting host (Dell PowerEdge R430), we get: --8---cut here---start-8--- [ 20.224624] [ cut here ] [ 20.229882] WARNING: CPU: 0 PID: 1 at /build/linux-ax4Uh1/linux-3.16.7-ckt2/kernel/watchdog.c:265 watchdog_overflow_callback+0x9a/0xc0() [ 20.243701] Watchdog detected hard LOCKUP on cpu 0 [ 20.248931] Modules linked in: [ 20.252809] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G D 3.16.0-0.bpo.4-amd64 #1 Debian 3.16.7-ckt2-1~bpo70+1 [ 20.264878] Hardware name: Dell Inc. PowerEdge R430/0DYFC8, BIOS 1.0.2 11/17/2014 [ 20.273355] 8171bac8 81541f8f 88047f406c58 [ 20.282045] 8106cecc 88046eec0c00 88047f406d48 [ 20.290924] 88047f406ef8 8106cfba 8171baa0 [ 20.299617] Call Trace: [ 20.302440] NMI [81541f8f] ? dump_stack+0x41/0x51 [ 20.309307] [8106cecc] ? warn_slowpath_common+0x8c/0xc0 [ 20.316306] [8106cfba] ? warn_slowpath_fmt+0x4a/0x50 [ 20.323014] [8110881a] ? watchdog_overflow_callback+0x9a/0xc0 [ 20.330596] [81142c18] ? __perf_event_overflow+0x98/0x230 [ 20.337789] [8102bc78] ? x86_perf_event_set_period+0xd8/0x150 [ 20.345371] [81033428] ? intel_pmu_handle_irq+0x1f8/0x3d0 [ 20.352564] [8102b082] ? perf_event_nmi_handler+0x32/0x60 [ 20.359757] [81018f3d] ? nmi_handle+0x8d/0x140 [ 20.365882] [8104b410] ? default_send_IPI_mask_allbutself_phys+0xf0/0xf0 [ 20.374553] [810196bd] ? default_do_nmi+0xdd/0x130 [ 20.381066] [81019798] ? do_nmi+0x88/0xc0 [ 20.386704] [8154a821] ? end_repeat_nmi+0x1e/0x2e [ 20.393121] [8141f347] ? qi_submit_sync+0x197/0x430 [ 20.399732] [8141f347] ? qi_submit_sync+0x197/0x430 [ 20.406342] [8141f347] ? qi_submit_sync+0x197/0x430 [ 20.412952] EOE [81425f91] ? modify_irte+0xa1/0xf0 [ 20.420110] [814264f4] ? intel_ioapic_set_affinity+0x144/0x1e0 [ 20.427790] [81915694] ? setup_ioapic_dest+0x70/0x97 [ 20.434489] [81911d92] ? native_smp_cpus_done+0xff/0x108 [ 20.441586] [81901172] ? kernel_init_freeable+0xdc/0x1e7 [ 20.448681] [81534910] ? rest_init+0x80/0x80 [ 20.454612] [8153491e] ? kernel_init+0xe/0xf0 [ 20.460640] [815483bc] ? ret_from_fork+0x7c/0xb0 [ 20.466960] [81534910] ? rest_init+0x80/0x80 [ 20.472890] ---[ end trace a5d8cfb932b02cf3 ]--- --8---cut here---end---8--- Kernel: linux-image-3.16.0-0.bpo.4-amd64 3.16.7-ckt2-1~bpo70 Output from /proc/cpuinfo from the host with
Bug#776137: sudo: fails to switch between sudo and sudo-ldap: chown: cannot access '/etc/sudoers': No such file or directory
On 2015-01-29 23:16, Christian Kastner wrote: True. But as you observed in your initial report, the same bug can be triggered in a clean jessie environment, where the configuration file / conffile distinction is not a factor. probably because the md5sums for wheezy and jessie are the same But that is all beside the point, because the conffile is not being installed for the first time. That works fine. sudo installs its conffile The problem manifests itself during a switch, so we have a pre-existing conffile. Which is erroneously moved aside by sudo-ldap.preinst, thereafter dpkg unpacks sudo-ldap, takes over file ownership (incl. conffiles) from sudo and once it gets around to installing ist conffile it notices that this has not changed from the known md5sum, so no attempt is made to upgrade the missing conffile. Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720159: marked as done (db6.0: New licencing incompatible with the old one [don't migrate to testing])
Your message dated Fri, 30 Jan 2015 00:42:20 +0100 with message-id 54cac55c.60...@debian.org and subject line db6.0 was removed due to licence incompatibilities has caused the Debian Bug report #720159, regarding db6.0: New licencing incompatible with the old one [don't migrate to testing] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720159: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720159 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: db6.0 Version: 6.0.19-3 Severity: serious Tags: upstream Justification: maintainer request -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The licensing of DB 6.0 suffers from two problems: * Upstream claims that DB 6.0 is licensed under AGPLv3, but the package doesn't reflect that yet * AGPLv3 is not compatible with several licenses of packages using the Berkeley DB library Thus this bug is a placeholder bug to stop the package to migrate to testing, since we don't want our users to start using it. We still have the goal of one Berkeley DB version per release, so we are likely to stuck with Berkeley DB 5.3 for foreseable future. O. - -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlIR4WYACgkQ9OZqfMIN8nM00wCfQTHXLtbZX8sRN/t3xY83Nm5D qcUAnjui/G/3kdRw82D3sI7bgjTDIZdX =X+Ko -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- src:db6.0 was removed from unstable long ago, see https://bugs.debian.org/748192 Andreas---End Message---
Bug#720042: marked as done (libdb6.0-sql-dev, libdb6.0-stl-dev: file conflicts with libdb5.3-sql-dev, libdb5.3-stl-dev)
Your message dated Fri, 30 Jan 2015 00:42:20 +0100 with message-id 54cac55c.60...@debian.org and subject line db6.0 was removed due to licence incompatibilities has caused the Debian Bug report #720042, regarding libdb6.0-sql-dev, libdb6.0-stl-dev: file conflicts with libdb5.3-sql-dev, libdb5.3-stl-dev to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720042 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libdb6.0-sql-dev,libdb6.0-stl-dev Version: 6.0.19-3 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces From the attached log (scroll to the bottom...): Selecting previously unselected package libdb6.0-sql-dev. Unpacking libdb6.0-sql-dev (from .../libdb6.0-sql-dev_6.0.19-3_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libdb6.0-sql-dev_6.0.19-3_amd64.deb (--unpack): trying to overwrite '/usr/include/dbsql.h', which is also in package libdb5.3-sql-dev 5.3.21-2 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libdb6.0-sql-dev_6.0.19-3_amd64.deb Shared files between libdb6.0-sql-dev and libdb5.3-sql-dev: usr/include/dbsql.h usr/lib/x86_64-linux-gnu/libdb_sql.a usr/lib/x86_64-linux-gnu/libdb_sql.so Shared files between libdb6.0-stl-dev and libdb5.3-stl-dev: usr/include/dbstl_base_iterator.h usr/include/dbstl_common.h usr/include/dbstl_container.h usr/include/dbstl_dbc.h usr/include/dbstl_dbt.h usr/include/dbstl_element_ref.h usr/include/dbstl_exception.h usr/include/dbstl_inner_utility.h usr/include/dbstl_map.h usr/include/dbstl_resource_manager.h usr/include/dbstl_set.h usr/include/dbstl_utility.h usr/include/dbstl_vector.h usr/lib/x86_64-linux-gnu/libdb_stl.a usr/lib/x86_64-linux-gnu/libdb_stl.so cheers, Andreas libdb5.3-sql-dev=5.3.21-2_libdb6.0-sql-dev=6.0.19-3.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- src:db6.0 was removed from unstable long ago, see https://bugs.debian.org/748192 Andreas---End Message---
Processed (with 2 errors): Re: libc6: getaddrinfo() sends DNS queries to random file descriptors
Processing control commands:
retitle -1 libc6: getaddrinfo() sends DNS queries to random file descriptors
(CVE-2013-7423)
Bug #722075 {Done: Aurelien Jarno aure...@debian.org} [libc6] libc6:
getaddrinfo() sends DNS queries to random file descriptors
Changed Bug title to 'libc6: getaddrinfo() sends DNS queries to random file
descriptors (CVE-2013-7423)' from 'libc6: getaddrinfo() sends DNS queries to
random file descriptors'
forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=15946
Bug #722075 {Done: Aurelien Jarno aure...@debian.org} [libc6] libc6:
getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423)
Set Bug forwarded-to-address to
'https://sourceware.org/bugzilla/show_bug.cgi?id=15946'.
severity -1 serious
Bug #722075 {Done: Aurelien Jarno aure...@debian.org} [libc6] libc6:
getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423)
Severity set to 'serious' from 'normal'
found -1 eglibc 2.11.3-4+deb6u4
Unknown command or malformed arguments to command.
found -1 eglibc 2.13-38+deb7u7
Unknown command or malformed arguments to command.
--
722075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#683022: marked as done (FTBFS on armel: internal compiler error: Segmentation fault)
Your message dated Fri, 30 Jan 2015 01:26:21 +0100 with message-id 54cacfad.3070...@debian.org and subject line dehydra was removed from Debian has caused the Debian Bug report #683022, regarding FTBFS on armel: internal compiler error: Segmentation fault to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683022: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683022 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: dehydra Version: 0.9.hg20120525-1 Severity: serious Justification: fails to build from source dehydra fails to build from source on armel, but built in the past: Event| Plugins PLUGIN_FINISH_TYPE | gcc_dehydra PLUGIN_FINISH_UNIT | gcc_dehydra PLUGIN_PRE_GENERICIZE| gcc_dehydra PLUGIN_FINISH| gcc_dehydra PLUGIN_ATTRIBUTES| gcc_dehydra In file included from gcc_cp_headers.h:54:0: /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/toplev.h:81:50: internal compiler error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See file:///usr/share/doc/gcc-4.6/README.Bugs for instructions. /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/options.h:3418:15: Likely harmless: unhandled undefined signed char cl_optimization::x_flag_wpa /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/options.h:3418:15 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/options.h:3419:15: Likely harmless: unhandled undefined signed char cl_optimization::x_flag_wrapv /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/options.h:3419:15 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:421:58: Harmless: skipping cgraph_edge::aux. /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:224:51: Harmless: skipping cgraph_node::aux. /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:229:68: Harmless: skipping cgraph_node::ipa_transforms_to_apply. /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/ipa-ref.h:51:87: Likely harmless: unhandled union ipa_ref_ptr_u ipa_ref::refering /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/ipa-ref.h:51:87 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/ipa-ref.h:52:86: Likely harmless: unhandled union ipa_ref_ptr_u ipa_ref::refered /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/ipa-ref.h:52:86 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/ipa-ref.h:75:67: Harmless: skipping ipa_ref_list::refering. /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:96:31: Harmless: cgraph_local_info::lto_file_data' type is incomplete /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:172:8: Likely harmless: unhandled undefined bool ipa_replace_map::replace_p /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:172:8 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:174:8: Likely harmless: unhandled undefined bool ipa_replace_map::ref_p /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:174:8 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:85:8: Likely harmless: unhandled undefined bool cgraph_thunk_info::this_adjusting /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:85:8 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:86:8: Likely harmless: unhandled undefined bool cgraph_thunk_info::virtual_offset_p /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:86:8 /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:88:8: Likely harmless: unhandled undefined bool cgraph_thunk_info::thunk_p /usr/lib/gcc/arm-linux-gnueabi/4.6/plugin/include/cgraph.h:88:8 Generated treehydra_generated.c Preprocessed source stored into /tmp/ccp0PFfW.out file, please attach this to your bugreport. make[1]: *** [treehydra_generated.c] Error 1 make[1]: Leaving directory `/build/buildd-dehydra_0.9.hg20120525-1-armel-t13r4p/dehydra-0.9.hg20120525' dh_auto_build: make -j1 returned exit code 2 make: *** [build-arch] Error 2 dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2 https://buildd.debian.org/status/fetch.php?pkg=dehydraarch=armelver=0.9.hg20120525-1stamp=1338668741 ---End Message--- ---BeginMessage--- dehydra is no longer in Debian, closing old bugs see https://bugs.debian.org/745868 Andreas---End Message---
Bug#657898: marked as done (bugzilla3: Minor updates should not require package to be reconfigured)
Your message dated Fri, 30 Jan 2015 02:51:02 +0100 with message-id 54cae386.4090...@debian.org and subject line bugzilla has been removed from Debian has caused the Debian Bug report #657898, regarding bugzilla3: Minor updates should not require package to be reconfigured to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 657898: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657898 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: bugzilla3 Version: 3.6.2.0-4.5 Severity: important Every time I pull in an update to bugzilla3 via apt, I see a debconf message saying 'run dpkg-reconfigure bugzilla3' to configure bugzilla. I then find that the localconfig file has been reverted to its default state, rendering my installation unusable until I reconfigure it. Reconfiguration should not be necessary for security updates and minor version jumps; the installation of the updated package should leave my configuration files alone. -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages bugzilla3 depends on: ii apache22.2.16-6+squeeze4 Apache HTTP Server metapackage ii apache2-mpm-prefork [h 2.2.16-6+squeeze4 Apache HTTP Server - traditional n ii dbconfig-common1.8.46+squeeze.0 common framework for packaging dat ii debconf1.5.36.1 Debian configuration management sy ii exim4 4.72-6+squeeze2 metapackage to ease Exim MTA (v4) ii exim4-daemon-light [ma 4.72-6+squeeze2 lightweight Exim MTA (v4) daemon ii libappconfig-perl 1.56-2Perl module for configuration file ii libcgi-pm-perl 3.49-1squeeze1module for Common Gateway Interfac ii libdatetime-perl 2:0.6100-2module for manipulating dates, tim ii libdatetime-timezone-p 1:1.20-1+2010kframework exposing the Olson time ii libdbd-mysql-perl 4.016-1 Perl5 database interface to the My ii libdbd-pg-perl 2.17.1-2 Perl DBI driver for the PostgreSQL ii libemail-mime-perl [li 1.903-1 module for simple MIME message par ii libemail-send-perl 2.198-3 Perl module for simply sending ema ii libjs-yui 2.8.2r1~squeeze-1 Yahoo User Interface Library ii libmail-sendmail-perl 0.79.16-1 Send email from a perl script ii libtemplate-perl 2.22-0.1 template processing system written ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii mysql-client-5.0 [mysq 5.0.51a-24+lenny5 MySQL database client binaries ii patch 2.6-2 Apply a diff file to an original ii perl-modules [libcgi-p 5.10.1-17squeeze3 Core Perl modules ii postgresql-client-8.4 8.4.10-0squeeze1 front-end programs for PostgreSQL ii ucf3.0025+nmu1 Update Configuration File: preserv Versions of packages bugzilla3 recommends: pn cvsnone(no description available) ii imagemagick8:6.6.0.4-3 image manipulation programs ii libchart-perl 2.4.1-5 Chart Library for Perl ii libtemplate-plugin-gd- 2.66-2GD plugin(s) for the Template Tool ii libxml-parser-perl 2.36-1.1+b1 Perl module for parsing XML files ii mysql-server-5.0 [mysq 5.0.51a-24+lenny5 MySQL database server binaries ii perlmagick 8:6.6.0.4-3 Perl interface to the ImageMagick Versions of packages bugzilla3 suggests: pn bugzilla3-docnone (no description available) pn graphviz none (no description available) pn libauthen-radius-perlnone (no description available) ii libgd-gd2-perl 1:2.39-2+b1 Perl module wrapper for libgd - gd ii libgd-graph-perl 1.44-3 Graph Plotting Module for Perl 5 ii libgd-text-perl 0.86-5 Text utilities for use with GD ii libhtml-parser-perl 3.66-1 collection of modules that parse H ii libhtml-scrubber-perl0.08-4 Perl extension for scrubbing/sanit ii libmailtools-perl2.06-1 Manipulate email in perl programs pn libmime-tools-perl none (no description available) pn libnet-ldap-perl none (no description available) pn
Bug#724920: Bug#725661: pu: opencv/2.3.1+dfsg-1
Control: tags 725661 + pending On Sat, 2015-01-17 at 11:45 +, Adam D. Barratt wrote: On 2014-09-20 18:00, Adam D. Barratt wrote: Control: tags 725661 +confirmed -moreinfo On Fri, 2014-03-07 at 09:02 +0900, Nobuhiro Iwamatsu wrote: Most of the files in modules/gpu/test/nvidia/ is DFSG Non-free. They are also provided the latest OpenCV, but the license was changed by commit f0b19d4659045b00c55f849187cd657b21a13e5d. It took a patch from commit the license was modified. And I fix the problems in the license by applying. Apologies for the delay in getting back to you. Please go ahead. Ping? Uploaded and flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: [Pkg-gnupg-maint] Bug#776611: [dirmngr] segfaults
Processing control commands: tags 776611 + unreproducible moreinfo Bug #776611 [dirmngr] [dirmngr] segfaults Added tag(s) unreproducible and moreinfo. -- 776611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 2 errors): limit package to lmbench, tagging 626676, tagging 689897, tagging 697536, tagging 707013
Processing commands for cont...@bugs.debian.org: limit package lmbench Limiting to bugs with field 'package' containing at least one of 'lmbench' Limit currently set to 'package':'lmbench' # Bugfixes by NMU waiting in the deferred queue tags 626676 + pending package: lmbench-doc' does not match at least one of lmbench Failed to alter tags of Bug 626676: limit failed for bugs: 626676. tags 689897 + pending Bug #689897 [lmbench] Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2) Added tag(s) pending. tags 697536 + pending package: lmbench-doc' does not match at least one of lmbench Failed to alter tags of Bug 697536: limit failed for bugs: 697536. tags 707013 + pending Bug #707013 [lmbench] lmbench: Typo in package description: bandwith Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 689897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689897 707013: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707013 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 775788 is important
Processing commands for cont...@bugs.debian.org: severity 775788 important Bug #775788 [src:icedove] icedove: failed to build on powerpc Severity set to 'important' from 'serious' thanks Stopping processing here. Please contact me if you need assistance. -- 775788: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775788 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774358: marked as done (libxml2: CVE-2014-3660 patch makes installation-guide FTBFS)
Your message dated Fri, 30 Jan 2015 06:34:14 +
with message-id e1yh59i-00070j...@franck.debian.org
and subject line Bug#768089: fixed in libxml2 2.9.2+dfsg1-2
has caused the Debian Bug report #768089,
regarding libxml2: CVE-2014-3660 patch makes installation-guide FTBFS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
768089: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768089
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: libxml2
Version: 2.8.0+dfsg1-7+wheezy2
Severity: serious
Justification: makes other package FTBFS
Hello,
The cve-2014-3660.patch patch makes installation-guide FTBFS:
Entity: line 2: parser error : Detected an entity reference loop
ulink url=downloadable-file;images/orion5x/network-console/buffalo/kuroboxpro
^
/tmp/manual/en/install-methods/download/arm.xml:40: parser error : Detected an
entity reference loop
^
while there is actually no reference loop there.
It seems cve-2014-3660.patch is assuming that git commit cff2546 is
applied: notably it copies this code as it is:
+ ent-checked = (ctxt-nbentities - oldnbent + 1) * 2;
but in libxml2 2.8.0, it was still
ent-checked = ctxt-nbentities - oldnbent + 1;
and other parts of the code assume that too. The attached patch fixes
this confusion.
Samuel
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'buildd-unstable'), (500, 'unstable'),
(500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.18.0 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--
Samuel
Accroche-toi au terminal, j'enlève le shell...
-+- nojhan -+-
--- /tmp/libxml2-2.8.0+dfsg1/debian/patches/cve-2014-3660.patch.original
2015-01-01 14:48:26.337554556 +0100
+++ /tmp/libxml2-2.8.0+dfsg1/debian/patches/cve-2014-3660.patch 2015-01-01
14:48:53.000874666 +0100
@@ -6,11 +6,11 @@
parser.c | 42 ++
1 file changed, 38 insertions(+), 4 deletions(-)
-diff --git a/parser.c b/parser.c
-index 7ef712d..b435913 100644
a/parser.c
-+++ b/parser.c
-@@ -127,6 +127,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+Index: libxml2-2.8.0+dfsg1/parser.c
+===
+--- libxml2-2.8.0+dfsg1.orig/parser.c 2015-01-01 13:20:23.913738969 +
libxml2-2.8.0+dfsg1/parser.c 2015-01-01 13:47:31.930940787 +
+@@ -127,6 +127,27 @@
return (0);
if (ctxt-lastError.code == XML_ERR_ENTITY_LOOP)
return (1);
@@ -29,10 +29,8 @@
+ rep = xmlStringDecodeEntities(ctxt, ent-content,
+XML_SUBSTITUTE_REF, 0, 0, 0);
+
-+ ent-checked = (ctxt-nbentities - oldnbent + 1) * 2;
++ ent-checked = ctxt-nbentities - oldnbent + 1;
+ if (rep != NULL) {
-+ if (xmlStrchr(rep, ''))
-+ ent-checked |= 1;
+ xmlFree(rep);
+ rep = NULL;
+ }
---End Message---
---BeginMessage---
Source: libxml2
Source-Version: 2.9.2+dfsg1-2
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 768...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu a...@debian.org (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 30 Jan 2015 13:52:23 +0800
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg
libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source amd64 all
Version: 2.9.2+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org
Changed-By: Aron Xu a...@debian.org
Description:
libxml2- GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev -
Bug#768089: marked as done (libxml2-utils: Upstream bug 738805 triggered by CVE-2014-3660 fix)
Your message dated Fri, 30 Jan 2015 06:34:14 + with message-id e1yh59i-00070j...@franck.debian.org and subject line Bug#768089: fixed in libxml2 2.9.2+dfsg1-2 has caused the Debian Bug report #768089, regarding libxml2-utils: Upstream bug 738805 triggered by CVE-2014-3660 fix to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 768089: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768089 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libxml2-utils Version: 2.8.0+dfsg1-7+wheezy2 Severity: normal Dear Maintainer, The testcase in the bug report at https://bugzilla.gnome.org/show_bug.cgi?id=738805 gives a wrong output (the same as in the bug report). The fix is at https://git.gnome.org/browse/libxml2/commit/?id=72a46a5 Regards Pierre -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libxml2-utils depends on: ii libc6 2.13-38+deb7u6 ii libreadline6 6.2+dfsg-0.1 ii libxml2 2.8.0+dfsg1-7+wheezy2 libxml2-utils recommends no packages. libxml2-utils suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: libxml2 Source-Version: 2.9.2+dfsg1-2 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 768...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu a...@debian.org (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 30 Jan 2015 13:52:23 +0800 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.9.2+dfsg1-2 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Aron Xu a...@debian.org Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 768089 776254 Changes: libxml2 (2.9.2+dfsg1-2) unstable; urgency=medium . [ Michael Gilbert ] * Enable icu support (Closes: #776254) . [ Aron Xu ] * 0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch: Fix upstream bug triggered by CVE fix (Closes: #768089) Checksums-Sha1: 3966865fa5a97c52df466f3baa1bea60173b2ee1 2229 libxml2_2.9.2+dfsg1-2.dsc e38ce3bdc024f0327391ed04c5bd258bfbba2fef 23532 libxml2_2.9.2+dfsg1-2.debian.tar.xz 5f5281bfc3ebbea7b0c9c67efbd6b89ca73e2598 934286 libxml2_2.9.2+dfsg1-2_amd64.deb 363b22d55ed00f6b4ccce8e33a020718a44b678a 101610 libxml2-utils_2.9.2+dfsg1-2_amd64.deb 3b5a21ab4bc589d37442c2441b0e8b890d76f38d 132670 libxml2-utils-dbg_2.9.2+dfsg1-2_amd64.deb b8063fab58f0598a791f4bcb8c6b254ecad83a02 827586 libxml2-dev_2.9.2+dfsg1-2_amd64.deb a1cfe6d0032ec5041f1981dd24aa52542d45f59a 1609366 libxml2-dbg_2.9.2+dfsg1-2_amd64.deb 0f501fafa6591a6ddebc057f62ffe77ba82c5403 820854 libxml2-doc_2.9.2+dfsg1-2_all.deb bf1b481df32010c79592d62f5eb7d7ea75b26cce 203736 python-libxml2_2.9.2+dfsg1-2_amd64.deb 6fa423828c265418acbdd2650aa7d8d7ad5df069 333010 python-libxml2-dbg_2.9.2+dfsg1-2_amd64.deb Checksums-Sha256: 8e912823190319797e799985b3d0ae0254fb3243922a26c6e6aad5d50e989dc3 2229 libxml2_2.9.2+dfsg1-2.dsc fef573d80627690ece3064919db0b3d81b6b47734822faabe2e780b7c5069760 23532 libxml2_2.9.2+dfsg1-2.debian.tar.xz dc39c39452956a64391f4859d59614092b6301683496f379c7930fd2878e278e 934286 libxml2_2.9.2+dfsg1-2_amd64.deb 406797799e74299b5f0cc8f54cc590d25b0f5e9d904d3aed171ed578486c2c08 101610
Processed: your mail
Processing commands for cont...@bugs.debian.org: tags 768089 + pending Bug #768089 [libxml2-utils] libxml2-utils: Upstream bug 738805 triggered by CVE-2014-3660 fix Bug #774358 [libxml2-utils] libxml2: CVE-2014-3660 patch makes installation-guide FTBFS Added tag(s) pending. Added tag(s) pending. End of message, stopping processing here. Please contact me if you need assistance. -- 768089: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768089 774358: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774358 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775640: libarchive-zip-perl: FTBFS: Tests failure (unzip/CVE-2014-8139 regression?)
found 775640 1.30-6 tag 775640 + wheezy retitle 775640 libarchive-zip-perl: FTBFS: Test failure (unzip/CVE-2014-8139 regression?) thanks On Sun, Jan 18, 2015 at 04:34:54PM +0100, gregor herrmann wrote: On Sun, 18 Jan 2015 01:41:42 +0100, Lucas Nussbaum wrote: Test Summary Report --- t/17_bug_73797.t(Wstat: 256 Tests: 4 Failed: 1) Failed test: 4 Non-zero exit status: 1 Files=17, Tests=250, 3 wallclock secs ( 0.07 usr 0.09 sys + 2.04 cusr 0.75 csys = 2.95 CPU) Result: FAIL Failed 1/17 test programs. 1/250 subtests failed. make[2]: *** [test_dynamic] Error 1 Makefile:910: recipe for target 'test_dynamic' failed This seems to be a fallout of the fix for CVE-2014-8139. With unzip_6.0-12+b1 the test passes. With all fixed version of unzip we get (with some debug info): unzip -t /tmp/testout-QsWDf.zip Archive: /tmp/testout-QsWDf.zip testing: META-INF/ bad extra-field entry: EF block length (0 bytes) invalid ( 4) testing: META-INF/MANIFEST.MF OK testing: tg/ OK At least one error was detected in /tmp/testout-QsWDf.zip. This also fails for me on wheezy, updating the metadata accordingly. The test data source file is t/data/jar.zip, which also triggers the same problem with 'unzip -t'. So Archive-Zip is just passing through the problematic field. I note that this is Debian specific as we add jar.zip in our patch for #654899. Upstream Archive-Zip doesn't have a jar file in their test suite at all. Andrew Gallagher's comment in https://bugzilla.redhat.com/show_bug.cgi?id=1174844 is topical: I think this patch is causing unzip -t to now fail on executable JARs, which added the additional executable-jar extra field (http://stackoverflow.com/tags/executable-jar/info). FWIW I get similar 'unzip -t' failures with lots of .jar files on my system including jre system files like /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext/dnsns.jar . I'm cc'ing unzip maintainer Santiago and the security team. Do you think this is a regression in unzip that should be fixed, or should we just work around it in libarchive-zip-perl (probably by disabling the relevant test)? -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#775640: libarchive-zip-perl: FTBFS: Tests failure (unzip/CVE-2014-8139 regression?)
Processing commands for cont...@bugs.debian.org: found 775640 1.30-6 Bug #775640 [src:libarchive-zip-perl] libarchive-zip-perl: FTBFS in jessie: Tests failures Marked as found in versions libarchive-zip-perl/1.30-6. tag 775640 + wheezy Bug #775640 [src:libarchive-zip-perl] libarchive-zip-perl: FTBFS in jessie: Tests failures Added tag(s) wheezy. retitle 775640 libarchive-zip-perl: FTBFS: Test failure (unzip/CVE-2014-8139 regression?) Bug #775640 [src:libarchive-zip-perl] libarchive-zip-perl: FTBFS in jessie: Tests failures Changed Bug title to 'libarchive-zip-perl: FTBFS: Test failure (unzip/CVE-2014-8139 regression?)' from 'libarchive-zip-perl: FTBFS in jessie: Tests failures' thanks Stopping processing here. Please contact me if you need assistance. -- 775640: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775640 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724920: marked as done (opencv: non-free, non distributable files)
Your message dated Thu, 29 Jan 2015 23:17:08 + with message-id e1ygyki-00030q...@franck.debian.org and subject line Bug#724920: fixed in opencv 2.3.1-11+deb7u1 has caused the Debian Bug report #724920, regarding opencv: non-free, non distributable files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 724920: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724920 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: opencv Version: 2.3.1-11 Severity: serious Control: found -1 2.4.6.1+dfsg-1 The versions of opencv in wheezy and sid both contain several non-free, non-redistributable files copyright by nvidia: http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestHaarCascadeLoader.h?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestHaarCascadeLoader.cpp?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestHaarCascadeApplication.h?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestHaarCascadeApplication.cpp?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestDrawRects.h?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestDrawRects.cpp?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestCompact.h?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/TestCompact.cpp?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/NCVTestSourceProvider.hpp?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/NCVTest.hpp?hl=4#L4 http://sources.debian.net/src/opencv/2.3.1-12/modules/gpu/test/nvidia/NCVAutoTestLister.hpp?hl=4#L4 -- bye, pabs http://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part ---End Message--- ---BeginMessage--- Source: opencv Source-Version: 2.3.1-11+deb7u1 We believe that the bug you reported is fixed in the latest version of opencv, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 724...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nobuhiro Iwamatsu iwama...@debian.org (supplier of updated opencv package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 27 Jan 2014 14:43:22 +0900 Source: opencv Binary: opencv-doc libcv-dev libcv2.3 libhighgui-dev libhighgui2.3 libcvaux-dev libcvaux2.3 libopencv-dev libopencv-core-dev libopencv-core2.3 libopencv-ml-dev libopencv-ml2.3 libopencv-imgproc-dev libopencv-imgproc2.3 libopencv-video-dev libopencv-video2.3 libopencv-objdetect-dev libopencv-objdetect2.3 libopencv-gpu-dev libopencv-gpu2.3 libopencv-highgui-dev libopencv-highgui2.3 libopencv-calib3d-dev libopencv-calib3d2.3 libopencv-flann-dev libopencv-flann2.3 libopencv-features2d-dev libopencv-features2d2.3 libopencv-legacy-dev libopencv-legacy2.3 libopencv-contrib-dev libopencv-contrib2.3 python-opencv Architecture: source all amd64 Version: 2.3.1-11+deb7u1 Distribution: stable Urgency: low Maintainer: Debian Science Team debian-science-maintain...@lists.alioth.debian.org Changed-By: Nobuhiro Iwamatsu iwama...@debian.org Description: libcv-dev - Translation package for libcv-dev libcv2.3 - computer vision library - libcv* translation package libcvaux-dev - Translation package for libcvaux-dev libcvaux2.3 - computer vision library - libcvaux translation package libhighgui-dev - Translation package for libhighgui-dev libhighgui2.3 - computer vision library - libhighgui translation package libopencv-calib3d-dev - development files for libopencv-calib3d libopencv-calib3d2.3 - computer vision Camera Calibration library libopencv-contrib-dev - development files for libopencv-contrib libopencv-contrib2.3 - computer vision contrib library libopencv-core-dev - development files for libopencv-core libopencv-core2.3 - computer vision core library libopencv-dev - development files for opencv libopencv-features2d-dev - development files for libopencv-features2d libopencv-features2d2.3 - computer vision Feature Detection and Descriptor Extraction libra
Bug#776611: [Pkg-gnupg-maint] Bug#776611: [dirmngr] segfaults
Control: tags 776611 + unreproducible moreinfo On Thu 2015-01-29 17:22:00 -0500, Florian Reitmeir wrote: Package: dirmngr Version: 1.1.1-4 Severity: serious i really do not know how to debug it, but .. it always segfaults. [ 14.070905] dirmngr[2239]: segfault at 2 ip 7f5cda9b9ff6 sp 7d09e130 error 4 in libc-2.19.so[7f5cda981000+19f000] [...] [ 444.735631] dirmngr[5172]: segfault at 2 ip 7fadea76fff6 sp 7fff21acd780 error 4 in libc-2.19.so[7fadea737000+19f000] hm, i'm assuming that because this happens very early, this is the system dirmngr process that is segfaulting. I've got this same version running on an amd64 system with libassuan 2.1.2-2 as well, but i'm not seeing these segfaults. Can you send this bug report (or me privately, if you think it's sensitive) the contents of /var/log/dirmngr/dirmngr.log ? If that doesn't provide a useful hint, you might try halting the system service and launching it by hand under strace (as the superuser): systemctl stop dirmngr strace -f -o /root/dirmngr.strace su - dirmngr -c '/usr/bin/dirmngr --daemon --sh' if it crashes at that point, you can send on /root/dirmngr.strace. If all of the above is fruitless, and you want to keep trying, can i get you to rebuild the package with debug symbols (DEB_BUILD_OPTIONS=nostrip should work) and install libc6-dbg and capture a coredump to get a backtrace? Thanks for the report, --dkg signature.asc Description: PGP signature
Bug#720040: marked as done (libdb6.0-java: file conflicts with libdb5.[13]-java: /usr/share/java/db.jar)
Your message dated Fri, 30 Jan 2015 00:42:20 +0100 with message-id 54cac55c.60...@debian.org and subject line db6.0 was removed due to licence incompatibilities has caused the Debian Bug report #720040, regarding libdb6.0-java: file conflicts with libdb5.[13]-java: /usr/share/java/db.jar to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720040: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libdb6.0-java Version: 6.0.19-3 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces From the attached log (scroll to the bottom...): Selecting previously unselected package libdb6.0-java. Unpacking libdb6.0-java (from .../libdb6.0-java_6.0.19-3_all.deb) ... dpkg: error processing /var/cache/apt/archives/libdb6.0-java_6.0.19-3_all.deb (--unpack): trying to overwrite '/usr/share/java/db.jar', which is also in package libdb5.3-java 5.3.21-2 Errors were encountered while processing: /var/cache/apt/archives/libdb6.0-java_6.0.19-3_all.deb Selecting previously unselected package libdb6.0-java. Unpacking libdb6.0-java (from .../libdb6.0-java_6.0.19-3_all.deb) ... dpkg: error processing /var/cache/apt/archives/libdb6.0-java_6.0.19-3_all.deb (--unpack): trying to overwrite '/usr/share/java/db.jar', which is also in package libdb5.1-java 5.1.29-7 Errors were encountered while processing: /var/cache/apt/archives/libdb6.0-java_6.0.19-3_all.deb cheers, Andreas libdb5.3-java=5.3.21-2_libdb6.0-java=6.0.19-3.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- src:db6.0 was removed from unstable long ago, see https://bugs.debian.org/748192 Andreas---End Message---
Processed: tagging 775417, tagging 775837
Processing commands for cont...@bugs.debian.org: tags 775417 + pending Bug #775417 [inn2-lfs] inn2-lfs: copyright file missing after upgrade (policy 12.5) Ignoring request to alter tags of bug #775417 to the same tags previously set tags 775837 + pending Bug #775837 [inn2] inn2: Wrong usage of dpkg --print-architecture in maintscript Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 775417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775417 775837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775837 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
