Bug#789165: SA-CORE-2015-002 -- please also fix for backports...
Package: drupal7 Version: 7.32-1+deb8u3~bpo70+1 Tags: patch,security Severity: grave Hi! As SA-CORE-2015-002[1] is already public, I extracted the patch (diff between 7.37 and 7.38 plus removed the version bumps). It would be great if you could upload to wheezy-backports too... Thanks! -- Adi [1] https://www.drupal.org/SA-CORE-2015-002 diff -Nru drupal-7.37/includes/common.inc drupal-7.38/includes/common.inc --- drupal-7.37/includes/common.inc 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/includes/common.inc 2015-06-17 20:38:44.0 +0200 @@ -6329,13 +6329,21 @@ } if (!empty($granularity)) { +$cache_per_role = $granularity DRUPAL_CACHE_PER_ROLE; +$cache_per_user = $granularity DRUPAL_CACHE_PER_USER; +// User 1 has special permissions outside of the role system, so when +// caching per role is requested, it should cache per user instead. +if ($user-uid == 1 $cache_per_role) { + $cache_per_user = TRUE; + $cache_per_role = FALSE; +} // 'PER_ROLE' and 'PER_USER' are mutually exclusive. 'PER_USER' can be a // resource drag for sites with many users, so when a module is being // equivocal, we favor the less expensive 'PER_ROLE' pattern. -if ($granularity DRUPAL_CACHE_PER_ROLE) { +if ($cache_per_role) { $cid_parts[] = 'r.' . implode(',', array_keys($user-roles)); } -elseif ($granularity DRUPAL_CACHE_PER_USER) { +elseif ($cache_per_user) { $cid_parts[] = u.$user-uid; } diff -Nru drupal-7.37/modules/field_ui/field_ui.admin.inc drupal-7.38/modules/field_ui/field_ui.admin.inc --- drupal-7.37/modules/field_ui/field_ui.admin.inc 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/modules/field_ui/field_ui.admin.inc 2015-06-17 20:38:44.0 +0200 @@ -2105,6 +2105,10 @@ $destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array(); if (!empty($destinations)) { unset($_REQUEST['destinations']); + } + // Remove any external URLs. + $destinations = array_diff($destinations, array_filter($destinations, 'url_is_external')); + if ($destinations) { return field_ui_get_destinations($destinations); } $admin_path = _field_ui_bundle_admin_path($entity_type, $bundle); diff -Nru drupal-7.37/modules/field_ui/field_ui.test drupal-7.38/modules/field_ui/field_ui.test --- drupal-7.37/modules/field_ui/field_ui.test 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/modules/field_ui/field_ui.test 2015-06-17 20:38:44.0 +0200 @@ -445,6 +445,19 @@ $this-assertText(t('The machine-readable name is already in use. It must be unique.')); $this-assertUrl($url, array(), 'Stayed on the same page.'); } + + /** + * Tests that external URLs in the 'destinations' query parameter are blocked. + */ + function testExternalDestinations() { +$path = 'admin/structure/types/manage/article/fields/field_tags/field-settings'; +$options = array( + 'query' = array('destinations' = array('http://example.com')), +); +$this-drupalPost($path, NULL, t('Save field settings'), $options); + +$this-assertUrl('admin/structure/types/manage/article/fields', array(), 'Stayed on the same site.'); + } } /** diff -Nru drupal-7.37/modules/openid/openid.module drupal-7.38/modules/openid/openid.module --- drupal-7.37/modules/openid/openid.module 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/modules/openid/openid.module 2015-06-17 20:38:44.0 +0200 @@ -365,14 +365,20 @@ // to the OpenID Provider, we need to do discovery on the returned // identififer to make sure that the provider is authorized to // respond on behalf of this. -if ($response_claimed_id != $claimed_id) { +if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) { $discovery = openid_discovery($response['openid.claimed_id']); + $uris = array(); if ($discovery !empty($discovery['services'])) { -$uris = array(); foreach ($discovery['services'] as $discovered_service) { - if (in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) || in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { -$uris[] = $discovered_service['uri']; + if (!in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) !in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { +continue; } + // The OP-Local Identifier (if different than the Claimed + // Identifier) must be present in the XRDS document. + if ($response_claimed_id != $response['openid.identity'] (!isset($discovered_service['identity']) || $discovered_service['identity'] != $response['openid.identity'])) { +
Bug#789166: baloo-kf5: fails to upgrade from 'sid' - trying to overwrite /usr/share/locale/*/LC_MESSAGES/baloo_file.mo
Package: baloo-kf5 Version: 5.6.2-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'sid' to 'experimental'. It installed fine in 'sid', then the upgrade to 'experimental' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces From the attached log (scroll to the bottom...): Selecting previously unselected package baloo-kf5. Preparing to unpack .../baloo-kf5_5.6.2-1_amd64.deb ... Unpacking baloo-kf5 (5.6.2-1) ... dpkg: error processing archive /var/cache/apt/archives/baloo-kf5_5.6.2-1_amd64.deb (--unpack): trying to overwrite '/usr/share/locale/uk/LC_MESSAGES/baloo_file.mo', which is also in package kde-l10n-uk 4:4.14.0-1 Processing triggers for systemd (220-6) ... Errors were encountered while processing: /var/cache/apt/archives/libkf5filemetadata-data_5.6.2-1_all.deb /var/cache/apt/archives/baloo-kf5_5.6.2-1_amd64.deb This again overwrites files from *all* kde-l10n-* packages in sid ... the attached logfile is only one example. cheers, Andreas kde-l10n-uk=4%4.14.0-1_baloo-kf5=5.6.2-1.log.gz Description: application/gzip
Bug#789155: schroot: FTBFS: g++-4.8: error: unrecognized command line option '-fstack-protector-strong'
Source: schroot Version: 1.7.2-2 Severity: serious Justification: fails to build from source schroot FTBFS: | cd debian/build/gtest/ ; \ | CXX=g++-4.8 -std=c++11 cmake /usr/src/gtest ; \ | /usr/bin/make VERBOSE=1 | -- The CXX compiler identification is unknown | -- The C compiler identification is GNU 4.9.2 | -- Check for working CXX compiler: /usr/bin/g++-4.8 | -- Check for working CXX compiler: /usr/bin/g++-4.8 -- broken | CMake Error at /usr/share/cmake-3.2/Modules/CMakeTestCXXCompiler.cmake:54 (message): | The C++ compiler /usr/bin/g++-4.8 is not able to compile a simple test | program. | | It fails with the following output: | |Change Dir: /«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp | | | | Run Build Command:/usr/bin/make cmTryCompileExec3152828188/fast | | make[2]: Entering directory | '/«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp' | | | /usr/bin/make -f CMakeFiles/cmTryCompileExec3152828188.dir/build.make | CMakeFiles/cmTryCompileExec3152828188.dir/build | | make[3]: Entering directory | '/«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp' | | | /usr/bin/cmake -E cmake_progress_report | /«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp/CMakeFiles | 1 | | Building CXX object | CMakeFiles/cmTryCompileExec3152828188.dir/testCXXCompiler.cxx.o | | /usr/bin/g++-4.8 -std=c++11 -g -O2 -fstack-protector-strong -Wformat | -Werror=format-security -o | CMakeFiles/cmTryCompileExec3152828188.dir/testCXXCompiler.cxx.o -c | /«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp/testCXXCompiler.cxx | | | g++-4.8: error: unrecognized command line option '-fstack-protector-strong' | | CMakeFiles/cmTryCompileExec3152828188.dir/build.make:57: recipe for target | 'CMakeFiles/cmTryCompileExec3152828188.dir/testCXXCompiler.cxx.o' failed | | make[3]: Leaving directory | '/«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp' | | | make[3]: *** | [CMakeFiles/cmTryCompileExec3152828188.dir/testCXXCompiler.cxx.o] Error 1 | | Makefile:117: recipe for target 'cmTryCompileExec3152828188/fast' failed | | make[2]: *** [cmTryCompileExec3152828188/fast] Error 2 | | make[2]: Leaving directory | '/«PKGBUILDDIR»/debian/build/gtest/CMakeFiles/CMakeTmp' | | | | | | | CMake will not be able to correctly generate this project. | Call Stack (most recent call first): | CMakeLists.txt:42 (project) | | | -- Configuring incomplete, errors occurred! Full build log: https://buildd.debian.org/status/fetch.php?pkg=schrootarch=amd64ver=1.7.2-2%2Bb1stamp=1434554920 -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: block 789038 by 757768
Processing commands for cont...@bugs.debian.org: block 789038 by 757768 Bug #789038 [jitsi] jitsi: Unable to install on sid/unstable 789038 was not blocked by any bugs. 789038 was not blocking any bugs. Added blocking bug(s) of 789038: 757768 thanks Stopping processing here. Please contact me if you need assistance. -- 789038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789038 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789038: jitsi: Unable to install on sid/unstable
block 789038 by 757768 thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: found 789162 in 0.45-2
Processing commands for cont...@bugs.debian.org: found 789162 0.45-2 Bug #789162 [src:aptdaemon] aptdaemon: CVE-2015-1323: information disclosure via simulate dbus method Marked as found in versions aptdaemon/0.45-2. thanks Stopping processing here. Please contact me if you need assistance. -- 789162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789162 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789162: aptdaemon: CVE-2015-1323: information disclosure via simulate dbus method
Source: aptdaemon Version: 1.1.1-4 Severity: grave Tags: security upstream Hi, the following vulnerability was published for aptdaemon, which AFICS as well affects Debian. CVE-2015-1323[0]: information disclosure via simulate dbus method If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1323 [1] http://www.ubuntu.com/usn/usn-2648-1/ [2] https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#789148: linux-image-2.6.32-5-amd64: 2.6.32-48squeeze12 produce kernel oops
Processing control commands: forcemerge 789037 -1 Bug #789037 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-686: tcp_send_fin oops upstream bugzilla id=99161 Bug #789039 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] strange error messages after upgrade to linux-image-2.6.32-5-686 2.6.32-48squeeze12 Bug #789110 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-amd64: Kernel 2.6.32-5-amd64-2.6.32-48squeeze12 causes high load average Bug #789148 [linux-2.6] linux-image-2.6.32-5-amd64: 2.6.32-48squeeze12 produce kernel oops Severity set to 'grave' from 'normal' Marked Bug as done Marked as fixed in versions linux-2.6/2.6.32-48squeeze13. There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze11' with architecture '' Unable to make a source version for version '2.6.32-48squeeze11' There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze12' with architecture '' Unable to make a source version for version '2.6.32-48squeeze12' There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze6' with architecture '' Unable to make a source version for version '2.6.32-48squeeze6' Marked as found in versions 2.6.32-48squeeze6 and 2.6.32-48squeeze12. Bug #789039 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] strange error messages after upgrade to linux-image-2.6.32-5-686 2.6.32-48squeeze12 There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze11' with architecture '' Unable to make a source version for version '2.6.32-48squeeze11' There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze12' with architecture '' Unable to make a source version for version '2.6.32-48squeeze12' There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze6' with architecture '' Unable to make a source version for version '2.6.32-48squeeze6' Marked as found in versions 2.6.32-48squeeze11. Marked as found in versions 2.6.32-48squeeze11. Marked as found in versions 2.6.32-48squeeze11. Bug #789110 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-amd64: Kernel 2.6.32-5-amd64-2.6.32-48squeeze12 causes high load average Merged 789037 789039 789110 789148 -- 789037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789037 789039: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789039 789110: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789110 789148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789148 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: block 789142 with 768687
Processing commands for cont...@bugs.debian.org: block 789142 with 768687 Bug #789142 [src:libdata-hal-perl] libdata-hal-perl: FTBFS with perl 5.22 (Module::Build) 789142 was not blocked by any bugs. 789142 was not blocking any bugs. Added blocking bug(s) of 789142: 768687 thanks Stopping processing here. Please contact me if you need assistance. -- 789142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: notfound 789037 in 2.6.32-48squeeze11, notfound 789037 in 2.6.32-48squeeze6
Processing commands for cont...@bugs.debian.org: notfound 789037 2.6.32-48squeeze11 Bug #789037 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-686: tcp_send_fin oops upstream bugzilla id=99161 Bug #789039 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] strange error messages after upgrade to linux-image-2.6.32-5-686 2.6.32-48squeeze12 Bug #789110 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-amd64: Kernel 2.6.32-5-amd64-2.6.32-48squeeze12 causes high load average Bug #789148 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-amd64: 2.6.32-48squeeze12 produce kernel oops There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze11' with architecture '' Unable to make a source version for version '2.6.32-48squeeze11' No longer marked as found in versions 2.6.32-48squeeze11. No longer marked as found in versions 2.6.32-48squeeze11. No longer marked as found in versions 2.6.32-48squeeze11. No longer marked as found in versions 2.6.32-48squeeze11. notfound 789037 2.6.32-48squeeze6 Bug #789037 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-686: tcp_send_fin oops upstream bugzilla id=99161 Bug #789039 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] strange error messages after upgrade to linux-image-2.6.32-5-686 2.6.32-48squeeze12 Bug #789110 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-amd64: Kernel 2.6.32-5-amd64-2.6.32-48squeeze12 causes high load average Bug #789148 {Done: Ben Hutchings b...@decadent.org.uk} [linux-2.6] linux-image-2.6.32-5-amd64: 2.6.32-48squeeze12 produce kernel oops There is no source info for the package 'linux-2.6' at version '2.6.32-48squeeze6' with architecture '' Unable to make a source version for version '2.6.32-48squeeze6' No longer marked as found in versions 2.6.32-48squeeze6. No longer marked as found in versions 2.6.32-48squeeze6. No longer marked as found in versions 2.6.32-48squeeze6. No longer marked as found in versions 2.6.32-48squeeze6. thanks Stopping processing here. Please contact me if you need assistance. -- 789037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789037 789039: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789039 789110: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789110 789148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789148 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: limit source to aptdaemon, tagging 789162, tagging 788034, tagging 770786
Processing commands for cont...@bugs.debian.org: limit source aptdaemon Limiting to bugs with field 'source' containing at least one of 'aptdaemon' Limit currently set to 'source':'aptdaemon' tags 789162 + pending Bug #789162 [src:aptdaemon] aptdaemon: CVE-2015-1323: information disclosure via simulate dbus method Added tag(s) pending. tags 788034 + pending Bug #788034 [src:aptdaemon] aptdaemon: Uses obsolete vte3 which is going away Added tag(s) pending. tags 770786 + pending Bug #770786 [python3-aptdaemon] python3-aptdaemon: aptdcon failed to launch due to import gobject Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 770786: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770786 788034: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788034 789162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789162 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789169: libvtk6-dev: fix upstream Xdmf3 build bug
Package: libvtk6-dev Version: 6.2.0 Severity: serious Tags: upstream Justification: fails to build from source Dear Maintainer, The new Xdmf3 interface in 6.2.0 has a build bug that's already been reported upstream for fixing in 6.3.0 [1]. The PR there fixes the build and may also be interesting for 6.2.0 in Debian. The patch is attached. [1] https://github.com/Kitware/VTK/pull/21 -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-18-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) commit a98527dfe9ce23beebf386fab07caef99b911ede Author: Nico Schlömer nico.schloe...@gmail.com Date: Thu Jun 18 13:25:14 2015 +0200 remove superfluous vtkxdmf3_LINK_DEPENDS from Xdmf3 link line This caused VTK-compiled HDF5 and LibXML2 libraries to appear on the link line even if VTK_USE_SYSTEM_{HDF5,LIBXML2} was on, immediately resulting in a link error of the type ``` /usr/bin/ld: cannot find -lvtkhdf5 /usr/bin/ld: cannot find -lvtklibxml2 ``` This commit fixes things by simply removing vtkxdmf3_LINK_DEPENDS from the link line. The dependencies are already taken care of. diff --git a/ThirdParty/xdmf3/vtkxdmf3/core/CMakeLists.txt b/ThirdParty/xdmf3/vtkxdmf3/core/CMakeLists.txt index ff045a6..241fa0a 100644 --- a/ThirdParty/xdmf3/vtkxdmf3/core/CMakeLists.txt +++ b/ThirdParty/xdmf3/vtkxdmf3/core/CMakeLists.txt @@ -8,7 +8,7 @@ include(CheckCXXSourceCompiles) include(SetUpVersion) include(TestBigEndian) -if(VERSION_CONTROL_AUTOUPDATE OR +if(VERSION_CONTROL_AUTOUPDATE OR NOT EXISTS ${CMAKE_CURRENT_BINARY_DIR}/XdmfVersion.hpp) VersionCreate(Xdmf 2 XDMFCORE_EXPORT XdmfCore.hpp) endif() @@ -154,7 +154,7 @@ set(XdmfCoreSources add_library(XdmfCore ${LIBTYPE} ${XdmfCoreSources}) link_directories(${XDMF_LIBRARY_DIRS}) -target_link_libraries(XdmfCore ${XDMF_LIBRARIES} ${vtkxdmf3_LINK_DEPENDS}) +target_link_libraries(XdmfCore ${XDMF_LIBRARIES}) vtk_target_install(XdmfCore) if(WIN32)
Processed: Really tagging
Processing commands for cont...@bugs.debian.org: tag 789098 +pending Bug #789098 [src:br.ispell] FTBFS: ./conjugue fails with internal error: afligir e arg�ir colidem em FV Ignoring request to alter tags of bug #789098 to the same tags previously set tag 789099 +pending Bug #789099 [src:eo-spell] FTBFS: debian/cx2latin3.sed line 1: unterminated `s' command Ignoring request to alter tags of bug #789099 to the same tags previously set End of message, stopping processing here. Please contact me if you need assistance. -- 789098: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789098 789099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789099 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781995: Fix in Jessie?
Is it planned to upload the fix also for Jessie? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789165: marked as done (SA-CORE-2015-002 -- please also fix for backports...)
Your message dated Thu, 18 Jun 2015 12:02:00 -0500 with message-id 20150618170200.gd37...@gwolf.org and subject line Re: SA-CORE-2015-002 -- please also fix for backports... has caused the Debian Bug report #789165, regarding SA-CORE-2015-002 -- please also fix for backports... to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 789165: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: drupal7 Version: 7.32-1+deb8u3~bpo70+1 Tags: patch,security Severity: grave Hi! As SA-CORE-2015-002[1] is already public, I extracted the patch (diff between 7.37 and 7.38 plus removed the version bumps). It would be great if you could upload to wheezy-backports too... Thanks! -- Adi [1] https://www.drupal.org/SA-CORE-2015-002 diff -Nru drupal-7.37/includes/common.inc drupal-7.38/includes/common.inc --- drupal-7.37/includes/common.inc 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/includes/common.inc 2015-06-17 20:38:44.0 +0200 @@ -6329,13 +6329,21 @@ } if (!empty($granularity)) { +$cache_per_role = $granularity DRUPAL_CACHE_PER_ROLE; +$cache_per_user = $granularity DRUPAL_CACHE_PER_USER; +// User 1 has special permissions outside of the role system, so when +// caching per role is requested, it should cache per user instead. +if ($user-uid == 1 $cache_per_role) { + $cache_per_user = TRUE; + $cache_per_role = FALSE; +} // 'PER_ROLE' and 'PER_USER' are mutually exclusive. 'PER_USER' can be a // resource drag for sites with many users, so when a module is being // equivocal, we favor the less expensive 'PER_ROLE' pattern. -if ($granularity DRUPAL_CACHE_PER_ROLE) { +if ($cache_per_role) { $cid_parts[] = 'r.' . implode(',', array_keys($user-roles)); } -elseif ($granularity DRUPAL_CACHE_PER_USER) { +elseif ($cache_per_user) { $cid_parts[] = u.$user-uid; } diff -Nru drupal-7.37/modules/field_ui/field_ui.admin.inc drupal-7.38/modules/field_ui/field_ui.admin.inc --- drupal-7.37/modules/field_ui/field_ui.admin.inc 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/modules/field_ui/field_ui.admin.inc 2015-06-17 20:38:44.0 +0200 @@ -2105,6 +2105,10 @@ $destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array(); if (!empty($destinations)) { unset($_REQUEST['destinations']); + } + // Remove any external URLs. + $destinations = array_diff($destinations, array_filter($destinations, 'url_is_external')); + if ($destinations) { return field_ui_get_destinations($destinations); } $admin_path = _field_ui_bundle_admin_path($entity_type, $bundle); diff -Nru drupal-7.37/modules/field_ui/field_ui.test drupal-7.38/modules/field_ui/field_ui.test --- drupal-7.37/modules/field_ui/field_ui.test 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/modules/field_ui/field_ui.test 2015-06-17 20:38:44.0 +0200 @@ -445,6 +445,19 @@ $this-assertText(t('The machine-readable name is already in use. It must be unique.')); $this-assertUrl($url, array(), 'Stayed on the same page.'); } + + /** + * Tests that external URLs in the 'destinations' query parameter are blocked. + */ + function testExternalDestinations() { +$path = 'admin/structure/types/manage/article/fields/field_tags/field-settings'; +$options = array( + 'query' = array('destinations' = array('http://example.com')), +); +$this-drupalPost($path, NULL, t('Save field settings'), $options); + +$this-assertUrl('admin/structure/types/manage/article/fields', array(), 'Stayed on the same site.'); + } } /** diff -Nru drupal-7.37/modules/openid/openid.module drupal-7.38/modules/openid/openid.module --- drupal-7.37/modules/openid/openid.module 2015-05-07 06:13:18.0 +0200 +++ drupal-7.38/modules/openid/openid.module 2015-06-17 20:38:44.0 +0200 @@ -365,14 +365,20 @@ // to the OpenID Provider, we need to do discovery on the returned // identififer to make sure that the provider is authorized to // respond on behalf of this. -if ($response_claimed_id != $claimed_id) { +if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) { $discovery = openid_discovery($response['openid.claimed_id']); + $uris = array(); if ($discovery !empty($discovery['services'])) { -$uris = array(); foreach ($discovery['services'] as
Bug#789141: marked as done (libdancer2-perl: FTBFS with Plack = 1.0036: t/classes/Dancer2-Core-Response/new_from.t)
Your message dated Thu, 18 Jun 2015 15:49:11 + with message-id e1z5c3z-0007dc...@franck.debian.org and subject line Bug#789141: fixed in libdancer2-perl 0.160003+dfsg-1 has caused the Debian Bug report #789141, regarding libdancer2-perl: FTBFS with Plack = 1.0036: t/classes/Dancer2-Core-Response/new_from.t to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 789141: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789141 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: libdancer2-perl Version: 0.160001 Severity: serious Tags: sid stretch fixed-upstream Forwarded: https://github.com/PerlDancer/Dancer2/issues/921 Justification: FTBFS This package FTBFS with Plack = 1.0036, now in unstable: coercion for headers failed: Not an ARRAY reference at /«BUILDDIR»/libdancer2- perl-0.160001+dfsg/blib/lib/Dancer2/Core/Role/Headers.pm line 16. # Child (new_from_plack) exited without calling finalize() # Failed test 'new_from_plack' # at /usr/share/perl/5.22/Test/Builder.pm line 279. # Looks like you failed 1 test of 3. # Looks like your test exited with 29 just after 3. t/classes/Dancer2-Core-Response/new_from.t . It looks like this is fixed by Dancer2 0.160003. Cheers, Dominic. ---End Message--- ---BeginMessage--- Source: libdancer2-perl Source-Version: 0.160003+dfsg-1 We believe that the bug you reported is fixed in the latest version of libdancer2-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 789...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann gre...@debian.org (supplier of updated libdancer2-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 18 Jun 2015 17:37:23 +0200 Source: libdancer2-perl Binary: libdancer2-perl Architecture: source all Version: 0.160003+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: gregor herrmann gre...@debian.org Description: libdancer2-perl - lightweight yet powerful web application framework Closes: 788488 789141 Changes: libdancer2-perl (0.160003+dfsg-1) unstable; urgency=medium . * Import new release 0.160003. Fixes - Failure to get POST arguments with serializer JSON with version 0.152000 (Closes: #788488) - FTBFS with Plack = 1.0036: t/classes/Dancer2-Core-Response/new_from.t (Closes: #789141) * Drop language.patch, merged upstream. * Add (build) dependency on libhttp-headers-fast-perl. * Update years of packaging copyright. Checksums-Sha1: 82f9e85f3ab11a77922d3500dca0c8a7998f7e17 3203 libdancer2-perl_0.160003+dfsg-1.dsc 4bd3f8b4dbf93829f3792f8c061350d50fb9ca93 277005 libdancer2-perl_0.160003+dfsg.orig.tar.gz 3ef11a7772812454a63449b342a53aacba6702c0 7884 libdancer2-perl_0.160003+dfsg-1.debian.tar.xz 96a2f903bc163c6400ad01ad7345b36303ff1e85 406480 libdancer2-perl_0.160003+dfsg-1_all.deb Checksums-Sha256: 2053d87aa04c15bc5ea7f5d4920aec6636ffce9cca8fba5476bb9927fea11b84 3203 libdancer2-perl_0.160003+dfsg-1.dsc 88eadb08f8e73cf8fd0c1a385475498e368c2944a5d6c2b50d65aa7805410594 277005 libdancer2-perl_0.160003+dfsg.orig.tar.gz 04852b402c781d86c328977a5db2286f6b4666dff81b6d937b33f3dcf4adc0e6 7884 libdancer2-perl_0.160003+dfsg-1.debian.tar.xz 5fa1b21ed22e4af477cc8c7711d4d37a65484d5c99824556542984bc71402fdc 406480 libdancer2-perl_0.160003+dfsg-1_all.deb Files: 19cb69b87d5826ad8a5d6001e2fb2b07 3203 perl optional libdancer2-perl_0.160003+dfsg-1.dsc 4ea8d3fc3028d88c17400fad375ffe78 277005 perl optional libdancer2-perl_0.160003+dfsg.orig.tar.gz 70665660fb7b9138801b2692b33c42e2 7884 perl optional libdancer2-perl_0.160003+dfsg-1.debian.tar.xz 6d3ff7336af23a08d2eeeaf8ee6e3f2f 406480 perl optional libdancer2-perl_0.160003+dfsg-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJVguXnXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoG+5wP/2kcFmVZ56BgHrKWizhsMwdB +KzS5pjb4jtbdyCmKnvKsz3EVxQK0L7V0jVofiIIQBy4JSlvuP1RvClq0A+BIQ+U
Bug#762647: [Debian-med-packaging] Bug#762647: samtools: FTBFS: test suite errors
Le Thu, Jun 18, 2015 at 11:25:46PM -0400, Aaron M. Ucko a écrit : I'm glad to see those platforms are doing better now, but that was only part of the problem. There are still unexpected failures on i386 and kfreebsd-i386 (though the count's dropped from 95 to 2, a big improvement): UNEXPECTED FAIL: Output mismatch for $samtools mpileup -x -F 0.60 -u -f mpileup.ref.fa indels.bam|$filter|awk '/INDEL/' See FAIL-59.out.1 vs expected/59.out UNEXPECTED FAIL: Output mismatch for $samtools mpileup -x -F 0.60 -u -f mpileup.ref.fa indels.cram|$filter|awk '/INDEL/' See FAIL-59.out.2 vs expected/59.out Could you please look into them as well? Hi Aaron, failures on 32-bits platforms are expected to be fixed in the next upstream release. https://github.com/samtools/samtools/issues/305 I propose to wait for it. But if need is, it may be possible to backport the patches. Cheers, -- Charles -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786909: Please stop (was: Bug#786909: chromium: unconditionally downloads binary blob)
On Thu, 2015-06-18 at 20:36 -0400, Michael Gilbert wrote: See previous message. I've had read that only afterwards, as well as this message. You will get absolutely nowhere continuing to tell people that they need to drop everything to scratch your particular itches. I don't think I've asked you to drop everything. No one gets to tell anyone else how they should spend their Debian time. That is an incredibly obtrusive affront to personal freedom and self actualization. I haven't said that you personally would be required to do anything, have I? Cheers, Chris. smime.p7s Description: S/MIME cryptographic signature
Bug#762647: samtools: FTBFS: test suite errors
found 762647 1.2-1 notfixed 762647 1.2-1 thanks Charles Plessy ple...@debian.org writes: since version 1.2-1 built fine on arm64 and ppc64el, I am closing this bug. I'm glad to see those platforms are doing better now, but that was only part of the problem. There are still unexpected failures on i386 and kfreebsd-i386 (though the count's dropped from 95 to 2, a big improvement): UNEXPECTED FAIL: Output mismatch for $samtools mpileup -x -F 0.60 -u -f mpileup.ref.fa indels.bam|$filter|awk '/INDEL/' See FAIL-59.out.1 vs expected/59.out UNEXPECTED FAIL: Output mismatch for $samtools mpileup -x -F 0.60 -u -f mpileup.ref.fa indels.cram|$filter|awk '/INDEL/' See FAIL-59.out.2 vs expected/59.out Could you please look into them as well? Thanks! -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#762647: samtools: FTBFS: test suite errors
Processing commands for cont...@bugs.debian.org: found 762647 1.2-1 Bug #762647 {Done: Charles Plessy ple...@debian.org} [src:samtools] samtools: FTBFS: test suite errors Marked as found in versions samtools/1.2-1 and reopened. notfixed 762647 1.2-1 Bug #762647 [src:samtools] samtools: FTBFS: test suite errors No longer marked as fixed in versions 1.2-1. thanks Stopping processing here. Please contact me if you need assistance. -- 762647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762647 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786909: chromium: unconditionally downloads binary blob
Michael Gilbert wrote: Yes, nacl is intentionally disabled in the Debian packages, [...] [...] No, it does not work. Obviously nacl applications cannot execute without a nacl interpreter. Thanks! That's quite reassuring for Debian users at least. Christoph Anton Mitterer wrote: I don't think it really matters what upstream claims here, Right, we shouldn't just take their word for it. From what I can tell, the file download was configured by way of a module ID listed as an import here: https://sources.debian.net/src/chromium-browser/43.0.2357.124-1/chrome/browser/resources/hotword/manifest.json/#L82 (and didn't exist before Chromium 43, JFTR). (I don't yet understand how the upstream commit stopped the module being downloaded, but rather appears to stop it from being invoked?) https://codereview.chromium.org/1160243004/diff/120001/chrome/browser/search/hotword_service.cc I scanned through the other manifest.json and found one other occurrence which is: https://sources.debian.net/src/chromium-browser/43.0.2357.124-1/ui/file_manager/video_player/manifest.json/?hl=60#L60 Could someone please check if that plugin is enabled? (Seems Mike just committed to packaging Git a way to make hidden extensions visible now). There is some scary code in https://sources.debian.net/src/chromium-browser/43.0.2357.124-1/chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc relating to https://www.googleapis.com/auth/chromewebstore; and talking about silent installation. It relates to Cast API and hopefully is unused in Debian builds (I don't see this file in the Debian package build logs). Regards, -- Steven Chamberlain ste...@pyro.eu.org signature.asc Description: Digital signature
Bug#789211: mathematica-fonts: fonts are no longer available
Hi Vincent, On Thu, 18 Jun 2015 23:41:40 +0200, Vincent Lefevre wrote: Package: mathematica-fonts Version: 17 Download seems to fail. checking MathematicaV7FontsLinux.tar.gz Downloaded file looks corrupted! The fonts might be removed on the Web and if so we can do nothing, sorry. So, this package is currently useless. Thanks for your report but I already retired from Debian so I can't fix the problem anymore. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780558 I hope someone will adopt the package soon. Best regards, 2015-6-19(Fri) -- ** Atsuhito Kohda Dep. Math., Tokushima Univ. atsuhito_k AT tokushima-u.ac.jp -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762647: marked as done (samtools: FTBFS: test suite errors)
Your message dated Fri, 19 Jun 2015 10:40:20 +0900 with message-id 20150619014020.ga1...@falafel.plessy.net and subject line Re: Bug#762647: samtools: FTBFS: test suite errors has caused the Debian Bug report #762647, regarding samtools: FTBFS: test suite errors to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 762647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762647 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: samtools Version: 1.0-1 Severity: serious Justification: fails to build from source (but built successfully in the past) The builds of samtools for arm64 and ppc64el both failed because the first samtools faidx test hit the autobuilders' activity timeout. Given that these timeouts are generous (300 minutes for arm64, 150 for ppc64el), I suspect the test managed to hang on those systems. Meanwhile, the other builds attempted so far all encountered unexpected test failures -- 2 on kfreebsd-amd64, and 95 each on i386, kfreebsd-i386, and mipsel. Could you please take a look? You can find the logs at https://buildd.debian.org/status/logs.php?pkg=samtoolsver=1.0-1 Thanks! ---End Message--- ---BeginMessage--- Version: 1.2-1 Le Wed, Nov 19, 2014 at 09:56:33AM +, Edmund Grimley Evans a écrit : This can be fixed on arm64 at least by fixed this bug in htslib: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770162 Hello everybody, since version 1.2-1 built fine on arm64 and ppc64el, I am closing this bug. Have a nice day, Charles -- Charles Plessy Debian Med packaging team, http://www.debian.org/devel/debian-med Tsurumi, Kanagawa, Japan---End Message---
Bug#786909: chromium: unconditionally downloads binary blob
On Thu, 2015-06-18 at 23:42 +0100, Steven Chamberlain wrote: Upstream have said: https://code.google.com/p/chromium/issues/detail?id=491435#c10 This is not opt-in default. If you do not explicitly opt in (using the Enable Ok Google setting in chrome://settings), then this module will not run. That suggests to me that security of users was not put at risk, unless they enabled that optional feature. It was likely 'only' a privacy concern and Debian policy violation. I don't think it really matters what upstream claims here, unless things can be clearly proven by code: It's very well known that all the big players (Google, Mozilla, etc.) either voluntarily or forcibly cooperate with organisations like the NSA, which in turn are notoriously known for trying to attack and hack into any system, legally or not. Especially the fact that they don't simply distribute the blob as part of their bundle but download it, makes it IMHO highly suspicious (yeah, of course as with Mozilla there's the good excuse of patent reasons), as this could enable an attacker to selectively distribute good/bad versions of the blob to certain users, thereby making it basically impossible to ever detect this. May I ask boldly, is NaCl a legitimate feature of a Debian package in 'main'? I'm reminded of the FSF's John Sullivan speaking at DebConf14 about the DFSG iceweasel browser offering to install non-free software. AIUI NaCl's only purpose is to execute compiled, most likely non-free code? (Whereas minified non-free JavaScript is objectionable to some, this seems an order of magnitude worse). Browsers generally have really become a security disease... :-/ I also propose more QA within Debian to find applications phoning home, which could have been detected in this case within something like the autopkgtest framework and simply opening a page on a local webserver. phoning home and (down)loading + executing (possibly malicious) blobs are IMHO two different things. The former is just a privacy issue (which may or may not be a security issue as well)... and unfortunately we have already so many packages doing this (especially many cases where this behaviour is all but obvious), that I don't see any chances to really solve these privacy issues without a concentrated effort; and actually, in most cases where I've already reported such issues I experienced modest to strong resistance by the respective maintainers and/or upstream. Sorry, if you feel this is off-topic for the bug log, please take it to an appropriate list but preferably keep me in Cc: if you do. I've already thought about CCing d-d, but to be honest,... I don't expect that anything would come out from a broader discussion... security seems to be only tertiary priority in Debian, at least in several fields (and no, I explicitly do not refer to the Security Team here). The bug made it to Hacker News, so that has been accomplished now to some extent. Well and I've noticed it also mentioned on the cryptography mailing list and some openbsd lists... and yet... - still no DSA (or something like that) - still no concentrated effort at the Debian level to pro-actively work against such sources that include or more or less secretly download blobs (I guess it should be obvious that this cannot be the responsibility of one single person like Michael, and that my criticism isn't targeted towards him) - and sadly, as it seems, further, very silently handled cases: chromium-browser (43.0.2357.124-1) unstable; urgency=medium ... * Remove more sourceless files. Having this popped up at some news sites is basically useless if no measures are taken. Thanks Chris for speaking up about this. Well it wasn't me who noticed this particular incident of a compromise, thanks go to Yoshino Yoshihito Cheers, Chris. smime.p7s Description: S/MIME cryptographic signature
Bug#786909: chromium: unconditionally downloads binary blob
Since this made it to LWN [0] and Y Combinator [1] with an incredible amount of misinformation, let's attempt a (hopefully) non-hyped conversation about this, which unfortunately didn't happen a few days ago. On Tue, Jun 16, 2015 at 9:15 AM, Christoph Anton Mitterer wrote: On Tue, 2015-06-16 at 00:49 -0400, Michael Gilbert wrote: Barring the obtusely incorrect rootkit miscategorization Well, as I've said,.. no one can really tell what it is, since it's a blob,... and even if one would assume that someone could correctly reverse engineer it, or reproducibly build it from public sources, there's absolutely no guarantee that malicious software might have been just distributed to selected people. Except that the actual contents of the downloaded files in many ways do not actually matter. Those files are nacl executables, which are sandboxed in any nacl-enabled chromium, so barring a sandbox escape included in the files, this is functionally the same as visiting any nacl website (less the fact that hotword automatically gets microphone permission, which itself is worth independent critique). Additionally, the Debian packages are intentionally built with nacl disabled (in fact not built at all). So, at least on Debian, even if the downloaded files were in fact malicious, without a nacl interpreter present, there is absolutely no way to trigger the badness. oss-sec is a far better venue for discussion since Debian is not the only distribution that includes chromium 43 . I don't see how that would practically ever change something at the Debian level; this seems rather like simply pushing away and unpleasant issue. Maybe now it's clear that a meaningful conversation at the time would have preempted the ensuing misinformation campaign. And just because all other distros ship software which injects possibly malicious blobs, we don't have to do the same. I simply do not follow the logic leading to this conclusion. How does engaging in discussion lead to any specific problem being ignored exactly? Anyway, if some incredibly basic homework had been done, you could have convinced yourself of the non-issue nature of this problem, rather than engaging in unfounded speculation. Anyway, I haven't said that banning such software from Debian would be the only solution... but at least these incidents come far too frequent recently, so apparently something needs to be done at Debian level to pro-actively prevent future cases/compromises like this. That is exactly what Debian unstable is for, and in many ways it worked as intended, except for the special snowflake that is chromium. Since major chromium versions get uploaded to both unstable and stable to fix security issues, problems introduced into unstable also unfortunately get introduced to stable. And there's still no single sign of properly visible announcements to user what might have happened here. :( Well, it is out there now [0,1], unfortunately with a huge amount of misinformation. Anyway the Debian security tracker is tracking this [2]. As stated there, it will be fixed along with the next incoming round of chromium security issues. It is absolutely not worth fixing on its own. Best wishes, Mike [0] https://lwn.net/Articles/648392 [1] https://news.ycombinator.com/item?id=9724409 [2] https://security-tracker.debian.org/tracker/TEMP-000-A21526 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786909: Please stop (was: Bug#786909: chromium: unconditionally downloads binary blob)
On Thu, Jun 18, 2015 at 8:23 PM, Christoph Anton Mitterer wrote: - still no DSA (or something like that) See previous message. - still no concentrated effort at the Debian level to pro-actively work against such sources that include or more or less secretly download blobs If you have an itch, please by all means go scratch it. You will get absolutely nowhere continuing to tell people that they need to drop everything to scratch your particular itches. No one gets to tell anyone else how they should spend their Debian time. That is an incredibly obtrusive affront to personal freedom and self actualization. Please stop. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786909: chromium: unconditionally downloads binary blob
On Thu, 2015-06-18 at 20:19 -0400, Michael Gilbert wrote: Except that the actual contents of the downloaded files in many ways do not actually matter. Those files are nacl executables, which are sandboxed in any nacl-enabled chromium, so barring a sandbox escape included in the files, this is functionally the same as visiting any nacl website (less the fact that hotword automatically gets microphone permission, which itself is worth independent critique). I never really understood why browser need to be more and more like complete operating systems, taking control over hardware which is simply not their belonging... If people want to voice/video conferencing, then they should need to start some locally installed software for just that purpose. But maybe I'm just too old-fashioned and don't want to have everything run on the web or in the cloud. :-( Additionally, the Debian packages are intentionally built with nacl disabled (in fact not built at all). So, at least on Debian, even if the downloaded files were in fact malicious, without a nacl interpreter present, there is absolutely no way to trigger the badness. Definitely good news... But my primary point was more that this should simply not happen... cause in another case, we might not have had that safety of having nacl not even available. As I've mentioned, we've had the same issue already with Firefox which downloaded OpenH246 and which (AFAIR) was actually loaded. In principle, all code which is not manually downloaded/compiled/executed by the user should enter a Debian box *only* via the package management system. Maybe now it's clear that a meaningful conversation at the time would have preempted the ensuing misinformation campaign. Well it wasn't me who posted this news to several other places,... I simply do not follow the logic leading to this conclusion. How does engaging in discussion lead to any specific problem being ignored exactly? Well, discussing things at oss-security doesn't have any direct effect on Debian, right? Discussing/reporting things directly at upstream is mostly just a waste of time, at least when it comes about meta security issues; just look at the Mozilla bugtracker for issues reported by me. And unfortunately, the same applies largely to Debian itself. You may remember several discussions I've ignited on d-d about such higher level security issues,... like the downloader packages, or the far too high validity times of Release files. Anyway, if some incredibly basic homework had been done, you could have convinced yourself of the non-issue nature of this problem, rather than engaging in unfounded speculation. I think practically it's extremely time consuming to really confirm whether such code was loaded or not, especially when one is not familiar with the code base, which I'm not in the case of Chromium. And even if that code was just downloaded (but not executed) I still think it's far from ideal. configure-options may accidentally change, as may the download code itself - simply not having any such functionalities in the code is probably safer than having it just disabled and/or being simply a bit lucky as we apparently were in this case. That is exactly what Debian unstable is for Phew,... realistically, many people use sid for their normal desktop systems... Well, it is out there now [0,1], unfortunately with a huge amount of misinformation. My apologies, if you feel that this would fall into my responsibility... as this wasn't my intention (otherwise I'd have CCed it to d-d). Personally I think that you as maintainer(s) should feel the least responsible for this,... it's rather upstream who should need to reconsider some things; and if they got a bit attention now, than this may not be the biggest harm. As said before, my main point is the question what we can do to prevent such cases in the future. This time, nothing might have gotten executed,... and the code (likely) wouldn't have been malicious. Next time it may look different. Best wishes, Chris. smime.p7s Description: S/MIME cryptographic signature
Bug#762647: [Debian-med-packaging] Bug#762647: samtools: FTBFS: test suite errors
Charles Plessy ple...@debian.org writes: failures on 32-bits platforms are expected to be fixed in the next upstream release. Glad to hear it! I propose to wait for it. But if need is, it may be possible to backport the patches. I'm fine with waiting, just want the bug to stay open until the fix reaches Debian. -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781995: Fix in Jessie?
On 06/18/2015 08:16 PM, Paul Gevers wrote: Mert, On 18-06-15 18:54, Mert Dirik wrote: Is it planned to upload the fix also for Jessie? You will have to ask the release team in bug 782381 [1]. Paul [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782381 Thanks for the pointer, I'll follow it there. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789118: No issues with clean upgrade
I've just upgraded to 3.16 on unstable, but restarted the system right after the update finished. No problems unlocking. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789183: tracker.debian.org: bootstrap and tracker licenses incompatible
Package: tracker.debian.org Severity: serious tracker.debian.org uses an older version of bootstrap that is still Apache licensed and combines it with CSS and HTML code that is licensed under the GPL version 2. The Free Software Foundation considers the GPL 2 to be incompatible to the Apache license. Please upgrade to a new version of bootstrap that is MIT licensed. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/. Be friendly, do not top-post, and follow RFC 1855 Netiquette. - If you don't I might ignore you. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789187: moarvm: FTBFS on mipsel
Package: moarvm Severity: serious Tags: upstream Justification: fails to build from source Dear maintainer, as you can see at buildd [x], moarvm FTBFS on mipsel. I've contacted upstream [x], and they say there is no support for mipsel in dyncall. Lets this bug be an information point for this issue. Best regards. [x] https://buildd.debian.org/status/fetch.php?pkg=moarvmarch=mipselver=2015.04-1stamp=1434313323 [x] https://github.com/MoarVM/MoarVM/issues/222 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784343: moved to git already
Just and short update, because I won't finish the package today: It's repository is now at http://anonscm.debian.org/cgit/pkg-games/trigger-rally-data.git/ -- tobi -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789162: marked as done (aptdaemon: CVE-2015-1323: information disclosure via simulate dbus method)
Your message dated Thu, 18 Jun 2015 17:19:04 + with message-id e1z5dsy-0007kt...@franck.debian.org and subject line Bug#789162: fixed in aptdaemon 1.1.1+bzr982-1 has caused the Debian Bug report #789162, regarding aptdaemon: CVE-2015-1323: information disclosure via simulate dbus method to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 789162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789162 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: aptdaemon Version: 1.1.1-4 Severity: grave Tags: security upstream Hi, the following vulnerability was published for aptdaemon, which AFICS as well affects Debian. CVE-2015-1323[0]: information disclosure via simulate dbus method If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1323 [1] http://www.ubuntu.com/usn/usn-2648-1/ [2] https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587 Please adjust the affected versions in the BTS as needed. Regards, Salvatore ---End Message--- ---BeginMessage--- Source: aptdaemon Source-Version: 1.1.1+bzr982-1 We believe that the bug you reported is fixed in the latest version of aptdaemon, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 789...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julian Andres Klode j...@debian.org (supplier of updated aptdaemon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 18 Jun 2015 18:41:42 +0200 Source: aptdaemon Binary: aptdaemon python3-aptdaemon python-aptdaemon python3-aptdaemon.test aptdaemon-data python3-aptdaemon.gtk3widgets python-aptdaemon.gtk3widgets Architecture: source all Version: 1.1.1+bzr982-1 Distribution: unstable Urgency: high Maintainer: Julian Andres Klode j...@debian.org Changed-By: Julian Andres Klode j...@debian.org Description: aptdaemon - transaction based package management service aptdaemon-data - data files for clients python-aptdaemon - Python 2 modules for the server and client of aptdaemon python-aptdaemon.gtk3widgets - Python 2 GTK+ 3 widgets to run an aptdaemon client python3-aptdaemon - Python 3 modules for the server and client of aptdaemon python3-aptdaemon.gtk3widgets - Python 3 GTK+ 3 widgets to run an aptdaemon client python3-aptdaemon.test - Test environment for aptdaemon clients Closes: 770786 788034 789162 Changes: aptdaemon (1.1.1+bzr982-1) unstable; urgency=high . * Merged from Ubuntu wily. - Fix for CVE-2015-1323 (Closes: #789162) - Use vte 2.91 (Closes: #788034) - Fixes imports (Closes: #770786) * Drop PackageKit compat layer . aptdaemon (1.1.1+bzr982-0ubuntu4) wily; urgency=low . [ Michael Vogt ] * SECURITY UPDATE: information disclosure via simulate dbus method (LP: #1449587) - debian/patches/lp1449587.diff: drop privileges when running lintian, update tests. - CVE-2015-1323 . aptdaemon (1.1.1+bzr982-0ubuntu3) vivid; urgency=low . * debian/patches/lp1356823.diff: - try harder to fix crash #1356823 . aptdaemon (1.1.1+bzr982-0ubuntu2) vivid; urgency=low . * debian/patches/lp1356823.diff: - fix crash #1356823 . aptdaemon (1.1.1+bzr982-0ubuntu1) vivid; urgency=low . * fix crash in _on_progress_details() (LP: #1436725) . aptdaemon (1.1.1+bzr981-0ubuntu2) vivid; urgency=medium . * autopkgtest: Don't let root reports in /var/crash fail the test. . aptdaemon (1.1.1+bzr981-0ubuntu1) vivid; urgency=medium . * New bzr snapshot: + Port to VTE 2.91 * Update Vcs-* to point to vivid branch * Standards-Version → 3.9.6, no changes required . aptdaemon (1.1.1+bzr980-0ubuntu1) utopic; urgency=medium . * New bzr snapshot: - Drop obsolete gobject compatibility and gtkwidgets - Drop obsolete dbus.glib imports - Do not crash when # are in comments * Drop fix-configparser.patch, applied upstream. * Refresh other patches. * Drop python-aptdaemon.gtkwidgets and python-aptdaemon-gtk binaries. These have been
Bug#789110: linux-image-2.6.32-5-amd64: Kernel 2.6.32-5-amd64-2.6.32-48squeeze12 causes high load average
On Wed, Jun 17, 2015 at 11:37:00PM +0100, Ben Hutchings wrote: Control: forcermerge 789037 -1 On Wed, 2015-06-17 at 18:14 -0400, Bruce Momjian,,, wrote: Package: linux-2.6 Version: 2.6.32-48squeeze6 Severity: critical Justification: breaks the whole system Twelve hours ago I did a kernal upgrade to 2.6.32-5-amd64-2.6.32-48squeeze12, and since booting that kernel, the load average has steadily increased until it hit 156, cause apache and email software to fail. Rebooting causes the load average to start at zero but increase again. Downgrading to 2.6.32-48squeeze6 fixed the problem. Here is some detail from my kernel log: [...] Sorry, this is fixed in version 2.6.32-48squeeze13 which was released a few hours ago. I can confirm that 2.6.32-48squeeze13 fixes the problem of a growing load average. -- Bruce Momjian br...@momjian.ushttp://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781995: Fix in Jessie?
Mert, On 18-06-15 18:54, Mert Dirik wrote: Is it planned to upload the fix also for Jessie? You will have to ask the release team in bug 782381 [1]. Paul [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782381 signature.asc Description: OpenPGP digital signature
Bug#789197: libmimedir: CVE-2015-3205
Source: libmimedir Version: 0.5.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libmimedir. CVE-2015-3205[0]: | libmimedir allows remote attackers to execute arbitrary code via a VCF | file with two NULL bytes at the end of the file, related to free | function calls in the lexer's memory clean-up procedure. The issue can be reproduced by creating a specially crafted file with the PoC in [1]. The original bugreport at Red Hat Bugzilla[2] at the time of writing is not yet open. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3205 [1] https://www.exploit-db.com/exploits/37249/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=151 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#787882: marked as done (latexila: FTBFS with valac 0.28)
Your message dated Thu, 18 Jun 2015 19:34:19 + with message-id e1z5fzr-00069e...@franck.debian.org and subject line Bug#787882: fixed in latexila 3.16.1-1 has caused the Debian Bug report #787882, regarding latexila: FTBFS with valac 0.28 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 787882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787882 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: latexila Version: 3.14.2-1 Severity: important User: pkg-vala-maintain...@lists.alioth.debian.org Usertags: vala-0.28 Hi, We plan to make vala 0.28 the default vala compiler soon. It's currently in the process of being uploaded to experimental. Your package latexila declares a build dependency on valac. During a rebuild with this new version, latexila failed to build. The build logs can be found at https://people.debian.org/~biebl/buildlogs-vala-0.28/latexila Please prepare your package to build successfully with vala 0.28. Once vala 0.28 is uploaded to unstable, this bug will be bumped to serious. If you have further questions, please don't hesitate to ask. Thanks! Michael, on behalf of the Debian Vala team. ---End Message--- ---BeginMessage--- Source: latexila Source-Version: 3.16.1-1 We believe that the bug you reported is fixed in the latest version of latexila, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 787...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tanguy Ortolo tanguy+deb...@ortolo.eu (supplier of updated latexila package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 18 Jun 2015 16:38:24 +0200 Source: latexila Binary: latexila latexila-data Architecture: source amd64 all Version: 3.16.1-1 Distribution: unstable Urgency: medium Maintainer: Tanguy Ortolo tanguy+deb...@ortolo.eu Changed-By: Tanguy Ortolo tanguy+deb...@ortolo.eu Description: latexila - LaTeX editor designed for the GNOME desktop latexila-data - LaTeXila editor -- arch-independent files Closes: 774572 787882 Changes: latexila (3.16.1-1) unstable; urgency=medium . * New upstream release. (Closes: #787882) * debian/changelog: update build dependencies. * debian/clean: removed, no longer needed for compiling from C files (see below). * debian/control: integrate changes from Matthieu Baerts (Closes: #774572) + wrap and sort dependencies. + update homepage. + recommend gsettings-desktop-schemas which is supported and contrains schemas for the fonts, etc. used by LaTeXila. + recommend hicolor-icon-theme. + removed build-dependency on valac: it is recommended to build from C files (plus build from Vala does not work...) * debian/rules: enable parallel build, thanks to Matthieu Baerts. * e Checksums-Sha1: a0aa9923932dcf35599825927fb5ea8887150c9b 2098 latexila_3.16.1-1.dsc ec07aaf31bb85383ca6f7c0d029a8b2c3fa418fa 1059308 latexila_3.16.1.orig.tar.xz 4636373863c48c0a93b4b71cee197e8a2b9e3d29 6248 latexila_3.16.1-1.debian.tar.xz 7ad7054f5033974dd978de1ff29145ad87596e39 285020 latexila_3.16.1-1_amd64.deb a54e4cce5965534bdaa284b9ce03e24a3285995c 352438 latexila-data_3.16.1-1_all.deb Checksums-Sha256: be77ed099ea1fd9f3d3d8a60a7f98823748027af8b58fbb478493cd693ab85e3 2098 latexila_3.16.1-1.dsc ab2d769546e10c86670e86271024c023c0a87f1b72856955c1883416a9f333f0 1059308 latexila_3.16.1.orig.tar.xz 16187158beccf9529345dec807b65d35e17b5475bb1cd58216a20d197101c855 6248 latexila_3.16.1-1.debian.tar.xz 9d87a491ef879ef117a84398720360d3011f042c5d3206810033926c87ab9e8e 285020 latexila_3.16.1-1_amd64.deb 0e8af199088df4c02c6e6434e58e1057ab70426cffe1d2da0c23c30bb5665fbf 352438 latexila-data_3.16.1-1_all.deb Files: ee9e7941b36d1b07844a49266e474888 2098 tex optional latexila_3.16.1-1.dsc e148f046370c8952d094d5a803e4f2d8 1059308 tex optional latexila_3.16.1.orig.tar.xz e8326d8a92ae619275c2327f291c04e8 6248 tex optional latexila_3.16.1-1.debian.tar.xz abd7f111d90ff7cdabcdd8a1408c032f 285020 tex optional latexila_3.16.1-1_amd64.deb 47316a5ae5ab1a212d94f8dc648db4e3 352438 tex optional latexila-data_3.16.1-1_all.deb -BEGIN PGP
Bug#788274: marked as done (lttng-modules-dkms: fails to build for Linux 4.0)
Your message dated Thu, 18 Jun 2015 21:25:50 + with message-id e1z5hjm-x1...@franck.debian.org and subject line Bug#788274: fixed in lttng-modules 2.6.2-1 has caused the Debian Bug report #788274, regarding lttng-modules-dkms: fails to build for Linux 4.0 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 788274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788274 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: lttng-modules-dkms Version: 2.5.1-1 Severity: serious Tags: sid stretch User: debian...@lists.debian.org Usertags: piuparts from make.log: DKMS make.log for lttng-modules-2.5.1 for kernel 4.0.0-2-586 (x86_64) Tue Jun 9 21:21:02 UTC 2015 make: Entering directory '/usr/src/linux-headers-4.0.0-2-586' Makefile:10: *** mixed implicit and normal rules: deprecated syntax CC [M] /var/lib/dkms/lttng-modules/2.5.1/build/lttng-ring-buffer-client-discard.o In file included from /var/lib/dkms/lttng-modules/2.5.1/build/wrapper/ringbuffer/../../lib/ringbuffer/../../wrapper/ringbuffer/frontend_api.h:1:0, from /var/lib/dkms/lttng-modules/2.5.1/build/wrapper/ringbuffer/../../lib/ringbuffer/api.h:35, from /var/lib/dkms/lttng-modules/2.5.1/build/wrapper/ringbuffer/api.h:1, from /var/lib/dkms/lttng-modules/2.5.1/build/lttng-ring-buffer-client.h:175, from /var/lib/dkms/lttng-modules/2.5.1/build/lttng-ring-buffer-client-discard.c:29: /var/lib/dkms/lttng-modules/2.5.1/build/wrapper/ringbuffer/../../lib/ringbuffer/../../wrapper/ringbuffer/../../lib/ringbuffer/frontend_api.h: In function 'lib_ring_buffer_put_cpu': /var/lib/dkms/lttng-modules/2.5.1/build/wrapper/ringbuffer/../../lib/ringbuffer/../../wrapper/ringbuffer/../../lib/ringbuffer/frontend_api.h:76:2: error: implicit declaration of function '__get_cpu_var' [-Werror=implicit-function-declaration] __get_cpu_var(lib_ring_buffer_nesting)--; ^ /var/lib/dkms/lttng-modules/2.5.1/build/wrapper/ringbuffer/../../lib/ringbuffer/../../wrapper/ringbuffer/../../lib/ringbuffer/frontend_api.h:76:40: error: lvalue required as decrement operand __get_cpu_var(lib_ring_buffer_nesting)--; ^ cc1: some warnings being treated as errors /usr/src/linux-headers-4.0.0-2-common/scripts/Makefile.build:269: recipe for target '/var/lib/dkms/lttng-modules/2.5.1/build/lttng-ring-buffer-client-discard.o' failed make[3]: *** [/var/lib/dkms/lttng-modules/2.5.1/build/lttng-ring-buffer-client-discard.o] Error 1 /usr/src/linux-headers-4.0.0-2-common/Makefile:1407: recipe for target '_module_/var/lib/dkms/lttng-modules/2.5.1/build' failed make[2]: *** [_module_/var/lib/dkms/lttng-modules/2.5.1/build] Error 2 Makefile:145: recipe for target 'sub-make' failed make[1]: *** [sub-make] Error 2 Makefile:8: recipe for target 'all' failed make: *** [all] Error 2 make: Leaving directory '/usr/src/linux-headers-4.0.0-2-586' Andreas ---End Message--- ---BeginMessage--- Source: lttng-modules Source-Version: 2.6.2-1 We believe that the bug you reported is fixed in the latest version of lttng-modules, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 788...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jon Bernard jbern...@debian.org (supplier of updated lttng-modules package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 18 Jun 2015 20:16:30 + Source: lttng-modules Binary: lttng-modules-dkms Architecture: source all Version: 2.6.2-1 Distribution: unstable Urgency: medium Maintainer: Jon Bernard jbern...@debian.org Changed-By: Jon Bernard jbern...@debian.org Description: lttng-modules-dkms - Linux Trace Toolkit (LTTng) kernel modules (DKMS) Closes: 788274 Changes: lttng-modules (2.6.2-1) unstable; urgency=medium . [ Jon Bernard ] * [eb0b449] New upstream version 2.6.2 . [ Michael Jeanson ] * [fd2d7a6] Fix dh_install debian dir exclusion * [d7f5498] Regmap probe only builds on linux 4.1 and up (Closes: #788274) Checksums-Sha1: 49f36cccd446764ce779c4df4dd606857a4ab29e 1903 lttng-modules_2.6.2-1.dsc
Bug#788637: marked as done (codelite: the OSL-3.0 license is non-free)
Your message dated Thu, 18 Jun 2015 21:19:30 + with message-id e1z5hde-0007zh...@franck.debian.org and subject line Bug#788637: fixed in codelite 8.0.1+dfsg2-1 has caused the Debian Bug report #788637, regarding codelite: the OSL-3.0 license is non-free to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 788637: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788637 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: codelite Version: 7.0+dfsg-1 Severity: serious The file (introduced in codelite 7): codelitephp/PHPParserUnitTests/Tests/Mage.php is released under the OSL-3.0 which I mistakenly thought was a free license but actually isn't. See this: https://lists.debian.org/debian-legal/2008/03/msg00128.html Many of the clauses are similar to the OSL-2.0 so these apply as well: https://lists.debian.org/debian-legal/2004/05/msg00118.html https://lists.debian.org/debian-legal/2004/09/msg00220.html James signature.asc Description: This is a digitally signed message part ---End Message--- ---BeginMessage--- Source: codelite Source-Version: 8.0.1+dfsg2-1 We believe that the bug you reported is fixed in the latest version of codelite, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 788...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Cowgill james...@cowgill.org.uk (supplier of updated codelite package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 14 Jun 2015 00:43:46 +0100 Source: codelite Binary: codelite codelite-plugins Architecture: source Version: 8.0.1+dfsg2-1 Distribution: unstable Urgency: medium Maintainer: James Cowgill james...@cowgill.org.uk Changed-By: James Cowgill james...@cowgill.org.uk Description: codelite - Powerful and lightweight C/C++ IDE codelite-plugins - Powerful and lightweight C/C++ IDE - plugins Closes: 788637 Changes: codelite (8.0.1+dfsg2-1) unstable; urgency=medium . * Remove codelitephp/PHPParserUnitTests/Tests/Mage.php which is licensed under the non-free OSL-3.0 license (Closes: #788637). Checksums-Sha1: 0e1e87fabf665d756c82a9f8a13a1bcde56b52c4 codelite_8.0.1+dfsg2-1.dsc b0e0be50510c52fc9e6c1f9e894146618eabf9d7 10149122 codelite_8.0.1+dfsg2.orig.tar.gz 7fe6ecff10730a6dd195fdfc1ac401a4fba47618 30624 codelite_8.0.1+dfsg2-1.debian.tar.xz Checksums-Sha256: 890ffabd33937655d9e12541e7fc4d92d5a969dfd8963bf2dcb887e106908918 codelite_8.0.1+dfsg2-1.dsc 42a369d0c9ec01eaad12c9e0b44e0f65464d914bf2619865afdf24fe8719f8a4 10149122 codelite_8.0.1+dfsg2.orig.tar.gz a43b05754463cd3c89ee4bbe18b00703ef02f858501a2a579eb87d22de5bdcf8 30624 codelite_8.0.1+dfsg2-1.debian.tar.xz Files: 435ada70ba69219f9f44f4cdeb789a11 devel optional codelite_8.0.1+dfsg2-1.dsc e1e7366f1b05f4c10234b3f3d31498f6 10149122 devel optional codelite_8.0.1+dfsg2.orig.tar.gz b19d1fbfe94a11e68b8526d66c1ed69c 30624 devel optional codelite_8.0.1+dfsg2-1.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJVgzTcAAoJEMfxZ23qLQHvA0EQAJyJimzj8LrmR65F358esvCq Pkey62CWNfAGaVA3GhSLucBZA5nt6D3RuzGDlwZ6fRzmQaqkTQzbJldt6rjP8qj4 dgwUIy5etH4kfQD3bQrbls7mjJqH+zkAu3bfiv2j2Zrct9cnQVHcatuCkd4pYusn oS2xwidSBdLDaav+qEsUtbA6TGvjJ5/iO452pvrq4OW4G9zZryHQ371DeUq1QfgI 7Fzgk1f7Mp47EzSvcV5Zs2oBc9hmpInLInyA8XqDJC410YULzFDMmd+RSbfdXqhq n/xiNMHIdu2dNFxXyzEnquhgmRgO7BvXZIJ9RJgXsLnQpwmDxIM4staAfGY4ojiH Py/dZZrloY1hyU2XJUKJCYnqCBpjoDVRZdj3LhS3VeAqnJ5Yaz7A5ewREarmlrzQ zitUlfE33VwUMqlCNBSEA2aqMrZeXKJl0b62oiKflLsFjLYclmotL0h9WOuKCNmM 0aBecmiSVfjbaMzrWwYn8OVwQTCiu1SZbgFdUTAy5gaei59jXEESdSyW11vjobyg t6ahhw3gvUbkQhAgnBDgji6tgVA1I43NLixi7MjYpUSDdpZ8CPolpW72Hnmb2oKV tRcgLKSVIWi4RhBL91SIfrPHNZSWInsied+QX0bh8+GSGpXhdVkhfsicmcUb7wBo vK4MD1mSbdzTTFDNZeiB =sPIr -END PGP SIGNATUREEnd Message---
Bug#786909: chromium: unconditionally downloads binary blob
Hi, Upstream have said: https://code.google.com/p/chromium/issues/detail?id=491435#c10 This is not opt-in default. If you do not explicitly opt in (using the Enable Ok Google setting in chrome://settings), then this module will not run. That suggests to me that security of users was not put at risk, unless they enabled that optional feature. It was likely 'only' a privacy concern and Debian policy violation. May I ask boldly, is NaCl a legitimate feature of a Debian package in 'main'? I'm reminded of the FSF's John Sullivan speaking at DebConf14 about the DFSG iceweasel browser offering to install non-free software. AIUI NaCl's only purpose is to execute compiled, most likely non-free code? (Whereas minified non-free JavaScript is objectionable to some, this seems an order of magnitude worse). I'm not implying chromium belongs in contrib or non-free - there is already the non-free Chrome as an option there - but rather, would the DFSG chromium browser be 'more' free if it disabled NaCl? I also propose more QA within Debian to find applications phoning home, which could have been detected in this case within something like the autopkgtest framework and simply opening a page on a local webserver. Sorry, if you feel this is off-topic for the bug log, please take it to an appropriate list but preferably keep me in Cc: if you do. Christoph Anton Mitterer wrote: And there's still no single sign of properly visible announcements to user what might have happened here. :( The bug made it to Hacker News, so that has been accomplished now to some extent. Thanks Chris for speaking up about this. Regards, -- Steven Chamberlain ste...@pyro.eu.org signature.asc Description: Digital signature
Processed (with 1 errors): set fixed version to existing value
Processing commands for cont...@bugs.debian.org: # this should allow guake to migrate back to testing fixed 784010 0.7.0-1 Bug #784010 {Done: Daniel Echeverry epsilo...@gmail.com} [guake] guake: Toggle doesn't work correctly Marked as fixed in versions guake/0.7.0-1. done Unknown command or malformed arguments to command. End of message, stopping processing here. Please contact me if you need assistance. -- 784010: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789211: mathematica-fonts: fonts are no longer available
Package: mathematica-fonts Version: 17 Severity: grave Justification: renders package unusable I get the following error when installing mathematica-fonts: Setting up mathematica-fonts (17) ... --2015-06-18 23:39:31-- http://support.wolfram.com/technotes/MathematicaV7FontsLinux.tar.gz Resolving support.wolfram.com (support.wolfram.com)... 140.177.205.40 Connecting to support.wolfram.com (support.wolfram.com)|140.177.205.40|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2015-06-18 23:39:33 ERROR 404: Not Found. Download seems to fail. checking MathematicaV7FontsLinux.tar.gz Downloaded file looks corrupted! The fonts might be removed on the Web and if so we can do nothing, sorry. So, this package is currently useless. -- System Information: Debian Release: stretch/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mathematica-fonts depends on: ii debconf [debconf-2.0] 1.5.56 ii unzip 6.0-17 mathematica-fonts recommends no packages. mathematica-fonts suggests no packages. -- debconf information: mathematica-fonts/http_proxy: * mathematica-fonts/license: * mathematica-fonts/accept_license: true -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786909: chromium: unconditionally downloads binary blob
Steven Chamberlain wrote: would the DFSG chromium browser be 'more' free if it disabled NaCl? Actually, in the build log I see disable_nacl=1 I'm confused that hotword-x86-64.nexe is a NaCl module [0], even though Debian's chromium is built with NaCl 'disabled'? Does this feature actually work at all, even if a user ticks Enable OK Google in chrome://settings; is someone able to test that? [0]: https://code.google.com/p/chromium/issues/detail?id=491435#c10 Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org signature.asc Description: Digital signature
Bug#786909: chromium: unconditionally downloads binary blob
On Thu, Jun 18, 2015 at 7:33 PM, Steven Chamberlain wrote: Steven Chamberlain wrote: would the DFSG chromium browser be 'more' free if it disabled NaCl? Actually, in the build log I see disable_nacl=1 I'm confused that hotword-x86-64.nexe is a NaCl module [0], even though Debian's chromium is built with NaCl 'disabled'? Yes, nacl is intentionally disabled in the Debian packages, but that itself doesn't have anything to do with the ability of the browser to download files. Does this feature actually work at all, even if a user ticks Enable OK Google in chrome://settings; is someone able to test that? No, it does not work. Obviously nacl applications cannot execute without a nacl interpreter. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785366: marked as done (chef: not installable in sid)
Your message dated Thu, 18 Jun 2015 23:49:02 + with message-id e1z5jym-d6...@franck.debian.org and subject line Bug#785366: fixed in chef 12.3.0-1 has caused the Debian Bug report #785366, regarding chef: not installable in sid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 785366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: chef Version: 11.12.8-2 Severity: serious User: trei...@debian.org Usertags: edos-uninstallable Dear Maintainer, chef is currently not installable in sid since it depends on ruby-rest-client ( 1.7.0). This dependency is hard-coded in debian/control. However, the version of ruby-rest-client in sid is 1.8.0-1. Cheers -Ralf. ---End Message--- ---BeginMessage--- Source: chef Source-Version: 12.3.0-1 We believe that the bug you reported is fixed in the latest version of chef, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 785...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antonio Terceiro terce...@debian.org (supplier of updated chef package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 18 Jun 2015 15:57:02 -0300 Source: chef Binary: chef Architecture: source all Version: 12.3.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers pkg-ruby-extras-maintain...@lists.alioth.debian.org Changed-By: Antonio Terceiro terce...@debian.org Description: chef - systems integration framework - clients Closes: 785366 Changes: chef (12.3.0-1) unstable; urgency=medium . * New upstream release * Update packaging: - Drop: Provides/Replaces used for upgrades in old releases - Dropped debian/require-rubygems.overrides, now obsolete - Drop debian/patches/remove_rubygems.diff, now obsolete - Dependency on ruby-rest-client was removed upstream (Closes: #785366) * debian/chef-client.{init,default}: copied from old source package. These files have been dropped by upstream. Checksums-Sha1: 23f6edcaff458c02ed62d0d0815d56fa1addadd1 2605 chef_12.3.0-1.dsc 07b9cb01e3033f58c41abebb8d57e0f82871aa88 1421333 chef_12.3.0.orig.tar.gz 0eefc29b15e3913860c517f2dce472a8ae2b0090 23740 chef_12.3.0-1.debian.tar.xz 20b8682e912030853d6fb39a11bc434672137868 576930 chef_12.3.0-1_all.deb Checksums-Sha256: 16bd86ca18464cb9b71620b8166caf2e8b9a2b02dae3c360f20c0be2dbd10709 2605 chef_12.3.0-1.dsc 1a02b457d8e4d7a33f0b9d288e80d6db828347b5dd381d8fdcd9fb9702ffbec4 1421333 chef_12.3.0.orig.tar.gz d05e7bc2e5937e7a3f28ee67164a2ff42bb074934a51d5c8820abbb5fc64adbb 23740 chef_12.3.0-1.debian.tar.xz 9d289dc7a869380be5e8c524af8fda02aa4bb36bfb9fcca373f214270da899ea 576930 chef_12.3.0-1_all.deb Files: 5f811226b017afb0c1b52b101c16bd45 2605 ruby optional chef_12.3.0-1.dsc bc43ca69a905ff91b67b19ec198931d7 1421333 ruby optional chef_12.3.0.orig.tar.gz 1c614e292e2d93daf3aaaf430debea86 23740 ruby optional chef_12.3.0-1.debian.tar.xz b04f60dacfef46a783e427ec45a4fa13 576930 ruby optional chef_12.3.0-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVg1J4AAoJEPwNsbvNRgve/XcQAJN0ULm2cpyN0Nm0YDpXAnxE mqVndm6oiOh84GAeg4ANDtGwa0zKaOFGK38GHr+4LBlOpbAiiYwI9qw/JLR+kpTB l/F004vQZwnB/U+PHl+4kG9f3UvIIRTOqEPwmXsZSelHsRXNCHOGwBEYPGsSPfBP e4w2g0I/CzIp4A+pag7z8ecOqbFY90v5/P3DjMEpycsD/Bt3sILS0GhsViRc6t8L FIoIfP5RvuxYEoqcc7PS+GJcmY6sXsHxh2SpZUzCI+kTMZEgaAcug3ll8P+96PHX oDyT2LMCs2dUSUsd1dfIrwDb/t0OXekXRwIUgdV39Puhz4FowJY1YuBNwtlTl75I WPadszjV3jOtfpW2H0oHjbvf6zUyS0IaHtZReWttHoO7qkOndDO7SRm1bQyKbgan HDd6MCQfNDxR29BCWNtTf/vlEGqtnG7tzO5jAxKluI9HAXXzXhBeFDXPmeIY188B zBmMt20n1rScdJffgI1Zt3FEiBo35I4OZrKNaZA9MELJjj5aQH6Bqcwn0Fmz6BJx oAMuQIsKt4rtw+Wn0N/2OYj/XY+anUrIvibBdsZo1sWnY9RHxHiXVVS+qjcMOenW kYfm9LhdQU/2RFrJwB6BIt+OmnFqfPr8PK2ktJiTsUgzy5zaIuS8hp/0TOCM0mDm relOFqvK6a4HaY7DQUau =I1hr -END PGP SIGNATUREEnd Message---
Processed: Now RC
Processing control commands: severity -1 serious Bug #629337 [src:gosa-perl] gosa-perl: uses Switch.pm, removed in perl 5.14 Severity set to 'serious' from 'normal' -- 629337: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629337 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 629334 is serious
Processing commands for cont...@bugs.debian.org: severity 629334 serious Bug #629334 [src:gbackground] gbackground: uses Switch.pm, removed in perl 5.14 Severity set to 'serious' from 'normal' thanks Stopping processing here. Please contact me if you need assistance. -- 629334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629334 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed:
Processing control commands: severity -1 important Bug #781767 [s3cmd] s3cmd fails on buckets with .s Severity set to 'important' from 'grave' -- 781767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781767 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781767:
Control: severity -1 important thanks Based on the last few comments I'm setting the severity back to important. cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#788601: gdb trace for python2 running /usr/bin/pitivi
Hi, I have the same problem, this is the gdb output + backtrace $ gdb python2 [snip] (gdb) run /usr/bin/pitivi Starting program: /usr/bin/python2 /usr/bin/pitivi [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. (pitivi:5216): Clutter-WARNING **: clutter_x11_set_use_argb_visual() can only be used before calling clutter_init() (pitivi:5216): Clutter-WARNING **: clutter_x11_set_display() can only be used before calling clutter_init() (pitivi:5216): Clutter-WARNING **: clutter_x11_disable_event_retrieval() can only be used before calling clutter_init() (pitivi:5216): Clutter-WARNING **: clutter_disable_accessibility() can only be called before initializing Clutter. Missing soft dependency: - pycanberra not found on the system - enables sound notifications when rendering is complete Missing soft dependency: - GnomeDesktop not found on the system - file thumbnails provided by GNOME's thumbnailers Missing soft dependency: - Notify not found on the system - enables visual notifications when rendering is complete [New Thread 0x7fffe3d7e700 (LWP 5221)] [New Thread 0x7fffe2d7d700 (LWP 5222)] Program received signal SIGSEGV, Segmentation fault. __GI___pthread_mutex_lock (mutex=0x7fffc850) at ../nptl/pthread_mutex_lock.c:66 66 ../nptl/pthread_mutex_lock.c: No such file or directory. (gdb) bt #0 __GI___pthread_mutex_lock (mutex=0x7fffc850) at ../nptl/pthread_mutex_lock.c:66 #1 0x730de3ba in XrmQGetResource () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #2 0x730ba7f6 in XGetDefault () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #3 0x74039748 in _XcursorGetDisplayInfo () from /usr/lib/x86_64-linux-gnu/libXcursor.so.1 #4 0x74039789 in XcursorSupportsARGB () from /usr/lib/x86_64-linux-gnu/libXcursor.so.1 #5 0x7403bebc in XcursorTryShapeCursor () from /usr/lib/x86_64-linux-gnu/libXcursor.so.1 #6 0x730b49cd in XCreateGlyphCursor () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #7 0x730b4e46 in XCreateFontCursor () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #8 0x74ed6dea in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 #9 0x75f42dc0 in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6 #10 0x75f42828 in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6 #11 0x76b076b4 in ?? () from /usr/lib/python2.7/dist-packages/gi/_gi.so #12 0x76b08533 in ?? () from /usr/lib/python2.7/dist-packages/gi/_gi.so #13 0x76b08fe8 in ?? () from /usr/lib/python2.7/dist-packages/gi/_gi.so #14 0x76afd4ae in ?? () from /usr/lib/python2.7/dist-packages/gi/_gi.so #15 0x004caaa1 in PyEval_EvalFrameEx () #16 0x004c87a1 in PyEval_EvalCodeEx () #17 0x004c8036 in PyEval_EvalCode () #18 0x004c67ec in PyImport_ExecCodeModuleEx () #19 0x004c2f82 in ?? () #20 0x004b1532 in ?? () #21 0x004b0b2a in ?? () #22 0x004b3d66 in ?? () #23 0x004d1a1b in PyEval_CallObjectWithKeywords () #24 0x004ccc1c in PyEval_EvalFrameEx () #25 0x004c87a1 in PyEval_EvalCodeEx () #26 0x004c8036 in PyEval_EvalCode () #27 0x004c67ec in PyImport_ExecCodeModuleEx () #28 0x004c2f82 in ?? () #29 0x004b1532 in ?? () ---Type return to continue, or q return to quit--- #30 0x004b0f2f in ?? () #31 0x004b3d66 in ?? () #32 0x004d1a1b in PyEval_CallObjectWithKeywords () #33 0x004ccc1c in PyEval_EvalFrameEx () #34 0x004c87a1 in PyEval_EvalCodeEx () #35 0x004c8036 in PyEval_EvalCode () #36 0x004c67ec in PyImport_ExecCodeModuleEx () #37 0x004c2f82 in ?? () #38 0x004b1532 in ?? () #39 0x004b0ee9 in ?? () #40 0x004b3d66 in ?? () #41 0x004d1a1b in PyEval_CallObjectWithKeywords () #42 0x004ccc1c in PyEval_EvalFrameEx () #43 0x004c87a1 in PyEval_EvalCodeEx () #44 0x004c8036 in PyEval_EvalCode () #45 0x004c67ec in PyImport_ExecCodeModuleEx () #46 0x004c2f82 in ?? () #47 0x004b1532 in ?? () #48 0x004b0ee9 in ?? () #49 0x004b3d66 in ?? () #50 0x004d1a1b in PyEval_CallObjectWithKeywords () #51 0x004ccc1c in PyEval_EvalFrameEx () #52 0x004ca592 in PyEval_EvalFrameEx () #53 0x004c87a1 in PyEval_EvalCodeEx () #54 0x005030ef in ?? () #55 0x004f8c72 in PyRun_FileExFlags () #56 0x004f7d77 in PyRun_SimpleFileExFlags () #57 0x004982f2 in Py_Main () #58 0x76f14b45 in __libc_start_main (main=0x497d80 main, argc=2, argv=0x7fffe7c8, init=optimized out, fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe7b8) at libc-start.c:287 #59 0x00497ca0 in _start () Kind regards, Axel
Bug#789098: FTBFS: ./conjugue fails with internal error: afligir e arg�ir colidem em FV
tag 789098 +pending tag 789099 +pending On Wed, Jun 17, 2015 at 08:30:23PM +, Chris West (Faux) wrote: Source: br.ispell Version: 3.0~beta4 Severity: serious Justification: fails to build from source (but built successfully in the past) Dear Maintainer, The package fails to build for me, although it appears to build sometimes on our Jenkins. I suspect something to do with locales or locale variation, but I'm unable to confirm: dh_testdir # Build everything besides aspell /usr/bin/make AWK=/usr/bin/gawk \ formas br.aff br.base br.ispell make[1]: Entering directory '/home/faux/br.ispell-3.0~beta4' /usr/bin/gawk -f ./conjugue -v BANCO=verbos -v FORMATO=aa -v CMD=T v.rules Falha interna: afligir e arg�ir colidem em FV Makefile:107: recipe for target 'br.aff' failed make[1]: *** [br.aff] Error 1 I believe that the pair of words that are failing are the first words evaluated. My build environment is normal: LANG=en_GB.UTF-8, LC_ALL and other variables not explicitly set. Jenkins is supposed to be set up the same way, and succeeds the build, but fails in the build that specifies LC_ALL. On Wed, Jun 17, 2015 at 08:49:13PM +, Chris West (Faux) wrote: Source: eo-spell Version: 2.1.2000.02.25 Severity: serious Justification: fails to build from source Dear Maintainer, The package fails to build from source: cp eo.aff ooo-tmp/esperanto.aff # Create ispell latin3 munched wordlist and affix file sed -f debian/cx2latin3.sed kune.txt ooo-tmp/eo.wl sed: file debian/cx2latin3.sed line 1: unterminated `s' command debian/rules:50: recipe for target 'build-stamp' failed make: *** [build-stamp] Error 1 Looks like it could be a locale problem, I'm running LANG=en_GB.UTF-8 LC_ALL unset: root@sid:~/eo-spell-2.1.2000.02.25# cat debian/cx2latin3.sed | head -n1 | xxd : 732f 6378 2fe6 2f67 0a s/cx/./g. Thanks for the info, replying to both #789098 and #789099. I guess it would work with LC_ALL=C, but fails when iso-8859-1 files are used under UTF-8 locale. Should be fixed by forcing LC_ALL=C in debian/rules. Regards, -- Agustin -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 5 errors): Re: Bug#789098: FTBFS: ./conjugue fails with internal error: afligir e arg�ir colidem em FV
Processing commands for cont...@bugs.debian.org: tag 789098 +pending Bug #789098 [src:br.ispell] FTBFS: ./conjugue fails with internal error: afligir e arg�ir colidem em FV Added tag(s) pending. tag 789099 +pending Bug #789099 [src:eo-spell] FTBFS: debian/cx2latin3.sed line 1: unterminated `s' command Added tag(s) pending. On Wed, Jun 17, 2015 at 08:30:23PM +, Chris West (Faux) wrote: Unknown command or malformed arguments to command. Source: br.ispell Unknown command or malformed arguments to command. Version: 3.0~beta4 Unknown command or malformed arguments to command. Severity: serious Unknown command or malformed arguments to command. Justification: fails to build from source (but built successfully in the past) Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. -- 789098: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789098 789099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789099 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#788278: [znc] Some sources are not included in your package
tag #788278 + upstream severity #788278 important thanks Hi, Am 10.06.2015 um 01:36 schrieb bastien ROUCARIÈS: your package includes some files that seem to lack sources in prefered forms of modification: webskins/_default_/pub/jquery-1.11.2.min.js just discussed with upstream about that a month ago. It is already fixed in git and a fix will be availble with the next upstream version. -- /* Mit freundlichem Gruß / With kind regards, Patrick Matthäi GNU/Linux Debian Developer Blog: http://www.linux-dev.org/ E-Mail: pmatth...@debian.org patr...@linux-dev.org */ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#788278: [znc] Some sources are not included in your package
Processing commands for cont...@bugs.debian.org: tag #788278 + upstream Bug #788278 [src:znc] [znc] Some sources are not included in your package Added tag(s) upstream. severity #788278 important Bug #788278 [src:znc] [znc] Some sources are not included in your package Severity set to 'important' from 'serious' thanks Stopping processing here. Please contact me if you need assistance. -- 788278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788278 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789138: dogtag-pki: FTBFS
Source: dogtag-pki Version: 10.2.0-4 Severity: serious Justification: fails to build from source (but built successfully in the past) It recently failed to build on arm64 with this error: com/netscape/cms/tomcat/ProxyRealm.java:22: error: ProxyRealm is not abstract and does not override abstract method authenticate(String) in Realm public class ProxyRealm implements Realm { ^ See https://buildd.debian.org/status/package.php?p=dogtag-pkisuite=sid When I tried it on amd64 I got the same error, though it worked on the buildd 222 days ago. (There was a different error on sparc 222 days ago.) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789141: libdancer2-perl: FTBFS with Plack = 1.0036: t/classes/Dancer2-Core-Response/new_from.t
Source: libdancer2-perl Version: 0.160001 Severity: serious Tags: sid stretch fixed-upstream Forwarded: https://github.com/PerlDancer/Dancer2/issues/921 Justification: FTBFS This package FTBFS with Plack = 1.0036, now in unstable: coercion for headers failed: Not an ARRAY reference at /«BUILDDIR»/libdancer2- perl-0.160001+dfsg/blib/lib/Dancer2/Core/Role/Headers.pm line 16. # Child (new_from_plack) exited without calling finalize() # Failed test 'new_from_plack' # at /usr/share/perl/5.22/Test/Builder.pm line 279. # Looks like you failed 1 test of 3. # Looks like your test exited with 29 just after 3. t/classes/Dancer2-Core-Response/new_from.t . It looks like this is fixed by Dancer2 0.160003. Cheers, Dominic. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#788601:
this might be the same thing as in #732813 but i haven't tried it with another version.
Processed: tagging 789102
Processing commands for cont...@bugs.debian.org: tags 789102 + sid stretch Bug #789102 [src:haskell-hamlet] FTBFS: build-depends are unsatisfiable: libghc-shakespeare-dev is too new Added tag(s) sid and stretch. thanks Stopping processing here. Please contact me if you need assistance. -- 789102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789107: FTBFS: attempts to download pytz from pypi
Control: found -1 0.2-1 Control: notfound -1 0.2 On 2015-06-17 22:00:42, Chris West (Faux) wrote: Source: pyrfc3339 Version: 0.2 Did you mean 0.2-1? Severity: serious Justification: fails to build from source Dear Maintainer, The package fails to build on a builder without networking. It attempts to download some code from a 3rd party service. I believe this is a serious violation of Debian policy. running test Searching for pytz Reading https://pypi.python.org/simple/pytz/ Download error on https://pypi.python.org/simple/pytz/: [Errno 101] Network is unreachable -- Some packages may not be found! Couldn't find index page for 'pytz' (maybe misspelled?) Scanning index of all packages (this may take a while) Reading https://pypi.python.org/simple/ Download error on https://pypi.python.org/simple/: [Errno 101] Network is unreachable -- Some packages may not be found! No local packages or download links found for pytz error: Could not find suitable distribution for Requirement.parse('pytz') E: pybuild pybuild:256: test: plugin distutils failed with: exit code=1: python3.4 setup.py test The full build log can be seen on the Reproducible Builds builder: https://reproducible.debian.net/rb-pkg/unstable/amd64/pyrfc3339.html You can reproduce the problem locally easily with unshare --net. Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Processed: Re: Bug#789107: FTBFS: attempts to download pytz from pypi
Processing control commands: found -1 0.2-1 Bug #789107 [src:pyrfc3339] FTBFS: attempts to download pytz from pypi Marked as found in versions pyrfc3339/0.2-1. notfound -1 0.2 Bug #789107 [src:pyrfc3339] FTBFS: attempts to download pytz from pypi The source 'pyrfc3339' and version '0.2' do not appear to match any binary packages No longer marked as found in versions pyrfc3339/0.2. -- 789107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789107 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org