Bug#1008354: fossil: FTBFS: ./conftest__.c:3: undefined reference to `sqlite3_open'
Thank you for your reply. Understood. I will wait for the next release. 2022年5月5日(木) 17:14 Barak A. Pearlmutter : > > Yes. > > I patched over the issue for now by just using the internal sqlite3 > library, so I think it can wait until the next official release to > pick up the proper bug fix and go back to using the system sqlite3 > library.
Bug#1008354: fossil: FTBFS: ./conftest__.c:3: undefined reference to `sqlite3_open'
Dear Maintainer, This is a bug in the fossil configure tool, and fixed in upstream: commit: https://fossil-scm.org/home/info/8af827342f4c4a77 forum: https://fossil-scm.org/forum/info/549da79dd9 cf. https://www.sqlite.org/src/info/4cbb3e3efeb40cc4 Regards, Nobuhiro Ban
Bug#977397: uim-el: missing *-uim in input-method-alist on Emacs 27
Package: uim-el Version: 1:1.8.8-6.1+b2 Severity: grave Justification: renders package unusable Tags: patch Dear Maintainer, I used the japanese-anthy-utf8-uim input-method on my Debian Emacs 26 env. But after upgrading Emacs 27, I cannot set input-method to japanese-anthy-utf8-uim. (Same cause as #977257) There is a problem at initializing uim-el. So none of the input methods *-uim are prepared on startup. >From *Message* buffer: >Error while loading 50uim-el: Symbol’s function definition is void: >process-kill-without-query How to fix: Replace process-kill-without-query with set-process-query-on-exit-flag in /usr/share/emacs/site-lisp/uim-el/*.el . This patch fixes this problem. - Begin --- uim-1.8.8.orig/emacs/uim-helper.el +++ uim-1.8.8/emacs/uim-helper.el @@ -106,7 +106,7 @@ (if (not proc) (error "uim.el: Couldn't invoke uim-el-helper-agent.")) -(process-kill-without-query proc) +(set-process-query-on-exit-flag proc nil) ;; wait "OK" (let ((patience uim-startup-timeout) (ok nil)) --- uim-1.8.8.orig/emacs/uim.el +++ uim-1.8.8/emacs/uim.el @@ -488,7 +488,7 @@ (error "uim.el: Couldn't invoke uim-el-agent.")) ;; don't ask kill -(process-kill-without-query proc) +(set-process-query-on-exit-flag proc nil) ;; wait "OK" (let ((patience uim-startup-timeout) (ok nil)) - End Regards, Nobuhiro Ban -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-4-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages uim-el depends on: ii emacs1:27.1+1-3 ii emacs-gtk [emacsen] 1:27.1+1-3 ii libc62.31-5 ii libuim8 1:1.8.8-6.1+b2 ii uim 1:1.8.8-6.1+b2 ii uim-data 1:1.8.8-6.1 uim-el recommends no packages. uim-el suggests no packages. -- no debconf information
Bug#977258: libssreflect-coq: ABI break by coq binNMU
Package: libssreflect-coq Version: 1.11.0-2 Severity: grave Justification: renders package unusable Dear Maintainer, I cannot use the ssreflect library in my Debian coq env (amd64 testing). the code: > Require Import mathcomp.ssreflect.ssreflect. gets an error: > Compiled library mathcomp.ssreflect.ssreflect (in file > /usr/lib/coq/user-contrib/mathcomp/ssreflect/ssreflect.vo) makes inconsistent > assumptions over library Coq.Init.Ltac Additional information libssreflect-coq 1.11.0-2 is built against coq 8.12.0-3+b2. (buildd log: https://buildd.debian.org/status/fetch.php?pkg=ssreflect=all=1.11.0-2=1604474661=0 ) But the current coq version is 8.12.0-3+b3. I think this package should depend on "libcoq-ocaml-", because "coq-+" is insufficient for binNMUs. I got the same issue before, libssreflect-coq 1.11.0-1 (built against coq 8.12.0-3) + coq 8.12.0-3+b1. Regards, Nobuhiro Ban -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.9.0-3-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libssreflect-coq depends on: ii coq [coq-8.12.0+4.11.1] 8.12.0-3+b3 ii libcoq-ocaml 8.12.0-3+b3 libssreflect-coq recommends no packages. libssreflect-coq suggests no packages. -- debconf-show failed
Bug#764118: wordwarvi: cannot start game (GTK+/GLib mutex problem)
Package: wordwarvi Version: 1.00+dfsg1-3 Severity: grave Tags: patch Justification: renders package unusable Dear Maintainer, Wordwarvi cannot start game. $ LANG=C gdb -q wordwarvi Reading symbols from wordwarvi...(no debugging symbols found)...done. (gdb) r Starting program: /usr/games/wordwarvi [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. No joystick... (snip) [New Thread 0x7fffe7567700 (LWP 3460)] Decoding audio data...done. Can't open /dev/input/event5: Permission denied No rumble... Attempt to unlock mutex that was not locked Program received signal SIGABRT, Aborted. 0x75b8b077 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x75b8b077 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x75b8c458 in __GI_abort () at abort.c:89 #2 0x75f8b95d in g_mutex_unlock_slowpath (mutex=optimized out, prev=optimized out) at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./glib/gthread-posix.c:1327 #3 0x7683ebbf in IA__gtk_main () at /build/gtk+2.0-zztKf7/gtk+2.0-2.24.24/gtk/gtkmain.c:1256 #4 0x00403934 in ?? () #5 0x75b77b45 in __libc_start_main (main=0x402b20, argc=1, argv=0x7fffe3d8, init=optimized out, fini=optimized out, rtld_fini=optimized out, stack_end=0x7fffe3c8) at libc-start.c:287 (snip) This is caused by GLib's mutex implementation change. See GNOME tracker about this [1]. Wordwarvi uses the wrong code (in [2]'s phrase), so crashes in g_mutex_unlock_slowpath(). How to fix: (a) Change gtk+2.0 to accept also wrong code (see [2] and Debian bug #763690) or (b) Change wordwarvi to use the correct way (in [2]'s phrase). I wrote a patch for (b). Please apply attached patch. [1] https://bugzilla.gnome.org/show_bug.cgi?id=735428 [2] https://github.com/GNOME/gtk/commit/79c3ff3c4ed74bbcc820dac2d5180fa4d48d55ec -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages wordwarvi depends on: ii libasound2 1.0.28-1 ii libc62.19-11 ii libglib2.0-0 2.42.0-1 ii libgtk2.0-0 2.24.24-1 ii libogg0 1.3.2-1 ii libportaudio219+svn20140130-1 ii libvorbis0a 1.3.2-1.4 ii libvorbisfile3 1.3.2-1.4 ii wordwarvi-sound 1.00+dfsg1-3 wordwarvi recommends no packages. wordwarvi suggests no packages. -- no debconf information Regards, Nobuhiro --- wordwarvi-1.00+dfsg1.orig/wordwarvi.c +++ wordwarvi-1.00+dfsg1/wordwarvi.c @@ -14068,6 +14068,7 @@ int main(int argc, char *argv[]) g_thread_init(NULL); gdk_threads_init(); +gdk_threads_enter(); gettimeofday(start_time, NULL); @@ -14075,6 +14076,7 @@ int main(int argc, char *argv[]) * and waits for an event to occur (like a key press or * mouse event). */ gtk_main (); +gdk_threads_leave(); wwviaudio_stop_portaudio(); free_debris_forms();
Bug#763899: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.565.2-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, some vulnerabilities are rated critical severity. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake) SECURITY-110/CVE-2014-3662 (User name discovery) SECURITY-127128/CVE-2014-3663 (privilege escalation in job configuration permission) SECURITY-131/CVE-2014-3664 (directory traversal attack) SECURITY-138/CVE-2014-3680 (Password exposure in DOM) SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core) SECURITY-150/CVE-2014-3666 (remote code execution from CLI) SECURITY-155/CVE-2014-3667 (exposure of plugin code) SECURITY-159/CVE-2013-2186 (arbitrary file system write) SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard) (SECURITY-113 is not about Jenkins core.) Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759766: libnkf-perl: cannot load module on i386 arch
Package: libnkf-perl Version: 2.13-3+b1 Severity: grave Dear Maintainer, NKF module for perl doesn't work on i386 arch: % perl -e 'use NKF' Can't use an undefined value as a subroutine reference at /usr/lib/i386-linux-gnu/perl/5.20/DynaLoader.pm line 210. END failed--call queue aborted at /usr/lib/i386-linux-gnu/perl5/5.20/NKF.pm line 210. Compilation failed in require at -e line 1. BEGIN failed--compilation aborted at -e line 1. It works on amd64 arch. Regards, Nobuhiro Versions of packages libnkf-perl depends on: ii libc6 2.19-10 ii perl5.20.0-4 ii perl-base [perlapi-5.20.0] 5.20.0-4 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745897: closed by Hideki Yamane henr...@debian.org (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Hi all, 2014-06-16 20:27 GMT+09:00 Emmanuel Bourg ebo...@apache.org: I got confirmation from the Struts developers that a new release using commons-beanutils 1.9.2 is planned soon. So I'm going to prepare the backport of commons-beanutils 1.9.2 in stable and wait for the new release of Struts 1.x. Security fix was committed over 1 month ago [1], but not released (from upstream) yet. So, I made a Debian fix using [1]. [1] http://svn.apache.org/r1603883 Regards, Nobuhiro 745897.tar.gz Description: GNU Zip compressed data
Bug#745897: fixed in libstruts1.2-java 1.2.9-9
2014-06-15 15:35 GMT+09:00 Hideki Yamane henr...@debian.or.jp: This pattern will match to words other than class, eg. fooClass. Any class should be accepted, maybe it'd cause some trouble but non-class should not named as *class, IMHO. That might be the case. This issue might be a very small problem. Actually, Red Hat users do not seem to be troubled. But I think users should be informed of it (in DSA, README.Debian or somewhere). Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745897: closed by Hideki Yamane henr...@debian.org (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Hi,
- add struts-1.2.9-CVE-2014-0114.patch from Red Hat to fix CVE-2014-0114
http://sources.debian.net/src/libstruts1.2-java/1.2.9-9/debian/patches/struts-1.2.9-CVE-2014-0114.patch
+protected static final Pattern CLASS_ACCESS_PATTERN = Pattern
+.compile((.*\\.|^|.*|\\[('|\))class(\\.|('|\)]|\\[).*,
+Pattern.CASE_INSENSITIVE);
It's very strange regexp. Because we know (P1|.*|P2) == .* .
This pattern will match to words other than class, eg. fooClass.
I think this patch will cause a regression.
Regards,
Nobuhiro
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745897: closed by Hideki Yamane henr...@debian.org (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Hi, Thanks for your comment, do you have any fix for it? Security vendors (LAC Co.Ltd and Mitsui Bussan Secure Directions, Inc.) suggest /(^|\W)[cC]lass\W/, so I'm personally using naive implementation of this pattern: Pattern.compile(.*(^|\\W)[cC]lass\\W.*) . But I'm not IT-security proofessional, so I can't say that this works perfect, sorry. Regards, Nobuhiro 2014-06-01 15:40 GMT+09:00 Hideki Yamane henr...@debian.or.jp: Hi, On Sun, 1 Jun 2014 15:03:20 +0900 Nobuhiro Ban ban.nobuh...@gmail.com wrote: It's very strange regexp. Because we know (P1|.*|P2) == .* . This pattern will match to words other than class, eg. fooClass. I think this patch will cause a regression. Thanks for your comment, do you have any fix for it? -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745897: libstruts1.2-java: CVE-2014-0094 affects Struts 1.x
Package: libstruts1.2-java Version: 1.2.9-8 Severity: grave Tags: security Dear Maintainer, In https://security-tracker.debian.org/tracker/CVE-2014-0094 : Notes - libstruts1.2-java not-affected (Affects Struts 2.0.0 - Struts 2.3.16) But CVE-2014-0094 is known to affect Struts 1.x. Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739067: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.509.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, some vulnerabilities are rated high severity. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 SECURITY-105 affected by CVE-2013-7285 reported against XStream SECURITY-76 SECURITY-88 / CVE-2013-5573 SECURITY-109 SECURITY-108 SECURITY-106 SECURITY-93 SECURITY-89 SECURITY-80 SECURITY-79 SECURITY-77 SECURITY-75 SECURITY-74 SECURITY-73 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#706725: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.447.2+dfsg-3, 1.480.3+dfsg-1~exp2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, one vulnerability is rated critical severity, two are high and one is medium. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 SECURITY-63 / CVE-2013-2034 SECURITY-67 / CVE-2013-2033 SECURITY-69 / CVE-2013-2034 SECURITY-71 / CVE-2013-1808 Regards, Nobuhiro
Bug#700761: jenkins: multiple security vulnerabilities
Package: jenkins Version: 1.447.2+dfsg-3 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory. In this advisory, three vulnerabilities are rated high severity, one is medium and one is low. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697617: jenkins: remote code execution vulnerability
Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated critical severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696816: jenkins: Security issues were found in Jenkins core
clone 696816 -1 reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1 thanks Dear Maintainer, I found upstream SECURITY-44 (aka CVE-2012-6072) was from Winstone, and it might be fixed in 0.9.10-jenkins-40. https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d [FIXED SECURITY-44] Picked up a new version of Winstone https://github.com/jenkinsci/winstone/commit/62e890b9589a844553d837d91b5f68eb3dba334e [FIXED SECURITY-44] Do not allow the webapp to split HTTP header values into multiple lines. Since there's no obvious escaping semantics here, we just drop those characters, which is what Jetty does. Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696816: jenkins: Security issues were found in Jenkins core
Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated high severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
