Bug#776303: CVE-2014-9601
Source: pillow Severity: important Tags: security This was fixed upstream in 2.7.0 and was assigned CVE-2014-9601: http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits Isolated fix is here: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#504804: info
This was closed because of https://bugs.debian.org/504804#13 It is about the inconsistence between --file=some_file and --file some_file THE EQUAL = sign. This is a different bug than =~ case. -- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776034: fsck runs in parallel on same physical disk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/26/2015 7:34 AM, Daniel Pocock wrote: The performance impact is not trivial. I have 28 LVs on my main /dev/md and 47 on an external disk that is used to replicate other filesystems. Both of these disks make a horrible thrashing sound while fsck runs. Why on earth are you fscking all of those volumes at once? Use a journaling filesystem ( ext4? xfs? ) and you shouldn't really ever need to fsck at all. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJUxkZJAAoJENRVrw2cjl5RPywH/RvUti6Xn8EUi8CBVBe8G1xU ViahLvk3Q+vMZxNHASg7pbjXMBzosBks28+kd5lqZ/LGm9vNBXTmmEctUwwG/RHZ yT9kiOg8A/czkW9N4enEZ7Qtb/bq8fH9Cc4uqEDvKxJFZN8hr0I9W9KE/hfYGv28 B3o9qEbyrzv6VsC9UjeA2b+/1taQFUp3KKcM0s/maXJef9JufzTilVkT8lb1cUMd /4/oWB4HUywG/ArMP8eCogy/0jsJSLWIPs0bAvmUVBo2YnfOFuBn67cuF7Z3a6ZG OtaKbIExqlyDrT4/Jo+nfsXYpt9h48AKtjESUuqX4C7xB2hMob8q5yOPx65/IKY= =+qtc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776296: Make it explicit that a space is not valid in -SField
Hi! On Mon, 2015-01-26 at 11:42:33 +, Chris Lamb wrote: Package: dpkg-dev Version: 1.17.23 Severity: wishlist Tags: patch Please clarify in the docs that a space is not valid in calls to -SField. For example, this is valid: $ dpkg-parsechangelog --show-field Field .. but this isn't: $ dpkg-parsechangelog -S Field It works for me: $ dpkg-parsechangelog -S Source dpkg Whilst this is perfectly fine and consistent with -l, -F, -L the manpage and --help output kinda imply that the space is fine. This led to some confusion as I thought my version of dpkg-dev was too old for this newish switch, etc. etc. This was supposedly fixed in dpkg 1.17.21 with: ,--- * Accept «-S value» in addition to «-Svalue» in dpkg-parsechangelog. Closes: #766559 `--- maybe you tested it with an earlier version than that? Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776079: tkrplot: FTBFS in unstable - fatal error: tk.h: No such file or directory
On 23 January 2015 at 17:17, James Cowgill wrote: | Source: tkrplot | Version: 0.0.23-2 | Severity: serious | Tags: sid | | Hi, | | tkrplot seems to FTBFS in unstable (but not in jessie) with the error: | gcc -std=gnu99 -I/usr/share/R/include -DNDEBUG -I/usr/include/tcl8.6 -I/usr/include/tcl8.6 -fpic -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -g -c tcltkimg.c -o tcltkimg.o | tcltkimg.c:2:16: fatal error: tk.h: No such file or directory | #include tk.h | ^ | compilation terminated. | /usr/lib/R/etc/Makeconf:133: recipe for target 'tcltkimg.o' failed | | I think this is because R is compiled against tk8.6 in unstable (where | the list of include directories are obtained from), but tkrplot only | build depends on the tk development headers for tk8.5. Agreed, and good catch by the rebuild . Simple fix coming right up. Thanks, Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774748: #774748: ruby-redcloth: CVE-2012-6684
On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote: AFAICT there is no publicly available patch, and upstream is more or less dead. Redmine's patched redcloth3 looks very different from the current redcloth 4.x sources, so I have my doubts if forward porting this is feasible. Suggestions welcome. Then we should remove it from jessie. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776306: mpdscribble: Fails to start because of error in pidfile creation
Package: mpdscribble Version: 0.22-5 Severity: grave Justification: renders package unusable With default configuration the service tries to create its pidfile in folder '/var/run/mpdscribble', but such a folder is not created by installation script, nor it persists to system reboot. This cause the system-wide service to fail to start with the following error. mpdscribble[359]: Failed to create pidfile /var/run/mpdscribble/mpdscribble.pid: No such file or directory mpdscribble.service: main process exited, code=killed, status=5/TRAP systemd[1]: Unit mpdscribble.service entered failed state. Obvious (and tested) workarounds include: 1. After each reboot, create the folder '/var/run/mpdscribble' owned by mpdscribble:mpdscribble with permissions ug+rwX (~default). 2. Disable pidfile creation, by commenting the corresponding line in /etc/mpdscribble.conf . -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (800, 'unstable'), (700, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mpdscribble depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.55 ii init-system-helpers1.22 ii libc6 2.19-13 ii libglib2.0-0 2.42.1-1 ii libmpdclient2 2.9-1 ii libsoup2.4-1 2.48.0-1 ii lsb-base 4.1+Debian13+nmu1 ii ucf3.0030 mpdscribble recommends no packages. Versions of packages mpdscribble suggests: pn mpd none -- debconf information: signature.asc Description: This is a digitally signed message part.
Bug#776281: Aw: Re: Bug#776281: webkit2gtk FTBFS on hppa architecture (patch attached)
The attached trivial patch fixes this. Thanks, we can include it in the next upload. Thanks! Does the browser run fine with this patch? epiphany runs partly OK. Simple webpages show up correctly. Complex webpages seem to generate problems. In both cases the webbrowser sometimes shows a screen like the one attached (screenshot attached).
Bug#775866: vlc: multiple vulnerabilities
On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote: * The potential invalid writes in modules/services_discovery/sap.c and modules/access/ftp.c were not fixed as I did not provide a trigger. Note, that the code looks very similar to the confirmed bug in rtp_packetize_xiph_config, and so I leave it to you to decide whether you want to patch this. These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact upstream for the status of an upstream fix? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774854: race condition between fur and fex_cleanup
Hi Moritz, On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote: On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote: Package: fex Version: 20140917-1 Severity: serious Tags: security patch upstream pending confirmed jessie As upstream has released a new version of the fex package which closes a security issue and there is no CVE assigned, we'll use this bug to track the issue. Hi, what is the plan for unstable? You can either ask for an unblock with the release team (if the diff between testing an sid is small) or fix these in a targeted upload for testing-proposed-updates. Unstable already has a fixed version. Just jessie still hasn't as of now. The backports should also be updated once the new version is in jessie. I'm currently waiting a bit before asking for an unblock to make sure the package is really fit enough to go in and nobody is complaining. As the update has been reviewed quite a bit before this release, it probably is ready to go in as is. I'd rather not split the fix out and do only a partial patch for testing as per upstream's recommendation. Cheers, Kilian signature.asc Description: Digital signature
Bug#776276: unblock: open-iscsi/2.0.873+git0.3b4b4500-4
Am 26.01.2015 um 08:43 schrieb Ritesh Raj Sarraf: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package open-iscsi open-iscsi currently using SysV init scripts for operation. The current init scripts, when run under an active systemd box, leads to a delay of 90 seconds. Please see the listed bug for more details. With this patch applied, there is no delay. Please give me an ACK, and then I'll go do the upload. unblock open-iscsi/2.0.873+git0.3b4b4500-4 That patch doesn't look right. Calling systemctl from an init script is a big no-go. Second, shipping a generated unit file which does run /etc/init.d/foo is a hack at best. I'd be really unhappy, if this was accepted. A few questions: - If open-iscsi is supposed to provide remote file systems, how can it have # Required-Start: $remote_fs That's a classic circular dep and most likely the reason for the issue - Why is umountiscsi.sh in a separate init script, when the open-iscsi init script calls it via invoke-rc.d on stop? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#776281: Re: Bug#776281: webkit2gtk FTBFS on hppa architecture (patch attached)
On Mon, Jan 26, 2015 at 03:40:57PM +0100, Helge Deller wrote: Complex webpages seem to generate problems. In both cases the webbrowser sometimes shows a screen like the one attached (screenshot attached). Ok, interesting... this is unrelated to this bug, though, but if you want to file a separate bug for this go ahead, but please include as many details as you can. It would be nice to see if it also happens with other architectures. Thanks! Berto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#766938: systemd: network-pre.target doesn't seem to be guaranteed to run before the network is up
Control: tag -1 pending Hey Christoph, Christoph Anton Mitterer [2014-10-27 3:09 +0100]: Maybe I just miss something, but AFAIU, network-pre.target is not guaranteed to run before any networking is brougt up (which is the whole point of network-pre.target). network.target has an After= on network-pre.target, but network.target itself isn't what brings the network up, right? Correct, it's just the goal, which causes everything that actually brings up the network to start before it. Instead ifup@.service does that which has a Before= on network.target. That's part of it, but also /etc/init.d/networking, i. e. the autogenerated networking.service. I committed a fix for this: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=experimentalid=c90467c1b2909 This is fairly harmless on a standard installation as nothing hooks into this target, but fairly important on systems which do rely on it, so I'll also apply this to the master branch for Jessie. Thanks, Martin -- Martin Pitt| http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776034: fsck runs in parallel on same physical disk
On Mon, Jan 26, 2015 at 10:36:02AM +0100, Daniel Pocock wrote: On 26/01/15 10:32, Karel Zak wrote: On Mon, Jan 26, 2015 at 02:24:04AM +0100, Michael Biebl wrote: -l Create an exclusive flock(2) lock file (/run/fsck/diskname.lock) for whole-disk device. This option can be used with one device only (this means that -A and -l are mutually exclusive). This option is recommended when more fsck(8) instances are exe- cuted in the same time. The option is ignored when used for multiple devices or for non-rotating disks. fsck does not lock underlying devices when executed to check stacked devices (e.g. MD or DM) - this feature is not implemented yet. Karel, is there an upstream bug report for this issue? What's the state of this feature, is it actively being worked on? No, nobody is workning on -l for stacked devices. Karel Is there any other workaround, or should people consider moving to BtrFs instead of using LVM on md? fsck has never been able to determine all the stack, so this is no change (change between fsck -l from systemd and fsck -A from init scripts). All the problem is possible negative impact to performance if you want to intensively use two partitions on the same hdd, that's all. The question is if this is really issue in all cases for all HW. Frankly, I'm pretty unhappy that we care about such things in userspace -- it's kernel job to schedule things and keep system performance usable, all we can do in userspace is to inform kernel about the way how we plan to use the devices (e.g. fadvise()). The stack of the block devices maybe pretty complicated and only DM/MD kernel drivers have a clue where are things really stored. The another story is that sometimes nothing include kernel has a clue about HW, because storage maybe completely independent invisible blackbox (SAN, etc.). My recommendation is to ignore this issue, or if you really see any performance problem than disable fsck by systemd and use by hands written script to call fsck. Karel -- Karel Zak k...@redhat.com http://karelzak.blogspot.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#726119: also affected by this bug
sshoptions don't make it into the duplicity config Viele Grüße / Kind Regards / Cordiali Saluti / Met vriendelijke groet Ralph J.Mayer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776281: webkit2gtk FTBFS on hppa architecture (patch attached)
Control: tags -1 pending The attached trivial patch fixes this. Thanks, we can include it in the next upload. Does the browser run fine with this patch? By the way, it seems ALPHA needs a similiar patch: It would be nice if someone could try it first. Berto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775715: [Pkg-javascript-devel] Bug#775715: libv8-3.14: limiting security support
Hi Michael, Control: tags -1 pending 2015-01-19 7:17 GMT+01:00 Michael Gilbert mgilb...@debian.org: package: libv8-3.14 version: 3.14.5.8-8 severity: grave tags: security Hi, the security team has decided that this package will not receive security support for jessie. This has already been documented in the debian-security-support package for about two months: libv8-3.14 Not covered by security support, only suitable for trusted content Please include a README.Debian.security file describing the security support status and problems for the package. See [0] for an example. Since this will be clearly documented in multiple places, it will no longer be necessary to treat unfixed security bugs as release critical. Best wishes, Mike [0] https://bugs.debian.org/702775 I have added the changes in git [1] and I plan uploading the fix this week. I will check the outstanding security issues for easily fixable ones and include the fixes in the same upload. Cheers, Balint [1] https://anonscm.debian.org/cgit/collab-maint/libv8.git/commit/?h=jessieid=8c56a4f1695dc6787a6861735defdb2ee8ec7253 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775662: oss4: Insufficient validation of USB device descriptors
On Sun, Jan 18, 2015 at 10:24:30AM +, Ben Hutchings wrote: Source: oss4 Version: 4.2-build2006-2 Severity: critical Tags: security In kernel/drv/oss_usb/oss_usb.c: OSS maintainers, did you forward this upstream? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776300: Add 'go back' button to review choices
Package: reportbug Version: 6.4.4+deb7u1 Severity: normal reportbug-gtk shows a 'Quit' and a 'Continue' button for each of it's dumb assistents step. But there's no ' go back' or 'review' button, so every and every wrong click means to close that dumb assistent and start over from the very beginning. Enter the same subject again and again, nmake the same choices again and again - but stop, not this choi... NOT THIS CHOICE! Goddamed, again! Much more than annoying! -- Package-specific info: ** Environment settings: INTERFACE=gtk2 ** /root/.reportbugrc: reportbug_version 6.4.4 mode advanced ui gtk2 realname herrmann email herrm...@glatz.de no-check-uid -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (700, 'stable'), (500, 'oldstable-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Versions of packages reportbug depends on: ii apt 0.9.7.9+deb7u7 ii python2.7.3-4+deb7u1 ii python-reportbug 6.4.4+deb7u1 reportbug recommends no packages. Versions of packages reportbug suggests: ii claws-mail 3.8.1-2 pn debconf-utilsnone pn debsums none pn dlocate none pn emacs22-bin-common | emacs23-bin-common none ii file 5.11-2+deb7u7 ii gnupg1.4.12-7+deb7u6 ii lsb-invalid-mta [mail-transport-agent] 4.1+Debian8+deb7u1 ii python-gtk2 2.24.0-3+b1 pn python-gtkspell none ii python-urwid 1.0.1-2 ii python-vte 1:0.28.2-5 ii xdg-utils1.1.0~rc1+git20111210-6+deb7u2 Versions of packages python-reportbug depends on: ii apt 0.9.7.9+deb7u7 ii python2.7.3-4+deb7u1 ii python-debian 0.1.21 ii python-debianbts 1.11 ii python-support1.0.15 python-reportbug suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776285: [SoB] Bug#776285: RFS: nfft/3.3.0~alpha4 -- non-uniform Fourier transform [upload to experimental]
Hi Ghislain, On Mon, Jan 26, 2015 at 11:57:33AM +, Ghislain Vaillant wrote: Hi everyone, I have updated the packaging for NFFT to version 3.3.0 and filed this RFS [1]. I am now looking for a sponsor via SoB and filed a new task [2]. The package is lintian clean and builds happily on Debian unstable and Ubuntu from 12.04 to 14.10 [3]. One can build the corresponding binary packages from the git repository [4] with: gbp buildpackage --git-upstream-branch=upstream --git-debian-branch=debian-experimental Uploaded. Thanks for your work on this package Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774854: race condition between fur and fex_cleanup
On Mon, Jan 26, 2015 at 01:41:54PM +0100, Kilian Krause wrote: Hi Moritz, On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote: On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote: Package: fex Version: 20140917-1 Severity: serious Tags: security patch upstream pending confirmed jessie As upstream has released a new version of the fex package which closes a security issue and there is no CVE assigned, we'll use this bug to track the issue. Hi, what is the plan for unstable? You can either ask for an unblock with the release team (if the diff between testing an sid is small) or fix these in a targeted upload for testing-proposed-updates. Unstable already has a fixed version. Just jessie still hasn't as of now. The backports should also be updated once the new version is in jessie. I'm currently waiting a bit before asking for an unblock to make sure the package is really fit enough to go in and nobody is complaining. As the update has been reviewed quite a bit before this release, it probably is ready to go in as is. Ok, sounds good to me. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#504804: Processed: notfound 504804 in 2.12-2
Control: reopen -1 Control: tags -1 + confirmed Hi, Unfortunately, this is still present in 2.20-4: % echo a ~/tmp-pattern % echo hola | grep --file=/home/santiago/tmp-pattern hola % echo hola | LANG=C grep --file=~/tmp-pattern grep: ~/tmp-pattern: No such file or directory Cheers, Santiago -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776277: Typo
Sorry, I ment VisualSVN instead of WinSVN.
Bug#771523: systemd-journal-upload
Am 26.01.2015 um 10:05 schrieb Paul Elliott: 771...@bugs.debian.org systemd-journal-upload is also needed. I have a low memory computer, and need to ship journals to another computer. This is not something you should ignore, journal can be useless without it. The journal forwards all message to rsyslog (or syslog-ng) by default. If you need remote logs, it's trivial to setup via rsyslog. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#776251: ack-grep fails to install due to diversion problem
On Mon, 26 Jan 2015 01:01:03 +0100, Axel Beckert wrote: $ dpkg-divert --list *ack* local diversion of /usr/bin/ack-grep to /usr/bin/ack ^ ... which backs my assumption that a _local_ diversion (i.e. none made by a package) is the cause. That's my interpretation as well. I tend to close this issue as invalid/wontfix since the cause is a local (common(*) but so far unsupported) modification of the package. IMHO it has nothing to do with the package itself. But I'd like to hear comments from others from others (especially the Debian Perl Team and the Release Team) first, too. I agree with the wontfix+close. If they agree, I can imagine to add a diversion detection and then removal to ack-grep's preinst script despite the package never used a diversion. But I'm a) unsure if it's ok for a package to remove a _local_ diversion, and Hm; rather not. Maybe a warning might be ok. b) if it's a good idea to introduce such a change that late in the freeze. Probably not. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: J.J. Cale: River Runs Deep signature.asc Description: Digital Signature
Bug#776285: Did you commited nfft/3.3.0~alpha4 to Git (and if yes, what branch)?
Hi, I failed to find the packaging stuff in Git and I only regard the Git status for sponsering. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776002: Other problems
On Sun, 25 Jan 2015 14:34:52 + Ben Hutchings b...@decadent.org.uk wrote: What if you set it to linux-image/wheezy-backports initramfs-tools/wheezy-backports? Thank you, that helped! But...I have other problem - ifupdown package is removed during install, and so I have system without network... Here's my pkgsel line: d-i pkgsel/include string nvidia-kernel-3.16.0-0.bpo.4-amd64/wheezy-backports initramfs-tools/wheezy-backports vim mc netcat nmap ethtool tcpdump htop iotop iftop iptraf sysstat hdparm hddtemp lsscsi tmux tiobench rsync gpm apt-file build-essential dkms ntp smartmontools lm-sensors firmware-realtek firmware-linux firmware-linux-nonfree p7zip-full strace gdb parted lvm2 xfsprogs cifs-utils duply During install, inside syslog: Jan 26 12:04:47 in-target: The following packages will be REMOVED: Jan 26 12:04:47 in-target: ifupdown iproute isc-dhcp-client I have attached whole syslog from that installation. I guess something more was installed from backports, removing ifupdown? This does not occur if I do not use backports repository, which I enable like this: d-i apt-setup/local0/repository string \ http://ftp.litnet.lt/debian wheezy-backports main contrib non-free d-i apt-setup/local0/comment string Debian backports syslog.gz Description: GNU Zip compressed data
Bug#776210: r-cran-digest: First line missing in package description
Hi Beatrice, On 25 January 2015 at 15:27, Beatrice Torracca wrote: | Package: r-cran-digest | Severity: minor | | Hi! | | with the recent change of the package description [1], the first line | got lost. The description currently (0.6.7-1) starts with | | «of hash digests of arbitrary R objects (using the md5, sha-1, sha-256, | crc32, xxhash and murmurhash [...]» | | The first line («This package implements a function 'digest()' for the | creation») is currently missing. Thanks, fixed. I also noticed that somehow 0.6.8 never made it. Both issues are addressed in an upload I just made. Thanks, Dirk | | Thanks, | | beatrice | | [1] http://ddtp.debian.net/ddt.cgi?diff1=227847diff2=227902 -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775892: unblock (pre-approval): python-django/1.7.3-1
On Fri, Jan 23, 2015 at 02:26:06PM +0100, Raphael Hertzog wrote: On Wed, 21 Jan 2015, Raphael Hertzog wrote: Some notes: - the final upload will include the bug closure of #775375 - there's a small tweak of a Suggests dependency, it was not intended for jessie but I don't see how it can hurt and did not bother to revert it I have uploaded 1.7.3-1~exp1 to experimental which is basically what I'd like to upload to unstable. It contains one more patch compared to the debdiff I sent to fix a build failure with Python 3.4 (https://github.com/django/django/commit/b1bf8d64fbadcab860eb98662c49b8db33db0c3c). Cheers, PS: I know that Neil Williams uploaded an NMU to fix the security issues but I still want to include 1.7.3. It would still be good to unblock the NMU first to get the security fixes into jessie. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776304: dpkg: allows child processes to inherit file handles for triggers
Package: dpkg Version: 1.17.23 Severity: normal Below are some AVC messages from a fairly routine dpkg upgrade. As you can see the programs setfiles, load_policy, and restorecon which are run from postinst scripts are inheriting a file handle for /var/lib/dpkg/triggers/Unincorp . type=AVC msg=audit(1422274481.981:202): avc: denied { read } for pid=12679 comm=setfiles path=/var/lib/dpkg/triggers/Unincorp dev=xvda ino=199493 scontext=bofh:sysadm_r:setfiles_t:s0-s0:c0.c1023 tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=1 type=AVC msg=audit(1422274483.261:203): avc: denied { read } for pid=12685 comm=load_policy path=/var/lib/dpkg/triggers/Unincorp dev=xvda ino=199493 scontext=bofh:sysadm_r:load_policy_t:s0-s0:c0.c1023 tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=1 type=AVC msg=audit(1422279601.565:427): avc: denied { read } for pid=22513 comm=restorecon path=/var/lib/dpkg/triggers/Unincorp dev=xvda ino=208505 scontext=bofh:sysadm_r:setfiles_t:s0-s0:c0.c1023 tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=0 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages dpkg depends on: ii libbz2-1.0 1.0.6-7+b2 ii libc62.19-13 ii liblzma5 5.1.1alpha+20120614-2 ii libselinux1 2.3-2 ii tar 1.27.1-2 ii zlib1g 1:1.2.8.dfsg-2+b1 dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 1.0.5 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776302: psensor-server
Package: psensor-server Version: 0.6.2.17-2+b1 Severity: important psensor-server don't collect or deliver any data. While psensor in standalone mode works flawless, psensor-server seems to do nothing on the very same machine. After starting psensor-server in debug mode, I try to connct to it from the same host via shell: psensor -u http://localhost:3132 Result: The shell displays an error message [timestamp] [ERR] Invalid content: http://localhost:3132/api/1.0/sensors;, an empty psensor windows opens and an additional entrance shows up in ~/.psensor/log, identically to the shell's message. No signs from the servers debug mode, that anything happens. Trying to connect via webbrowser http://localhost:3132: Psensor main page opens, click on 'Monitoring page', a page display with several rows 'CPU, Memory, Network, Sensors', but without any usable information. The servers debug mode shows HTTP Request: / HTTP Request: /style.css HTTP Request: /favicon.ico HTTP Request: /favicon.ico HTTP Request: /monitor.html HTTP Request: /style.css HTTP Request: /jquery.js HTTP Request: /psensor.js HTTP Request: /api/1.0/sensors HTTP Request: /api/1.0/sysinfo HTTP Request: /api/1.0/sensors HTTP Request: /api/1.0/sysinfo HTTP Request: /api/1.0/sensors HTTP Request: /api/1.0/sysinfo HTTP Request: /api/1.0/sensors HTTP Request: /api/1.0/sysinfo Installed the server on different machines, amd64 and i686-pae architecture, same result everytime -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (700, 'stable'), (500, 'oldstable-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Versions of packages psensor-server depends on: ii libc62.13-38+deb7u6 ii libgtop2-7 2.28.4-3 ii libjs-jquery 1.7.2+dfsg-1 ii libjson0 0.10-1.2 ii libmicrohttpd10 0.9.20-1+deb7u1 ii libsensors4 1:3.3.2-2+deb7u1 ii psensor-common 0.6.2.17-2 Versions of packages psensor-server recommends: ii hddtemp 0.3-beta15-52 psensor-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774748: #774748: ruby-redcloth: CVE-2012-6684
* Moritz Mühlenhoff j...@inutil.org [150126 13:45]: On Fri, Jan 09, 2015 at 10:57:13PM +0100, Christian Hofstaedtler wrote: AFAICT there is no publicly available patch, and upstream is more or less dead. Redmine's patched redcloth3 looks very different from the current redcloth 4.x sources, so I have my doubts if forward porting this is feasible. Suggestions welcome. Then we should remove it from jessie. Looking at the rdeps, this would affect quite some packages, as redcloth is a dependency of one of the documentation tools. Not sure if it can be ripped out so easily. Best, Christian -- ,''`. Christian Hofstaedtler z...@debian.org : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `- pgpw9aiJFhUxC.pgp Description: PGP signature
Bug#776151: Installation bug in Expert mode
Andreas Weber ae...@worldwideweber.ch (2015-01-26): On 2015-01-26 00:27, Cyril Brulebois wrote: Just to make sure, can you please give us the full URL to the installation medium you're using. This would be handy to try and reproduce your issue (with either Beta 2 or RC 1). I went to https://www.debian.org/devel/debian-installer/ and used the first link to the amd64 netinstall image which is http://cdimage.debian.org/cdimage/jessie_di_rc1/amd64/iso-cd/debian-jessie-DI-rc1-amd64-netinst.iso at the moment. However I think that on 2015-01-24 when I did that, the amd64 link pointed to the beta2 version and not to the rc1 version and that's why I reported the bug that way. Did the version change this weekend? Yes, it changed 12(-ish) hours ago: https://lists.debian.org/debian-devel-announce/2015/01/msg5.html Mraw, KiBi. signature.asc Description: Digital signature
Bug#776218: installation-reports: Reportbug needs python-vte, which is not installed in the default installation
Josselin Mouette j...@debian.org (2015-01-26): Cyril Brulebois k...@debian.org wrote: (major) The missing packages should be installed from the beginning. These are python-vte and python-gtkspell (which reportbug also wants). Might be a good idea for some gnome packages to pull those packages? I’m not sure it’s the right way to do that. These packages are not maintained upstream and we want to get rid of them, not to add new dependencies. GNOME in jessie is fully built on GTK3, except for iceweasel and a couple of other default applications. And most Python dependencies have been switched to Python 3 as well (except for some Debian-specific scripts). I can understand the feeling but what do we do for reportbug then? It's obviously too late to get it ported to gtk3, so shrug and let people struggle with its text mode? Mraw, KiBi. signature.asc Description: Digital signature
Bug#776305: libdrm-intel1: steam games won't start with optirun
Package: libdrm-intel1 Severity: normal Dear Maintainer, steam games won't start with optirun, they run with previous version. Game crash with(TM2 for example) : malloc: unknown:0: assertion botched free: called with unallocated block argument last command: (null) Aborting...Aborted Game removed: AppID 440 Team Fortress 2, ProcID 17879 Installing breakpad exception handler for appid(steam)/version(142205411 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776299: twitter-bootstrap: please make the build reproducible
Source: twitter-bootstrap Version: 2.0.2+dfsg-5 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Hi, While working on the reproducible builds effort [1], we have noticed that twitter-bootstrap could not be built reproducibly. The attached patch removes timestamps from the build system. Once applied, twitter-bootstrap can be built reproducibly in our current experimental framework. An alternative solution might be to simply remove the bootstrap.zip from the final .deb - it does not (or should not!) be used from inside the -doc package anyway. [1]: https://wiki.debian.org/ReproducibleBuilds Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diff --git a/debian/patches/03-reproducible-build.diff b/debian/patches/03-reproducible-build.diff new file mode 100644 index 000..a9cc532 --- /dev/null +++ b/debian/patches/03-reproducible-build.diff @@ -0,0 +1,11 @@ +--- a/Makefile.orig2015-01-26 12:21:27.356099504 + b/Makefile 2015-01-26 12:21:38.724604940 + +@@ -11,6 +11,8 @@ + + docs: bootstrap + rm -f docs/assets/bootstrap.zip ++ find bootstrap -depth -newermt '$(BUILD_DATE)' -print0 | \ ++ xargs -0r touch --no-dereference --date='$(BUILD_DATE)' + zip -r docs/assets/bootstrap.zip bootstrap + lessc ${BOOTSTRAP_LESS} ${BOOTSTRAP} + lessc ${BOOTSTRAP_RESPONSIVE_LESS} ${BOOTSTRAP_RESPONSIVE} diff --git a/debian/patches/series b/debian/patches/series index d94f92b..6ef2c0e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ use-nodejs-command.patch build-with-node-1.4.2.patch drop-nc-from-uglifyjs.patch +03-reproducible-build.diff
Bug#776034: fsck runs in parallel on same physical disk
On 26/01/15 13:21, Karel Zak wrote: On Mon, Jan 26, 2015 at 10:36:02AM +0100, Daniel Pocock wrote: On 26/01/15 10:32, Karel Zak wrote: On Mon, Jan 26, 2015 at 02:24:04AM +0100, Michael Biebl wrote: -l Create an exclusive flock(2) lock file (/run/fsck/diskname.lock) for whole-disk device. This option can be used with one device only (this means that -A and -l are mutually exclusive). This option is recommended when more fsck(8) instances are exe- cuted in the same time. The option is ignored when used for multiple devices or for non-rotating disks. fsck does not lock underlying devices when executed to check stacked devices (e.g. MD or DM) - this feature is not implemented yet. Karel, is there an upstream bug report for this issue? What's the state of this feature, is it actively being worked on? No, nobody is workning on -l for stacked devices. Karel Is there any other workaround, or should people consider moving to BtrFs instead of using LVM on md? fsck has never been able to determine all the stack, so this is no change (change between fsck -l from systemd and fsck -A from init scripts). All the problem is possible negative impact to performance if you want to intensively use two partitions on the same hdd, that's all. The question is if this is really issue in all cases for all HW. Frankly, I'm pretty unhappy that we care about such things in userspace -- it's kernel job to schedule things and keep system performance usable, all we can do in userspace is to inform kernel about the way how we plan to use the devices (e.g. fadvise()). The stack of the block devices maybe pretty complicated and only DM/MD kernel drivers have a clue where are things really stored. The another story is that sometimes nothing include kernel has a clue about HW, because storage maybe completely independent invisible blackbox (SAN, etc.). My recommendation is to ignore this issue, or if you really see any performance problem than disable fsck by systemd and use by hands written script to call fsck. I agree it is not a trivial thing to fix due to all the possible permutations of storage infrastructure, that is why I was asking if there is any workaround The performance impact is not trivial. I have 28 LVs on my main /dev/md and 47 on an external disk that is used to replicate other filesystems. Both of these disks make a horrible thrashing sound while fsck runs. I'm really thinking about moving a lot of these to BtrFs subvolumes and that appears to be a valid solution. One partial solution that may be easy to implement in fsck would be to serialize by volume group. So if it is asked to scan /dev/mapper/vg00-root and /var/mapper/vg00-var at the same time then it can see they are both on vg00 and let one finish before the other starts. I realize that being on the same VG doesn't imply the same physical spindle, that is why I call this a partial solution, but this probably works for a lot of users on small systems who don't want to think about more elaborate solutions. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776064: pinfo mouse selection
Thanks for the tip, but I would consider this as secret knowledge ;) And man/info do also allow straight selection, so that clicking on links would be the less common case and pressing a modifier acceptable. Anyway as there will be a new upstream release soon, I've discarded the NMU. Bye -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776310: unblock: virtualbox/4.3.18-dfsg-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package virtualbox There were a bunch of CVEs that this upload has fixed. All details are present in bug #775888 unblock virtualbox/4.3.18-dfsg-2 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) diff -Nru virtualbox-4.3.18-dfsg/debian/changelog virtualbox-4.3.18-dfsg/debian/changelog --- virtualbox-4.3.18-dfsg/debian/changelog 2014-10-18 15:48:15.0 +0530 +++ virtualbox-4.3.18-dfsg/debian/changelog 2015-01-26 16:00:33.0 +0530 @@ -1,3 +1,13 @@ +virtualbox (4.3.18-dfsg-2) unstable; urgency=high + + [ Frank Mehnert ] + * d/rules: Disable experimental code by exporting +VBOX_WITH_VMSVGA= VBOX_WITH_VMSVGA3D= +this fixes CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, +CVE-2014-6588 and CVE-2015-0427. (Closes: #775888) + + -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Thu, 22 Jan 2015 10:51:40 +0100 + virtualbox (4.3.18-dfsg-1) unstable; urgency=medium [ Gianfranco Costamagna ] diff -Nru virtualbox-4.3.18-dfsg/debian/.pc/.quilt_patches virtualbox-4.3.18-dfsg/debian/.pc/.quilt_patches --- virtualbox-4.3.18-dfsg/debian/.pc/.quilt_patches 2013-09-13 22:32:32.0 +0530 +++ virtualbox-4.3.18-dfsg/debian/.pc/.quilt_patches 1970-01-01 05:30:00.0 +0530 @@ -1 +0,0 @@ -patches diff -Nru virtualbox-4.3.18-dfsg/debian/.pc/.quilt_series virtualbox-4.3.18-dfsg/debian/.pc/.quilt_series --- virtualbox-4.3.18-dfsg/debian/.pc/.quilt_series 2013-09-13 22:32:32.0 +0530 +++ virtualbox-4.3.18-dfsg/debian/.pc/.quilt_series 1970-01-01 05:30:00.0 +0530 @@ -1 +0,0 @@ -series diff -Nru virtualbox-4.3.18-dfsg/debian/.pc/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c virtualbox-4.3.18-dfsg/debian/.pc/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c --- virtualbox-4.3.18-dfsg/debian/.pc/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c 2013-09-13 22:28:48.0 +0530 +++ virtualbox-4.3.18-dfsg/debian/.pc/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c 1970-01-01 05:30:00.0 +0530 @@ -1,2119 +0,0 @@ -/* $Id: VBoxNetFlt-linux.c $ */ -/** @file - * VBoxNetFlt - Network Filter Driver (Host), Linux Specific Code. - */ - -/* - * Copyright (C) 2006-2013 Oracle Corporation - * - * This file is part of VirtualBox Open Source Edition (OSE), as - * available from http://www.virtualbox.org. This file is free software; - * you can redistribute it and/or modify it under the terms of the GNU - * General Public License (GPL) as published by the Free Software - * Foundation, in version 2 as it comes in the COPYING file of the - * VirtualBox OSE distribution. VirtualBox OSE is distributed in the - * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. - */ - -/*** -* Header Files * -***/ -#define LOG_GROUP LOG_GROUP_NET_FLT_DRV -#define VBOXNETFLT_LINUX_NO_XMIT_QUEUE -#include the-linux-kernel.h -#include version-generated.h -#include product-generated.h -#include linux/netdevice.h -#include linux/etherdevice.h -#include linux/rtnetlink.h -#include linux/miscdevice.h -#include linux/ip.h -#include linux/if_vlan.h - -#include VBox/log.h -#include VBox/err.h -#include VBox/intnetinline.h -#include VBox/vmm/pdmnetinline.h -#include VBox/param.h -#include iprt/alloca.h -#include iprt/assert.h -#include iprt/spinlock.h -#include iprt/semaphore.h -#include iprt/initterm.h -#include iprt/process.h -#include iprt/mem.h -#include iprt/net.h -#include iprt/log.h -#include iprt/mp.h -#include iprt/mem.h -#include iprt/time.h - -#define VBOXNETFLT_OS_SPECFIC 1 -#include ../VBoxNetFltInternal.h - - -/*** -* Defined Constants And Macros * -***/ -#define VBOX_FLT_NB_TO_INST(pNB)RT_FROM_MEMBER(pNB, VBOXNETFLTINS, u.s.Notifier) -#define VBOX_FLT_PT_TO_INST(pPT)RT_FROM_MEMBER(pPT, VBOXNETFLTINS, u.s.PacketType) -#ifndef VBOXNETFLT_LINUX_NO_XMIT_QUEUE -# define VBOX_FLT_XT_TO_INST(pXT) RT_FROM_MEMBER(pXT, VBOXNETFLTINS, u.s.XmitTask) -#endif - -#if LINUX_VERSION_CODE = KERNEL_VERSION(2, 6, 22) -# define VBOX_SKB_RESET_NETWORK_HDR(skb)skb_reset_network_header(skb) -# define VBOX_SKB_RESET_MAC_HDR(skb)skb_reset_mac_header(skb) -#else -# define VBOX_SKB_RESET_NETWORK_HDR(skb)
Bug#776311: nginx: Please add nginx-http-shibboleth to nginx-extras
Source: nginx Severity: wishlist Tags: patch Hi, we recently did some work to make shibboleth being independent of apache. Current shibboleth package can be used to authenticate whatever server, over a fastcgi socket. The other half missing is some support into nginx. Unfortunately upstream nginx does not support fastcgi authorizers, and shibboleth has some quirks by itself so there is an external dedicated module for this at: https://github.com/nginx-shib/nginx-http-shibboleth Can you please add it to nginx-extras? Attached is a patch against current debian packaging to include and build the module, update the copyright and the modules README. I'd be happy to see this reaching debian once we un-freeze post-jessie. Cheers, Luca -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) commit 57212a99e9363e95e420542c4bd2e7645189d30e Author: Luca Bruno lu...@debian.org Date: Mon Jan 26 12:13:42 2015 +0100 nginx-extras: add nginx-http-shibboleth module diff --git a/debian/changelog b/debian/changelog index e5efd5b..6cd36fe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ nginx (1.6.2-6) UNRELEASED; urgency=medium - [Michael Lustfield] + [ Michael Lustfield ] * debian/conf/sites-available/default: + Add comment about disabling gzip in HTTPS. (Closes: #773332) + Add comment about checking ssl_ciphers. (Closes: #765782) @@ -17,6 +17,10 @@ nginx (1.6.2-6) UNRELEASED; urgency=medium * debian/ngx-conf/* + Added configuration utility. (Closes: #652108) + [ Luca Bruno ] + * debian/rules: ++ Added shibboleth authorizer module to nginx-extras. + -- Michael Lustfield mich...@lustfield.net Sun, 11 Jan 2015 14:49:36 -0600 nginx (1.6.2-5) unstable; urgency=medium diff --git a/debian/copyright b/debian/copyright index 9b123d1..c454376 100644 --- a/debian/copyright +++ b/debian/copyright @@ -89,6 +89,13 @@ Files: debian/modules/ngx_http_substitutions_filter_module/* Copyright: Copyright (C) 2014 by Weibin Yao yaowei...@gmail.com License: BSD-2-clause +Files: debian/modules/nginx-http-shibboleth/* +Copyright: 2013, Maxim Dounin + 2013, Nginx, Inc. + 2013-2015, David Beitey (davidjb) + 2014-2015, Luca Bruno +License: BSD-2-clause + Files: debian/* Copyright: 2007-2009, Fabio Tranchitella kob...@debian.org 2008, Jose Parrella joseparre...@cantv.net diff --git a/debian/modules/README.Modules-versions b/debian/modules/README.Modules-versions index d4bd95c..4b7a7f2 100644 --- a/debian/modules/README.Modules-versions +++ b/debian/modules/README.Modules-versions @@ -55,3 +55,7 @@ README for Modules versions ngx_http_substitutions_filter_module Homepage: https://github.com/yaoweibin/ngx_http_substitutions_filter_module Version: v0.6.4 + + nginx-http-shibboleth + Homepage: https://github.com/nginx-shib/nginx-http-shibboleth + Version: v20150121 diff --git a/debian/modules/nginx-http-shibboleth/CONFIG.rst b/debian/modules/nginx-http-shibboleth/CONFIG.rst new file mode 100644 index 000..c87020e --- /dev/null +++ b/debian/modules/nginx-http-shibboleth/CONFIG.rst @@ -0,0 +1,329 @@ +Configuration += + +.. contents:: + :local: + :backlinks: none + +Steps +- + +#. Obtain/rebuild Shibboleth SP with FastCGI support. +#. Recompile Nginx with the ``nginx-http-shibboleth`` custom module. +#. Configure Shibboleth FastCGI authorizer and reponsder applicatons to run. +#. Configure Nginx to talk to both FastCGI authorizer and responder. +#. Configure your Nginx application ``location`` block with ``shib_request + on``. +#. Configure Shibboleth's ``shibboleth2.xml`` so the authorizer and responder are + aware of which paths to protect. +#. Ensure your application code accepts the relevant incoming headers for + authN/authZ. + +Background +-- + +Shibboleth supports Apache and IIS by default, but not Nginx. The closest one +gets to support is via FastCGI, which Shibboleth `does have +https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPFastCGIConfig`_ +but the default distribution needs to be rebuilt to support it. Nginx has +support for FastCGI responders, but not for `FastCGI authorizers +http://www.fastcgi.com/drupal/node/22#S6.3`_. This current module, +``nginx-http-shibboleth``, bridges this gap using sub-requests within Nginx. + +The design of Nginx is such that when handling sub-requests, it currently +cannot forward the original request body, and likewise, cannot pass a +sub-request response back to the client. As such, this module does not fully +comply with the FastCGI authorizer specification. However, for Shibboleth, +these two factors are inconsequential as
Bug#775588: [Pkg-haskell-maintainers] Bug#775588: darcs: Missing copyright information
Hi, How about lowering the severity of this bug? I just received this: fusionforge 5.3.2+20141104-3 is marked for autoremoval from testing on 2015-03-02 It (build-)depends on packages with these RC bugs: 775588: darcs: Missing copyright information Cheers! Sylvain -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776307: libgtk2.0: print-preview asumes evince
Package: libgtk2.0-0 Version: 2.24.25-1 Severity: normal File: libgtk2.0 Dear Maintainer, When trying a print preview from e.g. Sylpheed, gtk expects evince to be installed and gives a warning if it is not. Is it possible to use any pdf-viewer virtual package in Debian to resolve this? Or, should evince be recommended by libgtk2.0? Kind regards, Ricardo Peliquero -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libgtk2.0-0:i386 depends on: ii libatk1.0-0 2.14.0-1 ii libc62.19-13 ii libcairo21.14.0-2.1 ii libcups2 1.7.5-10 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-2 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.1-1 ii libgtk2.0-common 2.24.25-1 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-01.36.8-3 ii libx11-6 2:1.6.2-3 ii libxcomposite1 1:0.4.4-1 ii libxcursor1 1:1.1.14-1+b1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxi6 2:1.7.4-1+b2 ii libxinerama1 2:1.1.3-1+b1 ii libxrandr2 2:1.4.2-1+b1 ii libxrender1 1:0.9.8-1+b1 ii multiarch-support2.19-13 ii shared-mime-info 1.3-1 Versions of packages libgtk2.0-0:i386 recommends: ii hicolor-icon-theme 0.13-1 ii libgtk2.0-bin 2.24.25-1 Versions of packages libgtk2.0-0:i386 suggests: pn gvfs none ii librsvg2-common 2.40.5-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776308: nagios-nrpe-server: Bad SSL_shutdown() causes Return code of 141 is out of bounds SIGPIPE/TCP RST
Package: nagios-nrpe-server Version: 2.13-3 Severity: normal Tags: upstream patch Hi, I wanted to report that the version on ``nagios-nrpe-server`` in Wheezy suffers from [Nagios bug #305](http://tracker.nagios.org/view.php?id=305), which (at least in out case) causes some test to alternatively return a normal WARNING or an unexpected CRITICAL error with the message Return code of 141 is out of bounds caused by a TCP RST packet sent by the server to the client because of an incomplete ``SSL_shutdown()`` that causes an incomplete read and thus a SIGPIPE. Fortunately the patch ``nrpe-ssl_shutdown-2.patch`` attached to the ticket applies cleanly to the current 2.13-3 source code and generates a package which doesn't suffer the problem. Thanks! -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32.16-linode28 (SMP w/8 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776261: tecnoballz: Collision detection not accurate
On 26.01.2015 02:45, Celelibi wrote: Package: tecnoballz Version: 0.93.1-2 Severity: normal Hello, Sometime the balls can go through the corner ball launchers without being captured. This just happened to me when the ball has been bounced by the malus eye. Best regards, Celelibi Hello, I haven't seen this one yet. Perhaps this behaviour is on purpose? I'm forwarding this bug report to the upstream developer of tecnoballz. Bruno, what do you think about this issue? Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#776263: tecnoballz: Right click cause game over
Control: tags 776263 confirmed On 26.01.2015 02:46, Celelibi wrote: Package: tecnoballz Version: 0.93.1-2 Severity: normal Hello, Apparently, right clicking when loosing the last ball cause a game over instead of simply loosing a life. It seems that this bug is easier to reproduce when the ball is falling vertically. At least I could get to reproduce it fairly easily by repeteadly right clicking while missing the ball falling straight. Hello and thanks for your reports, I'm CCing Bruno because he is the upstream developer for tecnoballz and might be interested in your bug reports too. I'm replying to all of them separately. @bug 776263 I can confirm that repeatedly right-clicking sometimes triggers game over instead of just losing a life when the player misses the ball. However this behaviour is rather random. It doesn't always have to be the last ball. Bruno, what do you think? Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#776262: tecnoballz: Bouncer position restricted in boss levels
On 26.01.2015 02:46, Celelibi wrote: Package: tecnoballz Version: 0.93.1-2 Severity: normal Hello, It looks like in the boss levels the position of the bouncer cannot reach the side walls allowing the balls to fall without any way to catch them. The minimum distance from the bouncer to the wall looks like the size of the corner relaunchers in the normal levels. This may be on purpose. But in doubt, I sumbit this bug. :) Best regards, Celelibi Hi again, beats me. Bruno, is this an intended feature or a bug? Thanks, Markus signature.asc Description: OpenPGP digital signature
Bug#754785: Progress?
Hi Sergey, Did you manage to make any progress on this ITP? (I merged it with an old RFP for the same font, I suppose there is definitely some interest in it, to have two wnpp reports… ;-) Best regards -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768897: MBR disklabels also yield destructive pvcreate
Control: severity -1 important Control: clone -1 -2 Control: retitle -2 Installation manual should warn about the use of LVM partition types Control: reassign -2 installation-guide On Sun, Jan 18, 2015 at 04:24:43PM +, Steve McIntyre wrote: On Wed, Nov 19, 2014 at 03:36:19PM -0600, Drake Wilson wrote: FYI: I've just confirmed with partman-lvm 99 (plus whatever libparted is in the last Debian testing weekly ISO) that MBR disklabels using 8e (Linux LVM) as a type code for LUKS are also affected by this. So it's not just GPT. It's arguably even more dangerous for MBR, because the type code space is so small that collisions should be expected, but util-linux's fdisk in MBR mode also provides a 0xda code for non-FS data, so users in that case may be less tempted to default to the underlying volume type. Hi Drake, I've just reproduced your findings here, and I'm looking at the code right now. As you've guessed, the partman-lvm code currently unconditionally tries to set up *every* partition with an LVM partition type, regardless. If you're interested the code is in partman-lvm/choose_partition/lvm/do_option:do_initial_setup(). It calls into partman-lvm/lib/lvm-base.sh:pv_create(), and pv_create() checks to see if the partition is already set up as a PV (by calling pvs) - if so, it leaves it alone, otherwise it calls pvcreate. So... There are a few things to do here: 1. Don't do what you're doing! This is one of the few areas where the partition type matters in d-i 2. I'm looking to add a check in pv_list() so it will either: (a) Ignore partitions tagged with LVM type but some other filesystem/blkid contents; OR (b) Warn about such partitions and ask the user what to do. 2(a) looks much easier, I'll be honest, so that's my plan for now. And after playing with this a lot more, I'm going to have to admit defeat I'm afraid. The code in partman-lvm is very flexible in terms of allowing user choice, but that actually makes this particular case even harder. The best thing I can tell you is: don't use the partition types for LVM unless you really want to use LVM on those partitions! Sorry. :-/ We should add a warning in the installation manual for this corner case, at least. I've opened a new bug for that above. -- Steve McIntyre, Cambridge, UK.st...@einval.com There's no sensation to compare with this Suspended animation, A state of bliss -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776276: unblock: open-iscsi/2.0.873+git0.3b4b4500-4
(Since I didn't get cc'd in the original reply, I'm replying here. Sorry about that.) Am 26.01.2015 um 16:12 schrieb Ritesh Raj Sarraf: On 01/26/2015 07:54 PM, Michael Biebl wrote: unblock open-iscsi/2.0.873+git0.3b4b4500-4 That patch doesn't look right. Calling systemctl from an init script is a big no-go. Second, shipping a generated unit file which does run /etc/init.d/foo is a hack at best. I'd be really unhappy, if this was accepted. Well, this is just an interim fix, for Jessie. For sid and later, we'll also ship the systemd files that'll be independent. Just for reference: I proposed the original patch, and I spent a lot of time looking at different solutions. In the end I think the whole startup logic of iSCSI should be reworked. There are lots of corner cases that are not properly handled currently, even on sysvinit. HOWEVER, that would require quite a bit of effort and even a lot more testing, and possibly coordinated changes to quite a lot of other pieces of software. And I don't think this is something that would fit the current release policy. On the other hand, currently there are the following problems due to this init script: - 90s delay on a default Jessie installation (systemd as init) with the most basic iSCSI configuration you can think of (so nearly everyone using iSCSI initiator on Jessie will run into this) - startup ordering is botched on systemd, i.e. if you have services that require filesystems on iSCSI to be present (file servers, ...) you might have a race on your hand (This is not the case in sysvinit, because rcS.d scripts are always executed before rc[2-5].d scripts, so there's an additional sync point that doesn't exist with systemd.) - conversely, shutdown ordering is also botched, because open-iscsi has no Before= ordering, so systemd thinks it can stop it immediately, when stuff is potentially still using iSCSI filesystems (and if you sever an iSCSI connection that's in use, the kernel will simply do that) - but even if the filesystems weren't used by any services: since the call-out to umountiscsi.sh doesn't work (systemd keeps track of service state and thinks it's already stopped). That means that iSCSI connections might be severed before filesystems are unmounted, potentiall causing data loss. I couldn't trigger this on my system the couple of times I tried it because systemd also unmounts all network filesystems on its own, and that was always faster on my box, but those FS were empty and no cache had to be written to them, so my guess is that this will occur at least sometimes in the wild. So then I thought: what's the least-invasive way to fix the problems with this so it works at least as well as with sysvinit? And that was the attached debdiff that Ritesh was kind enough to request a pre-approval for. This is a targeted fix for a specific issue, without making too many changes this close to the release. Since the open-iscsi init script never worked well with systemd (in Wheezy it's kind of broken), but lots of sysvinit systems are using it, my goal was to make sure that nothing changes for people that continue using sysvinit this late in the release process and just fix it so systemd systems work at least in principle (with a cleanup post-Jessie). Of course, if you have a better idea of how to do this? A few questions: - If open-iscsi is supposed to provide remote file systems, how can it have # Required-Start: $remote_fs As far as I can tell, the historic reason is probably that open-iscsi is installed in /usr and if /usr is on NFS on sysvinit, open-iscsi won't work unless remote filesystems have been mounted. Since sysvinit ignores mount errors and has an additional sync point between runlevel S and runlevels 2-5, this always kind-of worked on sysvinit. Since /usr on NFS without premounting it in initramfs doesn't really work with systemd anyway, this dependency doesn't have to be there for systemd. But changing the init script would probably break some sysvinit setups. That's a classic circular dep and most likely the reason for the issue Yes, obviously, which is why for systemd the dependencies changed to make it Before=remote-fs-pre.target. - Why is umountiscsi.sh in a separate init script, when the open-iscsi init script calls it via invoke-rc.d on stop? To be honest, no idea. If I were do create a new package from scratch, there shouldn't be a umountiscsi.sh, but everything should simply be done in open-iscsi directly. And for post-Jessie that may well be the way to go, BUT I'm not sure it would be wise to do this this late in the Jessie release cycle. But if you don't like the systemctl start, perhaps one could just do _SYSTEMCTL_SKIP_REDIRECT=true /etc/init.d/umountiscsi.sh stop in the stop portion to make sure that the script is called directly even with systemd? (Although that gets rid of policy-rc.d handling, but I don't know if anybody
Bug#776304: dpkg: allows child processes to inherit file handles for triggers
Hi! On Tue, 2015-01-27 at 00:55:21 +1100, Russell Coker wrote: Package: dpkg Version: 1.17.23 Severity: normal Below are some AVC messages from a fairly routine dpkg upgrade. As you can see the programs setfiles, load_policy, and restorecon which are run from postinst scripts are inheriting a file handle for /var/lib/dpkg/triggers/Unincorp . type=AVC msg=audit(1422274481.981:202): avc: denied { read } for pid=12679 comm=setfiles path=/var/lib/dpkg/triggers/Unincorp dev=xvda ino=199493 scontext=bofh:sysadm_r:setfiles_t:s0-s0:c0.c1023 tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=1 type=AVC msg=audit(1422274483.261:203): avc: denied { read } for pid=12685 comm=load_policy path=/var/lib/dpkg/triggers/Unincorp dev=xvda ino=199493 scontext=bofh:sysadm_r:load_policy_t:s0-s0:c0.c1023 tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=1 type=AVC msg=audit(1422279601.565:427): avc: denied { read } for pid=22513 comm=restorecon path=/var/lib/dpkg/triggers/Unincorp dev=xvda ino=208505 scontext=bofh:sysadm_r:setfiles_t:s0-s0:c0.c1023 tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=0 Are you sure these messages are from dpkg 1.17.23 and not from an earlier version? This was supposedly fixed in 1.17.11 (see #751021). Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776297: jajuk: please make the build reproducible
Hi Chris, Thank you for the patch. It can be even simpler by setting the build.time property in debian/rules instead of patching the upstream build. This will look like this: DEB_ANT_ARGS := -Dbuild.time='$(shell dpkg-parsechangelog --show-field Date)' With Ant the properties defined on the command line take precedence on the properties defined in the build file. I'll upload the fix shortly. Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775778: Bug#776276: unblock: open-iscsi/2.0.873+git0.3b4b4500-4
On 01/26/2015 07:54 PM, Michael Biebl wrote: unblock open-iscsi/2.0.873+git0.3b4b4500-4 That patch doesn't look right. Calling systemctl from an init script is a big no-go. Second, shipping a generated unit file which does run /etc/init.d/foo is a hack at best. I'd be really unhappy, if this was accepted. Well, this is just an interim fix, for Jessie. For sid and later, we'll also ship the systemd files that'll be independent. That's something which'll require co-ordination with systemd team, and some testing once we have that support. A few questions: - If open-iscsi is supposed to provide remote file systems, how can it have # Required-Start: $remote_fs I don't have all the history, but I believe you could have your root fs being served off of an NFS root file system, while providing data LUNs over iSCSI. That's a classic circular dep and most likely the reason for the issue - Why is umountiscsi.sh in a separate init script, when the open-iscsi init script calls it via invoke-rc.d on stop? Again, I don't recollect every detail. But the open-iscsi script deals with the userspace daemon. Where as the umountiscsi.sh script is only used to deal with the iSCSI block devices mount/umount. It also takes care of LVM devices, if any, created on top of it. The iscsid daemon is not needed for the full operation of the iSCSI service. Hence the daemon handling is separated from the iSCSI sessions that are handled in-kernel. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System signature.asc Description: OpenPGP digital signature
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. For Wheezy, it is building right now. Once the build is complete, I'll push it to s-p-u. And send you the debdiff. -- Ritesh Raj Sarraf RESEARCHUT - http://www.researchut.com Necessity is the mother of invention. signature.asc Description: OpenPGP digital signature
Bug#775866: vlc: multiple vulnerabilities
On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote: On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote: * The potential invalid writes in modules/services_discovery/sap.c and modules/access/ftp.c were not fixed as I did not provide a trigger. Note, that the code looks very similar to the confirmed bug in rtp_packetize_xiph_config, and so I leave it to you to decide whether you want to patch this. These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact upstream for the status of an upstream fix? Just because they look similar, does not make them a vulnerability. The format string for ftp_SendCommand is not attacker controlled. The reporter still has not answered questions about how the invalid write in modules/access/ftp.c could be triggered [1]. Similarly, the issue in modules/services_discovery/sap.c lacks a trigger. The rather disturbing thread can be found at [2]. Cheers [1] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100674.html [2] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100675.html -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#776309: fglrx-driver: Hung PC with black screen and solid white cursor in upper left corner
Package: fglrx-driver Version: 1:14.12-1 Severity: critical Justification: breaks the whole system Dear Fglrx Maintainers, When this package is installed the system boots to a completely hung state with a solid cursor in the upper left hand corner. The hang leaves the system unaccessible though ssh and not recoverable through the ctrl-alt F1 mechanism. The log files indicate the fglrx-driver is loaded into the kernel as it should be. However the hang is so hard that no additional information is written to kernel.log messages Xorg.0.log or system.log. This error also occurs with a direct install of the latest upstream driver, AMD Catalyst Omega 14.12. I am running this on a AMD A10-7850k Kaveri on Gigabyte GA-F2A88XM-D3A (AMD 88x) Bolton D4 Chipset. I don't know if the APU part has anything to do with this. I previously have reported this bug to the mail serve http://lists.alioth.debian.org/pipermail/pkg-fglrx-devel/2014-December/006071.html but did not have any error messsage to present at the time because the hangs don't leave log files. Since then, I have used netconsole to log the kernel error messages to another debian PC over the network. With netconsole logging on, sometimes I am able to use alt-sysreq k alt-sysreq s commands to write the log files. Most times however there is no response to even these failsafe commands. What follows are netconsole logs from a streight boot to gdm3, netconsole logs from a boot to init 3 followed by gdm3 start, and the Xorg.0.log I was able to save coresponding streight boot. The Xorg.0.log doesn't seem to offer any information but there are kernel stack traces in the netconsole logs. Let me know if any other information would help. Thanks, Greg Futia ---netconsole log normal boot --- [6.628937] netconsole: network logging started [6.661532] b43 ssb0:0: firmware: direct-loading firmware b43/pcm5.fw [6.671682] AVX version of gcm_enc/dec engaged. [6.676168] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni) [6.687487] b43 ssb0:0: firmware: direct-loading firmware b43/b0g0initvals5.fw [6.701275] b43 ssb0:0: firmware: direct-loading firmware b43/b0g0bsinitvals5.fw [6.765116] fglrx: module license 'Proprietary. (C) 2002 - ATI Technologies, Starnberg, GERMANY' taints kernel. [6.766746] Disabling lock debugging due to kernel taint [6.794278] 6[fglrx] Maximum main memory to use for locked dma buffers: 6659 MBytes. [6.796044] 6[fglrx] vendor: 1002 device: 130f revision: 0 count: 1 [6.798488] 6[fglrx] IOMMU is enabled, CrossFire are not supported on this platform [6.800104] 6[fglrx] Disable IOMMU in BIOS options or kernel boot parameters to support CF [6.801920] 6[fglrx] ioport: bar 4, base 0xf000, size: 0x100 [6.804564] 6[fglrx] Kernel PAT support is enabled [6.806187] 6[fglrx] module loaded - fglrx 14.50.2 [Nov 20 2014] with 1 minors [6.879285] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht' [6.982892] alg: No test for crc32 (crc32-pclmul) [7.294533] cfg80211: World regulatory domain updated: [7.296160] cfg80211: DFS Master region: unset [7.296194] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) [7.299273] cfg80211: (2402000 KHz - 2472000 KHz @ 4 KHz), (N/A, 2000 mBm), (N/A) [7.300862] cfg80211: (2457000 KHz - 2482000 KHz @ 4 KHz), (N/A, 2000 mBm), (N/A) [7.302408] cfg80211: (2474000 KHz - 2494000 KHz @ 2 KHz), (N/A, 2000 mBm), (N/A) [7.303933] cfg80211: (517 KHz - 525 KHz @ 8 KHz, 16 KHz AUTO), (N/A, 2000 mBm), (N/A) [7.305475] cfg80211: (525 KHz - 533 KHz @ 8 KHz, 16 KHz AUTO), (N/A, 2000 mBm), (0 s) [7.306989] cfg80211: (549 KHz - 573 KHz @ 16 KHz), (N/A, 2000 mBm), (0 s) [7.308524] cfg80211: (5735000 KHz - 5835000 KHz @ 8 KHz), (N/A, 2000 mBm), (N/A) [7.310035] cfg80211: (5724 KHz - 6372 KHz @ 216 KHz), (N/A, 0 mBm), (N/A) [7.376664] snd_hda_intel :00:01.1: enabling device ( - 0002) [7.377515] snd_hda_intel :00:01.1: irq 93 for MSI/MSI-X [7.518986] ppdev: user-space parallel port driver [7.544329] sr 7:0:0:0: [sr0] [7.545848] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [7.547335] sr 7:0:0:0: [sr0] [7.548847] Sense Key : Illegal Request [current] [7.550346] sr 7:0:0:0: [sr0] [7.551815] Add. Sense: Invalid field in parameter list [7.552724] sr 7:0:0:0: [sr0] CDB: [7.553634] Read(10): 28 00 00 04 a3 40 00 00 02 00 [7.554510] end_request: I/O error, dev sr0, sector 1215744 [7.555342] Buffer I/O error on device sr0, logical block 151968 [7.557351] input: HD-Audio Generic HDMI/DP,pcm=3 as /devices/pci:00/:00:01.1/sound/card0/input6 [7.558579] kvm: Nested Virtualization enabled [7.559726] kvm: Nested Paging enabled [
Bug#776312: coquelicot: please make build reproducible
Source: coquelicot Version: 0.9.2-4 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Hi, While working on the reproducible builds effort [1], we have noticed that coquelicot could not be built reproducibly. With the attached patch, coquelicot can be built reproducibly in our current experimental framework. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- From 6a8cd4d8ea70e33e77da6ad55e631ff30e6b440a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= lu...@debian.org Date: Mon, 26 Jan 2015 16:38:08 +0100 Subject: [PATCH] Use debian/changelog date as gem build time In order to make the build reproducible, we use the time of the latest debian/changelog entry when creating the gem for AGPLv3 compatibility. --- debian/rules | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 12a4572..c408a60 100755 --- a/debian/rules +++ b/debian/rules @@ -17,13 +17,15 @@ create-static-gemspec: override_dh_auto_install: # Create the Gem that we ship as source code (for AGPL compliance) cp --preserve=all /usr/share/javascript/jquery/jquery.min.js public/javascripts/jquery.min.js - ruby -rrubygems -rrubygems/package -rfileutils -rtmpdir -e ' \ + ruby -rrubygems -rrubygems/package -rfileutils -rtmpdir -rtimecop -e ' \ debian_version = `dpkg-parsechangelog | sed -n -e s/^Version: //p`.strip; \ _, upstream_version, debian_revision = debian_version.match(/^(.*)-(.*)$$/).to_a; \ upstream_version.gsub!(/~/, 0.); \ upstream_version.gsub!(/[^0-9a-zA-Z.]/, ); \ debian_revision.gsub!(/~/, 0.); \ debian_revision.gsub!(/[^0-9a-zA-Z.]/, ); \ + time_str = `dpkg-parsechangelog --show-field=Date`.strip; \ + build_time = Time.at(`LC_ALL=C date --date=#{time_str} +%s`.strip.to_i); \ spec = Gem::Specification.load(debian/coquelicot.gemspec); \ if spec.version.to_s != upstream_version; \ $$stderr.puts Please refresh the static gemspec:; \ @@ -49,7 +51,9 @@ override_dh_auto_install: FileUtils.cp src, dest; \ end; \ Dir.chdir(#{tmpdir}) do \ - Gem::Package.build spec; \ + Timecop.freeze(build_time) do; \ + Gem::Package.build spec; \ + end; \ end; \ FileUtils.mkdir_p debian/coquelicot/usr/share/coquelicot/public; \ FileUtils.cp #{tmpdir}/coquelicot-#{spec.version}.gem, \ -- 2.1.4 signature.asc Description: Digital signature
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote: On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. For Wheezy, it is building right now. Once the build is complete, I'll push it to s-p-u. And send you the debdiff. Please find attached the debdiff. Please give me an ACK, and then I'll do the upload. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System diff -Nru virtualbox-4.1.18-dfsg/debian/changelog virtualbox-4.1.18-dfsg/debian/changelog --- virtualbox-4.1.18-dfsg/debian/changelog 2014-04-14 14:54:39.0 +0530 +++ virtualbox-4.1.18-dfsg/debian/changelog 2015-01-26 19:07:00.0 +0530 @@ -1,3 +1,12 @@ +virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium + + [ Frank Mehnert ] + * fix security vulnerabilities (Closes: #775888) + CVE-2015-0377, CVE-2015-0418 + - debian/patches/CVE-2015-0{377,418}.patch + + -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Thu, 22 Jan 2015 14:21:14 +0100 + virtualbox (4.1.18-dfsg-2+deb7u3) wheezy-security; urgency=high * Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602) diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch --- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch 1970-01-01 05:30:00.0 +0530 +++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch 2015-01-26 19:07:00.0 +0530 @@ -0,0 +1,20 @@ +Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp +=== +--- a/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342) b/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95343) +@@ -1696,7 +1696,14 @@ + if (rc2 == VERR_SEM_BUSY) + return VINF_IOM_HC_MMIO_READ_WRITE; + #endif +-VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault)); ++PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault); ++if (RT_UNLIKELY(!pRange)) ++{ ++IOM_UNLOCK(pVM); ++return VERR_IOM_MMIO_RANGE_NOT_FOUND; ++} ++ ++VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange); + IOM_UNLOCK(pVM); + return VBOXSTRICTRC_VAL(rcStrict); + } diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch --- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch 1970-01-01 05:30:00.0 +0530 +++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch 2015-01-26 19:07:00.0 +0530 @@ -0,0 +1,32 @@ +Index: include/VBox/vmm/hwacc_vmx.h +=== +--- a/include/VBox/vmm/hwacc_vmx.h (revision 96156) b/include/VBox/vmm/hwacc_vmx.h (revision 96157) +@@ -525,6 +525,12 @@ + #define VMX_EXIT_WBINVD 54 + /** 55 XSETBV. Guest software attempted to execute XSETBV. */ + #define VMX_EXIT_XSETBV 55 ++/** 57 RDRAND. Guest software attempted to execute RDRAND. */ ++#define VMX_EXIT_RDRAND 57 ++/** 58 INVPCID. Guest software attempted to execute INVPCID. */ ++#define VMX_EXIT_INVPCID58 ++/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */ ++#define VMX_EXIT_VMFUNC 59 + /** @} */ + + +Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp +=== +--- a/src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96156) b/src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96157) +@@ -4112,6 +4112,10 @@ + case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */ + case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */ + case VMX_EXIT_VMXON:/* 27 Guest software executed VMXON. */ ++case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */ ++case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */ ++case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */ ++case VMX_EXIT_VMFUNC: /* 59 Guest software executed VMFUNC. */ + /** @todo inject #UD immediately */ + rc = VERR_EM_INTERPRETER; + break; diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series virtualbox-4.1.18-dfsg/debian/patches/series --- virtualbox-4.1.18-dfsg/debian/patches/series2014-04-14 14:55:14.0 +0530 +++ virtualbox-4.1.18-dfsg/debian/patches/series2015-01-26 19:07:00.0 +0530 @@ -20,3 +20,5 @@ 38-security-fixes-2014-01.patch CVE-2014-0981.patch
Bug#770657: tcc: fails with struct defined in function
Control: forwarded -1 http://lists.nongnu.org/archive/html/tinycc-devel/2014-08/msg00050.html Control: tags -1 + upstream A patch has been floating on the mailing list but was not of good enough quality to be included. I shall be able to commit soon again to this project and will try to move this forward. Best regards, Thomas signature.asc Description: This is a digitally signed message part.
Bug#707275: #707275 - ansible: disable syslog logging
Control: tag -1 - moreinfo On Sat, 12 Apr 2014 21:32:17 -0400 Harlan Lieberman-Berg h.liebermanb...@gmail.com wrote: Upstream says that this functionality may have been added by no_log becoming a task parameter. Does this functionality solve your issue? It does not solve mine. The perfect solution for me would be a host var, but I'd be fine with your solution of a new ansible.cfg global entry. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776178: ITP: python-xcffib -- A drop in replacement for xpyb
Wow! Thanks for writing this! I *just* finished a rough port of xpyb to Python 3, and you're right that it's got a lot of issues. https://github.com/BurntSushi/xpyb I also recently ported xpybutil to python3 ... this weekend I'll try it out against xcffib. I note that you filed a WNPP and not an ITP for this. Is there some way that I can help? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776072: dpkg-maintscript-helper dir_to_symlink explodes on subtree in cups-pdf package
On Fri, 2015-01-23 at 17:38:12 +0100, Guillem Jover wrote: On Fri, 2015-01-23 at 17:25:22 +0100, Andreas Beckmann wrote: Control: severity -1 important Control: reopen -1 Control: retitle -1 dpkg-maintscript-helper: document required package qualification on arch:all = arch:any switches On 2015-01-23 17:12, Guillem Jover wrote: This needs to be passed the correct arch-qualified package name (either :arch or :all) for the previous package. Thus closing. But feel free to reopen if I missed something else. I think this should be documented ... I've already got locally a commit documenting the implicit arch-qualification (I think prompted by one of your earlier bug reports), but I can make it explicit that the package needs to be explicitly arch qualified when switching arch too. Hmm, which makes me think, cross-grading will not be supported either by those packages… I'll have to ponder about it. Sorry, actually for non-M-A:same packages the best thing to do is to just pass the non-arch-qualified package name which will support all the above cases correctly. I'll try to make that clear in the man page. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775306: pxz: race condition in setting permissions on output file
Hi Moritz, On Montag, 26. Januar 2015, Moritz Mühlenhoff wrote: Patch attached, can you take care of an upload and unblock with the release team? thanks for the patch, can do! cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#691273: netcdf-bin: nccopy produces bogus output
Control: tags -1 moreinfo unreproducible Hi Paul, We are currently preparing a new version of netcdf. Unfortunately, I am not able to reproduce this bug in 1:4.1.3-7.2 using my Wheezy machine. I only had one file to play with though. If you are still affected by this bug, could you please attach a file to a reply all to this email, and provide the series of commands to produce the error? Regards, Ross signature.asc Description: OpenPGP digital signature
Bug#776318: devscripts: [mk-origtargz] creates string with duplicate entries of files to exclude
Package: devscripts Version: 2.15.1 Severity: normal Dear Maintainer, when trying to upgrade gnumed-client using debcheckout gnumed-client and than running `debian/rules get-orig-source` this failed. It boils down to the following problem $ LC_ALL=C mk-origtargz ../gnumed-client.1.5.2.tgz tar: ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/livequery/jquery.livequery.js: Not found in archive tar: ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/foswiki/jquery.foswiki.js: Not found in archive tar: Exiting with failure status due to previous errors mk-origtargz: error: tar --delete --file ../gnumed-client_1.4.12+dfsg.orig.tar ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/PatternSkin/pattern.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JavascriptFiles/foswikiString.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JavascriptFiles/foswikiPref.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JavascriptFiles/foswikiForm.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JSTreeContrib/jquery.jstree.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/livequery/jquery.livequery.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/livequery/jquery.livequery.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/foswiki/jquery.foswiki.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/foswiki/jquery.foswiki.js ./gnumed-client.1.5.2/client/doc/user-manual/rsrc/System/JQue ryPlugin/jquery-1.4.3.js gave error exit status 2 The files client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/livequery/jquery.livequery.js client/doc/user-manual/rsrc/System/JQueryPlugin/plugins/foswiki/jquery.foswiki.js are part of the downloaded tarball but as you can see in the created command line `tar --delete --file ...` it is mentioned twice which leads to the error above. Please make sure that one file is only mentioned once. Kind regards and thanks for maintaining devscripts Andreas. -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- Not present -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (501, 'testing'), (500, 'buildd-unstable'), (50, 'unstable'), (5, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages devscripts depends on: ii dpkg-dev 1.17.23 ii libc62.19-13 ii perl 5.20.1-4 ii python3 3.4.2-2 pn python3:any none Versions of packages devscripts recommends: ii at 3.1.16-1 ii curl7.38.0-4 ii dctrl-tools 2.23 ii debian-keyring 2014.12.10 ii dput0.9.6.4 ii equivs 2.0.9 ii fakeroot1.20.2-1 ii file1:5.20-2 ii gnupg 1.4.18-6 ii libdistro-info-perl 0.14 ii libencode-locale-perl 1.03-1 ii libjson-perl2.61-1 ii liblwp-protocol-https-perl 6.06-2 ii libparse-debcontrol-perl2.005-4 ii libsoap-lite-perl 1.11-1 ii liburi-perl 1.64-1 ii libwww-perl 6.08-1 ii lintian 2.5.30+deb8u3 ii man-db 2.7.0.2-5 ii patch 2.7.1-6 ii patchutils 0.3.3-1 ii python3-debian 0.1.25 ii python3-magic 1:5.20-2 ii sensible-utils 0.0.9 ii strace 4.9-2 ii unzip 6.0-14 ii wdiff 1.2.2-1 ii wget1.16-1 ii xz-utils5.1.1alpha+20120614-2+b3 Versions of packages devscripts suggests: ii bsd-mailx [mailx]8.1.2-0.20141216cvs-1 ii build-essential 11.7 pn cvs-buildpackage none pn debbindiff none pn devscripts-elnone ii gnuplot5 [gnuplot] 5.0.0~rc+dfsg2-1 ii gpgv 1.4.18-6 ii libauthen-sasl-perl 2.1600-1 pn libfile-desktopentry-perlnone ii libnet-smtp-ssl-perl 1.01-3 pn libterm-size-perlnone ii libtimedate-perl 2.3000-2 pn libyaml-syck-perlnone ii mutt 1.5.23-3 ii openssh-client [ssh-client] 1:6.7p1-3 pn svn-buildpackage none ii w3m 0.5.3-19 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776260: tecnoballz: Version dependancy to libsdl-mixer1.2
2015-01-26 11:25 GMT+00:00 Markus Koschany a...@gambaru.de: On 26.01.2015 02:44, Celelibi wrote: Package: tecnoballz Version: 0.93.1-2 Severity: normal Hello, The sound of tecnoballz version 0.93.1-2 wasn't working with libsdl-mixer1.2:i386 version 1.2.12-5. The error message was: handler_audio::play_music() Mix_LoadMUS return Failure loading module header But it did work after upgrading to 1.2.12-11+b1. Maybe the dependancies should be updated. Regards, Celelibi Hello, CCing Manuel the maintainer / uploader of sdl-mixer1.2 for feedback. This is somewhat strange because there is no version 1.2.12-5 in the official archive anymore. Stable has 1.2.12-3 and testing/unstable 1.2.12-11+b1. Did you put libsdl-mixer1.2 on hold? However I believe I understand the problem and you are right, there should be a versioned dependency on libsdl-mixer1.2 (= 1.2.12-11+b1). I'm not sure whether this is a bug in tecnoballz or libsdl-mixer1.2. Indeed, sdl-mixer1.2 -11+b1 was just a scheduled binary NMU version to build against the newer libmikmod3 (library transition): BinNMU changelog for sdl-mixer1.2 on amd64, armel, armhf, hurd-i386, i386, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390x and sparc: Rebuild against libmikmod3 In wheezy libsdl-mixer1.2 depends on and links against libmikmod2. However the latest version of libsdl-mixer1.2 in testing links against libmikmod3. Since the dependency on libsdl-mixer1.2 is satisfied, this package won't be upgraded if you mix different Debian distributions. In the meantime tecnoballz links against libmikmod3 while you are still using the old libsdl-mixer1.2 that links against libmikmod2. So there is a version mismatch here. The dependency on libsdl-mixer1.2 is unversioned because this package does neither provide a .symbols file like for instance libsdl-image1.2 nor does it provide a shlibs file for inserting a versioned dependency. I can solve this problem in tecnoballz but I wonder if libsdl-mixer1.2 should rather use a symbols file or the dpkg-shlibdeps mechanism to fix this for all packages depending on libsdl-mixer1.2 and libmikmod3. Manuel, what do you think about it? I am not sure if there's a clear way to solve this problem. In principle, neither tecnoballz nor sdl-mixer1.2 are doing anything wrong, and they could not have been set-up differently at the time of uploading them to the archive other than depending on an exact version of mikmod, and this would be very problematic for transitions (they would make very complicate to migrate from the version of mikmod providing libmikmod2 to the version providing libmikmod3; and of course this possible solution would have to be done for every other library that sdl-mixer1.2/tecnoballz/etc depends on). After knowing this problem, we could upload a new package revision of sdl-mixer1.2 requiring the most recent version of mikmod (or tecnoballz depending on versions of sdl-mixer1.2 compiled against libmikmod3), but in that case the issue is not scalable because it would have to be done potentially for every library that a package depends on. I don't think that Release Managers will accept this change for the next stable Jessie at this point. It seems to me that the fundamental problem is that several versions of mikmod cannot work or be loaded in memory at the same time, which could maybe be solved by symbol versioning in the shared library, or otherwise via a conflict of the binary package libmikmod3 with the previous version of libmikmod2 (so the package managers like apt would either prevent to install tecnoballz, or to force to upgrade to a recent version of sdl-mixer1.2 compiled against libmikmod3; in this particular case). I also think that using a mix of versions like sdl-mixer1.2_...-5, which was only present in unstable for a brief period of time (~5 weeks) 1.5 years ago while using recent versions of packages like tecnoballz and mikmod is not very well supported in Debian because of reasons like this one, of incompatible versions of interdependent libraries. So in short, I am not sure about what to do in this case, specially for Jessie. Cheers. -- Manuel A. Fernandez Montecelo manuel.montez...@gmail.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776042: Please make
Control: tags -1 + pending On 23 January 2015 at 03:26, Riku Voipio riku.voi...@iki.fi wrote: A multi-arch: foreign stanza is needed to install docker.io recommends on a foreign architecture. The attached patch does it, although it is totally trivial. With this patch and similar fixes to other docker.io dependencies, it was possible to install and use armhf docker on arm64 system. Hey Riku, thanks for the report and the patch! I've applied it in Git, but since Jessie is in freeze, I think we'll wait to upload a new release until after the release. ♥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776253: dependency on libwv-1.2-4 too weak
On Mon, Jan 26, 2015 at 12:25:07AM +0100, Helmut Grohne wrote: Package: wv Version: 1.2.9-4+b1 Severity: serious Justification: policy 12.3 footnote 2 Tags: patch wv contains a symlink /usr/share/doc/wv which points to libwv-1.2-4. Its dependency on libwv-1.2-4 is unversioned though which means, that the copyright and changelog files can get out of sync. This violates the Debian policy section 12.3 footnote 2. This is because, wv installes this symlink manually rather than using dh_installdocs --link-doc. Thus, wv needs to add libwv-1.2-4 (= ${binary:Version}) to its Depends in debian/control. Note that libwv-dev is already correctly doing so. If you're able upload this fix, then please do so. Dan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773577: libssh: CVE-2014-8132: Double free on dangling pointers in initial key exchange packet
On Sat, Dec 27, 2014 at 02:27:29PM +0100, Laurent Bigonville wrote: On Sat, 20 Dec 2014 08:18:29 +0100 Salvatore Bonaccorso car...@debian.org wrote: Hi, Hello, the following vulnerability was published for libssh. CVE-2014-8132[0]: Possible double free on a dangling pointer with crafted kexinit packet The fix is available at: http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f Can you please upload a fixed package? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776301: New upstream release: 0.5.2
Source: gpac Severity: wishlist Upstream has released a new version: https://github.com/gpac/gpac/tree/v0.5.2 Cheers. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-28-generic (SMP w/20 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776214: [Pkg-iscsi-maintainers] multipath not automounting iscsi devices listed in fstab
Am 26.01.2015 um 08:47 schrieb Ritesh Raj Sarraf: On 01/25/2015 09:43 PM, Christian Seiler wrote: The same fix that was implemented for open-iscsi in principle also applies for multipath-tools, i.e. make sure that for systemd systems the unit is ordered before remote-fs-pre.target. I don't use multipath-tools myself, but I'll be able to prepare a patch that fixes this on a minimal level tomorrow, you'll just have to test it yourself. Thanks Christian. I'll wait for your patch. So I did some testing with trivial multipath (only one device as backend), and I came upon the following issues AFTER I fixed this in the same way as the open-iscsi package. These issues don't seem to be related to systemd, but a general problem of the multipath package (although I didn't test it with sysvinit, so I don't know for sure): 1. open-iscsi init script (which is still called even by the new systemd service file) does udevadm settle to make sure all device nodes from logging in to iSCSI have been created, because immediately after that, it wants to activate LVMs configured on iSCSI. * On its own, that's not a problem, so if you have bare iSCSI with or without LVM on top, that works fine. * But, if you have multipath started and configured, there's /lib/udev/rules.d/60-multipath-rules with the following entry: # Coalesce multipath devices before multipathd is running # (initramfs, early boot) ACTION==add|change, SUBSYSTEM==block, RUN+=/sbin/multipath -v0 /dev/$name The problem here is that multipath -v0 /dev/$name doesn't complete because multipathd is not started. The problem is that this rule is not only triggered for the devices first available at boot, but also for the devices that appear due to iSCSI, which in this case are even configured. Unfortunately, since multipathd is not running, this is a new deadlock here. udev now has a default timeout of 30s, so boot hangs for that time and after that I get a bunch of log messages about timeouts.[1] After that, the system boots fine, udevadm settle completes, open-iscsi init script continues, and then multipathd is started, which properly activates the devices, which can then be mounted. I don't see anything systemd specific in here, and while I haven't tried it, I would suspect that the same thing occurs also with sysvinit. 2. Also, really curious, at shutdown I have the following situation: multipath-tools does not seem to dismantle (or however that is called properly) multipath volumes. So now, I have the following situation: - due to proper ordering with my fix for the 90s systemd issue, remote filesystems get unmounted by systemd first, so nothing is mounted anymore that's on multipath - /etc/init.d/multipath-tools stop is called - multipathd exits - but apparently, /dev/mapper/mp{1,2} (that's how I called my test devices) still exist - /etc/init.d/open-iscsi stop is called, that logs out of the iSCSI session - later at shutdown, something (I don't know exactly what, since shutdown is parallel) causes the kernel to try to access all block devices in the system, making it notice that it can't really access the multipath devices anymore (which still exit!), so it complains about it. See [2] for log messages related to this. So basically you have two issues: - 30s delay on boot because udevadm settle (in open-iscsi) waits for multipath -v0 but that won't complete until multipathd is started, which won't happen until the open-iscsi script is done (which waits for udevadm settle) - timeout - note that if I comment out the udev rule in question, the system boots immediately (total boot time only a couple of seconds, including iSCSI + multipath setup), but obviously that can't be a complete solution, because you DO want to pick up multipath devices that were started in early boot - this appears to be related to or the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580972 - on shutdown, multipath device mapper devices are not removed and then something tries to access them in late shutdown phase, when iSCSI is already gone, which produces weird log messages, which in the default configuration of Jessie are shown on the screen for a short time before rebooting (might irritate some people) - since file systems umount cleanly and open-iscsi does a 'sync' before logging out of all sessions, I think this is *probably* only cosmetic Therefore, my question would be: do you see the same to issues on sysvinit? If so, I would then attach my patch to fix the boot/shutdown ordering stuff of multipath-tools just on systemd and then
Bug#776320: flashplugin-nonfree: Fullscreen videos cannot be exited with escape or by clicking restore button
Package: flashplugin-nonfree Version: 1:3.6.1 Severity: normal Dear Maintainer, When going fullscreen on various sites (youtube to name one, but I have verified with others), the escape key will not exit fullscreen mode. Luckily, I can Ctrl+Shift+Arrow to another workspace to exit fullscreen, and that seems to work consistently, but I am unable to click the app's Exit Fullscreen implementation to return to the desktop. I suspect this could be a problem with anything from X to my video driver, but as I am not familiar with the source or the APIs, I figured I would start from the presentation layer and dig deeper as necessary. Thanks in advance for any investigation and or information! Following is some auto-generated system information about my relatively clean Debian Jessie Beta 2 install. -- Package-specific info: Debian version: 8.0 Architecture: amd64 Package version: 1:3.6.1 Adobe Flash Player version: LNX 11,2,202,429 MD5 checksums: 160a01dd00527304e5291e65eb0c65e2 /var/cache/flashplugin-nonfree/get-upstream-version.pl 7e05effd150ab4430693e467e4c9c404 /var/cache/flashplugin-nonfree/install_flash_player_11_linux.x86_64.tar.gz 427d26397cd55f61901911af16bbb69c /usr/lib/flashplugin-nonfree/libflashplayer.so Alternatives: flash-mozilla.so - auto mode link currently points to /usr/lib/flashplugin-nonfree/libflashplayer.so /usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50 Current 'best' version is '/usr/lib/flashplugin-nonfree/libflashplayer.so'. lrwxrwxrwx 1 root root 34 Jan 22 09:59 /usr/lib/mozilla/plugins/flash-mozilla.so - /etc/alternatives/flash-mozilla.so /usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to `/etc/alternatives/flash-mozilla.so' -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages flashplugin-nonfree depends on: ii binutils 2.24.90.20141023-1 ii ca-certificates20141019 ii debconf [debconf-2.0] 1.5.55 ii gnupg 1.4.18-6 ii libatk1.0-02.14.0-1 ii libcairo2 1.14.0-2.1 ii libcurl3-gnutls7.38.0-4 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-2 ii libgcc11:4.9.1-19 ii libglib2.0-0 2.42.1-1 ii libgtk2.0-02.24.25-1 ii libnspr4 2:4.10.7-1 ii libnss32:3.17.2-1.1 ii libpango1.0-0 1.36.8-3 ii libstdc++6 4.9.1-19 ii libx11-6 2:1.6.2-3 ii libxext6 2:1.3.3-1 ii libxt6 1:1.1.4-1+b1 ii wget 1.15-1+b1 flashplugin-nonfree recommends no packages. Versions of packages flashplugin-nonfree suggests: ii fonts-dejavu 2.34-1 pn halnone ii iceweasel 31.4.0esr-1 pn konqueror-nspluginsnone pn ttf-mscorefonts-installer none pn ttf-xfree86-nonfreenone -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776322: RM: moodle -- ROM; No maintainer, security issues, DFSG
Package: ftp.debian.org Severity: normal Hi, Moodle has several DFSG issues (e.g. #763800, #746594, #752615, #754565) and unfixed security issues (#775842). I have spoken to the maintainers - both upstream [1] and within Debian[2], and they support the removal of moodle as they are no longer have enough time to continue maintaining it. Yours thankfully, Riley Baird [1] https://moodle.org/mod/forum/discuss.php?d=278847 [2] https://bugs.debian.org/754565 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776316: [Pkg-samba-maint] Bug#776316: samba: failed to build on mips
On Mon, Jan 26, 2015 at 01:42:51PM -0500, Michael Gilbert wrote: package: src:samba version: 2:4.1.13+dfsg-4 severity: serious The latest upload failed to build on the mips buildd: https://buildd.debian.org/status/package.php?p=samba See the comment in the build log: 21:17:20 runner /usr/bin/gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fstack-protector -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DSTATIC_python_irpc_MODULES=NULL -DSTATIC_python_irpc_MODULES_PROTO= -MD -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -Idefault/source4/librpc -I../source4/librpc -Idefault/include/public -I../include/public -Idefault/source4 -I../source4 -Idefault/lib -I../lib -Idefault/source4/lib -I../source4/lib -Idefault/source4/include -I../source4/include -Idefault/include -I../include -Idefault/lib/replace -I../lib/replace -Idefault -I../../../../usr/include -Idefault -I.. -Idefault/lib/param -I../lib/param -Idefault/libcli/ldap -I../libcli/ldap -Idefault/librpc -I../librpc -Idefault/source4/dsdb -I../source4/dsdb -Idefault/python -I../python -Idefault/libcli/auth -I../libcli/auth -Idefault/lib/addns -I../lib/addns -Idefault/auth/gensec -I../auth/gensec -Idefault/auth/credentials -I../auth/credentials -Idefault/lib/krb5_wrap -I../lib/krb5_wrap -Idefault/lib/ldb-samba -I../lib/ldb-samba -Idefault/libcli/dns -I../libcli/dns -Idefault/libcli/util -I../libcli/util -Idefault/source4/auth/kerberos -I../source4/auth/kerberos -Idefault/source4/param -I../source4/param -Idefault/lib/socket -I../lib/socket -Idefault/lib/util/charset -I../lib/util/charset -Idefault/source4/libcli -I../source4/libcli -Idefault/source4/lib/events -I../source4/lib/events -Idefault/lib/async_req -I../lib/async_req -Idefault/source4/auth/gensec -I../source4/auth/gensec -Idefault/auth/kerberos -I../auth/kerberos -Idefault/source4/auth -I../source4/auth -Idefault/lib/dbwrap -I../lib/dbwrap -Idefault/source3 -I../source3 -Idefault/source3/include -I../source3/include -Idefault/source3/lib -I../source3/lib -Idefault/lib/tdb_compat -I../lib/tdb_compat -Idefault/lib/iniparser -I../lib/iniparser -Idefault/source3/librpc -I../source3/librpc -Idefault/source4/cluster -I../source4/cluster -Idefault/libcli/netlogon -I../libcli/netlogon -Idefault/libcli/security -I../libcli/security -Idefault/libcli/nbt -I../libcli/nbt -Idefault/libcli/drsuapi -I../libcli/drsuapi -Idefault/lib/tsocket -I../lib/tsocket -Idefault/source4/lib/tls -I../source4/lib/tls -Idefault/libds/common -I../libds/common -Idefault/source4/libcli/smb2 -I../source4/libcli/smb2 -Idefault/source4/lib/messaging -I../source4/lib/messaging -Idefault/auth/ntlmssp -I../auth/ntlmssp -Idefault/source4/heimdal_build -I../source4/heimdal_build -Idefault/libcli/cldap -I../libcli/cldap -Idefault/source4/lib/socket -I../source4/lib/socket -Idefault/auth -I../auth -Idefault/libcli/smb -I../libcli/smb -Idefault/libcli/lsarpc -I../libcli/lsarpc -Idefault/source4/libcli/ldap -I../source4/libcli/ldap -Idefault/dynconfig -I../dynconfig -Idefault/lib/compression -I../lib/compression -Idefault/source4/lib/stream -I../source4/lib/stream -Idefault/lib/crypto -I../lib/crypto -I/usr/local/include -I/usr/include/et -I/usr/include/heimdal -I/usr/include/python2.7 -I/usr/include/mips-linux-gnu/python2.7 -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE_EXTENDED=1 default/source4/librpc/gen_ndr/py_irpc.c -c -o default/source4/librpc/gen_ndr/py_irpc_81.o The bug is not reproducible, so it is likely a hardware or OS problem. Cheers, Jelmer -- Jelmer Vernooij jel...@debian.org Debian Developer https://jelmer.uk/ signature.asc Description: Digital signature
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
The page https://mariadb.com/kb/en/security/ has updated and includes info about these latest CVEs. It seems most issues were fixed in 5.5.41/10.0.16. One was for 5.5.39/10.0.13. 10.0.16 hasn't been yet released, but I'll expect it is released soon and I will try to be as fast as possible in updating the package in Debian once the .16 release is out. CVE-2015-0385 and CVE-2015-0409 are not listed in the MariaDB security list. I've sent email asking about their status and I'll track the results in this bug report. Here is some background info about the CVE status by a MariaDB core developer: https://lists.launchpad.net/maria-discuss/msg02153.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#744145: [Python-modules-team] Bug#744145: pip3 breaks after upgrading requests
On 2015-01-26 10:25, Chris Kuehl wrote: I wonder whether such a change should at least be documented in the release notes, even if we can't address it because of the freeze? Yes, good idea. This would allow users to remove such libraries first and then upgrade Debian. Would you file a bug against release-notes, please? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775306: pxz: race condition in setting permissions on output file
On Wed, Jan 14, 2015 at 05:25:02AM +0100, Holger Levsen wrote: control: severity -1 important Hi Alexander, On Dienstag, 13. Januar 2015, Alexander Cherepanov wrote: pxz sets the mode of an output file to be the same as the one of an input file but does it only after compression is over. This leaves the output file with the wrong mode during all the time of the compression process. thanks for the bug report! Could you maybe come up with a patch? Patch attached, can you take care of an upload and unblock with the release team? Cheers, Moritz --- pxz-4.999.99~beta3+git659fc9b.orig/pxz.c +++ pxz-4.999.99~beta3+git659fc9b/pxz.c @@ -285,2 +285,2 @@ int main( int argc, char **argv ) { } fo = stdout; + umask(077); if ( std_in ) { fi = stdin; } else {
Bug#776317: Jessie RC1 amd64 mini image missing efi bootloader
Package: cdimage.debian.org Apologies if this is the wrong package. I'm using the jessie rc1 amd64 mini.iso and the EFI partition doesn't seem to have anything in it. It should have efi/boot/bootarch.efi for EFI firmware to load properly. It also doesn't seem to exist in the i386 image either. I'm using a Minnowboard MAX to test the image via USB booting. -- Jack Truong IT Specialist @ Engineering Computing University of Waterloo (PHY-3019 x35147) http://jacktruong.net/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752479: 1.0.5 available in a ppa
Hi, https://launchpad.net/~tuxpoldo/+archive/ubuntu/roundcube has 1.0.5, for those interested. I haven't tested them yet, but will do so shortly. cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#776321: unblock: wv/1.2.9-4.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package wv The wv binary package links its documentation to libwv-1.2-4 without using dh_installdocs --linkdoc and lacks the (= ${binary:Version}) dependency required by the Debian policy. #776253 I uploaded an updated wv with the maintainers permission and the corresponding .debdiff is attached. unblock wv/1.2.9-4.1 Helmut diff -Nru wv-1.2.9/debian/changelog wv-1.2.9/debian/changelog --- wv-1.2.9/debian/changelog 2014-10-02 11:35:37.0 +0200 +++ wv-1.2.9/debian/changelog 2015-01-26 20:30:49.0 +0100 @@ -1,3 +1,11 @@ +wv (1.2.9-4.1) unstable; urgency=medium + + * Non-maintainer upload. Acknowledged by Daniel Walrond. + * Tighten dependency wv - libwv-1.2-4 to meet policy 12.3. +(Closes: #776253) + + -- Helmut Grohne hel...@subdivi.de Mon, 26 Jan 2015 20:30:47 +0100 + wv (1.2.9-4) unstable; urgency=medium * debian/control: diff -Nru wv-1.2.9/debian/control wv-1.2.9/debian/control --- wv-1.2.9/debian/control 2014-10-02 11:34:13.0 +0200 +++ wv-1.2.9/debian/control 2015-01-26 20:24:52.0 +0100 @@ -11,7 +11,7 @@ Package: wv Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends} +Depends: ${misc:Depends}, ${shlibs:Depends}, libwv-1.2-4 (= ${binary:Version}) Suggests: texlive, ghostscript, elinks | links | lynx, imagemagick, gv | postscript-viewer Description: Programs for accessing Microsoft Word documents wvWare (previously known as mswordview) is a library that allows access
Bug#774048: CVE-2014-9390
On Mon, Jan 05, 2015 at 01:47:40AM +1100, Russell Sim wrote: Moritz Muehlenhoff j...@debian.org writes: Source: libgit2 Severity: important Tags: security libgit2 is also affected by the recent git vulnerability: http://openwall.com/lists/oss-security/2014/12/18/21 Thanks for the heads up. The new release of libgit2 0.21.3 addresses this issue but it will have to wait until after the unfreeze before I can upload it to unstable. Hi Russell, this was fixed in Debian unstable, but jessie still has 0.21.1-2.1. Please either ask the release team for an unblock or provide a targeted fix for jessie. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776319: CVE-2015-0361
Source: xen Severity: important Tags: security Hi, please see http://xenbits.xen.org/xsa/advisory-116.html for details and a patch. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776034: fsck runs in parallel on same physical disk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 26/01/15 14:51, Phillip Susi wrote: On 1/26/2015 7:34 AM, Daniel Pocock wrote: The performance impact is not trivial. I have 28 LVs on my main /dev/md and 47 on an external disk that is used to replicate other filesystems. Both of these disks make a horrible thrashing sound while fsck runs. Why on earth are you fscking all of those volumes at once? Use a journaling filesystem ( ext4? xfs? ) and you shouldn't really ever need to fsck at all. I just upgraded the machine from wheezy to jessie and systemd decided to fsck them all when it booted. The machine had also been running for a long time on wheezy, they hadn't been checked for 430 days before the upgrade. About half of them had already been changed to ext4 but there were quite a few older filesystems there that I haven't updated yet. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCAAGBQJUxngQAAoJEOm1uwJp1aqDn6UQAILRzkXFYe18M26q3CuZjdVt hGjKK91WLMU5i75YbHDCW04INv9VwVczZLPcIbs6mw372lfdFYLn37aktunv+ayl wBk7sgYnt5o4Npj4GYSNsIbodiAGQdVwiEG6vVWsieXBAeYn/qtn44IfHOUEr7uN x3CyuibBrngtOn+QzQfZ8bXqugA5bPlK/F+PscN5k000A5VyWJgZKLTk39mmI47E rjfUn0LZpTypn14dprKiRitvnwKQa3GMUiiJ4yXpx0NWxkVuwhnPZvE7BiuRMYDO DuIlC+i8R1iHdEf+TMzEXiJBXfF0+WbRVC7dprFS79pjSvUELIr4Lgjr5+SVc0sS CLjwRN6ofVlh1TIQNTf+My4+JTmHE1JiTt5smD2mCEc6C/3jH/dKACAWeud7MNmX pBx+/q35be4yZhjj41spdYgTglEPixnT/1fIVfsmJUCBtMaW3eo9Xwu4XThmtVck Uq5wAtfPTUHS8JeekDIoSAUp1bNrANZhPUV65AFsA7HyCJpfM7oujQQP92d4w7mD JlobHcCF0+Yss1zbsQPAqWUm6HNyzdgKkGhZgMZNeMclO/Xq2u8xQi3fMUqzwGF7 YSaDqDvg6pG+8CS5JfRjzTkLdhA2yvM6K2jVBhpLJpUXMkK0wx6PUozRWyMCU0gX XX7aiH2kFl9Gir+ymb2Q =0bfD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776178: ITP: python-xcffib -- A drop in replacement for xpyb
On 01/26/2015 12:18 PM, Tycho Andersen wrote: I note that you filed a WNPP and not an ITP for this. Is there some way that I can help? That's probably because I am new at Debian packaging and screwed it up. I've uploaded a draft to mentors, any reviews would be much appreciated! http://mentors.debian.net/package/xcffib Tycho It's me who was confused, not you. My apologies! I'll review it ASAP and would be happy to sponsor the package if you haven't already found someone. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776315: foomatic-filters: foomatic-rip can't properly execute text filters
Package: foomatic-filters Version: 4.0.17-5 Severity: normal While trying to setup a printer directly with foomatic and rlpr, I executed the documented command to get a printout of config values: $ foomatic-rip -P printer -o docs /proc/cpuinfo I noticed errors, and the command waiting on stdin, and nothing getting printed. Following with strace, I see that foomatic-rip is incorrectly executing commands in the shell: [pid 13859] execve(/bin/bash, [/bin/bash, -c, mpage -o -1 -b Letter -H -h Documentation for the Lexmark X792 Foomatic/Postscript -m36l36b36t36r -f -P- -], [/* 38 vars */]) = 0 [pid 13859] execve(/usr/bin/mpage, [mpage, -o, -1, -b, Letter, -H, -h, Documentation, for, the, Lexmark, X792, Foomatic/Postscript, -m36l36b36t36r, -f, -P-, -], [/* 37 vars */]) = 0 As you can see, it is calling system() with an improperly quoted command. Looking at the source code, I don't see any simple way to solve this. It is pretty ugly... At the same time, I don't see any code generating the docs I am looking for, it seems commented out. So maybe that is also broken? -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages foomatic-filters depends on: ii bash 4.3-11+b1 ii debconf [debconf-2.0] 1.5.55 ii libc6 2.19-13 ii libdbus-1-31.8.12-3 ii ucf3.0030 Versions of packages foomatic-filters recommends: ii a2ps 1:4.14-1.3 ii colord 1.2.1-1+b2 ii cups-client1.7.5-10 ii ghostscript9.06~dfsg-1.1+b1 ii mpage 2.5.6-1 ii poppler-utils 0.26.5-2 ii rlpr 2.05-4 foomatic-filters suggests no packages. -- debconf information: foomatic-filters/title: foomatic-filters/custom_textfilter: foomatic-filters/filter_debug: false foomatic-filters/spooler: cups foomatic-filters/textfilter: Automagic foomatic-filters/config_parsed: true foomatic-filters/ps_accounting: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776304: dpkg: allows child processes to inherit file handles for triggers
close 776304 thanks On Tue, 27 Jan 2015, Guillem Jover guil...@debian.org wrote: Are you sure these messages are from dpkg 1.17.23 and not from an earlier version? This was supposedly fixed in 1.17.11 (see #751021). After reviewing the logs it appears that the package was upgraded after I noticed the bug but before I reported it. Sorry for the inconvenience. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776121: xapers-adder uses incorrect options for x-terminal-emulator
On Fri, Jan 23 2015, Kacper Gutowski mwgam...@gmail.com wrote: When x-terminal-emulator is provided by an implementation that does not support -title option (e.g. stterm), xapers-adder fails when trying to launch a terminal. By DPM § 11.8.3, x-terminal-emulator is only required to support -e and -T options. Please change -title to -T. Hi, Kacper. Thanks for the report. I'll fix the issue and try to push a new version soon. jamie. signature.asc Description: PGP signature
Bug#776174: git bash completion script missing
Hello Freddie, the script isn't missing, it just moved to /usr/share/bash-completion/completions/. See #698055 for details. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775625: [pkg-php-pear] symfony: Review, upload and unblock needed to fix #775625 (FTBFS in jessie)
Hi, Le 21/01/2015 14:23, David Prévot a écrit : Le 19/01/2015 13:34, Daniel Beyer a écrit : I'm not 100% sure if it really fixes the problem, since I'm not able to reproduce those errors on my local system (neither local, nor with pbuilder sid/jessie). Same here, even within sbuild. […] check if the DEP-8 tests are working on ci.debian.net (exactly the same errors mentions in #775625 occurring there). Unfortunately, the DEP-8 tests are still failing with the fix: http://ci.debian.net/packages/s/symfony/unstable/amd64/ If that’s not enough, or if upstream gives feed back on your PR, we can still roll out another update. Maybe the people behind the bug report or ci.d.n will be able to offer a shell to reproduce the issue we’ve not managed to reproduce so far… Deactivating the tests will also be an option if we can’t reproduce it, but it would be way nicer to keep a eye on eventual php5 regressions (especially with the new fancy “upload to the latest minor version” trend for fixing security issues…). An unblock request may not be necessary Adam is indeed fast ;). taffit@persil:/tmp/partclone-0.2.73$ grep-excuses symfony […] Ignoring block request by freeze, due to unblock request by adsb Regards David signature.asc Description: OpenPGP digital signature
Bug#775866: vlc: multiple vulnerabilities
On Mon, Jan 26, 2015 at 05:33:30PM +0100, Sebastian Ramacher wrote: On 2015-01-26 13:49:26, Moritz Mühlenhoff wrote: On Tue, Jan 20, 2015 at 09:47:26PM +0100, Yves-Alexis Perez wrote: * The potential invalid writes in modules/services_discovery/sap.c and modules/access/ftp.c were not fixed as I did not provide a trigger. Note, that the code looks very similar to the confirmed bug in rtp_packetize_xiph_config, and so I leave it to you to decide whether you want to patch this. These have been assigned CVE-2015-1202 and CVE-2015-1203, could you contact upstream for the status of an upstream fix? Just because they look similar, does not make them a vulnerability. The format string for ftp_SendCommand is not attacker controlled. The reporter still has not answered questions about how the invalid write in modules/access/ftp.c could be triggered [1]. Similarly, the issue in modules/services_discovery/sap.c lacks a trigger. The rather disturbing thread can be found at [2]. [1] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100674.html [2] https://mailman.videolan.org/pipermail/vlc-devel/2014-December/100675.html Given upstream's response we'll mark these as non-issues in the Debian security tracker, then. I'm adding MITRE to CC; CVE-2015-1202 and CVE-2015-1203 are disputed by upstream, please consider to mark them as rejected. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776178: ITP: python-xcffib -- A drop in replacement for xpyb
Hi Klee, On Jan 26, 2015 8:41 AM, Klee Dienes k...@debian.org wrote: Wow! Thanks for writing this! Sure, no problem :-) I *just* finished a rough port of xpyb to Python 3, and you're right that it's got a lot of issues. https://github.com/BurntSushi/xpyb I also recently ported xpybutil to python3 ... this weekend I'll try it out against xcffib. Cool! Let me know if you have any problems. I note that you filed a WNPP and not an ITP for this. Is there some way that I can help? That's probably because I am new at Debian packaging and screwed it up. I've uploaded a draft to mentors, any reviews would be much appreciated! http://mentors.debian.net/package/xcffib Tycho
Bug#759786: Bug is in intel drm, not gdm3, bug is still present.
Well, I spoke too soon - it doesn't work with 3.14.1-3, the problem is still present. I'm now convinced that it's a kernel bug - in the intel driver. Often, when I try to change the Gnome primary display from the built-in lvds panel to the external (HDMI) monitor I get errrors like: [ 111.840599] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.053452] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.061261] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.069045] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.076858] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.084674] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.092458] [drm:intel_dp_start_link_train] *ERROR* too many full retries, give up [ 112.092625] [drm:intel_dp_complete_link_train] *ERROR* failed to train DP, aborting [ 112.121420] [drm:cpt_verify_modeset] *ERROR* mode set failed: pipe A stuck And, on occasion: [ 296.173419] [ cut here ] [ 296.173498] WARNING: CPU: 2 PID: 1341 at /build/linux-CMiYW9/linux-3.16.7-ckt2/drivers/gpu/drm/i915/intel_display.c:3324 intel_crtc_wait_for_pending_flips+0x165/0x170 [i915]() [ 296.173503] Modules linked in: binfmt_misc bnep cpufreq_stats cpufreq_powersave cpufreq_userspace cpufreq_conservative qmi_wwan cdc_wdm usbnet joydev tpm_infineon qcserial option usb_wwan usbserial arc4 iTCO_wdt iTCO_vendor_support uvcvideo ecb iwldvm x86_pkg_temp_thermal videobuf2_vmalloc videobuf2_memops snd_hda_codec_hdmi intel_powerclamp mac80211 intel_rapl videobuf2_core coretemp v4l2_common snd_hda_codec_realtek kvm_intel videodev snd_hda_codec_generic kvm media psmouse pcspkr serio_raw btusb iwlwifi bluetooth 6lowpan_iphc rtsx_pci_ms i2c_i801 memstick snd_hda_intel snd_hda_controller cfg80211 snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss sony_laptop snd_pcm rfkill snd_timer battery tpm_tis snd tpm evdev soundcore processor ac mei_me shpchp mei lpc_ich loop fuse parport_pc ppdev lp parport [ 296.173593] autofs4 ext4 crc16 mbcache jbd2 sha256_ssse3 sha256_generic algif_skcipher af_alg dm_crypt dm_mod raid0 md_mod sg sd_mod crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel ghash_clmulni_intel rtsx_pci_sdmmc mmc_core aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd ahci libahci libata scsi_mod i915 ehci_pci i2c_algo_bit xhci_hcd ehci_hcd drm_kms_helper r8169 mii drm rtsx_pci mfd_core usbcore i2c_core usb_common thermal button video thermal_sys [ 296.173662] CPU: 2 PID: 1341 Comm: Xorg Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt2-1 [ 296.173666] Hardware name: Sony Corporation VPCZ22AGX/VAIO, BIOS R1010H5 07/28/2011 [ 296.173670] 0009 81507263 81065847 [ 296.173677] 88025291e000 880252f18210 880252b2f800 [ 296.173683] 880252b2f800 a021fe85 88009636d370 [ 296.173690] Call Trace: [ 296.173703] [81507263] ? dump_stack+0x41/0x51 [ 296.173713] [81065847] ? warn_slowpath_common+0x77/0x90 [ 296.173745] [a021fe85] ? intel_crtc_wait_for_pending_flips+0x165/0x170 [i915] [ 296.173754] [810a5940] ? prepare_to_wait_event+0xf0/0xf0 [ 296.173782] [a0222fd0] ? intel_crtc_disable_planes+0x30/0x1a0 [i915] [ 296.173809] [a0223555] ? ironlake_crtc_disable+0x45/0x910 [i915] [ 296.173831] [a00aeb5a] ? drm_modeset_lock+0x2a/0xd0 [drm] [ 296.173840] [8150bace] ? mutex_lock+0xe/0x2a [ 296.173868] [a0224817] ? intel_crtc_update_dpms+0x67/0x90 [i915] [ 296.173897] [a0228419] ? intel_connector_dpms+0x59/0x70 [i915] [ 296.173921] [a00a5fd6] ? drm_mode_obj_set_property_ioctl+0x396/0x3b0 [drm] [ 296.173942] [a00a601e] ? drm_mode_connector_property_set_ioctl+0x2e/0x40 [drm] [ 296.173962] [a00958b7] ? drm_ioctl+0x1c7/0x5b0 [drm] [ 296.173976] [812b4c88] ? lockref_put_or_lock+0x48/0x80 [ 296.173984] [811bb44f] ? dput+0x1f/0x170 [ 296.173990] [811b7d2f] ? do_vfs_ioctl+0x2cf/0x4b0 [ 296.173997] [8108314c] ? task_work_run+0x9c/0xd0 [ 296.174003] [811b7f91] ? SyS_ioctl+0x81/0xa0 [ 296.174010] [8150d5ea] ? int_signal+0x12/0x17 [ 296.174016] [8150d32d] ? system_call_fast_compare_end+0x10/0x15 [ 296.174021] ---[ end trace a16743e82932155b ]--- [ 296.553911] [ cut here ] [ 296.553986] WARNING: CPU: 2 PID: 1341 at /build/linux-CMiYW9/linux-3.16.7-ckt2/drivers/gpu/drm/i915/intel_display.c:953 ironlake_crtc_disable+0x90/0x910 [i915]() [ 296.553991] pipe_off wait timed out [ 296.553993] Modules linked in: binfmt_misc bnep cpufreq_stats cpufreq_powersave cpufreq_userspace cpufreq_conservative qmi_wwan
Bug#767019: xscreensaver: postinst overwrites /etc/X11/app-defaults/XScreenSaver without asking
On Sat, Dec 20, 2014 at 9:02 AM, Michael Gilbert wrote: if [ -L /etc/X11/app-defaults/XScreenSaver ]; then if [ $(readlink /etc/X11/app-defaults/XScreenSaver) = XScreenSaver-nogl -o \ $(readlink /etc/X11/app-defaults/XScreenSaver) = XScreenSaver-gl]; then rm /etc/X11/app-defaults/XScreenSaver fi This doesn't handle the case where the user intentionally had both xscreensaver-gl and xscreensaver installed, and manually set the symlink to XscreenSaver-nogl. Mhm, couldn't we apply this part of the patch and at least make this bug less RC that way? Alex -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775882: [debian-mysql] Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Control: tags -1 upstream fixed-upstream Control: retitle -1 mariadb-10.0: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381 CVE-2015-0432 CVE-2014-6568 CVE-2015-0374 Hi Otto, On Fri, Jan 23, 2015 at 08:46:46AM +0200, Otto Kekäläinen wrote: I started to search information about this 2 days ago, but so far I haven't found any indication that these would affect MariaDB, though I haven't got the definitive final reply from mariadb devs confirming so either. So the following CVEs were fixed with the 10.0.16 upload according to [1]: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381 CVE-2015-0432 CVE-2014-6568 CVE-2015-0374 [1] https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ Could you prepare an update so that these fixes can be included in Jessie? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#744145: [Python-modules-team] Bug#744145: pip3 breaks after upgrading requests
Hi Stefano, On Mon, Jan 26, 2015 at 05:12:42AM +0200, Stefano Rivera wrote: I don't think I consider this bug to be RC. Debian packages have declared dependencies on other Debian packages. Replacing one with something newer from upstream, is quite likely to break things. Thanks for responding. I do understand your reasoning behind not considering the bug for jessie. For the sake of documenting this bug better, I probably should have explained my reasoning a bit clearer. I'm afraid that the impact of the bug, particularly on upgrades, is likely to be pretty widespread: * On wheezy, if someone installs requests to system site-packages, pip will work fine. After an upgrade to jessie, pip is broken and cannot be fixed without rm-ing the appropriate directory (pip uninstall won't work, either). * As far as I'm aware, vendorizing (and on Debian, de-vendorizing) is new with the version of pip included with jessie, so the behavior that installing a different requests version (or some other devendorized library, such as colorama) can permanently break pip is new. * The default option is to install system-wide (i.e. --user is not implicit for non root, #725848), and site-packages installs are still very common, especially when one desires to have a Python binary packaged on PyPI installed system-wide. It's very easy for a user to back themselves into a corner, especially given that once requests has been installed, there is no easy or obvious way to fix pip. I wonder whether such a change should at least be documented in the release notes, even if we can't address it because of the freeze? sudo pip on a Debian box is dangerous, don't do that, and rather use virtualenvs, if you need to go off the beaten track. I agree with this, but I'm afraid that it's still a very common practice. It's not hard to find articles advising users to run `pip` as root, and I suspect that such recommendations will be the first result when an unsuspecting user searches pip errors on Google. Thanks and happy Monday, Chris -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
On Mon, Jan 26, 2015 at 09:07:19PM +0530, Ritesh Raj Sarraf wrote: On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. I've added the VMSVGA fixes to the security tracker, but there are also two issues in Core, which apply to wheezy/jessie: Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418? http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774693: sysdig-dkms: does not compile for 3.19-rc3
Hi again, On Sat, Jan 24, 2015 at 11:58:47AM +0100, Evgeni Golov wrote: Hi The patch was against upstream git aka 0.1.95. Sorry, I forgot to check against the version in Debian. Can you try upstream? Upstream won't work either. They removed msg_iov(len)? from struct msghdr in c0371da6047abd261bc483c744dbc7d81a116172. Le sigh. I didn't have the chance to wrap my head around the needed changes for sysdig. Feel free to be faster than me :-) Greets Evgeni -- Bruce Schneier can read and understand Perl programs. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776314: /var/log/faillog is never updated
Package: login Version: 1:4.1.5.1-1 while auth.log and laslog are updated faillog is not # faillog -a all the lines are like : root00 01/01/70 01:00:00 +0100 user00 01/01/70 01:00:00 +0100 of course i did fail some login with a user and root i usually log from ssh so i also tried a fail log from the terminal itself, it changed nothing to faillog (auth.log is updated) # grep -i faillog /etc/login.defs : FAILLOG_ENAByes # grep -ri tally /etc/* - nothing other than comments the file /var/log/faillog never changed since the installation i do not reset the modification date of /var/log/faillog with a faillog -ra as root (which semms odd or lead to think i understand nothing to the problem) # uname -a (w/o hostname) Linux 3.2.0-4-486 #1 Debian 3.2.65-1+deb7u1 i686 GNU/Linux # apt-cache policy libc6 ... Installed: 2.13-38+deb7u6 ... it is a debian wheezy stable, no fancy things regards -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776316: samba: failed to build on mips
package: src:samba version: 2:4.1.13+dfsg-4 severity: serious Hi, The latest upload failed to build on the mips buildd: https://buildd.debian.org/status/package.php?p=samba Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#306501: mpd: request for read-only mode
tags 306501 + moreinfo thanks Hi Vincent, mpd should have a read-only mode for clients. Currently, if a user wants to be able to play files of the playlist, he needs the control permission, i.e. password password@read,control in the /etc/mpd.conf file. But the control permission also allows him to clear the playlist and save it. I'm not sure what you're trying to achieve. Why shouldn't the client be able to add songs to the current playlist, or clear it and build a new playlist? And, given that this bug is almost ten years old and has failed to attract any visible reaction up to now, do you think it's still useful to keep it open, do you want to take your request upstream, or should we conclude that mpd won't change in this regard and just put it to rest? Florian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776327: repsnapper: corrupted gcode generation
Package: repsnapper Version: 2.3.2a5-1 Severity: normal Tags: upstream certain STL files generate completely incorrect (corrupted) gcode. followup files to be attached in separate report -- System Information: Debian Release: 7.4 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages repsnapper depends on: ii libatk1.0-0 2.14.0-1 ii libatkmm-1.6-12.22.7-2 ii libc6 2.18-5 ii libcairo2 1.14.0-2.1 ii libcairomm-1.0-1 1.10.0-1 ii libfontconfig12.11.0-6.1 ii libfreetype6 2.5.2-2 ii libgcc1 1:4.9.1-19 ii libgdk-pixbuf2.0-02.31.1-2+b1 ii libgl1-mesa-glx [libgl1] 10.2.4-1 ii libglib2.0-0 2.42.0-2 ii libglibmm-2.4-1c2a2.42.0-1 ii libglu1-mesa [libglu1]9.0.0-2 ii libgtk2.0-0 2.24.25-1 ii libgtkglext1 1.2.0-3.2 ii libgtkglextmm-x11-1.2-0 1.2.0-6 ii libgtkmm-2.4-1c2a 1:2.24.4-1 ii libice6 2:1.0.9-1 ii libpango-1.0-01.36.8-2 ii libpangocairo-1.0-0 1.36.8-2 ii libpangoft2-1.0-0 1.36.8-2 ii libpangomm-1.4-1 2.34.0-1 ii libpangox-1.0-0 0.0.2-4 ii libsigc++-2.0-0c2a2.2.11-3 ii libsm62:1.2.2-1 ii libstdc++64.9.1-19 ii libx11-6 2:1.6.2-2 ii libxml++2.6-2 2.36.0-2 ii libxml2 2.9.1+dfsg1-4 ii libxmu6 2:1.1.2-1 ii libxt61:1.1.4-1 ii libzip2 0.11.2-1 ii zlib1g1:1.2.8.dfsg-1 repsnapper recommends no packages. repsnapper suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org