On Tue, 2005-11-22 at 01:53 +0100, Daniel Nylander wrote:
Here is the swedish translation of xmms-goom
Thank you for the translation. The binary you translated isn't included
in Debian's xmms-goom package but I'll forward your work to the upstream
author.
John
signature.asc
Description:
Package: kino
Version: 0.75-7
Severity: wishlist
The ffmpeg divx export scripts export a valid mpeg4 file but
tag this file as FMP4. This causes problems with some
free software video players which don't understand that FMP4
is functionally identical to DIVX.
test.avi is tagged as FMP4
[EMAIL
tags 340070 + patch
thanks
pri_set_error and pri_set_message in libpri.h from libpri-dev have
changed since this version of yate was released. Updating yate to a
newer upstream would likely fix the FTBFS error. Barring that, the
attached dpatch gets the yate package compiling again in its
tags 336840 + patch
thanks
Reordering the call to glutInit in orbit.c fixes this error.
John
diff -ur space-orbit-1.01.orig/src/orbit.c space-orbit-1.01/src/orbit.c
--- space-orbit-1.01.orig/src/orbit.c 2005-12-13 18:22:35.0 -0600
+++ space-orbit-1.01/src/orbit.c 2005-12-13
tags 275401 +patch
thanks
I can easily replicate this bug...
update apt-watch (works)
launch synaptic from apt-watch
close synaptic
update apt-watch (error)
The attached patch seems to fix the problem with 3.2-2. I haven't
looked at apt-watch closely enough to follow exactly what it's doing,
Package: nsd3
Version: 3.0.7-2~bpo40+1
Severity: normal
The NSD3 init script provides a reload action which calls nsdc reload. As
discussed in the upstream bug report, nsdc reload does not reread the nsd.conf
configuration file, so it's behavior falls far short of the policy manual's
On Fri, 2005-02-04 at 11:11 +0100, Martin Schuster wrote:
Package: xmms-infinity
Version: 0.5.9-1
Severity: normal
New upstream version is available (0.6.0)
http://freshmeat.net/projects/infinity-plugin/?branch_id=50068release_id=178677
My understanding was that the 0.6.0 release was
On Thu, 2005-02-10 at 21:42 +0100, Thorsten Haude wrote:
Jess uses 50M memory although inactive and never uses in current session:
50924k: PID 4259 (/usr/lib/xmms/Visualization/libjess.so)
You saw this output from memstat, correct?
I can get the same sort of wacky output, but if I remove
On Mon, 2005-02-28 at 15:45 +0100, Andreas Jochens wrote:
...
With the attached patch 'xmms-synaesthesia' can be compiled
on amd64 using gcc-4.0.
Regards
Andreas Jochens
diff -urN ../tmp-orig/xmms-synaesthesia-0.0.3/syna_core.c ./syna_core.c
---
On Fri, 2005-02-04 at 18:40 +0100, Martin Schuster wrote:
On Fri, Feb 04, 2005 at 08:15:52AM -0600, John Lightsey wrote:
My understanding was that the 0.6.0 release was mostly the portability
fixes I applied to 0.5.9 and forwarded upstream. I'll take a look at
the upstream version though
Package: libdv
Severity: minor
In debian/rules you need to either export the CFLAGS after setting
them or include the CFLAGS on the configure/make lines. As is,
compiling with noopt will result in -O2 binaries.
Thanks
John
-- System Information:
Debian Release: 3.1
APT prefers unstable
retitle 285274 RFP: libvisual -- abstraction library for visualization plugins
thanks
Is there any progress on this ITP? I'd really like to see libvisual
in Debian.
I haven't made any progress with it and I'd assume that Frederik
hasn't either. Feel free to take over the ITP if you'd like.
retitle 285274 ITP: libvisual -- abstraction library for visualization plugins
thanks
On Fri, 2005-05-06 at 20:25 +0200, Frederik Dannemare wrote:
I have actually been doing packages since 0.1.7, since I need it for
LiVES which I'm also maintaining (also not yet in Debian).
All I need is a
On Fri, 2005-05-06 at 21:50 +0200, Frederik Dannemare wrote:
On Friday 06 May 2005 21:07, John Lightsey wrote:
You'll have to give me some slack though. I haven't sponsored anyone
before and I'll be fairly busy for the next few weeks.
No problem. I think we should actually wait until
Package: wnpp
Severity: wishlist
Owner: John Lightsey [EMAIL PROTECTED]
* Package name: libyaml-tiny-perl
Version : 1.04
Upstream Author : Adam Kennedy [EMAIL PROTECTED]
* URL : http://search.cpan.org/~adamk/YAML-Tiny-1.04/
* License : Perl (GPL/Artistic
On Tue, 2007-05-22 at 18:09 +0200, Giovanni Mascellani wrote:
While having a look into /var/cache/apt, I noted that some files are
owned by root.root and others by giovanni.giovanni (my username). I
believe that apt-watch moves the .debs from its cache to the system
cache, but doesn't set
tags 431324 + pending
thanks
I isolated the problem with apt-watch yesterday and I'll have a new
version uploaded this evening with the fix.
John
signature.asc
Description: This is a digitally signed message part
Package: gnome-games
Version: 1:2.10.1-5
Severity: normal
Play a game of AisleRiot until you get the
Congratulations You have won!!! dialog.
From this point you can intentionally or accidentally
win another game instantly.
Click the close button on the dialog.
Click one of the open spaces so
Package: nsd3
Version: 3.0.7-2~bpo40+1
Severity: minor
Please update the cron job for NSD3 so that it doesn't
generate output when there is no error. IMHO, this message
shouldn't be sent:
nsdc: no patch necessary.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy:
On Mon, 2006-04-24 at 12:21 +0200, Martin Schulze wrote:
Package: apt-watch-backend
One of these descriptions is most probably wrong...
I'll update the short descriptions with the next version. Thanks for
pointing this out.
John
signature.asc
Description: This is a digitally signed
On Fri, 2006-02-24 at 00:38 +, Eduardo Neves Heleno Silva wrote:
Hi, I made myself a new icon and animation for apt-watch. Unfortunally
it's very hard to make the animation look better, because its size is
very small (24x24) but I think it's a bit beeter than the current one.
Personally
Hi there,
The other day I was looking for a cross platform C++ IDE that's a bit
lighter and better integrated than Eclipse + CDT. The description and
screenshots of Codeblocks on their website looked quite good, and I'm a
fan of wxWidgets to begin with. After that I saw your ITP on the WNPP
On Tue, 2006-06-20 at 20:07 +0200, Karl Bartel wrote:
I just uploaded a new release. The code worked out quite different
than in the patch, because I wanted to add a Sound on/off switch
without adding an additional conditional around each line where a
sound is played. This bug should be
On Sat, 2006-07-08 at 12:52 +0200, Matthias Klose wrote:
Package: castle-combat
Tags: patch
I'm not uploading this before Jul 15 as a NMU, because it's a change
to the build system as well (introducing debhelper).
While I certainly appreciate the help in updating to the new Python
policy, I
On Tue, 2006-05-30 at 18:07 +0300, Timo Juhani Lindfors wrote:
Package: castle-combat
Version: 0.8.0-2
Severity: grave
Justification: renders package unusable
When two local players play the game it throws
...
File /usr/share/games/castle-combat/scripts/cannon.py, line 21, in
Package: wnpp
Severity: wishlist
Owner: John Lightsey [EMAIL PROTECTED]
* Package name: libparallel-forkmanager-perl
Version : 0.7.5
Upstream Author : Szabó, Balázs [EMAIL PROTECTED]
* URL : http://search.cpan.org/~dlux/Parallel-ForkManager-0.7.5/
* License
Hi there,
Do you still intend to adopt the Debian Parrot packages? From what I
can see, there was some talk in December about setting up group
maintenance of Parrot, but it doesn't look like that ever took off.
John
signature.asc
Description: This is a digitally signed message part
On Tue, 2008-03-11 at 07:23 +0200, Joona Kiiski wrote:
Package: castle-combat
Version: 0.8.1.dfsg.1-0.1
Severity: normal
When I click help-button in the main menu, nothing happens, but
program becomes unresponsive for mouse
clicks or keypresses.
Thanks for pointing this out. It's popping
On Sun, 2009-09-27 at 15:48 +0200, Luca Falavigna wrote:
I was looking at castle-combat trying to see if it can be ported to
python-numpy because python-numeric* packages have been removed.
This is not a trivial task because some things have changed and it
crashes every now and then, with
Package: xen-tools
Version: 3.9-4
Severity: grave
Tags: security
Justification: user security hole
I'm tagging this security, though common best practices would suggest that
access
to the Dom0 should be severely restricted to begin with.
When xen-create-image is used to create a file based
On 02/11/2011 08:28 AM, Moritz Muehlenhoff wrote:
Hi John,
I've tried to rebuild java-imaging-utilities for Univention Corporate Server,
a Debian derived distribution based on Debian stable (currently Lenny, our
next
release will be based on Squeeze).
libfinance-quotehist-perl fails to
tags 594353 + pending
thanks
I'll upload a new version tonight without -Werror in CXXFLAGS. The
package builds fine aside from the deprecation warnings.
Thanks for your bug report.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
This shouldn't be tagged as a grave security issue. The symlink tests
in Apache are trivial to overcome with timing attacks and the Apache
documentation explicitly states that the symlink tests should not be
considered a security restriction.
On Fri, 2009-02-20 at 15:45 +0100, colliar wrote:
especially with cron-apt installed apt-watch often downloads files for a
second time instead of checking the system cache.
Thanks for reporting this issue. This problem will be addressed in the
next release of apt-watch.
John
signature.asc
Package: wnpp
Severity: wishlist
Owner: John Lightsey light...@debian.org
* Package name: libfinance-quotehist-perl
Version : 1.14
Upstream Author : Matthew Sisk s...@mojotoad.com
* URL : http://search.cpan.org/dist/Finance-QuoteHist/
* License : Perl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks for your bug report. I'll improve the long description when I
package the next upstream release of YAML::Tiny.
John
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
Package: debbugs
Version: 2.4.2~exp1
Severity: normal
Tags: patch
Hi there, I rebuilt the packages from experimental on my testing system, but
it looks like this problem may exist in previous versions as well. We doing a
fresh install of debbugs and running debbugsconfig for the first time, it
tags 610384 + wontfix
thanks
The handling of files in /tmp with Parallel::Forkmanager 0.7.6+ is very
insecure.
http://rt.cpan.org/Ticket/Display.html?id=68298
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: libhttp-dav-perl
Version: 0.38-1
Severity: normal
There have been several releases of HTTP::DAV since the last refresh of the
Debian package in 2009. The 0.40 version in particular fixed an annoying bug
where you have to specify the realm along with authentication credentials.
-- System
Package: masqmail
Version: 0.2.21-4
Severity: critical
Tags: security
Justification: root security hole
Reporting publicly since this has already been disclosed on the masqmail list.
In src/log.c there are two logging functions that use this logic:
uid_t saved_uid;
saved_uid =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
block 242613 by 531702
thanks
I was going to update apt-watch-gnome to use the x-terminal-emulator
alternative instead of xterm with the apt-watch 0.4.0 release, but it
turns out that gnome-terminal isn't usable in a su-to-root context
because of bug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/01/2011 04:00 PM, Dominic Hargreaves wrote:
Source: libfinance-quotehist-perl
Version: 1.16-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)
This package FTBFS with a clean sid chroot:
@@ -1,3 +1,9 @@
+libfinance-quotehist-perl (1.14-1+squeeze1) stable; urgency=low
+
+ * Disable faulty unit tests. (Closts: #612914)
+
+ -- John Lightsey light...@debian.org Mon, 23 May 2011 23:58:00 -0500
+
libfinance-quotehist-perl (1.14-1) unstable; urgency=low
* Initial Release. (Closes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
fixed 612914 1.14-1+squeeze1
thanks
The fixed version of libfinance-quotehist-perl has been accepted into
stable-proposed-updates and will be included in the next stable release.
The patch applied is:
diff --git a/debian/rules b/debian/rules
index
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: nwall
Version: 1.32+debian-4.1
Severity: normal
- --- Please enter the report below this line. ---
In main(), the return value of ttyname(2) isn't checked which results
in a segfault if fd 2 isn't attached to a tty:
strace -f perl -e 'open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/19/2011 07:08 PM, Michael Biebl wrote:
Hi John,
as you might have noticed, the GNOME 3 transition is now ongoing in unstable.
Could you please upload apt-watch 0.4.0 from experimental to unstable now as
otherwise apt-watch will block this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/12/2011 03:03 AM, Niels Thykier wrote:
Please see attached patch as an example of how to do this.
Please note that the buildds are still using build followed by
binary-arch.
For more information, please see [1].
~Niels
[1]
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
Monkey webserver fails to drop supplemental groups when lowering privileges.
This allows any local user on the system to read any fine that root's
supplemental
groups can access. Monkey does perform
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
The Monkey webserver retains RUID/RGID root so that it can regain root as
needed to perform privileged operations. Unfortunately, monkey does not drop
RUID/RGID root before executing CGI scripts.
Package: monkey
Version: 0.9.3-1
Severity: important
In testing the 0.9.3-1 monkey package on an AMD64 KVM VM, all requests to the
server resulted in segfaults in the thread trying to handle the request. A 386
test VM did not have the same problem. The segfault occurs when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/20/2012 11:39 AM, Henri Salo wrote:
I could not reproduce this issue in squeeze with amd64-machine
using monkey package 0.9.3-1. Could you tell me more about your
virtualization environment?
I used a KVM VM running Squeeze with an AMD
On Fri, 2012-09-21 at 16:07 +0300, Henri Salo wrote:
On Thu, Sep 20, 2012 at 01:37:35PM -0500, John Lightsey wrote:
If you'd like, I can get a full backtrace. It takes some effort since
the monkey package doesn't handle DEB_BUILD_OPTIONS correctly.
I think full backtrace is needed
Source: glib2.0
Severity: important
Tags: security
The standard hashing functions provided with the ghashtable implementation
in glib are vulnerable to the algorithmic complexity attacks described in
oCert-2011-003
http://www.ocert.org/advisories/ocert-2011-003.html
This was reported upstream
On 01/07/2012 10:34 PM, Michael Biebl wrote:
On 08.01.2012 02:28, John Lightsey wrote:
This discussion is from 2003 and had no real conclusion.
Have you checked if the current code base is still vulnerable?
Yes, I looked at their upstream repo and it appears to me that the
standard hashing
Package: libapr1
Version: 1.4.5-1.1
Severity: important
Tags: security
APR's hash implementation is vulnerable to the same types of algorithmic
complexity attacks disclosed in oCert-2011-003.
Discussion of the problem on the apr-dev mailing list is available here:
On 03/28/2013 09:58 AM, Damyan Ivanov wrote:
-=| John Lightsey, 18.05.2011 20:25:09 -0500 |=-
tags 610384 + wontfix
thanks
The handling of files in /tmp with Parallel::Forkmanager 0.7.6+ is very
insecure.
http://rt.cpan.org/Ticket/Display.html?id=68298
Dear John,
It seems to me
Thanks for the bug report on apt-watch. It should be straightforward to fix.
signature.asc
Description: OpenPGP digital signature
Package: ftp.debian.org
Severity: normal
src:apt-watch hasn't served much purpose since the switch to Gnome3 and the
deemphasis of panel applets. It will FTBFS shortly (#772617) and should be
removed from the archive.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with
On Tue, 2014-12-09 at 08:34 +, Dmitry Shachnev wrote:
Package: apt-watch-gnome
Version: 0.4.0-2.1
Severity: important
Justification: will FTBFS soon
Thanks for the report. I've requested removal of apt-watch. It hasn't
been very relevant since the switch to Gnome3.
signature.asc
On Sun, 2016-12-18 at 18:15 +0100, koopa wrote:
> numpy.oldnumeric has been removed in 1.9 release so castle-combat does not
> start
> https://docs.scipy.org/doc/numpy-dev/release.html#numpy-1-9-0-release-notes
>
> so castle-combat does not start
>
Thanks for pointing this out.
castle-combat
Package: ftp.debian.org
Severity: normal
Please remove the castle-combat package. There has been no upstream development
of castle-combat in many years, and it no longer functions due to the removal of
the oldnumeric module from numpy.
signature.asc
Description: This is a digitally signed
Source: phamm
Severity: important
Tags: upstream security
While looking through codesearch.debian.net I noticed that phamm's
views/helpers.php uses $_SERVER['PHP_SELF'] in a way that is vulnerable to
reflected XSS attacks.
To reproduce the problem, load a URL like this in Firefox:
tags 841144 + patch
thanks
I'm attaching the patch we used at cPanel to fix this issue with the
4.9 Debian Stable kernel.
I forwarded a version of this patch to the ocfs2-devel mailing list
already.
From Mon Sep 17 00:00:00 2001
From: John Lightsey &l
: make metadata estimation accurate and clear
Current code assume that ::w_unwritten_list always has only one item on.
This is not right and hard to get understood.
So improve how to count unwritten item.
Reported-by: John Lightsey <j...@nixnuts.net>
Signed-off-by: Changwei Ge <ge.c
64 matches
Mail list logo
