Bug#510563: liblemonldap-ng-manager-perl: First install failed
Package: liblemonldap-ng-manager-perl Version: 0.9.3-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First install failed because dh_compress has compress files used to create the first site. - -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (800, 'testing'), (600, 'unstable'), (600, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages liblemonldap-ng-manager-perl depends on: ii libjs-jquery 1.2.6-1JavaScript library for dynamic web ii liblemonldap-ng-conf-perl 0.9.3-1Lemonldap::NG apache administratio ii liblemonldap-ng-handler-perl 0.9.3-1Lemonldap::NG apache module part ii libxml-simple-perl2.18-1 Perl module for reading and writin Versions of packages liblemonldap-ng-manager-perl recommends: ii libapache-session-perl1.86-1 Perl modules for keeping persisten ii libcache-cache-perl 1.05-2 Managed caches of persistent infor ii libsoap-lite-perl 0.710.08-1 Client and server side SOAP implem liblemonldap-ng-manager-perl suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklfJD8ACgkQZ9okSKmj7dVnLgCgtQya7Pob5r+oUp6Ub5HnkbrP rXIAoKPPSDjDtx475DVsLsgAMD9LSMIQ =/dNB -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510562: liblemonldap-ng-portal-perl: Install failed
Package: liblemonldap-ng-portal-perl Version: 0.9.3-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 postinst failed at first install besause dh_compress has compressed examples files used to create the first site. - -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (800, 'testing'), (600, 'unstable'), (600, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages liblemonldap-ng-portal-perl depends on: ii libapache-session-perl1.86-1 Perl modules for keeping persisten ii libhtml-template-perl 2.9-1 HTML::Template : A module for usin ii libjs-jquery 1.2.6-1JavaScript library for dynamic web ii liblemonldap-ng-conf-perl 0.9.3-1Lemonldap::NG apache administratio ii liblemonldap-ng-handler-perl 0.9.3-1Lemonldap::NG apache module part ii libnet-ldap-perl 1:0.36-1 A Client interface to LDAP servers ii libxml-libxml-perl1.66-1+b1 Perl module for using the GNOME li liblemonldap-ng-portal-perl recommends no packages. Versions of packages liblemonldap-ng-portal-perl suggests: ii libcgi-session-perl 4.35-1 Persistent session data in CGI app ii liblasso-perl 2.2.1-1Library for Liberty Alliance and S ii slapd 2.4.11-1 OpenLDAP server (slapd) - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklfI84ACgkQZ9okSKmj7dWpVQCeJZy9ZSN8T+paiLYU3vaKt6XT qfsAoJxkmKInOwHWPgxV/pGUqbL4Emum =60dq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510564: nautilus: smb file deletion gvfs
Package: nautilus Version: 2.20.0-7 Severity: grave Justification: causes non-serious data loss Hi I found a bug on ubuntu launchpad and reproduced it is (the bug) currently in debian lenny and is filed upstream (i filled it upstream). http://bugzilla.gnome.org/show_bug.cgi?id=564563 Here is a copy of what the bug is as per my report of it to gnome's bugtracker. When usingsmb shares (smb://server/foldername), files can be deleted without warning due to case sensitivity issues. Steps to reproduce: 1. have a samba server sharing files on an ext3 partition. 2. make a file called 123.abc 3. make a file called 123.ABC Actual results: The file called 123.abc is deleted and no warning message is shown to the user, the file is just deleted. -- Expected results: A prompt to show up and alert the user that they will overwrite / delete the original file. Does this happen every time? Yes. Other information: https://bugs.edge.launchpad.net/ubuntu/+source/nautilus/+bug/195798 -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nautilus depends on: ii desktop-file-utils0.15-1 Utilities for .desktop files ii gnome-control-center 1:2.22.2.1-2 utilities to configure the GNOME d ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library ii libc6 2.7-16 GNU C Library: Shared libraries ii libcairo2 1.6.4-7The Cairo 2D vector graphics libra ii libeel2-2.20 2.20.0-7 Eazel Extensions Library (for GNOM ii libesd0 0.2.36-3 Enlightened Sound Daemon - Shared ii libexempi32.0.1-1library to parse XMP metadata (Lib ii libexif12 0.6.16-2.1 library to parse EXIF files ii libgail-common1.22.3-1 GNOME Accessibility Implementation ii libgail18 1.22.3-1 GNOME Accessibility Implementation ii libgconf2-4 2.22.0-1 GNOME configuration database syste ii libglade2-0 1:2.6.2-1 library to load .glade files at ru ii libglib2.0-0 2.16.6-1 The GLib library of C routines ii libgnome-desktop-22.22.3-2 Utility library for loading .deskt ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display ii libgnomeui-0 2.20.1.1-2 The GNOME 2 libraries (User Interf ii libgnomevfs2-01:2.22.0-5 GNOME Virtual File System (runtime ii libgtk2.0-0 2.12.11-4 The GTK+ graphical user interface ii libnautilus-extension12.20.0-7 libraries for nautilus components ii liborbit2 1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.20.5-3 Layout and rendering of internatio ii librsvg2-22.22.2-2lenny1 SAX-based renderer library for SVG ii libselinux1 2.0.65-5 SELinux shared libraries ii libstartup-notification0 0.9-1 library for program launch feedbac ii libtrackerclient0 0.6.6-2metadata database, indexer and sea ii libx11-6 2:1.1.5-2 X11 client-side library ii libxml2 2.6.32.dfsg-5 GNOME XML library ii nautilus-data 2.20.0-7 data files for nautilus ii shared-mime-info 0.30-2 FreeDesktop.org shared MIME databa Versions of packages nautilus recommends: ii app-install-data 2008.11.27 Application Installer Data Files ii desktop-base 5.0.3 common files for the Debian Deskto ii eject 2.1.5+deb1-4 ejects CDs and operates CD-Changer ii libgnomevfs2-extra1:2.22.0-5 GNOME Virtual File System (extra m ii librsvg2-common 2.22.2-2lenny1 SAX-based renderer library for SVG ii nautilus-cd-burner2.20.0-1 CD Burning front-end for Nautilus ii synaptic 0.62.1 Graphical package manager Versions of packages nautilus suggests: ii eog 2.22.3-2 Eye of GNOME graphics viewer progr ii evince [pdf-viewer] 2.22.2-4~lenny1 Document (postscript, pdf) viewer pn fam none (no description available) pn tracker none (no description available) ii vlc [mp3-decoder] 0.8.6.h-4+lenny2 multimedia player and streamer ii vlc-nox [mp3-decoder] 0.8.6.h-4+lenny2 multimedia player and streamer (wi -- no
Bug#505270: confirm
Am Freitag, den 02.01.2009, 15:10 +1300 schrieb Jochen: I can confirm this bug on 2 of my systems. However for me the /etc/directfbrc does not fix the error. Cheers Jochen I can confirm this bug as well, even with 0.3.13-1 the error persists. The /etc/directfbrc hack doesn't work for me, too. Some random information: I purged and reinstalled: desktop-base, all 3 splashy packages, libdirectfb, all of them with the latest versions. My /tmp is on a tmpfs. Splashy works _every time_ at shutting down and hibernation/resume. All the best, Dan signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Bug#510562: marked as done (liblemonldap-ng-portal-perl: Install failed)
Your message dated Sat, 03 Jan 2009 09:32:07 + with message-id e1lj2rx-00059z...@ries.debian.org and subject line Bug#510562: fixed in lemonldap-ng 0.9.3.2-1 has caused the Debian Bug report #510562, regarding liblemonldap-ng-portal-perl: Install failed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510562: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: liblemonldap-ng-portal-perl Version: 0.9.3-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 postinst failed at first install besause dh_compress has compressed examples files used to create the first site. - -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (800, 'testing'), (600, 'unstable'), (600, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages liblemonldap-ng-portal-perl depends on: ii libapache-session-perl1.86-1 Perl modules for keeping persisten ii libhtml-template-perl 2.9-1 HTML::Template : A module for usin ii libjs-jquery 1.2.6-1JavaScript library for dynamic web ii liblemonldap-ng-conf-perl 0.9.3-1Lemonldap::NG apache administratio ii liblemonldap-ng-handler-perl 0.9.3-1Lemonldap::NG apache module part ii libnet-ldap-perl 1:0.36-1 A Client interface to LDAP servers ii libxml-libxml-perl1.66-1+b1 Perl module for using the GNOME li liblemonldap-ng-portal-perl recommends no packages. Versions of packages liblemonldap-ng-portal-perl suggests: ii libcgi-session-perl 4.35-1 Persistent session data in CGI app ii liblasso-perl 2.2.1-1Library for Liberty Alliance and S ii slapd 2.4.11-1 OpenLDAP server (slapd) - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklfI84ACgkQZ9okSKmj7dWpVQCeJZy9ZSN8T+paiLYU3vaKt6XT qfsAoJxkmKInOwHWPgxV/pGUqbL4Emum =60dq -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- Source: lemonldap-ng Source-Version: 0.9.3.2-1 We believe that the bug you reported is fixed in the latest version of lemonldap-ng, which is due to be installed in the Debian FTP archive: lemonldap-ng-doc_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/lemonldap-ng-doc_0.9.3.2-1_all.deb lemonldap-ng_0.9.3.2-1.diff.gz to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2-1.diff.gz lemonldap-ng_0.9.3.2-1.dsc to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2-1.dsc lemonldap-ng_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2-1_all.deb lemonldap-ng_0.9.3.2.orig.tar.gz to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2.orig.tar.gz liblemonldap-ng-conf-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-conf-perl_0.9.3.2-1_all.deb liblemonldap-ng-handler-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-handler-perl_0.9.3.2-1_all.deb liblemonldap-ng-manager-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-manager-perl_0.9.3.2-1_all.deb liblemonldap-ng-portal-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-portal-perl_0.9.3.2-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard x.guim...@free.fr (supplier of updated lemonldap-ng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 09:51:55 +0100 Source: lemonldap-ng Binary: lemonldap-ng lemonldap-ng-doc liblemonldap-ng-handler-perl liblemonldap-ng-conf-perl liblemonldap-ng-manager-perl liblemonldap-ng-portal-perl Architecture: source all Version: 0.9.3.2-1 Distribution: unstable Urgency: low Maintainer: Xavier Guimard x.guim...@free.fr Changed-By: Xavier Guimard x.guim...@free.fr Description: lemonldap-ng - Lemonldap::NG Web-SSO system lemonldap-ng-doc - Lemonldap::NG Web-SSO system documentation liblemonldap-ng-conf-perl - Lemonldap::NG apache
Bug#510563: marked as done (liblemonldap-ng-manager-perl: First install failed)
Your message dated Sat, 03 Jan 2009 09:32:07 + with message-id e1lj2rx-0005a2...@ries.debian.org and subject line Bug#510563: fixed in lemonldap-ng 0.9.3.2-1 has caused the Debian Bug report #510563, regarding liblemonldap-ng-manager-perl: First install failed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510563 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: liblemonldap-ng-manager-perl Version: 0.9.3-1 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First install failed because dh_compress has compress files used to create the first site. - -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (800, 'testing'), (600, 'unstable'), (600, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages liblemonldap-ng-manager-perl depends on: ii libjs-jquery 1.2.6-1JavaScript library for dynamic web ii liblemonldap-ng-conf-perl 0.9.3-1Lemonldap::NG apache administratio ii liblemonldap-ng-handler-perl 0.9.3-1Lemonldap::NG apache module part ii libxml-simple-perl2.18-1 Perl module for reading and writin Versions of packages liblemonldap-ng-manager-perl recommends: ii libapache-session-perl1.86-1 Perl modules for keeping persisten ii libcache-cache-perl 1.05-2 Managed caches of persistent infor ii libsoap-lite-perl 0.710.08-1 Client and server side SOAP implem liblemonldap-ng-manager-perl suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklfJD8ACgkQZ9okSKmj7dVnLgCgtQya7Pob5r+oUp6Ub5HnkbrP rXIAoKPPSDjDtx475DVsLsgAMD9LSMIQ =/dNB -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- Source: lemonldap-ng Source-Version: 0.9.3.2-1 We believe that the bug you reported is fixed in the latest version of lemonldap-ng, which is due to be installed in the Debian FTP archive: lemonldap-ng-doc_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/lemonldap-ng-doc_0.9.3.2-1_all.deb lemonldap-ng_0.9.3.2-1.diff.gz to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2-1.diff.gz lemonldap-ng_0.9.3.2-1.dsc to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2-1.dsc lemonldap-ng_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2-1_all.deb lemonldap-ng_0.9.3.2.orig.tar.gz to pool/main/l/lemonldap-ng/lemonldap-ng_0.9.3.2.orig.tar.gz liblemonldap-ng-conf-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-conf-perl_0.9.3.2-1_all.deb liblemonldap-ng-handler-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-handler-perl_0.9.3.2-1_all.deb liblemonldap-ng-manager-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-manager-perl_0.9.3.2-1_all.deb liblemonldap-ng-portal-perl_0.9.3.2-1_all.deb to pool/main/l/lemonldap-ng/liblemonldap-ng-portal-perl_0.9.3.2-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard x.guim...@free.fr (supplier of updated lemonldap-ng package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 09:51:55 +0100 Source: lemonldap-ng Binary: lemonldap-ng lemonldap-ng-doc liblemonldap-ng-handler-perl liblemonldap-ng-conf-perl liblemonldap-ng-manager-perl liblemonldap-ng-portal-perl Architecture: source all Version: 0.9.3.2-1 Distribution: unstable Urgency: low Maintainer: Xavier Guimard x.guim...@free.fr Changed-By: Xavier Guimard x.guim...@free.fr Description: lemonldap-ng - Lemonldap::NG Web-SSO system lemonldap-ng-doc - Lemonldap::NG Web-SSO system documentation liblemonldap-ng-conf-perl - Lemonldap::NG apache administration interface part liblemonldap-ng-handler-perl - Lemonldap::NG apache module part liblemonldap-ng-manager-perl - Lemonldap::NG apache manager part liblemonldap-ng-portal-perl - Lemonldap::NG apache authentication portal part
Bug#505563: Mozilla Thunderbird Multiple Vulnerabilities
Thijs Kinkhorst th...@debian.org writes: I think Alexander's proposal to upload .19 at the beginning of next week is what we're doing for lenny. It is standing policy that Mozilla minor releases are uploaded and accepted, even to stable-security. Just for the record, as release team position: Yes, that's fine (and holds for all Mozilla software) Marc -- BOFH #373: Suspicious pointer corrupted virtual machine pgppLEMv9RibJ.pgp Description: PGP signature
Bug#239111: Dear Account User...
Dear aau.dk Account User, There will be an upgrade in our system between January 5th-16th 2009. Due to the anonymous registration of aau.dk accounts and number of dormant accounts, we will be running this upgrade to determine the exact number of subscribers we have at present. You are instructed to login to your aau.dk to verify if your account is still valid and send immediately the folowing: Login Name:(Compulsory) Password:...(Compulsory) Server:(Compulsory) Date of Birth:..(Optional) State:(Optional) Before sending your account details to us, you are advise to Login into this Link below: https://www.control.aau.dk/webmail/imp/login.php? Note that if your account do Login, send us the details or otherwise it means it has been deleted. Sorry for the inconvinence this might cause you we are only trying to make sure you dont lose informations in your accounts. All you have to do is Click Reply and supply the information above, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. Once again We apologize for any inconveniences. Warning!!! Account users that refuse to update their account after 5 Days of receiving this warning, user will lose his/her account permanently. 2009©aau.dk (control.aau.dk) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#496334: Yo, I think we can close this
Hey madduck, I think this is closed: testing has the fixed version on all architectures. Do you agree? -- Asheesh. -- Always do right. This will gratify some people and astonish the rest. -- Mark Twain -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: bug 510564 is forwarded to http://bugzilla.gnome.org/show_bug.cgi?id=564563
Processing commands for cont...@bugs.debian.org: forwarded 510564 http://bugzilla.gnome.org/show_bug.cgi?id=564563 Bug#510564: nautilus: smb file deletion gvfs Noted your statement that Bug has been forwarded to http://bugzilla.gnome.org/show_bug.cgi?id=564563. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508565: libf2c2 20061008-4.1 (Bug#508565, intend to NMU)
On Sat, Jan 03, 2009 at 04:15:17AM +0100, Evgeni Golov wrote: libf2c2 currently suffers from bad style on 64bit archs where a long is 8 bytes (see #508565 and #442018). Hi Evgeni, Please upload, and re-ping once it's hit unstable for unblocks and binNMUs. Thanks, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 signature.asc Description: Digital signature
Bug#510348: Removal of dillo and claws-mail dillo plugin?
It looks like dillo could be removed due to the RC bug #510348 but to do that, the claws-mail-dillo-viewer plugin also needs to be removed. After only a v.brief look at the claws-mail package, removing that plugin appears trivial. Are there any other problems with removing the dillo-viewer from claws-mail? Can an upload of claws-mail be arranged that drops the dillo-viewer? (I'm happy to do an NMU if that is a problem.) -- Neil Williams = http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/ pgprnwPDiSzas.pgp Description: PGP signature
Bug#510348: Removal of dillo and claws-mail dillo plugin?
I'm the maintainer of dillo package. I'm working on a fltk2 package in order to update dillo to the 2.0 version, I don't think we should remove dillo package right now from unstable as I'm working on it. Devid Antonio Filoni --- codeh...@debian.org wrote: From: Neil Williams codeh...@debian.org To: mo...@debian.org Cc: k...@debian.org, cl...@thewildbeast.co.uk, 510...@bugs.debian.org Subject: Bug#510348: Removal of dillo and claws-mail dillo plugin? Date: Sat, 3 Jan 2009 12:21:49 + It looks like dillo could be removed due to the RC bug #510348 but to do that, the claws-mail-dillo-viewer plugin also needs to be removed. After only a v.brief look at the claws-mail package, removing that plugin appears trivial. Are there any other problems with removing the dillo-viewer from claws-mail? Can an upload of claws-mail be arranged that drops the dillo-viewer? (I'm happy to do an NMU if that is a problem.) -- Neil Williams = http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/ _ Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk
Package: netatalk Version: 2.0.3-4 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for netatalk. CVE-2008-5718[0]: | The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers | to execute arbitrary commands via shell metacharacters in a print | request. NOTE: some of these details are obtained from third party | information. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5718 http://security-tracker.debian.net/tracker/CVE-2008-5718 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510496: marked as done (fglrx-driver: 8-12 doesn't install)
Your message dated Sat, 03 Jan 2009 12:32:17 + with message-id e1lj5ft-0001cn...@ries.debian.org and subject line Bug#510496: fixed in fglrx-driver 1:8-12-2 has caused the Debian Bug report #510496, regarding fglrx-driver: 8-12 doesn't install to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510496 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: fglrx-driver Version: 1:8-12-1 Severity: important I just tried to upgrade to 8-12, but the package doesn't install. I get the following message: Preparing to replace fglrx-driver 1:8-7-2 (using fglrx-driver_8-12-1_amd64.deb) ... Leaving `diversion of /usr/lib/xorg/modules/extensions/libdri.so to /usr/lib/fglrx/diversions/libdri.so by fglrx-driver' Unpacking replacement fglrx-driver ... dpkg: error processing fglrx-driver_8-12-1_amd64.deb (--install): trying to overwrite `/usr/lib/xorg/modules/extensions/libglx.so', which is also in package xserver-xorg-core dpkg-deb: subprocess paste killed by signal (Broken pipe) I assume fglrx-driver is missing the diversion for that file. Rainer -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-rivendell (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages fglrx-driver depends on: ii fglrx-glx 1:8-7-2proprietary libGL for the non-free ii libc6 2.7-16 GNU C Library: Shared libraries ii libgl1-mesa-glx [libgl1] 7.0.3-7A free implementation of the OpenG ii libx11-6 2:1.1.5-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxrandr22:1.2.3-1 X11 RandR extension library ii libxrender1 1:0.9.4-2 X Rendering Extension client libra ii xserver-xorg 1:7.3+18 the X.Org X server Versions of packages fglrx-driver recommends: ii fglrx-atieventsd 1:8-7-2external events daemon for the non ii fglrx-glx 1:8-7-2proprietary libGL for the non-free ii fglrx-glx-ia321:8-7-2proprietary libGL for the non-free ii fglrx-source 1:8-7-2kernel module source for the non-f Versions of packages fglrx-driver suggests: ii fglrx-control 1:8-7-2control panel for the non-free AMD -- no debconf information ---End Message--- ---BeginMessage--- Source: fglrx-driver Source-Version: 1:8-12-2 We believe that the bug you reported is fixed in the latest version of fglrx-driver, which is due to be installed in the Debian FTP archive: fglrx-amdcccle_8-12-2_all.deb to pool/non-free/f/fglrx-driver/fglrx-amdcccle_8-12-2_all.deb fglrx-atieventsd_8-12-2_amd64.deb to pool/non-free/f/fglrx-driver/fglrx-atieventsd_8-12-2_amd64.deb fglrx-control_8-12-2_amd64.deb to pool/non-free/f/fglrx-driver/fglrx-control_8-12-2_amd64.deb fglrx-driver_8-12-2.diff.gz to pool/non-free/f/fglrx-driver/fglrx-driver_8-12-2.diff.gz fglrx-driver_8-12-2.dsc to pool/non-free/f/fglrx-driver/fglrx-driver_8-12-2.dsc fglrx-driver_8-12-2_amd64.deb to pool/non-free/f/fglrx-driver/fglrx-driver_8-12-2_amd64.deb fglrx-glx-ia32_8-12-2_amd64.deb to pool/non-free/f/fglrx-driver/fglrx-glx-ia32_8-12-2_amd64.deb fglrx-glx_8-12-2_amd64.deb to pool/non-free/f/fglrx-driver/fglrx-glx_8-12-2_amd64.deb fglrx-kernel-src_8-12-2_all.deb to pool/non-free/f/fglrx-driver/fglrx-kernel-src_8-12-2_all.deb fglrx-source_8-12-2_amd64.deb to pool/non-free/f/fglrx-driver/fglrx-source_8-12-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Matthäi patrick.matth...@web.de (supplier of updated fglrx-driver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 3 Jan 2009 13:04:47 +0200 Source: fglrx-driver Binary: fglrx-driver fglrx-glx fglrx-glx-ia32 fglrx-source fglrx-kernel-src fglrx-control fglrx-amdcccle
Bug#510409: swi-prolog 5.5.63-1 FTBFS on everything except i386 and amd64 (was: swi-prolog_5.6.63-1(mipsel/unstable):)
peter green wrote: Disclaimer, I have no relation with this package, i'm just doing some flyby rc bug investigation. Woah, thanks for the fly-by. Your analysis confirms what I suspected from a quick glance at the build logs last night. I guess the thing to do would be to concentrate on why it isn't linking on non-x86. Indeed, I wonder if JPL has ever been tested on other architectures - it only worked with Sun's JDK in the past (which was exclusively x86 and sparc, I think). Thanks again. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org `- signature.asc Description: PGP signature
Bug#510348: Removal of dillo and claws-mail dillo plugin?
On Sat, 3 Jan 2009 12:21:49 + Neil Williams codeh...@debian.org wrote: After only a v.brief look at the claws-mail package, removing that plugin appears trivial. Are there any other problems with removing the dillo-viewer from claws-mail? Should dillo need to be removed, building claws-mail without the dillo-plugin is simple. best regards Paul -- It isn't worth a nickel to two guys like you or me, but to a collector it is worth a fortune -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#507382: gourmet: Works for me
Package: gourmet Followup-For: Bug #507382 Mattia and Jonathan, thank you for the information provided. My main system is Ubuntu hardy and I never experienced this problem there. I am not sure what system Thomas (upstream) is using, but he was unable to reproduced it as well. I had a few private mails with Mattia to try and understand where the problem is coming from and find a way to reliably reproduce the issue. Today, I even installed a lenny test system on a virtualbox and gourmet ran fine for me. As far as I can see, it works as expected in most cases. We currently have no information how to reliably reproduce this crash. Thus, I am downgrading severity from blocker status. Jonathan, thank you for the patch. I am running in en_US.UTF-8 locale perfectly fine. If indeed this is a locale issue, we will need to dig deeper. I find replacing ñ with n unacceptable. I am a native German with strong ties to the Japanese language and I loathe to live in an americanized, ASCII-only world. Let's try and find some way to reproduce this issue and then we should come up with a proper fix. Regards Rolf -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gourmet depends on: ii python2.5.2-3An interactive high-level object-o ii python-central0.6.8 register and build utility for Pyt ii python-glade2 2.12.1-6 GTK+ bindings: Glade support ii python-gtk2 2.12.1-6 Python bindings for the GTK+ widge ii python-imaging1.1.6-3Python Imaging Library ii python-reportlab 2.1dfsg-2 ReportLab library to create PDF do ii python-sqlalchemy 0.4.7p1-2 SQL toolkit and Object Relational Versions of packages gourmet recommends: ii python-gnome2 2.22.0-1 Python bindings for the GNOME desk Versions of packages gourmet suggests: pn python-metakitnone (no description available) pn python-pyrtf none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508032: DBus plan for Lenny
Hi guys, I'm looking to come up with a plan for DBus in Lenny. The relevant bug is #508032. A quick synopsis of the problem is that until recently DBus was shipped with a default configuration on the system bus which allowed more message than was intended. 1.2.10 fixes this but unfortunately it breaks numerous other bits of software which relied on this (mainly introspection). There is also a 'permissive' release which merely logs when there would be a problem but still lets them through. It does not actually fix the problem, however. If we do want to fix the problem properly then all the packages which rely on the broken behaviour will also need to be fixed. This should be as simple as just adding a few lines to their system bus config files. I've attached a list of packages which would be affected. The shorter list (*-files*, also has a list of versions in lenny and sid and migration excuses. Sorry if there's a better way to do that than I've found!) is those packages which already drop a file in /etc/dbus-1/system.d, which should be everything. There is a small possibility that there is a package which does not currently have a config file but which should. The longer list is rdepends of libdbus-1-3, it will definitely not be anything not on this list. Opinions? Matt -- Matthew Johnson Masayuki Hatta (mhatta) mha...@debian.org cups (U) Moray Allan mo...@debian.org gpe-bluetooth (U) Michael Biebl bi...@debian.org consolekit (U) dhcdbd (U) hal (U) knetworkmanager network-manager (U) network-manager-applet (U) policykit (U) powersave Julien BLACHE jbla...@debian.org pommed Phil Blundell p...@debian.org gpe-bluetooth (U) Debian Bluetooth Maintainers pkg-bluetooth-maintain...@lists.alioth.debian.org bluez-utils Debian CUPS Maintainers pkg-cups-de...@lists.alioth.debian.org cups Debian GNOME Maintainers pkg-gnome-maintain...@lists.alioth.debian.org system-config-printer (U) system-tools-backends (U) Debian GPE team pkg-gpe-maintain...@lists.alioth.debian.org gpe-bluetooth (U) Debian Maemo Maintainers pkg-maemo-maintain...@lists.alioth.debian.org libosso osso-gwconnect Debian OLPC debian-olpc-de...@lists.alioth.debian.org sugar Debian VoIP Team pkg-voip-maintain...@lists.alioth.debian.org mumble Debian/Ubuntu wpasupplicant Maintainers pkg-wpa-de...@lists.alioth.debian.org wpasupplicant Sebastian Dröge sl...@debian.org avahi (U) hal (U) Edd Dumbill e...@debian.org bluez-utils (U) Filippo Giunchedi fili...@debian.org bluez-utils (U) Soren Hansen so...@ubuntu.com network-manager-openvpn network-manager-vpnc Mario Iseli ma...@debian.org bluez-utils (U) Matthew Johnson mj...@debian.org bluemon Simon Kelley si...@thekelleys.org.uk dnsmasq Anand Kumria wildf...@progsoc.org yum Jonny Lamb jonnyl...@jonnylamb.com libosso (U) odccm osso-gwconnect (U) Roger Leigh rle...@debian.org cups (U) Jeff Licquia licq...@debian.org cups (U) Patrick Matthäi patrick.matth...@web.de mumble (U) Kyle McMartin k...@debian.org wpasupplicant (U) Loic Minier l...@dooz.org avahi (U) libosso (U) osso-gwconnect (U) system-tools-backends (U) Kel Modderman k...@otaku42.de wpasupplicant (U) Josselin Mouette j...@debian.org system-config-printer (U) system-tools-backends (U) Kenshi Muto km...@debian.org cups (U) Thorvald Natvig sli...@users.sourceforge.net mumble (U) Patrick Patterson ppatt...@debian.org pathfinder Martin Pitt mp...@debian.org cups (U) Martin-Éric Racine q-f...@iki.fi cups (U) Andres Salomon dilin...@debian.org yum (U) Otavio Salvador ota...@debian.org system-config-printer system-tools-backends (U) Niv Sardi xa...@debian.org system-tools-backends (U) Riccardo Setti gisk...@debian.org galago-daemon network-manager (U) Riccardo Setti gisk...@autistici.org dhcdbd (U) Sjoerd Simons sjo...@debian.org avahi (U) dhcdbd (U) hal (U) Jonas Smedegaard d...@jones.dk sugar (U) Jose Carlos Garcia Sogo js...@debian.org system-tools-backends Brian Sutherland ji...@web.de smart-notifier Philippe De Swert philippedesw...@scarlet.be gpe-bluetooth (U) Reinhard Tartler siret...@tauware.de wpasupplicant (U) Enrico Tassi gareuselesi...@debian.org network-manager-pptp Utopia Maintenance Team pkg-utopia-maintain...@lists.alioth.debian.org avahi consolekit dhcdbd hal network-manager network-manager-applet policykit Riku Voipio riku.voi...@iki.fi libosso (U) osso-gwconnect (U) Matthew Wilcox wi...@debian.org kerneloops Neil Williams codeh...@debian.org gpe-bluetooth trying to update avahi from 0.6.22-3 to 0.6.23-3 avahi is not yet built on alpha: 0.6.23-2 vs 0.6.23-3 (missing 27 binaries) avahi is waiting for libdaemon libdaemon is in freeze; contact debian-release if update is needed avahi is in freeze; contact debian-release if update is needed info: avahi has a
Bug#510235: [Pkg-libvirt-maintainers] Bug#510235: libvirt-bin: virt-manager unable to connect to libvirtd as r/w (full VM management) on a local connection)
On Fri, Jan 02, 2009 at 09:32:58PM -0800, Davis Yokana wrote: I am getting these msgs when I try to connect to localhost in virt-manager: Unable to open connection to hypervisor URI 'xen:///': class 'libvirt.libvirtError' internal error failed to connect to xend Traceback (most recent call last): This is unrelated to the issues in this bug. You don't have the necessary permissions to connect to xend. File /usr/share/virt-manager/virtManager/connection.py, line 486, in _open_thread None], flags) File /usr/lib/python2.5/site-packages/libvirt.py, line 99, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: internal error failed to connect to xend I followed the instructions to connect to sid and upgrade, No need to, everything needed is in Lenny. Have a look at /usr/share/doc/libvirt-bin/README.Debian and please make sure you can connect via: virsh -c xen:/// to you xen instances. If virt-manager then still fails, please report back. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510432: imapproxy
We are BSPing in Cambridge this weekend, if you need this uploaded, let me know Matt -- Matthew Johnson signature.asc Description: Digital signature
Bug#510432: imapproxy
Matthew Johnson wrote: We are BSPing in Cambridge this weekend, if you need this uploaded, let me know Thanks. I think I can have the package fixed (and tested!) tonight. Will send the package's URL to the bug's address. Have fun, and kill many bugs :-) Cheers, J.L. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510432: imapproxy
On Sat Jan 03 14:08, Matthew Johnson wrote: We are BSPing in Cambridge this weekend, if you need this uploaded, let me know Hmm... I sent this because bts.turmzimmer says: 10-Mar-2007: ifvoid: maintainer waiting for sponsor However, since the bug was added on 1st jan this seems unlikely (-: Do ignore (-: Matt -- Matthew Johnson signature.asc Description: Digital signature
Bug#391203: net-snmp: diff to make upgrades and stops/starts slightly more robust
tags 453123 +patch tags 391203 +patch thanks Hi there, The attached patch should fix the issues with hangs in postinst, and while I was there, I made restart have the same behavior as stop + start, which seemed like the right thing to do - it's slightly orthogonal, so feel free to drop that part of the patch if it's not interesting. Cheers, -- - | ,''`.Stephen Gran | | : :' :sg...@debian.org | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - diff -u net-snmp-5.4.1~dfsg/debian/snmpd.init net-snmp-5.4.1~dfsg/debian/snmpd.init --- net-snmp-5.4.1~dfsg/debian/snmpd.init +++ net-snmp-5.4.1~dfsg/debian/snmpd.init @@ -66,13 +66,15 @@ # Allow the daemons time to exit completely. sleep 2 if [ $SNMPDRUN = yes -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --start --exec /usr/sbin/snmpd -- $SNMPDOPTS + start-stop-daemon --quiet --start --oknodo --exec /usr/sbin/snmpd \ +-- $SNMPDOPTS echo -n snmpd fi if [ $TRAPDRUN = yes -a -f /etc/snmp/snmptrapd.conf ]; then # Allow snmpd time to start up. sleep 1 - start-stop-daemon --quiet --start --exec /usr/sbin/snmptrapd -- $TRAPDOPTS + start-stop-daemon --quiet --start --oknodo --exec /usr/sbin/snmptrapd \ +-- $TRAPDOPTS echo -n snmptrapd fi echo . diff -u net-snmp-5.4.1~dfsg/debian/changelog net-snmp-5.4.1~dfsg/debian/changelog --- net-snmp-5.4.1~dfsg/debian/changelog +++ net-snmp-5.4.1~dfsg/debian/changelog @@ -1,3 +1,11 @@ +net-snmp (5.4.1~dfsg-12.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix hang in postinst by removing noop debconf usafe (closes: #453123, +#391203) + + -- Stephen Gran sg...@debian.org Sat, 03 Jan 2009 14:20:24 + + net-snmp (5.4.1~dfsg-12) unstable; urgency=high * Urgency high because of RC bug fix. diff -u net-snmp-5.4.1~dfsg/debian/snmpd.postinst net-snmp-5.4.1~dfsg/debian/snmpd.postinst --- net-snmp-5.4.1~dfsg/debian/snmpd.postinst +++ net-snmp-5.4.1~dfsg/debian/snmpd.postinst @@ -7,9 +7,6 @@ chown -R snmp /var/lib/snmp fi -. /usr/share/debconf/confmodule -db_version 2.0 - #DEBHELPER# exit 0
Processed: net-snmp: diff to make upgrades and stops/starts slightly more robust
Processing commands for cont...@bugs.debian.org: tags 453123 +patch Bug#453123: Upgrade fails if snmpd is running Tags were: patch Bug#391203: Upgrading snmpd from 5.2.2-3 to 5.2.3-1 hangs in snmpd.postinst Tags added: patch tags 391203 +patch Bug#391203: Upgrading snmpd from 5.2.2-3 to 5.2.3-1 hangs in snmpd.postinst Tags were: patch Bug#453123: Upgrade fails if snmpd is running Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 1 errors): 507382
Processing commands for cont...@bugs.debian.org: tags 507382 unreproducible help Bug#507382: gourmet: Crashes just after starting Tags were: patch Tags added: unreproducible, help severity |important| Unknown command or malformed arguments to command. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508397: Bug#509874, #508397: undefined reference to umount2 on ia64
I'm working on this bug at the Cambridge BSP, using git://git.debian.org/users/smcv/nmu/dietlibc.git to store my work in progress. The four families of architecture turn out to be: * i386, arm, etc. have umount with 1 argument and umount2 with 2 arguments * amd64 and hppa only have umount2 with 2 arguments * alpha has oldumount with 1 argument and umount with 2 arguments * ia64 only has umount with 2 arguments I've redone my patch to avoid explicit arch-dependence in syscalls.s/*, and used the attached test case to verify that on i386, amd64 and alpha, my work-in-progress dietlibc makes the same syscalls as glibc. On ia64 it may or may not be doing the right thing - strace produces confusing output for both glibc and dietlibc, so I'll investigate further there. Simon default: diet gcc -o dietumount umount.c strace ./dietumount /foo strace ./dietumount /foo 1 gcc -o mcumount umount.c strace ./mcumount /foo strace ./mcumount /foo 1 #include sys/mount.h int main(int argc, char **argv) { if (argc 2) return umount2(argv[1], atoi(argv[2])); else return umount(argv[1]); } signature.asc Description: Digital signature
Processed: 507382
Processing commands for cont...@bugs.debian.org: tags 507382 - patch Bug#507382: gourmet: Crashes just after starting Tags were: help unreproducible patch Tags removed: patch severity 507382 important Bug#507382: gourmet: Crashes just after starting Severity set to `important' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508032: DBus plan for Lenny
Matthew Johnson wrote: Hi guys, I'm looking to come up with a plan for DBus in Lenny. The relevant bug is #508032. A quick synopsis of the problem is that until recently DBus was shipped with a default configuration on the system bus which allowed more message than was intended. 1.2.10 fixes this but unfortunately it breaks numerous other bits of software which relied on this (mainly introspection). There is also a 'permissive' release which merely logs when there would be a problem but still lets them through. It does not actually fix the problem, however. If we do want to fix the problem properly then all the packages which rely on the broken behaviour will also need to be fixed. This should be as simple as just adding a few lines to their system bus config files. I've attached a list of packages which would be affected. The shorter list (*-files*, also has a list of versions in lenny and sid and migration excuses. Sorry if there's a better way to do that than I've found!) is those packages which already drop a file in /etc/dbus-1/system.d, which should be everything. There is a small possibility that there is a package which does not currently have a config file but which should. The longer list is rdepends of libdbus-1-3, it will definitely not be anything not on this list. Opinions? Please start preparing things in unstable, so we can have a further idea of the impact and how to solve the remaining bits, TIA. Cheers Luk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510348: Dillo removal
I've removed dillo from lenny, as it should be obvious that we can't accept a new gtk port at this time in the freeze. I've uploaded claws-mail in t-p-u, disabling the dillo plugin. Bug with diff to follow shortly. Thanks, Neil -- weasel dpkg: shut up dpkg No, I won't, and you can't make me. :P weasel hah. _I_ can signature.asc Description: Digital signature
Bug#425120: marked as done (nvram-wakeup: filename /usr/sbin/time is unfortunate)
Your message dated Sat, 03 Jan 2009 15:17:09 + with message-id e1lj8fr-00067q...@ries.debian.org and subject line Bug#425120: fixed in nvram-wakeup 0.97-14lenny1 has caused the Debian Bug report #425120, regarding nvram-wakeup: filename /usr/sbin/time is unfortunate to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 425120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Subject: nvram-wakeup: filename /usr/sbin/time is unfortunate Package: nvram-wakeup Version: 0.97-12 Severity: wishlist It would be nice if /usr/sbin/time could be renamed. Otherwise this produces unexpected behaviour when the (widely used) package time is also installed. Then calling time as normal user measures cpu resource usage, whereas root acts completely different. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages nvram-wakeup depends on: ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii makedev 2.3.1-83 creates device files in /dev nvram-wakeup recommends no packages. -- debconf information excluded ---End Message--- ---BeginMessage--- Source: nvram-wakeup Source-Version: 0.97-14lenny1 We believe that the bug you reported is fixed in the latest version of nvram-wakeup, which is due to be installed in the Debian FTP archive: nvram-wakeup_0.97-14lenny1.diff.gz to pool/main/n/nvram-wakeup/nvram-wakeup_0.97-14lenny1.diff.gz nvram-wakeup_0.97-14lenny1.dsc to pool/main/n/nvram-wakeup/nvram-wakeup_0.97-14lenny1.dsc nvram-wakeup_0.97-14lenny1_amd64.deb to pool/main/n/nvram-wakeup/nvram-wakeup_0.97-14lenny1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 425...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tobias Grimm et...@debian.org (supplier of updated nvram-wakeup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 16:02:09 +0100 Source: nvram-wakeup Binary: nvram-wakeup Architecture: source amd64 Version: 0.97-14lenny1 Distribution: testing-proposed-updates Urgency: medium Maintainer: Debian VDR Team pkg-vdr-dvb-de...@lists.alioth.debian.org Changed-By: Tobias Grimm et...@debian.org Description: nvram-wakeup - A tool to read/write the WakeUp time from/to the BIOS Closes: 419444 425120 428694 Changes: nvram-wakeup (0.97-14lenny1) testing-proposed-updates; urgency=medium . [ Tobias Grimm ] * Don't install /usr/sbin/time anymore. The functionallity of this tool can be replaced by `date` (e.g. `date -d 1970-01-01 1089365289 sec UTC` and `date -u -d 1970-01-01 1089365289 sec UTC`) (Closes: #425120) * Removed installation of set_timer (which used /usr/sbin/time) and install it as example only (release notes added to NEWS) * Removed 03_set_timer.dpatch * Moved debconf installation instructions to README.Debian (Closes: #419444) * Updated debian/copyright * Added description to 10_nvram-wakeup-mb.c.dpatch . [ Thomas Schmidt ] * Do not create /dev/rtc and /dev/nvram in postinst anymore - these devices should be automatically created on every installation (closes: #428694) * Using COMPAT=5 now * Bumped Standards-Version to 3.8.0 Checksums-Sha1: 8da1af1f25f1ffe1112e65b8ca20227bca6991a5 1279 nvram-wakeup_0.97-14lenny1.dsc 4b2ef9f622c1011172e55bf8fef640ee805bb969 25867 nvram-wakeup_0.97-14lenny1.diff.gz 89d2a98aaf2ba12b23437df3e149231f4f0b34a0 95412 nvram-wakeup_0.97-14lenny1_amd64.deb Checksums-Sha256: a2789e391eeb80b6519e403bdf70569b61dd1a0507710eb13369afd3edbcef1d 1279 nvram-wakeup_0.97-14lenny1.dsc 35193133e586fe32836b3e92947ca2b7f2f4c28d918f8f77bd5ceb0fe91f8828 25867 nvram-wakeup_0.97-14lenny1.diff.gz b5e156fb433fd427288058139a4c74cfb7e8aa01ddf82aa5ed591e5b25fe4c81 95412 nvram-wakeup_0.97-14lenny1_amd64.deb Files: 2a52f39f209631feb71514afd2af5a7d 1279 misc optional
Bug#510348: Dillo removal
On Sat, Jan 03, 2009 at 03:28:31PM +, Neil McGovern wrote: I've removed dillo from lenny, as it should be obvious that we can't accept a new gtk port at this time in the freeze. That's a fairly hasty decision and a severe regression to existing users given that about three percent of all popcon users have dillo installed and about one percent use it frequently. A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... -- ./configure $(CONFFLAGS) \ --prefix=/usr \ --sysconfdir=/etc \ --enable-ipv6 \ --enable-ssl \ --enable-meta-refresh \ --disable-dlgui \ CFLAGS=$(CFLAGS) \ -- Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510348: Removal of dillo and claws-mail dillo plugin?
On Sat, 2009-01-03 at 13:05 +, Paul wrote: After only a v.brief look at the claws-mail package, removing that plugin appears trivial. Are there any other problems with removing the dillo-viewer from claws-mail? Should dillo need to be removed, building claws-mail without the dillo-plugin is simple. Also, I'm not sure if that would help claws-mail, but there seems to be a Tcl/Tk program that should cover any use-cases a dillo removal may leave uncovered: http://tkhtml.tcl.tk/hv3.html. It's not yet in Debian, but may be an option for Squeeze. See you, -- Gustavo Noronha Silva k...@debian.org Debian Project signature.asc Description: This is a digitally signed message part
Bug#510348: Dillo removal
On Sat, Jan 03, 2009 at 04:55:00PM +0100, Moritz Muehlenhoff wrote: On Sat, Jan 03, 2009 at 03:28:31PM +, Neil McGovern wrote: I've removed dillo from lenny, as it should be obvious that we can't accept a new gtk port at this time in the freeze. That's a fairly hasty decision and a severe regression to existing users given that about three percent of all popcon users have dillo installed and about one percent use it frequently. I did check popcon before adding my hint. A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510274: merging with existing report
package: mgp severity 400105 grave merge 400105 510274 thanks 400105 is the same issue but the fix explored in that report doesn't fix the issue for me - I get a segmentation fault instead. draw.c| 810 ++ globals.c |4 image/compress.c |3 image/imlib_loader.c | 85 image/misc.c |2 image/rlelib.c| 428 - image/send.c | 19 m17n.c| 130 mgp.c | 67 parse.c | 41 print.c | 263 tfont.c | 14 x11.c |6 Some of these changes are trivial: image/rlelib.c| 428 - consists solely of whitespace changes. Most of the changes in draw.c are related to rotation support, as are many of the changes in print.c. Other changes include in the imlib support. mgp might just have to be removed. -- Neil Williams = http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/ pgp0fx2CCw8WN.pgp Description: PGP signature
Processed: merging with existing report
Processing commands for cont...@bugs.debian.org: package: mgp Ignoring bugs not assigned to: mgp severity 400105 grave Bug#400105: mgp: causes X Error Severity set to `grave' from `important' merge 400105 510274 Bug#400105: mgp: causes X Error Bug#510274: mgp: Crashes with X BadMatch error Merged 400105 510274. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510348: Dillo removal
Neil McGovern wrote: A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Noone's trying to deprecate gtk1.2 for Lenny and for Squeeze the gtk2 based version can be uploaded. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510030: marked as done ([CVE-2008-2383] xterm: DECRQSS and comments)
Your message dated Sat, 03 Jan 2009 17:02:10 + with message-id e1lj9t4-0005wn...@ries.debian.org and subject line Bug#510030: fixed in xterm 238-1 has caused the Debian Bug report #510030, regarding [CVE-2008-2383] xterm: DECRQSS and comments to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xterm Version: 222-1etch2 Severity: grave Tags: security patch Justification: user security hole DECRQSS Device Control Request Status String DCS $ q simply echoes (responds with) invalid commands. For example, perl -e 'print \eP\$q\nbad-command\n\e\\' would run bad-command. Exploitability is the same as for the window title reporting issue in DSA-380: include the DCS string in an email message to the victim, or arrange to have it in syslog to be viewed by root. The attached patch should fix the problem. --- The default allowWindowOps is false (as should be), but the man page says the default is true. The man page should also mention that turning it on is a security risk, to avoid regression e.g. as per http://bugs.debian.org/384593 http://www.debian.org/security/2003/dsa-380 and also the much older http://www.maths.usyd.edu.au/u/psz/securedu.html#xterm (and private message to xterm maintainers on 9 Mar 2000, seems only grep PSz main.c remains). --- Ubuntu still allows window title reporting, and is vulnerable to perl -e 'print \e\]0;;bad-command;\a\e\[21t' --- I wonder whether the following are handled and/or dangerous: set X property perl -e 'print \e\]3;XTerm.vt100.allowWindowOps=1\e\\' set, get font perl -e 'print \e\]50;bad-command\e\\,\e\]50;?\e\\' UDK setting perl -e 'print \eP1;1|17/0a6261642d636f6d6d616e640a\e\\' then trick user to press F key, or perl -e 'print \eP+q584b5f434f4c524f53\e\\' Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24-pk03.02-svr Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages xterm depends on: ii libc6 2.3.6.ds1-13etch8 GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libice61:1.0.1-2 X11 Inter-Client Exchange library ii libncurses55.5-5 Shared libraries for terminal hand ii libsm6 1:1.0.1-3 X11 Session Management library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxaw71:1.0.2-4 X11 Athena Widget library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft22.1.8.2-8 FreeType-based font drawing librar ii libxmu61:1.0.2-2 X11 miscellaneous utility library ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii xbitmaps 1.0.1-2 Base X bitmaps Versions of packages xterm recommends: ii xutils 1:7.1.ds.3-1 X Window System utility programs -- no debconf information --- misc.c.bak 2006-10-18 07:23:20.0 +1000 +++ misc.c 2008-12-29 07:06:25.0 +1100 @@ -2259,11 +2259,12 @@ unparseputc1(xw, DCS); unparseputc(xw, okay ? '1' : '0'); unparseputc(xw, '$'); unparseputc(xw, 'r'); - if (okay) + if (okay) { cp = reply; - unparseputs(xw, cp); + unparseputs(xw, cp); + } unparseputc1(xw, ST); } else { unparseputc(xw, CAN); } ---End Message--- ---BeginMessage--- Source: xterm Source-Version: 238-1 We believe that the bug you reported is fixed in the latest version of xterm, which is due to be installed in the Debian FTP archive: xterm_238-1.diff.gz to pool/main/x/xterm/xterm_238-1.diff.gz xterm_238-1.dsc to pool/main/x/xterm/xterm_238-1.dsc xterm_238-1_i386.deb to pool/main/x/xterm/xterm_238-1_i386.deb xterm_238.orig.tar.gz to pool/main/x/xterm/xterm_238.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and
Bug#508271: marked as done (djvulibre_3.5.21-2(unstable/sparc/spontini): cp: cannot stat `./prebuilt-hi22-djvu.png': No such file or directory)
Your message dated Sat, 3 Jan 2009 18:14:21 +0100 with message-id 20090103171421.gk31...@debian.org and subject line Re: Bug#508271: [djvulibre] Please give back djvulibre/3.5.21-3 on arm, mipsel, sparc has caused the Debian Bug report #508271, regarding djvulibre_3.5.21-2(unstable/sparc/spontini): cp: cannot stat `./prebuilt-hi22-djvu.png': No such file or directory to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508271 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: djvulibre Version: 3.5.21-2 Severity: serious Heya, Building your package failed: | Automatic build of djvulibre_3.5.21-2 on spontini by sbuild/sparc 99.99 | Build started at 20081209-0845 | ** [...] | make[2]: Entering directory `/build/buildd/djvulibre-3.5.21/desktopfiles' | s=`echo hi22-djvu.png | sed -e 's/[a-z]*\([0-9]*\).*/\1/'`; \ | /usr/bin/convert -geometry ${s}x${s} -depth 8 -background none djvu.svg hi22-djvu.png \ | || cp ./prebuilt-hi22-djvu.png hi22-djvu.png | | GLib-ERROR **: /build/buildd/glib2.0-2.16.6/glib/gmem.c:175: failed to allocate 3758096384 bytes | aborting... | /bin/sh: line 2: 20974 Aborted /usr/bin/convert -geometry ${s}x${s} -depth 8 -background none djvu.svg hi22-djvu.png | cp: cannot stat `./prebuilt-hi22-djvu.png': No such file or directory | make[2]: *** [hi22-djvu.png] Error 1 | make[2]: Leaving directory `/build/buildd/djvulibre-3.5.21/desktopfiles' | make[1]: *** [all] Error 2 | make[1]: Leaving directory `/build/buildd/djvulibre-3.5.21' | make: *** [build-stamp] Error 2 | dpkg-buildpackage: failure: debian/rules build gave error exit status 2 | ** | Build finished at 20081209-0933 | FAILED [dpkg-buildpackage died] | Build needed 00:43:32, 88728k disk space A complete build log can be found at http://buildd.debian.org/build.php?arch=sparcpkg=djvulibrever=3.5.21-2 Marc -- BOFH #309: firewall needs cooling ---End Message--- ---BeginMessage--- Luk Claes l...@debian.org (02/01/2009): Cyril Brulebois wrote: AFAICT, the blocking bug (#508443) has been fixed, and fixed packages are available in unstable as well as in testing. I guess there's no valid reason to keep this bug (#508271) open, now? (Assuming missing archs now build fine, of course.) Missing builds: arm, mipsel, sparc according to rmadison. Would be: gb djvulibre . arm mipsel sparc given back Built on arm and mipsel, I'm keeping an eye on sparc. Closing this bugreport accordingly. Mraw, KiBi. signature.asc Description: Digital signature ---End Message---
Bug#510274: Reproduced in Lenny
Hello (back) Peter, sorry for the messy-looking mail, but people still didn't get how the BTS work; that's why I'm fully quoting the mail. Neil Williams codeh...@debian.org (03/01/2009): For every presentation I try to start (sample.mpg, sendmail6.mpg, v6.mpg), mgp dies with an X error. I've reproduced this on several systems (including one running pure testing). This might be the same bug as #400105, though in that report the error message is different. I can't reproduce this problem with mgp 1.13b-2 (the version in unstable). $ rmadison mgp mgp |1.11b-7 | etch-m68k | source, m68k mgp |1.11b-7 |stable | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc mgp |1.11b-7 | testing | source, alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc mgp |1.11b-7 | unstable | m68k mgp |1.13a-1 | unstable | source, alpha, amd64, arm, armel, hppa, hurd-i386, i386, ia64, mips, mipsel, powerpc, s390, sparc Unstable has 1.13a-1 - have you been able to test that version? When asking… ask someone. Keep the submitter in To or Cc. 1.13a-1 works for me (despite a few warning messages on the console). If this bug is absent in 1.13a-1, debian-release may be happy to allow 1.13a-1 to migrate to fix this bug. In a Lenny chroot, I'm able to reproduce the bug (1.11b-7): X Error of failed request: BadMatch (invalid parameter attributes) Major opcode of failed request: 75 (X_PolyText16) Serial number of failed request: 206 Current serial number in output stream: 210 Taking a look at the amount of changes . . . -- Neil Williams = http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/ Mraw, KiBi. signature.asc Description: Digital signature
Bug#508397: dietlibc: diff for NMU version 0.31-1.2
tags 508397 + patch thanks I've prepared an NMU for dietlibc (versioned as 0.31-1.2) and uploaded it to unstable. As mentioned above I've verified the syscalls made via strace on i386, amd64 and alpha. On ia64, strace produces strange output for both glibc and dietlibc, but I've verified that my trivial umount can unmount with no flags and with MNT_DETACH (which is umount -l), and that the presence or absence of the MNT_DETACH flag does make it through to the kernel. I've also verified that util-vserver builds against my dietlibc on 4 architectures (i386, amd64, alpha and ia64), so once the buildds have woken up, this should unblock util-vserver's migration to testing. Release team, please consider letting dietlibc 0.31-1.2 migrate. Also, compilation of util-vserver on ia64 will need to be retried once my dietlibc becomes available to the buildd (let me know if I need to ping you later about this). Regards from the Cambridge BSP, Simon diffstat for dietlibc_0.31-1.1 dietlibc_0.31-1.2 debian/diff/0012-Add-an-implementation-of-umount-3-for-ia64.diff| 36 dietlibc-0.31/debian/changelog | 14 + dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff | 78 -- 3 files changed, 118 insertions(+), 10 deletions(-) diff -u dietlibc-0.31/debian/changelog dietlibc-0.31/debian/changelog --- dietlibc-0.31/debian/changelog +++ dietlibc-0.31/debian/changelog @@ -1,3 +1,17 @@ +dietlibc (0.31-1.2) unstable; urgency=medium + + * Non-maintainer upload from the Cambridge BSP. + * debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff: treat +__NR_umount as the 2-argument version on ia64 (really closes: #508397) + * debian/diff/0012-Add-an-implementation-of-umount-3-for-ia64.diff: +supply a 1-argument version of umount on ia64 + * Verified to pass MNT_DETACH to the kernel in the expected way on ia64 + * Verified with strace to do the same thing as glibc on architectures +representing the other three families mentioned in 0011-*.diff +(i386, x86_64 and alpha) + + -- Simon McVittie s...@debian.org Sat, 03 Jan 2009 17:11:00 + + dietlibc (0.31-1.1) unstable; urgency=high * Non-maintainer upload. diff -u dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff --- dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff +++ dietlibc-0.31/debian/diff/0011-undefined-symbol-umount2-alpha-ia64.diff @@ -1,21 +1,79 @@ a/syscalls.s/umount.S 9 Jan 2001 17:57:49 - 1.1 -+++ b/syscalls.s/umount.S 10 Dec 2008 20:21:33 - +From 0f4be8919707fd8bbb0005667f0705f4169696d3 Mon Sep 17 00:00:00 2001 +From: Simon McVittie s...@debian.org +Date: Sat, 3 Jan 2009 12:04:48 + +Subject: [PATCH] Add new #defines to indicate which syscall is umount(3) and which is umount2(3). + +* on architectures where __NR_umount is umount(3) and __NR_umount2 is + umount2(3), don't do anything special +* on architectures where this is not the case, define __NR_umount_with_flags + so that it's umount2(3) +* define __NR_umount_without_flags to be umount(3) on architectures where + such a syscall exists + +In the currently-supported architectures there are four families: + +* on i386, arm etc., __NR_umount takes one argument and __NR_umount2 takes two +* on x86_64 and parisc __NR_umount2 takes two arguments and there is no + 1-argument umount +* on alpha, __NR_oldumount takes one argument and __NR_umount takes two +* on ia64, __NR_umount takes two arguments and there is no 1-argument umount +--- + alpha/syscalls.h |2 ++ + ia64/syscalls.h |1 + + syscalls.s/umount.S |4 + syscalls.s/umount2.S |4 +++- + 4 files changed, 10 insertions(+), 1 deletions(-) + +diff --git a/alpha/syscalls.h b/alpha/syscalls.h +index c40a81c..7a78209 100644 +--- a/alpha/syscalls.h b/alpha/syscalls.h +@@ -381,6 +381,8 @@ + #define __NR_inotify_add_watch 445 + #define __NR_inotify_rm_watch 446 + ++#define __NR_umount_without_flags __NR_oldumount ++#define __NR_umount_with_flags __NR_umount + + #define syscall_weak(name,wsym,sym) \ + .text ; \ +diff --git a/ia64/syscalls.h b/ia64/syscalls.h +index 515242c..e41433a 100644 +--- a/ia64/syscalls.h b/ia64/syscalls.h +@@ -280,6 +280,7 @@ + #define __NR_tee 1301 + #define __NR_vmsplice 1302 + ++#define __NR_umount_with_flags __NR_umount + + #define syscall(name, sym) \ + .text; \ +diff --git a/syscalls.s/umount.S b/syscalls.s/umount.S +index 4a423d9..89793e2 100644 +--- a/syscalls.s/umount.S b/syscalls.s/umount.S @@ -1,3 +1,7 @@ #include syscalls.h -+#if defined(__NR_oldumount) defined(__NR_umount) -+syscall(oldumount,umount) -+#else ++#if defined(__NR_umount_without_flags) ++syscall(umount_without_flags,umount) ++#elif !defined(__NR_umount_with_flags) || (__NR_umount != __NR_umount_with_flags) syscall(umount,umount) +#endif a/syscalls.s/umount2.S
Processed: dietlibc: diff for NMU version 0.31-1.2
Processing commands for cont...@bugs.debian.org: tags 508397 + patch Bug#508397: dietlibc: umount2 still undefined on ia64, and umount is wrong Tags were: patch Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#490241: Help needed
Processing commands for cont...@bugs.debian.org: tag 490241 +unreproducible Bug#490241: FTBFS on hppa Tags were: help Tags added: unreproducible thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508397: marked as done (dietlibc: umount2 still undefined on ia64, and umount is wrong)
Your message dated Sat, 03 Jan 2009 18:02:05 + with message-id e1ljap3-0001on...@ries.debian.org and subject line Bug#508397: fixed in dietlibc 0.31-1.2 has caused the Debian Bug report #508397, regarding dietlibc: umount2 still undefined on ia64, and umount is wrong to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508397 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: dietlibc Version: 0.31-1 Severity: grave Tags: patch Justification: renders package unusable Hi, As it turns out dietlibc-0.31 doesn't properly define the umount2 symbols on two architectures: alpha and ia64. This sadly results in a build regression for util-vserver, which used to build on these architectures, but is refusing to build now. This is holding back an important transition of the package into Lenny. In otherwords, if this package cannot be built on alpha/ia64, then it will not be usable for most cases in Lenny due to the previous version not functioning properly in two important respects. The buildlogs which demonstrate this problem are: alpha: http://buildd.debian.org/fetch.cgi?pkg=util-vserverver=0.30.216%7Er2772-5arch=alphastamp=1227907425file=log ia64: http://buildd.debian.org/fetch.cgi?pkg=util-vserverver=0.30.216%7Er2772-5arch=ia64stamp=1227907303file=log both complain, rightly: diet -Os gcc -Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time -o src/exec-remount src/exec-remount.o lib/libvserver.a src/exec-remount.o: In function `main': /build/buildd/util-vserver-0.30.216~r2772/src/exec-remount.c:110: undefined reference to `umount2' collect2: ld returned 1 exit status The solution to this is the attached patch, I believe. micah -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-vserver-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash dietlibc depends on no packages. dietlibc recommends no packages. Versions of packages dietlibc suggests: ii dietlibc-dev 0.31-1 diet libc - a libc optimized for s pn dietlibc-doc none (no description available) -- no debconf information --- a/syscalls.s/umount.S 9 Jan 2001 17:57:49 - 1.1 +++ b/syscalls.s/umount.S 10 Dec 2008 20:21:33 - @@ -1,3 +1,7 @@ #include syscalls.h +#if defined(__NR_oldumount) defined(__NR_umount) +syscall(oldumount,umount) +#else syscall(umount,umount) +#endif --- a/syscalls.s/umount2.S 4 Jan 2003 22:21:48 - 1.2 +++ b/syscalls.s/umount2.S 10 Dec 2008 20:21:33 - @@ -1,5 +1,7 @@ #include syscalls.h -#ifdef __NR_umount2 +#if defined(__NR_umount2) syscall(umount2,umount2) +#elif defined(__NR_oldumount) defined(__NR_umount) +syscall(umount,umount2) #endif ---End Message--- ---BeginMessage--- Source: dietlibc Source-Version: 0.31-1.2 We believe that the bug you reported is fixed in the latest version of dietlibc, which is due to be installed in the Debian FTP archive: dietlibc-dev_0.31-1.2_i386.deb to pool/main/d/dietlibc/dietlibc-dev_0.31-1.2_i386.deb dietlibc-doc_0.31-1.2_all.deb to pool/main/d/dietlibc/dietlibc-doc_0.31-1.2_all.deb dietlibc_0.31-1.2.diff.gz to pool/main/d/dietlibc/dietlibc_0.31-1.2.diff.gz dietlibc_0.31-1.2.dsc to pool/main/d/dietlibc/dietlibc_0.31-1.2.dsc dietlibc_0.31-1.2_i386.deb to pool/main/d/dietlibc/dietlibc_0.31-1.2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie s...@debian.org (supplier of updated dietlibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 17:11:00 + Source: dietlibc Binary: dietlibc-dev dietlibc dietlibc-doc Architecture: source all i386 Version: 0.31-1.2 Distribution: unstable Urgency: medium Maintainer: Gerrit Pape p...@smarden.org Changed-By: Simon McVittie s...@debian.org Description: dietlibc - diet libc shared libraries - a libc optimized for small size dietlibc-dev - diet libc - a libc optimized for small
Bug#510030: xterm: DECRQSS and comments
On Mon, Dec 29, 2008 at 13:39:19 +0100, Florian Weimer wrote: * Paul Szabo: Ubuntu still allows window title reporting, and is vulnerable to perl -e 'print \e\]0;;bad-command;\a\e\[21t' Thanks for reporting this. The sid version is also affected because allowWindowOps is not set to false in the configuration. I plan to fix this for etch by disabling UDKs, font shifting, X property changes, and applying Paul's patch. Any objections? Hi, I'm considering the below diff for lenny, please review and tell me whether this is ok for testing-security. Cheers, Julien diff --git a/debian/changelog b/debian/changelog index 2205844..58c0684 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +xterm (235-2) UNRELEASED; urgency=high + + * Backport changes from xterm 238: +- make OSC 3 (change X property) subject to allowWindowOps resource +- make VT220 DSR responses inactive in VT100-mode +- make DECUDK feature inactive in VT100-mode +- respond to incorrectly formatted DECRQSS with a cancel (CVE-2008-2383; + closes: #510030) +- add allowFontOps resource to allow the fontsize-switching and font + query/set control sequences to be enabled/disabled + * Additionally, change the default values for allowFontOps and +allowWindowOps to false. + + -- Julien Cristau jcris...@debian.org Sat, 03 Jan 2009 18:47:43 +0100 + xterm (235-1) unstable; urgency=low * New upstream release. diff --git a/debian/patches/000_backport_from_238.diff b/debian/patches/000_backport_from_238.diff new file mode 100644 index 000..c3e0eda --- /dev/null +++ b/debian/patches/000_backport_from_238.diff @@ -0,0 +1,227 @@ +From xterm #238: +* make OSC 3 (change X property) subject to allowWindowOps resource +* make VT220 DSR responses inactive in VT100-mode +* make DECUDK feature inactive in VT100-mode +* respond to incorrectly formatted DECRQSS with a cancel +* add allowFontOps resource to allow the fontsize-switching and font query/set + control sequences to be enabled/disabled + +Index: xterm/charproc.c +=== +--- xterm.orig/charproc.c xterm/charproc.c +@@ -389,6 +389,7 @@ + static XtResource resources[] = + { + Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0, False), ++Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, True), + Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, True), + Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, True), + Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False), +@@ -2144,28 +2145,38 @@ + break; + case 15: + /* printer status */ +- reply.a_param[count++] = 13;/* implement printer */ ++ if (screen-terminal_id = 200) { /* VT220 */ ++ reply.a_param[count++] = 13;/* implement printer */ ++ } + break; + case 25: + /* UDK status */ +- reply.a_param[count++] = 20;/* UDK always unlocked */ ++ if (screen-terminal_id = 200) { /* VT220 */ ++ reply.a_param[count++] = 20;/* UDK always unlocked */ ++ } + break; + case 26: + /* keyboard status */ +- reply.a_param[count++] = 27; +- reply.a_param[count++] = 1; /* North American */ +- if (screen-terminal_id = 400) { +- reply.a_param[count++] = 0; /* ready */ +- reply.a_param[count++] = 0; /* LK201 */ ++ if (screen-terminal_id = 200) { /* VT220 */ ++ reply.a_param[count++] = 27; ++ reply.a_param[count++] = 1; /* North American */ ++ if (screen-terminal_id = 400) { ++ reply.a_param[count++] = 0; /* ready */ ++ reply.a_param[count++] = 0; /* LK201 */ ++ } + } + break; + case 53: + /* Locator status */ ++ if (screen-terminal_id = 200) { /* VT220 */ + #if OPT_DEC_LOCATOR +- reply.a_param[count++] = 50;/* locator ready */ ++ reply.a_param[count++] = 50;/* locator ready */ + #else +- reply.a_param[count++] = 53;/* no locator */ ++ reply.a_param[count++] = 53;/* no locator */ + #endif ++ } ++ break; ++ default: + break; + } + +@@ -5525,11 +5536,13 @@ + init_Bres(screen.meta_sends_esc); + + init_Bres(screen.allowSendEvent0); ++init_Bres(screen.allowFontOp0); + init_Bres(screen.allowTitleOp0); + init_Bres(screen.allowWindowOp0); + + /* make a copy so that editres cannot change the resource after startup */ +
Processed: found 510030 in 222-1
Processing commands for cont...@bugs.debian.org: found 510030 222-1 Bug#510030: [CVE-2008-2383] xterm: DECRQSS and comments Bug marked as found in version 222-1. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510030: xterm: DECRQSS and comments
* Julien Cristau: I'm considering the below diff for lenny, please review and tell me whether this is ok for testing-security. If I read the patch correctly, you change the compiled-in defaults. This is fine, but is somewhat different from allowWindowOps approach in etch (which shipped a configuration file). etch - lenny updates should work as well and result in a conservative configuration choice. For reference, I've attached the patch I plan to apply to the etch4 version, to reintroduce font shifting support for those who need it. If you think we need to backport more changes in #238, I'm open to that, too. Index: git/ptyx.h === --- git.orig/ptyx.h 2009-01-02 21:35:07.0 +0100 +++ git/ptyx.h 2009-01-02 21:35:23.0 +0100 @@ -1345,8 +1345,10 @@ Boolean bellOnReset;/* bellOnReset */ Boolean visualbell; /* visual bell mode */ Boolean poponbell; /* pop on bell mode */ + Boolean allowFontOps; /* FontOps mode */ Boolean allowSendEvents;/* SendEvent mode */ Boolean allowWindowOps; /* WindowOps mode */ + Boolean allowFontOps0; /* initial FontOps mode */ Boolean allowSendEvent0;/* initial SendEvent mode */ Boolean allowWindowOp0; /* initial WindowOps mode */ Boolean awaitInput; /* select-timeout mode */ Index: git/charproc.c === --- git.orig/charproc.c 2009-01-02 21:35:07.0 +0100 +++ git/charproc.c 2009-01-02 21:35:23.0 +0100 @@ -394,6 +394,7 @@ static XtResource resources[] = { +Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOps0, False), Bres(XtNallowSendEvents, XtCAllowSendEvents, screen.allowSendEvent0, False), Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, True), Bres(XtNalwaysHighlight, XtCAlwaysHighlight, screen.always_highlight, False), @@ -5524,10 +5525,12 @@ init_Bres(screen.meta_sends_esc); init_Bres(screen.allowSendEvent0); +init_Bres(screen.allowFontOps0); init_Bres(screen.allowWindowOp0); /* make a copy so that editres cannot change the resource after startup */ wnew-screen.allowSendEvents = wnew-screen.allowSendEvent0; +wnew-screen.allowFontOps = wnew-screen.allowFontOps0; wnew-screen.allowWindowOps = wnew-screen.allowWindowOp0; #ifndef NO_ACTIVE_ICON Index: git/xterm.h === --- git.orig/xterm.h2009-01-02 21:35:07.0 +0100 +++ git/xterm.h 2009-01-02 21:35:23.0 +0100 @@ -325,6 +325,7 @@ /******/ #define XtNallowC1PrintableallowC1Printable +#define XtNallowFontOpsallowFontOps #define XtNallowSendEvents allowSendEvents #define XtNallowWindowOps allowWindowOps #define XtNalwaysHighlight alwaysHighlight @@ -463,6 +464,7 @@ #define XtNxmcMoveSGR xmcMoveSGR #define XtCAllowC1PrintableAllowC1Printable +#define XtCAllowFontOpsAllowFontOps #define XtCAllowSendEvents AllowSendEvents #define XtCAllowWindowOps AllowWindowOps #define XtCAlwaysHighlight AlwaysHighlight Index: git/xterm.man === --- git.orig/xterm.man 2009-01-02 21:35:23.0 +0100 +++ git/xterm.man 2009-01-02 21:35:23.0 +0100 @@ -1349,6 +1349,10 @@ Although this corresponds to no particular standard, some users insist it is a VT100. The default is ``false.'' +.TP +.B allowFontOps (\fPclass\fB AllowFontOps) +Specifies whether control sequences that set/query the font should be allowed. +The default is ``false.'' .TP 8 .B allowSendEvents (\fPclass\fB AllowSendEvents) Specifies whether or not synthetic key and button events (generated using Index: git/misc.c === --- git.orig/misc.c 2009-01-02 21:37:05.0 +0100 +++ git/misc.c 2009-01-02 21:37:15.0 +0100 @@ -1847,7 +1847,9 @@ case 50: #if OPT_SHIFT_FONTS - if (buf != 0 !strcmp(buf, ?)) { + if (!screen-allowFontOps xw-misc.shift_fonts) { + ; /* disabled via resource or control-sequence */ + } else if (buf != 0 !strcmp(buf, ?)) { int num = screen-menu_font_number; unparseputc1(xw, OSC); -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510348: Dillo removal
Moritz Muehlenhoff wrote: Neil McGovern wrote: A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Noone's trying to deprecate gtk1.2 for Lenny and for Squeeze the gtk2 based version can be uploaded. There were several efforts to reduce the dependency on gtk1.2, it's only unfortunate that most people were not convinced that we really wanted to get rid of gtk1.2 otherwise it would already have happened. Cheers Luk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508292: gkrellm-snmp should be licensed with OpenSSL exception clause
Hi, thanks for contacting me on this. I added the exception to the source code boiler plate text. See http://triq.net/gkrellm/gkrellm_snmp-1.1.tar.gz I also removed the SSL linking -- although this may break the plugin if libsnmp doesn't pull in the link dependancy itself (is this reliable on all systems these days?) Am 25.12.2008 um 22:17 schrieb David Paleino: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508292 Happy new year! regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508397: dietlibc: diff for NMU version 0.31-1.2
Simon McVittie wrote: tags 508397 + patch thanks I've prepared an NMU for dietlibc (versioned as 0.31-1.2) and uploaded it to unstable. As mentioned above I've verified the syscalls made via strace on i386, amd64 and alpha. On ia64, strace produces strange output for both glibc and dietlibc, but I've verified that my trivial umount can unmount with no flags and with MNT_DETACH (which is umount -l), and that the presence or absence of the MNT_DETACH flag does make it through to the kernel. I've also verified that util-vserver builds against my dietlibc on 4 architectures (i386, amd64, alpha and ia64), so once the buildds have woken up, this should unblock util-vserver's migration to testing. Release team, please consider letting dietlibc 0.31-1.2 migrate. Also, compilation of util-vserver on ia64 will need to be retried once my dietlibc becomes available to the buildd (let me know if I need to ping you later about this). unblocked dep-wait set, so no need to ping about that later. Cheers Luk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#505563: marked as done (Mozilla Thunderbird Multiple Vulnerabilities)
Your message dated Sat, 03 Jan 2009 19:32:13 + with message-id e1ljceh-0007bp...@ries.debian.org and subject line Bug#505563: fixed in icedove 2.0.0.19-1 has caused the Debian Bug report #505563, regarding Mozilla Thunderbird Multiple Vulnerabilities to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 505563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: icedove Severity: critical Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for Thunderbird: SA32715[1] Description: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. For more information: SA32693 The vulnerabilities are reported in versions prior to 2.0.0.18. Solution: The vulnerabilities will be fixed in the upcoming 2.0.0.18 version. The vendor recommends disabling JavaScript support. Original Advisory: http://www.mozilla.org/security/announce/2008/mfsa2008-48.html http://www.mozilla.org/security/announce/2008/mfsa2008-50.html http://www.mozilla.org/security/announce/2008/mfsa2008-52.html http://www.mozilla.org/security/announce/2008/mfsa2008-55.html http://www.mozilla.org/security/announce/2008/mfsa2008-56.html http://www.mozilla.org/security/announce/2008/mfsa2008-58.html Other References: SA32693[2] CVE reference: CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 If you fix the vulnerability please also make sure to include the the CVE id in the changelog entry. [1]http://secunia.com/advisories/32715/ [2]http://secunia.com/advisories/32693/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkcQtAACgkQNxpp46476ao5OwCeNCFW4/5lurndSIqfTBQtkC4i u6EAn0NS5yuBbdPRyHFDYxVdjEPKSIZI =41lt -END PGP SIGNATURE- ---End Message--- ---BeginMessage--- Source: icedove Source-Version: 2.0.0.19-1 We believe that the bug you reported is fixed in the latest version of icedove, which is due to be installed in the Debian FTP archive: icedove-dbg_2.0.0.19-1_amd64.deb to pool/main/i/icedove/icedove-dbg_2.0.0.19-1_amd64.deb icedove-dev_2.0.0.19-1_amd64.deb to pool/main/i/icedove/icedove-dev_2.0.0.19-1_amd64.deb icedove-gnome-support_2.0.0.19-1_amd64.deb to pool/main/i/icedove/icedove-gnome-support_2.0.0.19-1_amd64.deb icedove_2.0.0.19-1.diff.gz to pool/main/i/icedove/icedove_2.0.0.19-1.diff.gz icedove_2.0.0.19-1.dsc to pool/main/i/icedove/icedove_2.0.0.19-1.dsc icedove_2.0.0.19-1_amd64.deb to pool/main/i/icedove/icedove_2.0.0.19-1_amd64.deb icedove_2.0.0.19.orig.tar.gz to pool/main/i/icedove/icedove_2.0.0.19.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 505...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alexander Sack a...@debian.org (supplier of updated icedove package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 16:27:42 +0100 Source: icedove Binary: icedove icedove-gnome-support icedove-dbg icedove-dev Architecture: source amd64 Version: 2.0.0.19-1 Distribution: unstable Urgency: medium Maintainer: Ubuntu Mozilla Team ubuntu-mozillat...@lists.ubuntu.com Changed-By: Alexander Sack a...@debian.org Description: icedove- free/unbranded thunderbird mail/news/rss clone icedove-dbg - Debug Symbols for Icedove icedove-dev - Development files for Icedove icedove-gnome-support - Support for Gnome in Icedove Closes: 505563 Changes: icedove (2.0.0.19-1) unstable; urgency=medium . * New upstream security/stability update (v.2.0.0.18/2.0.0.19) Closes: 505563 2.0.0.18: * MFSA 2008-48 aka CVE-2008-5012 - Image stealing via canvas and HTTP redirect * MFSA 2008-50 aka CVE-2008-5014 - Crash and remote code execution via __proto__ tampering * MFSA 2008-52 aka CVE-2008-5017 - Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18); Browser engine crash in Firefox 2 and 3 * MFSA 2008-52 aka CVE-2008-5018 - Crashes with evidence of memory
Bug#510348: Dillo removal
On Sat, Jan 03, 2009 at 07:57:07PM +0100, Luk Claes wrote: Moritz Muehlenhoff wrote: Neil McGovern wrote: A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Noone's trying to deprecate gtk1.2 for Lenny and for Squeeze the gtk2 based version can be uploaded. There were several efforts to reduce the dependency on gtk1.2, it's only unfortunate that most people were not convinced that we really wanted to get rid of gtk1.2 otherwise it would already have happened. I'm fully aware of that, actually I was involved in getting GTK1.2 removed. But it's not a valid argument against dropping Dillo at this point. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#471158: marked as done (ships embedded copy of smarty with security bug)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-zc...@ries.debian.org and subject line Bug#471158: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #471158, regarding ships embedded copy of smarty with security bug to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 471158: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471158 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: grave Tags: security patch Hi, A security issue has been discovered in Smarty which is also shipped as part of Moodle: | The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used | by Serendipity (S9Y) and other products, allows attackers to call | arbitrary PHP functions via templates, related to a '0' character in | a search string. Please see the original bug in Smarty here: #469492. The patch is very straigtforward. The right solution here is to not ship Smarty as part of Moodle but make use of the smarty package that is already in the archive, because the security team now has to issue multiple DSA's for this single issue which is obviously problematic. Could you please take the following actions: * To address this bug for lenny and sid, please prepare a version of Moodle that works with the archive version of smarty; * For sarge and etch, please prepare updated packages addressing this bug and #432264, which is also still open in sarge/etch. thanks, Thijs pgpIjvOu8NYIg.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 471...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) * Fix text cleaning (MDL-10276) Files: d9a1fceaf316b608709be372d97e667a 793 web optional
Bug#489533: marked as done (moodle: CVE-2008-1502 _bad_protocol_once function allows XSS and possibly code execution)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-ze...@ries.debian.org and subject line Bug#489533: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #489533, regarding moodle: CVE-2008-1502 _bad_protocol_once function allows XSS and possibly code execution to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 489533: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489533 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for moodle. CVE-2008-1502[0]: | The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in | eGroupWare before 1.4.003 allows remote attackers to bypass HTML | filtering and conduct cross-site scripting (XSS) attacks via a string | containing crafted URL protocols. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Upstream advisory: http://moodle.org/mod/forum/discuss.php?d=95031 Patches: http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.581.4.10r2=1.581.4.11view=patch http://cvs.moodle.org/moodle/lib/kses.php?r1=1.3.12.3r2=1.3.12.4view=patch For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502 http://security-tracker.debian.net/tracker/CVE-2008-1502 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpAeEGpDpnTN.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 489...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) * Fix text cleaning (MDL-10276) Files:
Bug#500518: marked as done (ftpd: command line split (CSRF))
Your message dated Sat, 03 Jan 2009 19:52:23 + with message-id e1ljcxn-yz...@ries.debian.org and subject line Bug#500518: fixed in linux-ftpd-ssl 0.17.18+0.3-6etch1 has caused the Debian Bug report #500518, regarding ftpd: command line split (CSRF) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 500518: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500518 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: ftpd Version: 0.17-23 Severity: normal Similar to recent OpenBSD changes: http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y this Debian package seems vulnerable to the same issue (and I expect the solution here to be the same). See also: multiple vendor ftpd - Cross-site request forgery http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064697.html (My setting of severity on this bug is probably alarmist...) Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-pk02.19-svr Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ftpd depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries ii libpam-modules 0.79-5Pluggable Authentication Modules f ii libpam0g 0.79-5Pluggable Authentication Modules l ii netbase4.29 Basic TCP/IP networking system ftpd recommends no packages. -- debconf information: * ftpd/globattack: ---End Message--- ---BeginMessage--- Source: linux-ftpd-ssl Source-Version: 0.17.18+0.3-6etch1 We believe that the bug you reported is fixed in the latest version of linux-ftpd-ssl, which is due to be installed in the Debian FTP archive: ftpd-ssl_0.17.18+0.3-6etch1_i386.deb to pool/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-6etch1_i386.deb linux-ftpd-ssl_0.17.18+0.3-6etch1.diff.gz to pool/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-6etch1.diff.gz linux-ftpd-ssl_0.17.18+0.3-6etch1.dsc to pool/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-6etch1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 500...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ian Beckwith i...@erislabs.net (supplier of updated linux-ftpd-ssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sun, 07 Dec 2008 23:48:44 + Source: linux-ftpd-ssl Binary: ftpd-ssl Architecture: source i386 Version: 0.17.18+0.3-6etch1 Distribution: stable-proposed-updates Urgency: low Maintainer: Cai Qian caiq...@debian.org Changed-By: Ian Beckwith i...@erislabs.net Description: ftpd-ssl - FTP server with SSL encryption support Closes: 500518 Changes: linux-ftpd-ssl (0.17.18+0.3-6etch1) stable-proposed-updates; urgency=low . * Fix CVE-2008-4247, a cross-site request forgery caused by splitting long command lines (Closes: #500518). Files: aa4958bf1cd39f0f0efc4ce97f836a5d 647 net extra linux-ftpd-ssl_0.17.18+0.3-6etch1.dsc 2a139a000b0a7ed888a13e3a30dd8647 7101 net extra linux-ftpd-ssl_0.17.18+0.3-6etch1.diff.gz ff499eeb9d79ec213ca47aee5f89d38c 50058 net extra ftpd-ssl_0.17.18+0.3-6etch1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklT6oAACgkQ97LBwbNFvdMx1wCfXjrZJObnQoP35M/Hx0WwUarl 2hcAn3WUZ8Upz9ds6XOEKt3nKgsTDAK/ =12m+ -END PGP SIGNATURE- ---End Message---
Bug#504235: marked as done (CVE-2008-4796: missing input sanitising in embedded copy of Snoopy.class.php)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-zk...@ries.debian.org and subject line Bug#504235: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #504235, regarding CVE-2008-4796: missing input sanitising in embedded copy of Snoopy.class.php to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 504235: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504235 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: grave Version: 1.8.2-1.3 Tags: security, patch Hi, The following CVE (Common Vulnerabilities Exposures) id was published for snoopy, which affects the embedded copy shipped by moodle [0]. CVE-2008-4796[1]: The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. NOTE: some of these details are obtained from third party information. The patch for Snoopy.class.php can be found at [2]. However, it would be better if moodle just depended on libphp-snoopy (available in lenny) and the include/require calls changed to use the copy provided by that package, to avoid shipping yet another embedded code copy. If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [0] usr/share/moodle/lib/snoopy/Snoopy.class.inc [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796 http://security-tracker.debian.net/tracker/CVE-2008-4796 [2] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 504...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST
Bug#429339: marked as done (Needs to use libphp-phpmailer)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-z8...@ries.debian.org and subject line Bug#429339: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #429339, regarding Needs to use libphp-phpmailer to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 429339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: serious Your package includes a copy of PHPMailer, which also is packaged as libphp-phpmailer in the archive. You need to fix your package to use the system-wide library. Otherwise it requires too much overhead whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215) -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: lang=de_de.ut...@euro, lc_ctype=de_de.ut...@euro (charmap=UTF-8) ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 429...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) * Fix text cleaning (MDL-10276) Files: d9a1fceaf316b608709be372d97e667a 793 web optional moodle_1.6.3-2+etch1.dsc 2f9f3fcf83ab0f18c409f3a48e07eae2 7465709 web optional moodle_1.6.3.orig.tar.gz d29c179786ca1dcadf232c5e9a601362 24019 web optional moodle_1.6.3-2+etch1.diff.gz 9a5fb5924faa639952c3171665bc347d 6592474 web optional moodle_1.6.3-2+etch1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJSXpJScUZKBnQNIYRAgkFAJ48I/8WdCMlHOtKE/sCCokWC0QoQQCgoAPn tNg4aPFgcra3nrjVkfxD/oA= =XHA/ -END PGP SIGNATURE- ---End Message---
Bug#510030: marked as done ([CVE-2008-2383] xterm: DECRQSS and comments)
Your message dated Sat, 03 Jan 2009 19:52:20 + with message-id e1ljcxk-xa...@ries.debian.org and subject line Bug#510030: fixed in xterm 222-1etch3 has caused the Debian Bug report #510030, regarding [CVE-2008-2383] xterm: DECRQSS and comments to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xterm Version: 222-1etch2 Severity: grave Tags: security patch Justification: user security hole DECRQSS Device Control Request Status String DCS $ q simply echoes (responds with) invalid commands. For example, perl -e 'print \eP\$q\nbad-command\n\e\\' would run bad-command. Exploitability is the same as for the window title reporting issue in DSA-380: include the DCS string in an email message to the victim, or arrange to have it in syslog to be viewed by root. The attached patch should fix the problem. --- The default allowWindowOps is false (as should be), but the man page says the default is true. The man page should also mention that turning it on is a security risk, to avoid regression e.g. as per http://bugs.debian.org/384593 http://www.debian.org/security/2003/dsa-380 and also the much older http://www.maths.usyd.edu.au/u/psz/securedu.html#xterm (and private message to xterm maintainers on 9 Mar 2000, seems only grep PSz main.c remains). --- Ubuntu still allows window title reporting, and is vulnerable to perl -e 'print \e\]0;;bad-command;\a\e\[21t' --- I wonder whether the following are handled and/or dangerous: set X property perl -e 'print \e\]3;XTerm.vt100.allowWindowOps=1\e\\' set, get font perl -e 'print \e\]50;bad-command\e\\,\e\]50;?\e\\' UDK setting perl -e 'print \eP1;1|17/0a6261642d636f6d6d616e640a\e\\' then trick user to press F key, or perl -e 'print \eP+q584b5f434f4c524f53\e\\' Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24-pk03.02-svr Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages xterm depends on: ii libc6 2.3.6.ds1-13etch8 GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libice61:1.0.1-2 X11 Inter-Client Exchange library ii libncurses55.5-5 Shared libraries for terminal hand ii libsm6 1:1.0.1-3 X11 Session Management library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxaw71:1.0.2-4 X11 Athena Widget library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft22.1.8.2-8 FreeType-based font drawing librar ii libxmu61:1.0.2-2 X11 miscellaneous utility library ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii xbitmaps 1.0.1-2 Base X bitmaps Versions of packages xterm recommends: ii xutils 1:7.1.ds.3-1 X Window System utility programs -- no debconf information --- misc.c.bak 2006-10-18 07:23:20.0 +1000 +++ misc.c 2008-12-29 07:06:25.0 +1100 @@ -2259,11 +2259,12 @@ unparseputc1(xw, DCS); unparseputc(xw, okay ? '1' : '0'); unparseputc(xw, '$'); unparseputc(xw, 'r'); - if (okay) + if (okay) { cp = reply; - unparseputs(xw, cp); + unparseputs(xw, cp); + } unparseputc1(xw, ST); } else { unparseputc(xw, CAN); } ---End Message--- ---BeginMessage--- Source: xterm Source-Version: 222-1etch3 We believe that the bug you reported is fixed in the latest version of xterm, which is due to be installed in the Debian FTP archive: xterm_222-1etch3.diff.gz to pool/main/x/xterm/xterm_222-1etch3.diff.gz xterm_222-1etch3.dsc to pool/main/x/xterm/xterm_222-1etch3.dsc xterm_222-1etch3_amd64.deb to pool/main/x/xterm/xterm_222-1etch3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and the maintainer will
Bug#508026: marked as done (register_globals on is not supported)
Your message dated Sat, 03 Jan 2009 19:52:31 + with message-id e1ljcxv-bg...@ries.debian.org and subject line Bug#508026: fixed in phppgadmin 4.0.1-3.1etch1 has caused the Debian Bug report #508026, regarding register_globals on is not supported to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: phppgadmin Version: 4.0.1-3.1 Severity: grave Tags: security Hi, A vulnerability that allows an attacker to perform a local files inclusion attack in phpPgAdmin has been exposed at [1]. Note that the vulnerability can only be exploited when register_globals=on (which is the default in /etc/phppgadmin/apache.conf). If you fix the vulnerability please also make sure to include the CVE id in the changelog entry, when one is assigned. [1]http://www.milw0rm.com/exploits/7363 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: phppgadmin Source-Version: 4.0.1-3.1etch1 We believe that the bug you reported is fixed in the latest version of phppgadmin, which is due to be installed in the Debian FTP archive: phppgadmin_4.0.1-3.1etch1.diff.gz to pool/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1.diff.gz phppgadmin_4.0.1-3.1etch1.dsc to pool/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1.dsc phppgadmin_4.0.1-3.1etch1_all.deb to pool/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Giuseppe Iuculano giuse...@iuculano.it (supplier of updated phppgadmin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 23 Dec 2008 18:19:59 +0100 Source: phppgadmin Binary: phppgadmin Architecture: source all Version: 4.0.1-3.1etch1 Distribution: stable-security Urgency: high Maintainer: Isaac Clerencia is...@debian.org Changed-By: Giuseppe Iuculano giuse...@iuculano.it Description: phppgadmin - Set of PHP scripts to administrate PostgreSQL over the WWW Closes: 427151 449103 508026 Changes: phppgadmin (4.0.1-3.1etch1) stable-security; urgency=high . * Non-maintainer upload. * debian/patches/01_CVE-2008-5587.dpatch: Unset language variable before determine file includes (Closes: #508026), and fix local file inclusion vulnerability (CVE-2008-5587) * debian/patches/02_CVE-2007-2865_CVE-2007-5728.dpatch: Backported upstream patch to fix XSS vulnerability (Closes: #427151) (Closes: #449103) (CVE-2007-2865, CVE-2007-5728) Files: e6dea463d597f6dda40d774820e3bb03 890 web extra phppgadmin_4.0.1-3.1etch1.dsc eedac65ce5d73aca2f92388c9766ba1b 703673 web extra phppgadmin_4.0.1.orig.tar.gz 1cbe0f619e65a8c49894e8c0fe015fb5 15678 web extra phppgadmin_4.0.1-3.1etch1.diff.gz 1f5b68f6be269eb3c10646cd8d69c31c 704386 web extra phppgadmin_4.0.1-3.1etch1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSVTf4Wz0hbPcukPfAQLxNwf+M87yBiWJ1T6xHGZQyFl7PSLcJo2xapRu pYPWXV/I9VPjz1gglrCP9SsS6sNfruMGNZZ47mtwlLK/ak/SSyxU2tVPoLPcTAu1 oackQkEUtZNKvhJvZBxzvO+qz7GqgpPgvpp/KRbusr6JAcW0RZZ++2gwjghSy5ej ALbzf4mH+Mcaw9iwxn5+Y60y2iPfXaLy0P19fAsruJ+IU+bal+ijgPMyIYIyNXje Jke6g9mZAgDJSesPjiyfzhSxyatO7zM+JlylZbmkC7KJSZhYvu5V8X1MnP6ve5pI 4xyEu7OAm53xrUAVRtMXzC7snUJzgNxTREoVfaRw13iQYiA4gCwyAg== =PXUO -END PGP SIGNATURE- ---End Message---
Bug#432264: marked as done (XSS vulnerability)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-za...@ries.debian.org and subject line Bug#432264: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #432264, regarding XSS vulnerability to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 432264: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432264 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Severity: serious Tags: security Original Message Subject: Notice about two security vulnerabilities and Moodle 1.8.2 Resent-Date: Sun, 8 Jul 2007 23:56:15 +0200 (CEST) Resent-From: Sven Olofsson DSV, SU/KTH sv...@dsv.su.se Resent-To: Per Olofsson pe...@dsv.su.se Date: Mon, 9 Jul 2007 00:21:56 +0800 From: Martin Dougiamas nore...@moodle.org Reply-To: Do not reply to this email nore...@moodle.org To: moodle-ad...@dsv.su.se Hi all, You're receiving this message because you have registered at least one Moodle site with moodle.org. We just want to let you know that a couple of XSS (cross-site scripting) security issues were fixed recently. These could be exploited by a student or some other user placing malicious links into your Moodle content to gain access to your account (if you click on them). The bugs are fixed in Moodle 1.8.2 (available for download) and have been backported to all recent branches, so at the very least upgrade to the latest 1.6+ or 1.7+. Upgrading is recommended as at least one of these vulnerabilities has been published widely. More details on http://security.moodle.org [ http://security.moodle.org ] Cheers, Martin (Moodle Lead Developer) -- Pelle ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 432...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in
Bug#508593: marked as done (CVE-2008-5432: Cross-site scripting (XSS) vulnerability via a Wiki page name)
Your message dated Sat, 03 Jan 2009 19:52:25 + with message-id e1ljcxp-zo...@ries.debian.org and subject line Bug#508593: fixed in moodle 1.6.3-2+etch1 has caused the Debian Bug report #508593, regarding CVE-2008-5432: Cross-site scripting (XSS) vulnerability via a Wiki page name to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508593 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: moodle Version: 1.6.3-2 Severity: grave Tags: security Hi, The following CVE (Common Vulnerabilities Exposures) id was published for moodle. CVE-2008-5432[1]: Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5432 http://security-tracker.debian.net/tracker/CVE-2008-5432 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: moodle Source-Version: 1.6.3-2+etch1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive: moodle_1.6.3-2+etch1.diff.gz to pool/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz moodle_1.6.3-2+etch1.dsc to pool/main/m/moodle/moodle_1.6.3-2+etch1.dsc moodle_1.6.3-2+etch1_all.deb to pool/main/m/moodle/moodle_1.6.3-2+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier franc...@debian.org (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 17 Dec 2008 14:38:28 +1300 Source: moodle Binary: moodle Architecture: source all Version: 1.6.3-2+etch1 Distribution: stable-security Urgency: high Maintainer: Moodle Packaging Team moodle-packag...@catalyst.net.nz Changed-By: Francois Marier franc...@debian.org Description: moodle - Course Management System for Online Learning Closes: 429190 429339 432264 471158 489533 492492 494642 504235 504345 508593 Changes: moodle (1.6.3-2+etch1) stable-security; urgency=high . * Adopt orphaned package (closes: #494642) . [ Francois Marier ] * Fix vulnerabilities in embedded copy of smarty (CVE-2008-1066, CVE-2008-4811, CVE-2008-4810) (closes: #471158, #504345) * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235) * Patch XSS scripting bug in blog/edit (CVE-2008-3326, closes: #492492) * Patch CSRF in edit profile page (CVE-2008-3325) * Patch XSS bug in kses (CVE-2008-1502, closes: #489533) * Patch XSS bug in user search page (CVE-2007-3555, closes: #432264) * Patch security bug in the embedded (and customised) copy of phpmailer (CVE-2007-3215, closes: #429339, #429190) . [ Dan Poltawski ] * Patch SQL injection bug in hotpot module (MSA-08-0010) * Patch privilege escalation bug in moodle core (MSA-08-0001) * Patch CSRF bug in message settings page (MSA-08-0023) * Patch XSS bug in wiki page titles (CVE-2008-5432, closes: #508593) * Patch XSS bug in string cleaning functions (MSA-08-0021) * Patch XSS bug in RSS feeds * Fix parameter cleaning in forum user page * Fix critical security hole which allows any user to reset a users password (MDL-7755) * Fix XSS bug in login block (MDL-8849) * Fix insufficient cleaning of PARAM_HOST (MDL-12793) * Fix XSS bug in logged urls (MDL-11414) * Fix uncleaned params in wiki (MDL-14806) * Fix text cleaning (MDL-10276) Files: d9a1fceaf316b608709be372d97e667a 793 web optional moodle_1.6.3-2+etch1.dsc 2f9f3fcf83ab0f18c409f3a48e07eae2 7465709 web optional moodle_1.6.3.orig.tar.gz d29c179786ca1dcadf232c5e9a601362 24019 web optional moodle_1.6.3-2+etch1.diff.gz 9a5fb5924faa639952c3171665bc347d 6592474 web optional moodle_1.6.3-2+etch1_all.deb -BEGIN PGP
Bug#509292: rsyslog: random crashes with remote logging
Juha Koho wrote: Hello again, now I manually ran rsyslogd reload in the server and I managed to crash rsyslog and here's the last lines of the debug output. Hopefully this helps. This happened when I just ran /etc/init.d/rsyslogd reload. Hi Juha, I can reproduce this segfault when I use the $AllowedSender directive in rsyslog.conf and reload rsyslogd. rsyslog is reloaded daily via the cron job, which might explain your regular crashes. Could you please verify, that you no longer get the crashes, if you remove the $AllowedSender directive, so I can be sure that we are on the same track. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#510348: Dillo removal
On Sat, Jan 03, 2009 at 08:55:54PM +0100, Moritz Muehlenhoff wrote: On Sat, Jan 03, 2009 at 07:57:07PM +0100, Luk Claes wrote: Moritz Muehlenhoff wrote: Neil McGovern wrote: A 30 second peek into the rules files shows that there's even a configure option to disable SSL support... It also seems to be gtk1.2, which was the other reason for removal. I'm not sure that the requirement to bring in gtk1.2 helps the case for a lightweight browser, especially as we're trying to remove gtk1. Noone's trying to deprecate gtk1.2 for Lenny and for Squeeze the gtk2 based version can be uploaded. There were several efforts to reduce the dependency on gtk1.2, it's only unfortunate that most people were not convinced that we really wanted to get rid of gtk1.2 otherwise it would already have happened. I'm fully aware of that, actually I was involved in getting GTK1.2 removed. But it's not a valid argument against dropping Dillo at this point. Apologies, I may not have made it clear: I don't consider a browser without ssl support to be well featured enough for us. We've finally removed the rest of the ones that don't support it, and I'm not keen to introduce another. If you can fix this bug, then I'll look at reintroducing it. Thanks, Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510235: marked as done (libvirt-bin: virt-manager unable to connect to libvirtd as r/w (full VM management) on a local connection)
Your message dated Sat, 3 Jan 2009 21:49:51 +0100 with message-id 20090103204951.ga23...@bogon.ms20.nix and subject line fixed in 0.6.0 has caused the Debian Bug report #510235, regarding libvirt-bin: virt-manager unable to connect to libvirtd as r/w (full VM management) on a local connection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510235: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510235 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libvirt-bin Version: 0.4.6-10 Severity: grave Justification: renders package unusable *** Please type your report below this line *** After the upgrade of libvirt-bin from 0.4.6-9 to 0.4.6-10 virt-manager cannot connect to libvirtd using the r/w socket on a local connection. The changelog date is: -- Guido Günther a...@sigxcpu.org Thu, 18 Dec 2008 16:59:45 +0100 With the previous version it had no problems. I have tested with my previous config and as a fresh install of libvirt-bin and kvm. Same error: The error shown is: Traceback (most recent call last): File /usr/share/virt-manager/virtManager/engine.py, line 472, in run_domain vm.startup() File /usr/share/virt-manager/virtManager/domain.py, line 379, in startup self.vm.create() File /usr/lib/python2.5/site-packages/libvirt.py, line 262, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: operation virDomainCreate forbidden for read only access My libvirtd.conf is the default from package install, the only enabled options are (all the other are in their default state): unix_sock_group = libvirt unix_sock_rw_perms = 0770 auth_unix_ro = none auth_unix_rw = none /etc/group: libvirt:x:113:miguel My groups: mig...@laptop:~$ groups miguel dialout cdrom floppy audio video plugdev netdev powerdev libvirt I'm not using tls, tcp, sals or policykit. Just the normal socket connection with group authentication for normal users. The user I'm trying to connect with is part of the libvirt group. How to reproduce: Install kvm and virt-manager, with all its dependencies: # aptitude install kvm virt-manager Verify that the libvirtd daemon is running with the default config: # ps ax| grep libvirtd Add a normal user to the libvirtd group (miguel in this case): # adduser miguel libvirtd As the normal user run virt-manager (from command line or from menu): # virt-manager You can only see the VMs (R/O mode: monitoring VM status only). That is, you cannot start/stop/pause the VM (R/W mode: full VM management). In the previous version you could. Now, as root, and using virsh you can start and stop the VM: laptop:~# virsh start WindowsXP Domain WindowsXP started laptop:~# virsh shutdown WindowsXP Domain WindowsXP is being shutdown The VM start and stop correctly and I can view it and use it with virt-manager (in R/O mode) But as normal user you can't start it: mig...@laptop:~$ virsh start WindowsXP Cannot set group when not running as root libvir: QEMU error : Domain not found libvir: QEMU error : Domain not found error: failed to get domain 'WindowsXP' Another thing I noticed, the previous version used to start the dnsmasq automatically (I had ENABLED=0 in /etc/default/dnsmasq). This versión doesn't start dnsmasq and therefore denies network capabilities to the VMs. Workaround: Kind of workaround. You can start the VM as root when you need them. Also you can mark them for autostart in Details|Hardware|Boot Options|Autostart VM. But there will be no network unless you can start properly dnsmasq to handle it. -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=es_MX.UTF-8, LC_CTYPE=es_MX.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libvirt-bin depends on: ii adduser3.110 add and remove users and groups ii libavahi-client3 0.6.22-3 Avahi client library ii libavahi-common3 0.6.22-3 Avahi common library ii libc6 2.7-16GNU C Library: Shared libraries ii libdbus-1-31.2.1-4 simple interprocess messaging syst ii libgcrypt111.4.1-1 LGPL Crypto library - runtime libr ii libgnutls262.4.2-4 the GNU TLS library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libpolkit-dbus20.8-2 library for accessing
Bug#510274: Reproduced in Lenny
On Sat, 3 Jan 2009 18:37:55 +0100 Cyril Brulebois k...@debian.org wrote: Hello (back) Peter, sorry for the messy-looking mail, but people still didn't get how the BTS work; that's why I'm fully quoting the mail. Neil Williams codeh...@debian.org (03/01/2009): For every presentation I try to start (sample.mpg, sendmail6.mpg, v6.mpg), mgp dies with an X error. I've reproduced this on several systems (including one running pure testing). This might be the same bug as #400105, though in that report the error message is different. I can't reproduce this problem with mgp 1.13b-2 (the version in unstable). $ rmadison mgp mgp |1.11b-7 | etch-m68k | source, m68k mgp |1.11b-7 |stable | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc mgp | 1.11b-7 | testing | source, alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc mgp |1.11b-7 | unstable | m68k mgp |1.13a-1 | unstable | source, alpha, amd64, arm, armel, hppa, hurd-i386, i386, ia64, mips, mipsel, powerpc, s390, sparc Unstable has 1.13a-1 - have you been able to test that version? Yes, that version works for me. (1.13b-2 obviously doesn't exist, sorry for the confusion.) -- Peter De Wachter -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508292: gkrellm-snmp should be licensed with OpenSSL exception clause
On Sat, 3 Jan 2009 20:05:36 +0100, Christian Zuckschwerdt wrote: Hi, thanks for contacting me on this. I added the exception to the source code boiler plate text. See http://triq.net/gkrellm/gkrellm_snmp-1.1.tar.gz I also removed the SSL linking -- although this may break the plugin if libsnmp doesn't pull in the link dependancy itself (is this reliable on all systems these days?) If you added the exception clause, you could have linked SSL without problems :) Thank you for working on this! Happy new year! To you too :) Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature
Processed: gkrellm-snmp: diff for NMU version 1.1-1.1
Processing commands for cont...@bugs.debian.org: tags 508292 + patch Bug#508292: gkrellm-snmp links against openssl without exception There were no tags set. Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508292: gkrellm-snmp: diff for NMU version 1.1-1.1
tags 508292 + patch thanks Dear maintainer, I've prepared an NMU for gkrellm-snmp (versioned as 1.1-1.1), which contains the clarified license by the upstream author. Please tell me if I can proceed with the NMU, I'm going to ask debian-release if it's suitable for a testing-proposed-updates upload. Regards, David Paleino diff -Nru gkrellm-snmp-1.0/ChangeLog gkrellm-snmp-1.1/ChangeLog --- gkrellm-snmp-1.0/ChangeLog 2006-05-25 16:40:35.0 +0200 +++ gkrellm-snmp-1.1/ChangeLog 2009-01-03 18:43:32.0 +0100 @@ -1,5 +1,9 @@ GKrellM_SNMP Changelog: +1.1 (2009-01-03) + - License clarification (thanks to Debian maintainers) + - Removed unnecessary linking to libssl + 1.0 (2006-05-01) - Makefile changes for OS-X (thanks to Mark Duling) - Added grid config to charts diff -Nru gkrellm-snmp-1.0/debian/changelog gkrellm-snmp-1.1/debian/changelog --- gkrellm-snmp-1.0/debian/changelog 2009-01-03 22:27:07.0 +0100 +++ gkrellm-snmp-1.1/debian/changelog 2009-01-03 22:27:07.0 +0100 @@ -1,3 +1,12 @@ +gkrellm-snmp (1.1-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * New upstream release, author added OpenSSL exemption to his +licensing (Closes: #508292) + * debian/copyright updated with the new information. + + -- David Paleino d.pale...@gmail.com Sat, 03 Jan 2009 22:21:42 +0100 + gkrellm-snmp (1.0-1.1) unstable; urgency=low * Non-maintainer upload. diff -Nru gkrellm-snmp-1.0/debian/copyright gkrellm-snmp-1.1/debian/copyright --- gkrellm-snmp-1.0/debian/copyright 2009-01-03 22:27:07.0 +0100 +++ gkrellm-snmp-1.1/debian/copyright 2009-01-03 22:27:07.0 +0100 @@ -7,23 +7,33 @@ Upstream Author: Christian W. Zuckschwerdt z...@triq.net -Copyright: Copyright (C) 2000-2006 Christian W. Zuckschwerdt z...@triq.net +Copyright: Copyright (C) 2000-2009 Christian W. Zuckschwerdt z...@triq.net License: -- -This program is free software which I release under the GNU General Public -License. You may redistribute and/or modify this program under the terms -of that license as published by the Free Software Foundation; either -version 2 of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -To get a copy of the GNU General Puplic License, write to the Free -Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -02110-1301, USA. + GKrellM_SNMP is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with the OpenSSL library, + and distribute linked combinations including the two. + You must obey the GNU General Public License in all respects + for all of the code used other than OpenSSL. If you modify + file(s) with this exception, you may extend this exception to your + version of the file(s), but you are not obligated to do so. If you + do not wish to do so, delete this exception statement from your + version. If you delete this exception statement from all source + files in the program, then also delete it here. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GKrellM_SNMP. If not, see http://www.gnu.org/. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. diff -Nru gkrellm-snmp-1.0/FAQ gkrellm-snmp-1.1/FAQ --- gkrellm-snmp-1.0/FAQ2006-05-25 16:43:55.0 +0200 +++ gkrellm-snmp-1.1/FAQ2009-01-03 19:41:46.0 +0100 @@ -1,5 +1,5 @@ GKrellM_SNMP FAQ: - += I've downloaded v0.9 of GKrellM_SNMP, and it seams like i'm missing crypto libs... Where can i get them? diff -Nru gkrellm-snmp-1.0/gkrellm_snmp.c gkrellm-snmp-1.1/gkrellm_snmp.c --- gkrellm-snmp-1.0/gkrellm_snmp.c 2006-05-25 16:50:35.0 +0200 +++ gkrellm-snmp-1.1/gkrellm_snmp.c 2009-01-03 19:50:54.0 +0100 @@ -1,22 +1,32 @@ /* SNMP reader plugin for GKrellM -| Copyright (C) 2000-2006 Christian W. Zuckschwerdt z...@triq.net +| Copyright (C) 2000-2009 Christian W. Zuckschwerdt z...@triq.net | | Author: Christian W. Zuckschwerdt z...@triq.net http://triq.net/ | Latest versions might be found at: http://gkrellm.net/ | -|
Bug#510629: Argument parsing silently fails on 64 bit machines
Package: minc-tools Version: 2.0.16-3 Severity: grave Tags: pending The argument parsing for libminc (affecting all minc tools) is broken on 64 bit machines. I have a fix for this, and will upload later today. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages minc-tools depends on: ii csh [c-shell] 20070713-1Shell with C-like syntax, standard ii imagemagick7:6.3.7.9.dfsg1-3 image manipulation programs ii libc6 2.7-16GNU C Library: Shared libraries ii libgetopt-tabular-perl 0.3-1 table-driven argument parsing for ii libhdf5-openmpi-1.6.6- 1.6.6-4 Hierarchical Data Format 5 (HDF5) ii libminc2-1 2.0.16-3 MNI medical image format library ii libnetcdf4 1:3.6.2-3.1 An interface for scientific data a ii libtext-format-perl0.52-21 Perl module for formatting (text) ii netcdf-bin 1:3.6.2-3.1 Programs for reading and writing N ii tcsh [c-shell] 6.14.00-7 TENEX C Shell, an enhanced version ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime minc-tools recommends no packages. minc-tools suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#508292: T-P-U upload for gkrellm-snmp
Hello Release Managers, regarding bug #508292 (in short: OpenSSL exemption clause missing in GPL-licensed code), I've contacted the upstream author, and he released a new upstream version (1.1) with the added exemption clause: On Sat, 3 Jan 2009 20:05:36 +0100, Christian Zuckschwerdt wrote: Hi, thanks for contacting me on this. I added the exception to the source code boiler plate text. See http://triq.net/gkrellm/gkrellm_snmp-1.1.tar.gz I also removed the SSL linking -- although this may break the plugin if libsnmp doesn't pull in the link dependancy itself (is this reliable on all systems these days?) (the mail is recorded in the BTS) The code only differs from 1.0 by this added clause, the removed SSL linking, and some documentation changes (i.e. ~ changed to $HOME, and other similar) I've contacted the maintainer for a NMU: will I be allowed to upload (-- ask for sponsorship in) testing-proposed-updates? See the attached debdiff between 1.0-1.1 and 1.1-1.1. Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 gkrellm-snmp_1.0-1.1_1.1-1.1_NMU.diff.gz Description: GNU Zip compressed data signature.asc Description: PGP signature
Processed: your mail
Processing commands for cont...@bugs.debian.org: severity 510628 serious Bug#510628: bluemon: DBus config doesn't allow Introspection Severity set to `serious' from `normal' block 503532 by 510628 Bug#510628: bluemon: DBus config doesn't allow Introspection Bug#503532: send_requested_reply=true allows all non-reply messages Was not blocked by any bugs. Bug#508032: CVE-2008-4311 vulnerability Blocking bugs of 503532 added: 510628 tag 510628 pending Bug#510628: bluemon: DBus config doesn't allow Introspection There were no tags set. Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510274: Reproduced in Lenny
On Sat, 3 Jan 2009 21:47:15 +0100 Peter De Wachter pdewa...@gmail.com wrote: Neil Williams codeh...@debian.org (03/01/2009): For every presentation I try to start (sample.mpg, sendmail6.mpg, v6.mpg), mgp dies with an X error. I've reproduced this on several systems (including one running pure testing). This might be the same bug as #400105, though in that report the error message is different. I can't reproduce this problem with mgp 1.13b-2 (the version in unstable). $ rmadison mgp mgp |1.11b-7 | etch-m68k | source, m68k mgp |1.11b-7 |stable | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc mgp | 1.11b-7 | testing | source, alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc mgp |1.11b-7 | unstable | m68k mgp |1.13a-1 | unstable | source, alpha, amd64, arm, armel, hppa, hurd-i386, i386, ia64, mips, mipsel, powerpc, s390, sparc Unstable has 1.13a-1 - have you been able to test that version? Yes, that version works for me. (1.13b-2 obviously doesn't exist, sorry for the confusion.) Subsequent to that email, I did verify that 1.13a-1 is apparently OK. However, the changes between that and Lenny are too numerous to be considered for migration to fix this bug. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510274#17 mgp has now been requested for removal from Lenny. The version in unstable will then migrate after the Lenny release and possibly be available via backports. Note that mgp is still orphaned, see #509644, so someone would probably need to adopt it to arrange a backport. -- Neil Williams = http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/ pgpHNUYMtSsfd.pgp Description: PGP signature
Processed: Re: Bug#510484: Downgrading
Processing commands for cont...@bugs.debian.org: severity 510484 normal Bug#510484: pm-utils: FHS violation Severity set to `normal' from `serious' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510484: Downgrading
severity 510484 normal thanks Bernd Zeimetz wrote: severity 510484 serious thanks Not CCing the submitter or letting the BTS mail the submitter when you reply to a bug is *not* the right way to go. The files are tiny, relatively, I don't see that this is release-critical. There are a lot of packages that would fall over this issue. The policy, especially the FHS, does *NOT* talk about the size of files. As other packages start to provide additional scripts for pm-utils, this bug should be fixed as soon as possible. If other packages do it wrong, you should file RC bugs against them. A policy was not written to make exceptions form it whenever you like to. This is copied from the FHS regarding /usr/share: It is recommended that application-specific, architecture-independent directories be placed here. Such directories include groff, perl, ghostscript, texmf, and kbd (Linux) or syscons (BSD). They may, however, be placed in /usr/lib for backwards compatibility, at the distributor's discretion. Similarly, a /usr/lib/games hierarchy may be used in addition to the /usr/share/games hierarchy if the distributor wishes to place some game data there. nowhere in the FHS it is said, that the shell scripts *have* to be placed in /usr/share. The Debian policy in 9.1 doesn't substantiate any special rules regarding /usr/lib and /usr/share, thus I don't see the severity of serious justified so downgrading back to normal. I don't consider the pm-utils shell scripts to be configuration files, users should not need to edit them. There is a separate mechanism though for users to extend/overwrite scrips via /etc/pm/ though. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#510633: powersaved: Doesn't enable introspection in dbus config file
Package: powersaved Version: 0.15.20-3 Severity: serious The fix for #503532 means that powersaved will stop responding to introspection because it is not allowed in the config file. There may be other problems which I haven't checked yet, but this bug definitely needs to be fixed. Anyone fixing this should check that all methods which should be allowed are allowed in the configuration. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: aoeu
Processing commands for cont...@bugs.debian.org: block 503532 by 510633 Bug#510633: powersaved: Doesn't enable introspection in dbus config file Bug#503532: send_requested_reply=true allows all non-reply messages Was blocked by: 510628 Bug#508032: CVE-2008-4311 vulnerability Blocking bugs of 503532 added: 510633 thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510628: marked as done (bluemon: DBus config doesn't allow Introspection)
Your message dated Sat, 03 Jan 2009 22:17:03 + with message-id e1ljenn-0003uq...@ries.debian.org and subject line Bug#510628: fixed in bluemon 1.4-5 has caused the Debian Bug report #510628, regarding bluemon: DBus config doesn't allow Introspection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510628: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: bluemon Version: 1.4-3 Severity: normal The fix to #503532 which is required for Lenny will also break this. Upload coming shortly to fix -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Source: bluemon Source-Version: 1.4-5 We believe that the bug you reported is fixed in the latest version of bluemon, which is due to be installed in the Debian FTP archive: bluemon_1.4-5.diff.gz to pool/main/b/bluemon/bluemon_1.4-5.diff.gz bluemon_1.4-5.dsc to pool/main/b/bluemon/bluemon_1.4-5.dsc bluemon_1.4-5_amd64.deb to pool/main/b/bluemon/bluemon_1.4-5_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthew Johnson mj...@debian.org (supplier of updated bluemon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 21:31:53 + Source: bluemon Binary: bluemon Architecture: source amd64 Version: 1.4-5 Distribution: unstable Urgency: high Maintainer: mj...@debian.org Changed-By: Matthew Johnson mj...@debian.org Description: bluemon- Activate or deactivate programs based on Bluetooth link quality Closes: 510628 Changes: bluemon (1.4-5) unstable; urgency=high . * Add fix-system-bus-permissions.diff so that it works with the fixed dbus (Closes: #510628) * Urgency high because it blocks #503532 * Adding a dependency on quilt to apply the patch Checksums-Sha1: 71a4c19cb9ac645198c550a0f2a2f89a13f67b5f 1010 bluemon_1.4-5.dsc 277da679abb0a19690169ce305b74dbd3ca1a6df 4990 bluemon_1.4-5.diff.gz b5561ea2e8cb345d8759cdd67f02634542512e99 26810 bluemon_1.4-5_amd64.deb Checksums-Sha256: bddd254e22b7ffdeeb6a7d90e83c7cf0663f22b0da3064a86ea55789c20edc6e 1010 bluemon_1.4-5.dsc d4a5e743f3186b37b4dda207bf5220d83680816ba0a620486399e04925d225ef 4990 bluemon_1.4-5.diff.gz b37dff1e2a2e3dc4ff19ab502dadf4bff951aa3fb0bf108fbd86d98274af1f9a 26810 bluemon_1.4-5_amd64.deb Files: 7c510761998ba680e65797c6fb9f152d 1010 net optional bluemon_1.4-5.dsc 86857c9a640421e965b891c058f0a946 4990 net optional bluemon_1.4-5.diff.gz fc833edf6a2efb07745d9db5a2514069 26810 net optional bluemon_1.4-5_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJX+AnpldmHVvob7kRAncxAJ4+6i9iBqDhqw4z75dnzAOKsYWEMwCfaau9 xcWpjdG8LbK4acDc/fhxKH4= =cH4e -END PGP SIGNATURE- ---End Message---
Bug#510636: libosso: Has a dbus config file which circumvents all security messages on the system bus
Package: libosso Version: 2.15.debian.1-1 Severity: grave Tags: security libosso1 ships /etc/dbus-1/system.d/libosso.conf which turns off all the security checks on the system bus by allowing all messages from everyone to everyone else. This is bad mkay? -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510629: marked as done (Argument parsing silently fails on 64 bit machines)
Your message dated Sat, 03 Jan 2009 22:47:13 + with message-id e1ljfgz-0005vp...@ries.debian.org and subject line Bug#510629: fixed in minc 2.0.16-4 has caused the Debian Bug report #510629, regarding Argument parsing silently fails on 64 bit machines to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 510629: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510629 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: minc-tools Version: 2.0.16-3 Severity: grave Tags: pending The argument parsing for libminc (affecting all minc tools) is broken on 64 bit machines. I have a fix for this, and will upload later today. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages minc-tools depends on: ii csh [c-shell] 20070713-1Shell with C-like syntax, standard ii imagemagick7:6.3.7.9.dfsg1-3 image manipulation programs ii libc6 2.7-16GNU C Library: Shared libraries ii libgetopt-tabular-perl 0.3-1 table-driven argument parsing for ii libhdf5-openmpi-1.6.6- 1.6.6-4 Hierarchical Data Format 5 (HDF5) ii libminc2-1 2.0.16-3 MNI medical image format library ii libnetcdf4 1:3.6.2-3.1 An interface for scientific data a ii libtext-format-perl0.52-21 Perl module for formatting (text) ii netcdf-bin 1:3.6.2-3.1 Programs for reading and writing N ii tcsh [c-shell] 6.14.00-7 TENEX C Shell, an enhanced version ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime minc-tools recommends no packages. minc-tools suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: minc Source-Version: 2.0.16-4 We believe that the bug you reported is fixed in the latest version of minc, which is due to be installed in the Debian FTP archive: libminc-dev_2.0.16-4_amd64.deb to pool/main/m/minc/libminc-dev_2.0.16-4_amd64.deb libminc2-1_2.0.16-4_amd64.deb to pool/main/m/minc/libminc2-1_2.0.16-4_amd64.deb minc-tools_2.0.16-4_amd64.deb to pool/main/m/minc/minc-tools_2.0.16-4_amd64.deb minc_2.0.16-4.diff.gz to pool/main/m/minc/minc_2.0.16-4.diff.gz minc_2.0.16-4.dsc to pool/main/m/minc/minc_2.0.16-4.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 510...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve M. Robbins s...@debian.org (supplier of updated minc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 16:29:06 -0600 Source: minc Binary: minc-tools libminc2-1 libminc-dev Architecture: source amd64 Version: 2.0.16-4 Distribution: unstable Urgency: low Maintainer: Debian-Med Packaging Team debian-med-packag...@lists.alioth.debian.org Changed-By: Steve M. Robbins s...@debian.org Description: libminc-dev - MNI medical image format development environment libminc2-1 - MNI medical image format library minc-tools - MNI medical image format tools Closes: 506276 510629 Changes: minc (2.0.16-4) unstable; urgency=low . * debian/patches/05_parseargv.diff: New. Patch from upstream to fix arg parsing on 64bits. Closes: #510629. This was also the root cause of mincheader and mincdiff failing. Closes: #506276. . * debian/control: Add ${misc:Depends}, since we use debhelper. . * debian/rules: Do not install test code acr_test, dicom_test. Checksums-Sha1: cf6e55864b392d076bb2b3b05aea627eaca7d936 1416 minc_2.0.16-4.dsc c9c1b98dcc11714c35cdde8afa11b79b1b5a098c 7235 minc_2.0.16-4.diff.gz 36a03eeb1967c7a63134308faa8485a5fe8a7d0c 509210 minc-tools_2.0.16-4_amd64.deb 490f26cdbb4f514fa57509d19648b2d80554c5ec 260846 libminc2-1_2.0.16-4_amd64.deb 8c966fa177ab48fd46418aee578f609ea15de952 668006 libminc-dev_2.0.16-4_amd64.deb Checksums-Sha256: 35d1da997c7410359be822ea475d57ae2d6f13078017bc30e6707cd8a5ffdfd7 1416 minc_2.0.16-4.dsc
Bug#508565: marked as done (f2c: does not translate properly in EMT64 machines)
Your message dated Sat, 03 Jan 2009 23:02:03 + with message-id e1ljfvl-0006vo...@ries.debian.org and subject line Bug#508565: fixed in libf2c2 20061008-4.1 has caused the Debian Bug report #508565, regarding f2c: does not translate properly in EMT64 machines to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Subject: f2c: does not translate properly in EMT64 machines Package: f2c Version: 20050501-1 Severity: grave Justification: renders package unusable *** Please type your report below this line *** I use a combination of f2c and gcc compilations to compile and then execute a C program which uses a fotran 77 subroutine. The sequence is simple: 1) I execute the script containing: f2c -f coeff_rot_nadl_juan.f gcc -c -O5 coeff_rot_nadl_juan.c 2) Then I compile and main program and executes it using: gcc -o filou_exe -O5 oscillations.c coeff_rot_nadl_juan.o -lm -lf2c\ filou_exe where the fortran routine is coeff_rot_nadl_juan.f, and the main program (written in C) is oscillations.c This works properly in my i386 machine (with ETCH), but it doesn't in my amd64 machine. In amd64 case: (1) and (2) compiles with no errors (and no warnings neither), but it crashes when I execute the program (i.e. when I execute filou_exe) The errors produced are: structure input model type: CESAM5.* fmt: read unexpected character apparent state: unit 37 named gr1r_s3.osc last format: (4i10) lately reading sequential formatted external IO Aborted The errors are all referred to readout an ASCII file (gr1r_s3.osc) containing both numbers and strings (with scientific formats) So it seems that there is a problem when translating to C or when compling with gcc this translated into C code. Thanks! JC -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-amd64 Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Versions of packages f2c depends on: ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries pn libf2c2-devnone(no description available) Versions of packages f2c recommends: ii gcc 4:4.1.1-15 The GNU C compiler -- no debconf information ---End Message--- ---BeginMessage--- Source: libf2c2 Source-Version: 20061008-4.1 We believe that the bug you reported is fixed in the latest version of libf2c2, which is due to be installed in the Debian FTP archive: libf2c2-dev_20061008-4.1_amd64.deb to pool/main/libf/libf2c2/libf2c2-dev_20061008-4.1_amd64.deb libf2c2_20061008-4.1.diff.gz to pool/main/libf/libf2c2/libf2c2_20061008-4.1.diff.gz libf2c2_20061008-4.1.dsc to pool/main/libf/libf2c2/libf2c2_20061008-4.1.dsc libf2c2_20061008-4.1_amd64.deb to pool/main/libf/libf2c2/libf2c2_20061008-4.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Evgeni Golov sarge...@die-welt.net (supplier of updated libf2c2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 03 Jan 2009 03:41:30 +0100 Source: libf2c2 Binary: libf2c2 libf2c2-dev Architecture: source amd64 Version: 20061008-4.1 Distribution: unstable Urgency: low Maintainer: Alan Bain af...@debian.org Changed-By: Evgeni Golov sarge...@die-welt.net Description: libf2c2- Shared libraries for use with FORTRAN applications libf2c2-dev - Development libraries for use with f2c Closes: 442018 508565 Changes: libf2c2 (20061008-4.1) unstable; urgency=low . * Non-maintainer upload. * Don't sed away long on alpha and ia64, that was an ugly hack. * Instead add some ifdefs to f2c.h so we catch all archs where a long is 8 bytes and use only int there (make sure not to break other architectures by keeping long int there). Update README.debian accordingly. Also update f2c.h0 and f2c_master.h, so the files match, even if
Bug#510636: libosso: Has a dbus config file which circumvents all security messages on the system bus
This looks like a candidate for removing from Lenny along with the rdeps, there's been several people involved in Maemo who think that it's probably not ready for Debian yet. Matt -- Matthew Johnson signature.asc Description: Digital signature
Bug#510639: hal.conf.in needs augmenting for new D-Bus
Package: hal Version: 0.5.11-6 Severity: serious Justification: blocker for #503532 (CVE-2008-4311) Tags: upstream User: pkg-utopia-maintain...@lists.alioth.debian.org Usertags: CVE-2008-4311 hal installs a D-Bus system policy file which doesn't allow introspection, or the KillSwitch method used by NetworkManager. These used to be allowed accidentally by a dbus-daemon bug, but with the dbus-daemon currently in experimental (which is now targeted for lenny) they will be denied. https://bugs.freedesktop.org/show_bug.cgi?id=18985 provides a partial, unreviewed patch. Some quick notes I made while rummaging through the hal source tree: org.freedesktop.Hal.SingletonAddon - emits methods (!?) which libhal receives rfkill: org.freedesktop.Hal.Device.KillSwitch has SetPower/GetPower dockstation: org.freedesktop.Hal.Device.DockStation has Undock org.freedesktop.Hal.Device.Storage has CloseTray, Eject org.freedesktop.Hal.Device.SystemPowerManagement has Suspend etc. org.freedesktop.Hal.Device.WakeOnLan has GetEnabled, SetEnabled LaptopPanel already covered CPUFreq? KeyboarBacklight? LightSensor? Storage.Removable? AccessControl? I don't know which of these should allow privileged or unprivileged access. A conservative version would be to let root access them. Regards from the Cambridge BSP, Simon signature.asc Description: Digital signature
Bug#496490: Partial fix - testing continues
I've done some comparisons of the symbols files for architectures that fail and then comparing the results using c++filt. Only one architecture is particularly different to the rest: alpha, so I've tested with an alpha schroot and this alpha symbols file allows the package to build: libadolc.so.0 libadolc0 #MINVER# addver...@base 1.10.1 bipartite_gr...@base 1.10.1 delete_gr...@base 1.10.1 gauszso...@base 1.10.1 generate_seed_from_gr...@base 1.10.1 greedypartiald2color...@base 1.10.1 lufactorizat...@base 1.10.1 _z10condassignr5alongrk7adouble...@base 1.10.1 _z10condassignr5alongrk7adoubles3_...@base 1.10.1 _z10condassignr7adoublerks_...@base 1.10.1 _z10condassignr7adoublerks_s2_...@base 1.10.1 _z10condassignrdrkd...@base 1.10.1 _z10condassignrdrkds1_...@base 1.10.1 _z10keep_sto...@base 1.10.1 _z10take_sto...@base 1.10.1 _z12generateseedippdrst6vectoriisaiiees4_s...@base 1.10.1 _z16findstarcoloringrst6vectoriisaiiees2_s2_...@base 1.10.1 _z17checkstarcoloringrst6vectoriisaiiees2_...@base 1.10.1 _z17printvertexcolorsrst6vectoriisai...@base 1.10.1 _z19readsparsitypatternrst6vectoriisaiiees2_p...@base 1.10.1 _z3cosrk8badou...@base 1.10.1 _z3exprk8badou...@base 1.10.1 _z3logrk8badou...@base 1.10.1 _z3powrk8badouble...@base 1.10.1 _z3powrk8badoub...@base 1.10.1 _z3powdrk8badou...@base 1.10.1 _z3sinrk8badou...@base 1.10.1 _z3tanrk8badou...@base 1.10.1 _z4acosrk8badou...@base 1.10.1 _z4asinrk8badou...@base 1.10.1 _z4atanrk8badou...@base 1.10.1 _z4ceilrk8badou...@base 1.10.1 _z4coshrk8badou...@base 1.10.1 _z4fabsrk8badou...@base 1.10.1 _z4fmaxrk8badouble...@base 1.10.1 _z4fmaxrk8badoub...@base 1.10.1 _z4fmaxrkd...@base 1.10.1 _z4fmaxdrk8badou...@base 1.10.1 _z4fminrk8badouble...@base 1.10.1 _z4fminrk8badoub...@base 1.10.1 _z4fminrkd...@base 1.10.1 _z4fmindrk8badou...@base 1.10.1 _z4sinhrk8badou...@base 1.10.1 _z4sqrtrk8badou...@base 1.10.1 _z4tanhrk8badou...@base 1.10.1 _z5atan2rk8badouble...@base 1.10.1 _z5floorrk8badou...@base 1.10.1 _z5ldexprk8badoub...@base 1.10.1 _z5log10rk8badou...@base 1.10.1 _z6myquadrk8badou...@base 1.10.1 _z6myqua...@base 1.10.1 _z7forwardsiiippms...@base 1.10.1 _z7forwardsiiipdppms_s...@base 1.10.1 _z7forwardsiiipdps_s_...@base 1.10.1 _z7forwardsiiip...@base 1.10.1 _z7forwardsppd...@base 1.10.1 _z7forwardspp...@base 1.10.1 _z7forwardspdpps_s_...@base 1.10.1 _z7forwardsp...@base 1.10.1 _z7reversesiiipppd...@base 1.10.1 _z7reversesiiippd...@base 1.10.1 _z7reversesiiippms...@base 1.10.1 _z7reversesiiipd...@base 1.10.1 _z7reversesiiip...@base 1.10.1 _z7reversesiiid...@base 1.10.1 _z7reversesiii...@base 1.10.1 _z7reversesppdps0_...@base 1.10.1 _z7reversesppd...@base 1.10.1 _z7reversespdpps_...@base 1.10.1 _z7reversespd...@base 1.10.1 _z8free_lo...@base 1.10.1 _z8next_l...@base 1.10.1 _z8next_l...@base 1.10.1 _z8trace_o...@base 1.10.1 _z9trace_o...@base 1.10.1 _zn4adubd...@base 1.10.1 _zn4adubd...@base 1.10.1 _zn4asubc1...@base 1.10.1 _zn4asubc2...@base 1.10.1 _zn4asubd...@base 1.10.1 _zn4asubd...@base 1.10.1 _zn4asubaserk8badou...@base 1.10.1 _zn4asubaser...@base 1.10.1 _zn4asuba...@base 1.10.1 _zn4asubdverk8badou...@base 1.10.1 _zn4asubd...@base 1.10.1 _zn4asubl...@base 1.10.1 _zn4asubmierk8badou...@base 1.10.1 _zn4asubm...@base 1.10.1 _zn4asubmlerk8badou...@base 1.10.1 _zn4asubm...@base 1.10.1 _zn4asubm...@base 1.10.1 _zn4asubm...@base 1.10.1 _zn4asubplerk8badou...@base 1.10.1 _zn4asubp...@base 1.10.1 _zn4asubp...@base 1.10.1 _zn4asubp...@base 1.10.1 _zn5adubvd...@base 1.10.1 _zn5adubvd...@base 1.10.1 _zn5alongc1erk4a...@base 1.10.1 _zn5alongc1er...@base 1.10.1 _zn5alongc...@base 1.10.1 _zn5alongc...@base 1.10.1 _zn5alongc2erk4a...@base 1.10.1 _zn5alongc2er...@base 1.10.1 _zn5alongc...@base 1.10.1 _zn5alongc...@base 1.10.1 _zn5alongd...@base 1.10.1 _zn5alongd...@base 1.10.1 _zn5alongaserk4a...@base 1.10.1 _zn5alongaserk8badou...@base 1.10.1 _zn5alongaser...@base 1.10.1 _zn5alonga...@base 1.10.1 _zn5alongm...@base 1.10.1 _zn5alongm...@base 1.10.1 _zn5alongp...@base 1.10.1 _zn5alongp...@base 1.10.1 _zn5asubvc1ep8adoubl...@base 1.10.1 _zn5asubvc2ep8adoubl...@base 1.10.1 _zn5asubvd...@base 1.10.1 _zn5asubvd...@base 1.10.1 _zn5asubvas...@base 1.10.1 _zn5asubvaserk5ad...@base 1.10.1 _zn5asubvaserk9badoub...@base 1.10.1 _zn5asubvaser...@base 1.10.1 _zn5asubvdverk8badou...@base 1.10.1 _zn5asubvd...@base 1.10.1 _zn5asubvls...@base 1.10.1 _zn5asubvmierk9badoub...@base 1.10.1 _zn5asubvmlerk8badou...@base 1.10.1 _zn5asubvm...@base 1.10.1 _zn5asubvplerk9badoub...@base 1.10.1 _zn7adoublec1erk4a...@base 1.10.1 _zn7adoublec1erk5al...@base 1.10.1 _zn7adoublec1er...@base 1.10.1 _zn7adoublec...@base 1.10.1 _zn7adoublec...@base 1.10.1 _zn7adoublec2erk4a...@base 1.10.1 _zn7adoublec2erk5al...@base 1.10.1 _zn7adoublec2er...@base 1.10.1 _zn7adoublec...@base 1.10.1 _zn7adoublec...@base 1.10.1 _zn7adoubled...@base 1.10.1 _zn7adoubled...@base
Bug#510564: nautilus overwriting a file.
Severity: grave ... Steps to reproduce: ... So, basically you're overwriting a file on a *non*-case-sensitive filesystem and would like to get a warning about what *you* decided to do. How is this any more then a wishlist feature request? This not affecting a standard case-sensitive filesystem also makes me wonder about the severity -- Regards, Andreas Henriksson -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#510205: buffer overflow in libaudiofile
Processing commands for cont...@bugs.debian.org: tags 510205 + patch Bug#510205: buffer overflow in libaudiofile Tags were: security Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510205: buffer overflow in libaudiofile
tags 510205 + patch thanks Hi! On Tue, Dec 30, 2008 at 02:28:58PM +0100, Max Kellermann wrote: Today, the Music Player Daemon project received a bug report from Anton Khirnov: MPD crashed when attempting to play a WAV file. file says: RIFF (little-endian) data, WAVE audio, Microsoft ADPCM, stereo 44100 Hz The MPD bug report: http://musicpd.org/mantis/view.php?id=1915 The test file: http://filebin.ca/meqmyu/max_theme.wav It seems that audiofile's modules/msadpcm.c::ms_adpcm_decode_block() incorrectly scales the samplesPerBlock value with the number of channels. All adpcm-coded files with two channels should be affected. With the attached patch, I can play the max_theme test file without audiofile crashing. However, I think a few additional checks are in order to make the module more robust against malicious input. I'll try to check this in the next days. Regards, Daniel. diff -r 247fd11d763d libaudiofile/modules/msadpcm.c --- a/libaudiofile/modules/msadpcm.cSat Jan 03 20:35:58 2009 +0100 +++ b/libaudiofile/modules/msadpcm.cSun Jan 04 01:43:06 2009 +0100 @@ -129,8 +129,7 @@ ms_adpcm_state *state[2]; /* Calculate the number of bytes needed for decoded data. */ - outputLength = msadpcm-samplesPerBlock * sizeof (int16_t) * - msadpcm-track-f.channelCount; + outputLength = msadpcm-samplesPerBlock * sizeof (int16_t); channelCount = msadpcm-track-f.channelCount; @@ -180,8 +179,7 @@ The first two samples have already been 'decoded' in the block header. */ - samplesRemaining = (msadpcm-samplesPerBlock - 2) * - msadpcm-track-f.channelCount; + samplesRemaining = msadpcm-samplesPerBlock - 2; while (samplesRemaining 0) {
Bug#374644: NMU diff for xine-ui 0.99.5+cvs20070914-2.1
I have now fixed the bugs blocking my proposed fix for xine-ui. Therefore I uploaded the following changes to delayed/3. Ben. diff -u xine-ui-0.99.5+cvs20070914/debian/control xine-ui-0.99.5+cvs20070914/debian/control --- xine-ui-0.99.5+cvs20070914/debian/control +++ xine-ui-0.99.5+cvs20070914/debian/control @@ -17,6 +17,7 @@ Package: xine-ui Architecture: any Depends: ${shlibs:Depends}, libxine1-ffmpeg, libxine1-x | libxine1 ( 1.1.8-2) +Recommends: xdg-utils Description: the xine video player, user interface This is an X11 based GUI for the libxine video player library. It provides xine, a skin based media player that can play all the diff -u xine-ui-0.99.5+cvs20070914/debian/changelog xine-ui-0.99.5+cvs20070914/debian/changelog --- xine-ui-0.99.5+cvs20070914/debian/changelog +++ xine-ui-0.99.5+cvs20070914/debian/changelog @@ -1,3 +1,11 @@ +xine-ui (0.99.5+cvs20070914-2.1) unstable; urgency=low + + * Non-maintainer upload + * Change screensaver control code to use xdg-screensaver instead of +faking keystrokes (Closes: #374644) + + -- Ben Hutchings b...@decadent.org.uk Mon, 08 Dec 2008 01:10:44 + + xine-ui (0.99.5+cvs20070914-2) unstable; urgency=low * rerun automake (Closes: #429803, actually has already been fixed in only in patch2: unchanged: --- xine-ui-0.99.5+cvs20070914.orig/src/xitk/common.h +++ xine-ui-0.99.5+cvs20070914/src/xitk/common.h @@ -332,7 +332,6 @@ const char *snapshot_location; int ssaver_enabled; - int ssaver_timeout; int skip_by_chapter; only in patch2: unchanged: --- xine-ui-0.99.5+cvs20070914.orig/src/xitk/main.c +++ xine-ui-0.99.5+cvs20070914/src/xitk/main.c @@ -1385,6 +1385,8 @@ if (sigprocmask (SIG_BLOCK, vo_mask, NULL)) fprintf (stderr, sigprocmask() failed.\n); + signal(SIGCHLD, SIG_IGN); + gGui = (gGui_t *) xine_xmalloc(sizeof(gGui_t)); gGui-stream = NULL; only in patch2: unchanged: --- xine-ui-0.99.5+cvs20070914.orig/src/xitk/panel.c +++ xine-ui-0.99.5+cvs20070914/src/xitk/panel.c @@ -363,7 +363,6 @@ * Update slider thread. */ static void *slider_loop(void *dummy) { - int screensaver_timer = 0; int status, speed; int pos, secs; int i = 0; @@ -450,20 +449,7 @@ else video_window_set_mrl((char *)gGui-mmk.mrl); - if(!xitk_is_window_iconified(gGui-video_display, gGui-video_window)) { - - if(gGui-ssaver_timeout) { - - if(!(i % 2)) - screensaver_timer++; - - if(screensaver_timer = gGui-ssaver_timeout) { - screensaver_timer = 0; - video_window_reset_ssaver(); - - } - } - } + video_window_suspend_ssaver(!xitk_is_window_iconified(gGui-video_display, gGui-video_window)); if(gGui-logo_mode == 0) { @@ -503,6 +489,8 @@ stream_infos_update_infos(); } + } else { + video_window_suspend_ssaver(0); } } only in patch2: unchanged: --- xine-ui-0.99.5+cvs20070914.orig/src/xitk/videowin.c +++ xine-ui-0.99.5+cvs20070914/src/xitk/videowin.c @@ -1095,6 +1095,9 @@ /* The old window should be destroyed now */ if(old_video_window != None) { +/* Screensaver control is tied to our window id */ +video_window_suspend_ssaver(0); + XDestroyWindow(gGui-video_display, old_video_window); if(gGui-cursor_grabbed) @@ -2271,68 +2274,34 @@ } -void video_window_reset_ssaver(void) { +void video_window_suspend_ssaver(int do_suspend) { + static int was_suspended; - if(gGui-ssaver_enabled (xitk_get_last_keypressed_time() = (long int) gGui-ssaver_timeout)) { + do_suspend = do_suspend gGui-ssaver_enabled; -#ifdef HAVE_XTESTEXTENSION -if(gVw-have_xtest == True) { - - gVw-fake_key_cur++; - - if(gVw-fake_key_cur = 2) - gVw-fake_key_cur = 0; - - XLockDisplay(gGui-video_display); - XTestFakeKeyEvent(gGui-video_display, gVw-fake_keys[gVw-fake_key_cur], True, CurrentTime); - XTestFakeKeyEvent(gGui-video_display, gVw-fake_keys[gVw-fake_key_cur], False, CurrentTime); - XSync(gGui-video_display, False); - XUnlockDisplay(gGui-video_display); + if(was_suspended != do_suspend) { +if(fork() == 0) { + char window_id[30]; + char *args[] = { xdg-screensaver, NULL, window_id, NULL }; + int fd; + + for(fd = 3; fd 256; fd++) + close(fd); + + args[1] = do_suspend ? suspend : resume; + sprintf(window_id, %lu, (unsigned long)gGui-video_window); + execvp(args[0], args); + _exit(0); } -else -#endif -{ - /* Reset the gnome screensaver. Look up the command in PATH only once to save time, */ - /* assuming its location and permission will not change during run time of xine-ui. */ - { - static char *gssaver_args[] = { gnome-screensaver-command,
Processed: setting package to xine-console xine-ui xine-dbg, tagging 374644
Processing commands for cont...@bugs.debian.org: #xine-ui (0.99.5+cvs20070914-2.1) unstable; urgency=low # # * Change screensaver control code to use xdg-screensaver instead of #faking keystrokes (Closes: #374644) # package xine-console xine-ui xine-dbg Ignoring bugs not assigned to: xine-console xine-ui xine-dbg tags 374644 + pending Bug#374644: xine-ui: ctrl/shift key press emulation implementation broken Tags were: patch Bug#506001: xine-ui: xine causes left ctrl keyup events every 20 seconds Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510644: bluetooth.conf needs alterations for new D-Bus
Package: bluez-utils Version: 3.36-2 Severity: serious Justification: blocker for #503532 (CVE-2008-4311) and far-fetched security hole Tags: fixed-upstream User: pkg-utopia-maintain...@lists.alioth.debian.org Usertags: CVE-2008-4311 bluez-utils installs a D-Bus system policy file intending to allow users at the console to send BlueZ messages to hcid. However, it actually allows users at the console to send messages to the object path '/' on any service, slightly subverting access control for those other services. Furthermore, it might be insufficient to allow everything that hcid intends to allow; messages used to be allowed accidentally by a dbus-daemon bug, but with the dbus-daemon changes targeted for lenny, they will be denied unless explicitly allowed. http://git.kernel.org/?p=bluetooth/bluez.git;a=history;f=src/bluetooth.conf;h=c0476237;hb=fb333f1c shows the recent history of this file - the latest version, http://git.kernel.org/?p=bluetooth/bluez.git;a=blob;f=src/bluetooth.conf;hb=06637b08, appears to be appropriate. Regards from the Cambridge BSP, Simon signature.asc Description: Digital signature
Bug#510348: PLease don't remove dillo
I really don't think removing Dillo is the right thing to do. It is widely used - I use it every day, for example. I am not aware of any other browser which has the same speed and window-handling which is particularly suitable for images. Even with https support turned off it would still be very useful. I am working on fixing the actual SSL checking problem (there is some certificate-checking code in there already - it just doesn't seem to be working right, so it doesn't look too intractable). Presumably the https support has been broken for years and that didn't cause it to get thrown out, so chucking it now, just because the problem has been noticed, is not warranted - it's a huge regression. We can warn people prominently in the postinst or just turn off ssl. Hopefully I can actually fix the problem. So hold off binning it please. Wookey -- Principal hats: Balloonz - Toby Churchill - Aleph One - Debian http://wookware.org/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510646: system.d/...PolicyKit.conf needs alterations for new D-Bus
Package: policykit Version: 0.9-1 Severity: serious Justification: blocker for #503532 (CVE-2008-4311) Tags: patch User: pkg-utopia-maintain...@lists.alioth.debian.org Usertags: CVE-2008-4311 PolicyKit installs a D-Bus system policy file which doesn't allow any methods to be called. Method calls used to be allowed by a dbus-daemon bug, but with the dbus-daemon changes targeted for lenny, they will be denied. http://bugs.freedesktop.org/show_bug.cgi?id=18948 is the upstream bug and https://bugs.freedesktop.org/attachment.cgi?id=20901 is a patch from Tomas Hoger, reviewed and applied by David Zeuthen. Regards from the Cambridge BSP, Simon signature.asc Description: Digital signature
Bug#508565: Why not using stdint.h ?
Hi, I know what you have fixed this bug, but why not using stdint.h and particularly int32_t and uint32_t? It will fix definitly this bug :) Regards Bastien -- ROUCARIÈS Bastien roucaries.bastien+deb...@gmail.com --- DO NOT WRITE TO roucaries.bastien+blackh...@gmail.com OR BE BLACKLISTED -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 2 errors): cloning 478717, reassign -1 to linux-2.6, found -1 in 2.6.18.dfsg.1-23etch1, found -1 in 2.6.26-12 ...
Processing commands for cont...@bugs.debian.org: clone 478717 -1 -2 -3 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug is marked as being merged with others. Use an existing clone. reassign -1 linux-2.6 Bug number -1 not found. (Is it archived?) found -1 2.6.18.dfsg.1-23etch1 Bug number -1 not found. (Is it archived?) found -1 2.6.26-12 Bug number -1 not found. (Is it archived?) fixed -1 2.6.18.dfsg.1-24 Bug number -1 not found. (Is it archived?) block 478717 with -1 Bug number -1 not found. (Is it archived?) Unknown blocking bug/s: -1. Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Was not blocked by any bugs. Bug#491930: ruby1.9: needs a removal-transition on hppa Blocking bugs of 478717 added: reopen 478717 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug#491930: ruby1.9: needs a removal-transition on hppa Bug reopened, originator not changed. reassign -2 linux-2.6.24 Bug number -2 not found. (Is it archived?) found -2 2.6.24-6~etchnhalf.7 Bug number -2 not found. (Is it archived?) fixed -2 2.6.24-6~etchnhalf.8 Bug number -2 not found. (Is it archived?) reassign -3 user-mode-linux Bug number -3 not found. (Is it archived?) found -3 2.6.18-1um-2etch.23etch1 Bug number -3 not found. (Is it archived?) found -3 2.6.26-1um-2 Bug number -3 not found. (Is it archived?) fixed -3 2.6.18-1um-2etch.24 Bug number -3 not found. (Is it archived?) End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#239111: Grub is shockingly bad code
Thanks to Rob McQueen for doing a lot of research into this for his mail about this bug on 12 Dec 2008. Based on that mail, I've looked through the code in an attempt to find a way to implement a reasonable fix: using FIBMAP as he suggested. After several hours of working through the source, I give up. It's a total mess and I'd much rather see grub simply removed from Debian altogether than fix this bug and allow it to live on. Highlights: * gratuitous use of nested functions * horrific interfaces that don't pass enough information around internally, leading to: * functions passing internal state around via umarked global variables, relying on side effects * significantly obfuscated code * the core bug as described by Rob: accessing a block device underneath an active filesystem and assuming that the results will be safe and/or correct. I *know* that grub is a bootloader, so it's always going to end up having some nasty lowlevel code somewhere. But that's no excuse for the code quality I've just seen. After this experience, I'm about to remove grub from all my systems. Come back lilo, all is forgiven. -- Steve McIntyre, Cambridge, UK.st...@einval.com Is there anybody out there? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: unmerging 478717, cloning 478717, reassign -1 to linux-2.6, found -1 in 2.6.18.dfsg.1-23etch1 ...
Processing commands for cont...@bugs.debian.org: unmerge 478717 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug#491930: ruby1.9: needs a removal-transition on hppa Disconnected #478717 from all other report(s). clone 478717 -1 -2 -3 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug 478717 cloned as bugs 510654-510656. reassign -1 linux-2.6 Bug#510654: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug reassigned from package `ruby1.9' to `linux-2.6'. found -1 2.6.18.dfsg.1-23etch1 Bug#510654: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as found in version 2.6.18.dfsg.1-23etch1. found -1 2.6.26-12 Bug#510654: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as found in version 2.6.26-12. fixed -1 2.6.18.dfsg.1-24 Bug#510654: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as fixed in version 2.6.18.dfsg.1-24. block 478717 with -1 Bug#510654: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Was not blocked by any bugs. Blocking bugs of 478717 added: 510654 reassign -2 linux-2.6.24 Bug#510655: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug reassigned from package `ruby1.9' to `linux-2.6.24'. found -2 2.6.24-6~etchnhalf.7 Bug#510655: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as found in version 2.6.24-6~etchnhalf.7. fixed -2 2.6.24-6~etchnhalf.8 Bug#510655: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as fixed in version 2.6.24-6~etchnhalf.8. reassign -3 user-mode-linux Bug#510656: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug reassigned from package `ruby1.9' to `user-mode-linux'. found -3 2.6.18-1um-2etch.23etch1 Bug#510656: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as found in version 2.6.18-1um-2etch.23etch1. found -3 2.6.26-1um-2 Bug#510656: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as found in version 2.6.26-1um-2. fixed -3 2.6.18-1um-2etch.24 Bug#510656: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug marked as fixed in version 2.6.18-1um-2etch.24. forcemerge 478717 491930 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug#491930: ruby1.9: needs a removal-transition on hppa Forcibly Merged 478717 491930. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: retitle 510654 to linux-2.6: [hppa] UP-optimized flush_tlb_mm is broken
Processing commands for cont...@bugs.debian.org: retitle 510654 linux-2.6: [hppa] UP-optimized flush_tlb_mm is broken Bug#510654: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Changed Bug title to `linux-2.6: [hppa] UP-optimized flush_tlb_mm is broken' from `ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: retitle 510656 to user-mode-linux: [hppa] UP-optimized flush_tlb_mm is broken
Processing commands for cont...@bugs.debian.org: retitle 510656 user-mode-linux: [hppa] UP-optimized flush_tlb_mm is broken Bug#510656: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Changed Bug title to `user-mode-linux: [hppa] UP-optimized flush_tlb_mm is broken' from `ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: retitle 510655 to linux-2.6.24: [hppa] UP-optimized flush_tlb_mm is broken
Processing commands for cont...@bugs.debian.org: retitle 510655 linux-2.6.24: [hppa] UP-optimized flush_tlb_mm is broken Bug#510655: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Changed Bug title to `linux-2.6.24: [hppa] UP-optimized flush_tlb_mm is broken' from `ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: notfound 478717 in ruby1.9/1.9.0.1-1, notfound 478717 in ruby1.9/1.9.0.2-4
Processing commands for cont...@bugs.debian.org: # Actually kernel-dependent, not a bug in ruby1.9 notfound 478717 ruby1.9/1.9.0.1-1 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug#491930: ruby1.9: needs a removal-transition on hppa Bug no longer marked as found in version ruby1.9/1.9.0.1-1. notfound 478717 ruby1.9/1.9.0.2-4 Bug#478717: ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault Bug#491930: ruby1.9: needs a removal-transition on hppa Bug no longer marked as found in version ruby1.9/1.9.0.2-4. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: retitle 490999 to libqt3-mt: QTime::addMSecs(int) is compiled wrongly on sparc
Processing commands for cont...@bugs.debian.org: retitle 490999 libqt3-mt: QTime::addMSecs(int) is compiled wrongly on sparc Bug#490999: kicker: crashes on startup Changed Bug title to `libqt3-mt: QTime::addMSecs(int) is compiled wrongly on sparc' from `kicker: crashes on startup'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org