Bug#687923: [pkg-bacula-devel] Bug#687923: bacula: needs update for wheezy
В Sun, 14 Oct 2012 15:57:40 +0200 Thijs Kinkhorst th...@debian.org пишет: Hi, CVE-2012-4430 was fixed in unstable and stable, thanks for that, but wheezy is still lacking the fix. This is because the unstable version cannot migrate due to it containing many auxilliary fixes. Could you coordinate with the release team to make an upload to testing-proposed-updates with the security fix? Thank you for reminder, i'm already in work on preparing upload to wheezy (see #689003) -- with best regards, Alexander Golovko email: alexan...@ankalagon.ru xmpp: alexan...@ankalagon.ru signature.asc Description: PGP signature
Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Hi Gregor, I have not found the time to work on psad since Wedneday, so if you want to fix psad please do so. I let you know when I am ready to work on it. Regards, -- Franck -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690492: love_0.8.0-2_i386.changes REJECTED
On Sun, Oct 14, 2012 at 11:05:28PM +0200, Ansgar Burchardt wrote: Update: this bug was already worked around in the Debian package: the files included by upstream are not used, and the debian library package is used instead. The embeded copy is in the upstream source, and that is an upstream bug (which should trigger the lintian warning). Are you sure the Debian package does not use the embedded copy? The lintian error seems to be triggered by the binary package (as it includes the path). I was pretty sure, but you seem to be right. Ah, now I see: here's the entry from the changelog: * Tried to removed internal glee, but it doesn't seem to like the system's one So it wasn't used, indeed. Thanks for the clarification, Bas signature.asc Description: Digital signature
Bug#688413: accountsservice: Makes gnome-shell crash
Le dimanche 14 octobre 2012 à 11:37 +0200, Gianluca Ciccarelli a écrit : tags 688413 + unreproducible In wheezy i386 I have switched back and forth between two users, without seeing the error reported. I didn't experience it in sid i386 either. My way to reproduce it is: - login user1 - gdmflexiserver, login user2 - gdmflexiserver, login user3 - logout user3 - at the login prompt, log as user1 - the VT switches to vt7 (user1) but user1’s shell crashes. -- .''`. Josselin Mouette : :' : `. `' `- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#688847: libav: multiple CVEs in ffmpeg/libav
On Sun, Oct 14, 2012 at 05:00:54PM -0400, Reinhard Tartler wrote: On Wed, Sep 26, 2012 at 4:22 AM, Yves-Alexis Perez cor...@debian.org wrote: Source: libav Severity: grave Justification: user security hole Hi, it seems that a huge pile of CVE were allocated for ffmpeg/libav short status update: Most/all of the CVEs have now been backported upstream. Before releaseing 0.8.4, I need to review the list to ensure that nothing was forgotten. You can help with this by reviewing the list here: http://git.libav.org/?p=libav.git;a=shortlog;h=refs/heads/release/0.8 Hi Reinhard, I double-checked the list and the following CVE IDs fixed in the ffmpeg 0.11 release are not yet present in the 0.8 git branch (some are ffmpeg-specific I suppose): CVE-2012-2774, 59a4b73531428d2f420b4dad545172c8483ced0f CVE-2012-2782, 9a57a37b7041581c10629c8241260a5d7bfbc1e7 CVE-2012-2783, d85b3c4fff4c4b255232fcc01edbd57f19d60998 CVE-2012-2785, 326f7a68bbd429c63fd2f19f4050658982b5b081 d462949974668ffb013467d12dc4934b9106fe19 CVE-2012-2790, 2837d8dc276760db1821b81df3f794a90bfa56e6 CVE-2012-2791, 0846719dd11ab3f7a7caee13e7af71f71d913389 CVE-2012-2792, d442c4462a2692e27a24e1a9d0eb6f18725c7bd8 CVE-2012-2795, a0abefb0af64a311b15141062c77dd577ba590a3 2a7063de547b1d8fb1cef523469390fb59fb2c50 b3a43515827f3d22a881c33b87384f01c86786fd CVE-2012-2796, 5e59a77cec804a9b44c60ea22c17beba6453ef23 CVE-2012-2797, cca9528524c7a4b91451f4322bd50849af5d057e CVE-2012-2799, 64bd7f8e4db1742e86c5ed02bd530688b74063e3 CVE-2012-2803, 951cbea56fdc03ef96d07fbd7e5bed755d42ac8a CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04 None of these are merged into 0.5.x, has the code diverged so much? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690492: marked as done (love: uses embedded copy of GLee)
Your message dated Mon, 15 Oct 2012 07:48:23 + with message-id e1tnfpt-0004kl...@franck.debian.org and subject line Bug#690492: fixed in love 0.8.0-2 has caused the Debian Bug report #690492, regarding love: uses embedded copy of GLee to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 690492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690492 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: love Version: 0.8.0-1 Severity: serious Justification: package gets rejected by ftp-master. LÖVE includes a copy of GLee, which is also packaged in Debian. It should use that package instead. signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: love Source-Version: 0.8.0-2 We believe that the bug you reported is fixed in the latest version of love, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 690...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Wijnen wij...@debian.org (supplier of updated love package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 14 Oct 2012 15:01:02 +0200 Source: love Binary: love love-dbg love-doc Architecture: source all i386 Version: 0.8.0-2 Distribution: unstable Urgency: low Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org Changed-By: Bas Wijnen wij...@debian.org Description: love - 2D game development framework based on Lua and OpenGL love-dbg - 2D game development framework - debugging symbols love-doc - 2D game development framework - documentation Closes: 690394 690492 690494 Changes: love (0.8.0-2) unstable; urgency=low . * Team upload. * Convert copyright file to machine readable format. * Add copyright information for utf8-cpp. Closes: #690394 * Add hardening flags to build rules. Closes: #690494 * Replace included GLee with system version. Closes: #690492 Checksums-Sha1: bd6af0bbe9d39437bdea786b3c6962ca9a95325d 2194 love_0.8.0-2.dsc 9d192eb240d6aa6d35bf6f8813cf92b863a77f33 105808 love_0.8.0-2.debian.tar.bz2 768b3d2d483b14fe5bfa94d3f203f2fadbe7b9db 894842 love-doc_0.8.0-2_all.deb e18ca8d7de44dfb7ae51cb9d17d821d499dcf07b 930976 love_0.8.0-2_i386.deb f30da44ddbca48fe22f272c461b882fa1ff351d0 3624562 love-dbg_0.8.0-2_i386.deb Checksums-Sha256: 4579602229b0faa24cf1021ad234c7715abec5a26ae0a7f041b54ec5346b6c17 2194 love_0.8.0-2.dsc 998d1f2aecc3133979f632524aa6f5d16b03973325efd413fbf81bf7cc32e164 105808 love_0.8.0-2.debian.tar.bz2 b0cebae3d3e0558ccf8042bd764592ce4df0225df63652b51592e0e730e1c092 894842 love-doc_0.8.0-2_all.deb b65b8f9cfa20a9b969c3f2582401953da4ccb8b51a95f330478d7de9acd9a5d9 930976 love_0.8.0-2_i386.deb aef2758d29a79e8ac895a8d42ea902552e35b49ed3f8148e1d1bc4036e602b80 3624562 love-dbg_0.8.0-2_i386.deb Files: 633bc3900878939bc2b1b108a7d04301 2194 interpreters optional love_0.8.0-2.dsc b70b8d39b160d1ec60d2658113aa0ee0 105808 interpreters optional love_0.8.0-2.debian.tar.bz2 d1e77a8acf2d213da533e43c2be5e683 894842 doc optional love-doc_0.8.0-2_all.deb 65ff5f45aeb2c63dbe3f19888b865b1d 930976 interpreters optional love_0.8.0-2_i386.deb 8f1318652a8652285188218bae93c3f4 3624562 debug extra love-dbg_0.8.0-2_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlB7vZMACgkQFShl+2J8z5XGdgCfZUYX9ThOoUB4/DAFw9UyrFbl KA4An2kyJpyVX8lhpmHhjDcoV/cTUbSn =DyUm -END PGP SIGNATUREEnd Message---
Bug#690394: marked as done (love: incomplete copyright file)
Your message dated Mon, 15 Oct 2012 07:48:23 + with message-id e1tnfpt-0004kf...@franck.debian.org and subject line Bug#690394: fixed in love 0.8.0-2 has caused the Debian Bug report #690394, regarding love: incomplete copyright file to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 690394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690394 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: love Version: 0.8.0-1 Severity: serious Justification: Policy 12.5 src/libraries/utf8/ contains embedded copy of the UTF8-CPP library, which is copyrighted by Nemanja Trifunovic and licensed under the Boost Software License. This information is not included in the copyright file. -- Jakub Wilk ---End Message--- ---BeginMessage--- Source: love Source-Version: 0.8.0-2 We believe that the bug you reported is fixed in the latest version of love, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 690...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Wijnen wij...@debian.org (supplier of updated love package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 14 Oct 2012 15:01:02 +0200 Source: love Binary: love love-dbg love-doc Architecture: source all i386 Version: 0.8.0-2 Distribution: unstable Urgency: low Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org Changed-By: Bas Wijnen wij...@debian.org Description: love - 2D game development framework based on Lua and OpenGL love-dbg - 2D game development framework - debugging symbols love-doc - 2D game development framework - documentation Closes: 690394 690492 690494 Changes: love (0.8.0-2) unstable; urgency=low . * Team upload. * Convert copyright file to machine readable format. * Add copyright information for utf8-cpp. Closes: #690394 * Add hardening flags to build rules. Closes: #690494 * Replace included GLee with system version. Closes: #690492 Checksums-Sha1: bd6af0bbe9d39437bdea786b3c6962ca9a95325d 2194 love_0.8.0-2.dsc 9d192eb240d6aa6d35bf6f8813cf92b863a77f33 105808 love_0.8.0-2.debian.tar.bz2 768b3d2d483b14fe5bfa94d3f203f2fadbe7b9db 894842 love-doc_0.8.0-2_all.deb e18ca8d7de44dfb7ae51cb9d17d821d499dcf07b 930976 love_0.8.0-2_i386.deb f30da44ddbca48fe22f272c461b882fa1ff351d0 3624562 love-dbg_0.8.0-2_i386.deb Checksums-Sha256: 4579602229b0faa24cf1021ad234c7715abec5a26ae0a7f041b54ec5346b6c17 2194 love_0.8.0-2.dsc 998d1f2aecc3133979f632524aa6f5d16b03973325efd413fbf81bf7cc32e164 105808 love_0.8.0-2.debian.tar.bz2 b0cebae3d3e0558ccf8042bd764592ce4df0225df63652b51592e0e730e1c092 894842 love-doc_0.8.0-2_all.deb b65b8f9cfa20a9b969c3f2582401953da4ccb8b51a95f330478d7de9acd9a5d9 930976 love_0.8.0-2_i386.deb aef2758d29a79e8ac895a8d42ea902552e35b49ed3f8148e1d1bc4036e602b80 3624562 love-dbg_0.8.0-2_i386.deb Files: 633bc3900878939bc2b1b108a7d04301 2194 interpreters optional love_0.8.0-2.dsc b70b8d39b160d1ec60d2658113aa0ee0 105808 interpreters optional love_0.8.0-2.debian.tar.bz2 d1e77a8acf2d213da533e43c2be5e683 894842 doc optional love-doc_0.8.0-2_all.deb 65ff5f45aeb2c63dbe3f19888b865b1d 930976 interpreters optional love_0.8.0-2_i386.deb 8f1318652a8652285188218bae93c3f4 3624562 debug extra love-dbg_0.8.0-2_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlB7vZMACgkQFShl+2J8z5XGdgCfZUYX9ThOoUB4/DAFw9UyrFbl KA4An2kyJpyVX8lhpmHhjDcoV/cTUbSn =DyUm -END PGP SIGNATUREEnd Message---
Bug#689371: marked as done (scscp-imcce: FTBFS on some systems: scscpscconnect test hangs)
Your message dated Mon, 15 Oct 2012 08:49:07 + with message-id e1tngmf-0007mr...@franck.debian.org and subject line Bug#689371: fixed in scscp-imcce 0.7.1+ds-1 has caused the Debian Bug report #689371, regarding scscp-imcce: FTBFS on some systems: scscpscconnect test hangs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689371 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: scscp-imcce Version: 0.7.0+ds-2 Severity: serious Justification: fails to build from source Builds of scscp-imcce for several platforms (in virtual environments with networking aggressively disabled?) have been failing because the scscpscconnect test hangs: PASS: scscpgetversion make[3]: *** [check-TESTS] Terminated make[1]: *** wait: No child processes. Stop. make[1]: *** Waiting for unfinished jobs make[1]: *** wait: No child processes. Stop. make[2]: *** [check-am] Terminated make: *** [build-arch] Terminated Build killed with signal TERM after 150 minutes of inactivity Could you please take a look? Thanks! ---End Message--- ---BeginMessage--- Source: scscp-imcce Source-Version: 0.7.1+ds-1 We believe that the bug you reported is fixed in the latest version of scscp-imcce, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 689...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jerome Benoit calcu...@rezozer.net (supplier of updated scscp-imcce package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 14 Oct 2012 22:48:17 + Source: scscp-imcce Binary: libscscp0 libscscp0-dev libscscp0-dbg libscscp-doc Architecture: source amd64 all Version: 0.7.1+ds-1 Distribution: unstable Urgency: low Maintainer: Debian Science Maintainers debian-science-maintain...@lists.alioth.debian.org Changed-By: Jerome Benoit calcu...@rezozer.net Description: libscscp-doc - IMCCE SCSCP C Library -- reference manual libscscp0 - IMCCE SCSCP C Library -- library package libscscp0-dbg - IMCCE SCSCP C Library -- debug symbols package libscscp0-dev - IMCCE SCSCP C Library -- development package Closes: 689371 Changes: scscp-imcce (0.7.1+ds-1) unstable; urgency=low . * New upstream version: - Fix test hangs. (Closes: #689371) - Integrate previous minor fixes. * Debianization: - Update debian/repack script. - Minor fixes. Checksums-Sha1: b68598eb965626ff21ca2ac9dbc4fd2bd043a1c0 2225 scscp-imcce_0.7.1+ds-1.dsc 8765394afb10959cf5e70b1db8007555a26acd03 94572 scscp-imcce_0.7.1+ds.orig.tar.xz 593e70d639262dd1b6cef03e2d3212f3523d2aa2 8984 scscp-imcce_0.7.1+ds-1.debian.tar.xz 7f1a043e05f6bc9c8e6e7b21c28378e83e667641 77444 libscscp0_0.7.1+ds-1_amd64.deb 4fe620630b9a59e0488558bca67a2a72fd1f506f 71852 libscscp0-dev_0.7.1+ds-1_amd64.deb c50dc3021131082e2be43b7a6dc5b2d064eb4085 149118 libscscp0-dbg_0.7.1+ds-1_amd64.deb 40fd37b5286feaf5ffe029620ef4a99c9c5c5017 424310 libscscp-doc_0.7.1+ds-1_all.deb Checksums-Sha256: d4353bcc0ddb66a721b1ad237beba01c9290aa91e7c6b0a9f99da892d8392389 2225 scscp-imcce_0.7.1+ds-1.dsc 092ca78f74ab04c7e94616346a608af2926b5a5229f5591f7a9606b78a32352b 94572 scscp-imcce_0.7.1+ds.orig.tar.xz 2873d6604ac697890db46d631c2e9ea252510846fd669546a2b53f558251ee3b 8984 scscp-imcce_0.7.1+ds-1.debian.tar.xz 3ae7b406cad163994968025929d02d9b069857840ced0ddb37490bec6d5e346a 77444 libscscp0_0.7.1+ds-1_amd64.deb 582e319cd516455ff7f2bd8d9e90cac64084ff2486b6402735b12616438164a0 71852 libscscp0-dev_0.7.1+ds-1_amd64.deb ae4eadb51291d0109e27c99c25f702501bef1ca231ab085003ae3c21e8b12fd9 149118 libscscp0-dbg_0.7.1+ds-1_amd64.deb e386a224a2f4f3477bfc4426713a3708d0bb1e98c4f9f9834c8377f99fcee533 424310 libscscp-doc_0.7.1+ds-1_all.deb Files: b154ce190f006db836d8e09e8698d6f6 2225 math extra scscp-imcce_0.7.1+ds-1.dsc e14c35c7109abc92f6efa3edf612835c 94572 math extra scscp-imcce_0.7.1+ds.orig.tar.xz e5e9f672b4686b0d36dacf4a49b9a246 8984 math extra scscp-imcce_0.7.1+ds-1.debian.tar.xz e3955af1d4e5485bae34ee9e475eb5fb 77444 libs extra libscscp0_0.7.1+ds-1_amd64.deb ea61b8412e7f152c0dfabd8365a13d5f 71852 libdevel extra
Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH
Package: isc-dhcp-client Version: 4.2.2.dfsg.1-5 Severity: critical Tags: security patch While debugging another issue, Mithrandir, mbiebl and I stumbled upon the following: All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the samba package is installed, are called with a PATH environment variable containing this: PATH=/home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin:/sbin:/bin:/usr/sbin:/usr/bin Since hooks (at least samba) can call arbitrary commands and are running as uid 0 (root), this poses a security issue when the following assumptions are true: 1. The system you want to exploit has samba installed (or any other package which comes with a dhclient-enter-hook). 2. The attacker has the possibility of obtaining the username zero79 and thus can create executable files in /home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin 3. The DHCP hook needs to be called to trigger the exploit, which happens at least on system start or after /etc/init.d/networking restart, possibly also when just renewing the dhcp-lease (unverified). Here is a demonstration of this issue: zero79@squeezevm:~$ id -a uid=1001(zero79) gid=1001(zero79) groups=1001(zero79) zero79@squeezevm:~$ mkdir -p source/git/isc-dhcp/debian/tmp/usr/sbin zero79@squeezevm:~$ cat source/git/isc-dhcp/debian/tmp/usr/sbin/mv 'EOF' #!/bin/sh echo my script is run as: $(whoami) $(id -a) /tmp/exploited EOF zero79@squeezevm:~$ chmod +x source/git/isc-dhcp/debian/tmp/usr/sbin/mv root@squeezevm:~# /etc/init.d/networking restart Restarting networking (via systemctl): networking.service. root@squeezevm:~# ls -hltr /tmp total 8.0K -rw-r--r-- 1 root root 966 Oct 14 13:42 samba -rw-r--r-- 1 root root 65 Oct 14 14:02 exploited root@squeezevm:~# cat /tmp/exploited my script is run as: root uid=0(root) gid=0(root) groups=0(root) At this point, zero79 has root access to the system. Raphael Geissert has resolved this issue in a timely fashion, his statement follows and his patch is attached: The insertion of that path does not appear to be malicious. Rather, it appears to be a mistake in debian/rules as --prefix is set to $(pwd)/debian/tmp/, instead of setting DESTDIR when calling make install. client/Makefile.am defines CLIENT_PATH to PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin, which is later injected into the env. Due to what appears to be a bug in squeeze's Makefile.am, squeeze is not affected. Attached patch fixes the problem. Since I've already built the package for wheezy, I'm going to upload it. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: armel i386 Kernel: Linux 3.5.0 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages isc-dhcp-client depends on: ii debianutils 4.3.2 ii iproute 20120521-3 ii isc-dhcp-common 4.2.2.dfsg.1-5 ii libc62.13-35 isc-dhcp-client recommends no packages. Versions of packages isc-dhcp-client suggests: pn avahi-autoipd none pn resolvconf none -- no debconf information diff -Nru isc-dhcp-4.2.2.dfsg.1/debian/rules isc-dhcp-4.2.2.dfsg.1/debian/rules --- isc-dhcp-4.2.2.dfsg.1/debian/rules 2012-09-17 16:48:31.0 -0500 +++ isc-dhcp-4.2.2.dfsg.1/debian/rules 2012-10-14 15:12:29.0 -0500 @@ -39,8 +39,8 @@ dh_testdir ./configure \ - --prefix=$(DESTDIR)/usr \ - --sysconfdir=$(DESTDIR)/etc/dhcp \ + --prefix=/usr \ + --sysconfdir=/etc/dhcp \ --with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \ --with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \ --with-cli-lease-file=/var/lib/dhcp/dhclient.leases \ @@ -67,8 +67,8 @@ dh_testdir ./configure \ - --prefix=$(DESTDIR)/usr \ - --sysconfdir=$(DESTDIR)/etc/dhcp \ + --prefix=/usr \ + --sysconfdir=/etc/dhcp \ --with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \ --with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \ --with-cli-lease-file=/var/lib/dhcp/dhclient.leases \ @@ -99,7 +99,7 @@ dh_installdirs -A # Add here commands to install the package into debian/tmp. - $(MAKE) install + $(MAKE) install DESTDIR=$(DESTDIR) mkdir -p $(DESTDIR)/etc/dhcp
Bug#688847: libav: multiple CVEs in ffmpeg/libav
On Mon, Oct 15, 2012 at 3:39 AM, Moritz Muehlenhoff j...@inutil.org wrote: On Sun, Oct 14, 2012 at 05:00:54PM -0400, Reinhard Tartler wrote: On Wed, Sep 26, 2012 at 4:22 AM, Yves-Alexis Perez cor...@debian.org wrote: Source: libav Severity: grave Justification: user security hole Hi, it seems that a huge pile of CVE were allocated for ffmpeg/libav short status update: Most/all of the CVEs have now been backported upstream. Before releaseing 0.8.4, I need to review the list to ensure that nothing was forgotten. You can help with this by reviewing the list here: http://git.libav.org/?p=libav.git;a=shortlog;h=refs/heads/release/0.8 Hi Reinhard, I double-checked the list and the following CVE IDs fixed in the ffmpeg 0.11 release are not yet present in the 0.8 git branch (some are ffmpeg-specific I suppose): CVE-2012-2774, 59a4b73531428d2f420b4dad545172c8483ced0f CVE-2012-2782, 9a57a37b7041581c10629c8241260a5d7bfbc1e7 CVE-2012-2783, d85b3c4fff4c4b255232fcc01edbd57f19d60998 CVE-2012-2785, 326f7a68bbd429c63fd2f19f4050658982b5b081 d462949974668ffb013467d12dc4934b9106fe19 CVE-2012-2790, 2837d8dc276760db1821b81df3f794a90bfa56e6 CVE-2012-2791, 0846719dd11ab3f7a7caee13e7af71f71d913389 CVE-2012-2792, d442c4462a2692e27a24e1a9d0eb6f18725c7bd8 CVE-2012-2795, a0abefb0af64a311b15141062c77dd577ba590a3 2a7063de547b1d8fb1cef523469390fb59fb2c50 b3a43515827f3d22a881c33b87384f01c86786fd CVE-2012-2796, 5e59a77cec804a9b44c60ea22c17beba6453ef23 CVE-2012-2797, cca9528524c7a4b91451f4322bd50849af5d057e CVE-2012-2799, 64bd7f8e4db1742e86c5ed02bd530688b74063e3 CVE-2012-2803, 951cbea56fdc03ef96d07fbd7e5bed755d42ac8a CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04 Those are commits from ffmpeg, and do not necessarily apply to libav as well. Our current working list looks like this: fixed: CVE-2012-2772 (cb7190cd2c691fd93e4d3664f3fce6c19ee001dd) CVE-2012-2775 (9853e41aa0a6cfff629ff7009685eb8bf8d64e7f) CVE-2012-2777 (c20a69630619d14ae92c5541d52c579d7c8f3e94) CVE-2012-2779 (891918431db628db17885ed947ee387b29826a64) CVE-2012-2784 (same as CVE-2012-2777) CVE-2012-2785 (326f7a68bbd429c63fd2f19f4050658982b5b081 d462949974668ffb013467d12dc4934b9106fe19) CVE-2012-2786 (ee715f49a06bf3898246d01b056284a9bb1bcbb9) CVE-2012-2787 (b146d74730ab9ec5abede9066f770ad851e45fbc) CVE-2012-2788 (0af49a63c7f87876486ab09482d5b26b95abce60) CVE-2012-2789 (99f392a584dd10b553facc8e819f2c7e982e176d) CVE-2012-2790 (66197988b1ee914825afbc3084e6da63f862068a) CVE-2012-2792 (065b3a1cfa3f23aedf76244b3f3883ba913173ff) CVE-2012-2793 (b631e4ed64f7d1b9ca8f897fda31140e8d1fad81) CVE-2012-2796 (1100acbab26883007898c53efeb289f562c6e514) CVE-2012-2776 (e4d4044339b9c3b0f45f7203cd026eda3c0414c0) CVE-2012-2794 (2d09cdbaf2f449ba23d54e97e94bd97ca22208c6) CVE-2012-2800 (ae3da0ae5550053583a6f281ea7fd940497ea0d1) CVE-2012-2795 (607f57152c59bcec26caaf2060a86d96f76c4e8b f48fbf2eb5ba7015c65b31c266edf399dd6a82b1 6a99310fce49f51773ab7d8ffa4f4748bbf58db9) CVE-2012-2798 (d05f72c75445969cd7bdb1d860635c9880c67fb6) CVE-2012-2799 (d65d8347314b645051e336aed141aaf32a6c0d02) CVE-2012-2801 (85f477935cd6b34e6ec2716b20e15ce748277a89) submitted: CVE-2012-2783 (has been oked, but looks shady) invalid?: CVE-2012-2774 -- ffmpeg fix is not a fix, it's unclear what real issue it is supposed to fix CVE-2012-2804 -- same as above CVE-2012-2782 -- Ronald says it does not apply to us CVE-2012-2797 -- Justin says it's completely wrong CVE-2012-2803 -- looks very shady other: CVE-2012-2791 (0846719dd11ab3f7a7caee13e7af71f71d913389) -- needs input from kostya CVE-2012-2802 -- Justin said he'd fix it differently None of these are merged into 0.5.x, has the code diverged so much? I arrived only today from my two week trip and will work on backports for 0.7-0.5 this week. Sorry for the delay. Cheers, Reinhard -- regards, Reinhard -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690067: syslog-ng-core: symlink conffile issues
Gergely Nagy alger...@balabit.hu writes: The easy fix is to remove debian/syslog-ng-core.conffiles. That has the downside of not allowing the user to easily change the symlink to point somewhere else (like a custom unit file) unless he diverts the file, which is kind of awkward. But alas, that's still less trouble than causing a mess with symlink conffiles, apparently. I've fixed it in my git tree, will poke GCS to pick it over for the next syslog-ng upload. Mostly for myself, but replacing the symlinks with real conffiles that .include the former symlink targets may be an even better course of action. I'll test that over the next few days, and see how upgrades behave. -- |8] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#684218: marked as done (ogre contains non-free font from larabie collection)
Your message dated Mon, 15 Oct 2012 11:18:11 + with message-id e1tnigv-00012t...@franck.debian.org and subject line Bug#684218: fixed in ogre 1.7.4+dfsg1-6 has caused the Debian Bug report #684218, regarding ogre contains non-free font from larabie collection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: ogre Version: 1.7.4-5 Severity: serious Tags: upstream Forwarded: http://ogre3d.org/mantis/view.php?id=546 People reported to me that the package contains the Larabie fonts, which are considered non-free [1], and there are packages for fonts-larabie which are indeed in non-free [2] containing the same files [3]: Samples/Media/fonts/bluebold.ttf Samples/Media/fonts/bluecond.ttf Samples/Media/fonts/bluehigh.ttf Samples/Media/fonts/solo5.ttf This affects both ogre and ogre-1.8 packages, submitting independent bug reports. This is reported upstream in the hope that they will fix it in upcoming releases [4], but in the meantime the package will need a new sourceful upload with a new .orig.tar file without these files in order to fix the issue. Regards. [1] http://lists.debian.org/debian-legal/2001/10/msg00059.html [2] http://packages.debian.org/search?keywords=fonts-larabie [3] http://anonscm.debian.org/viewvc/pkg-fonts/packages/fonts-larabie/trunk/ [4] http://ogre3d.org/mantis/view.php?id=546 -- Manuel A. Fernandez Montecelo manuel.montez...@gmail.com ---End Message--- ---BeginMessage--- Source: ogre Source-Version: 1.7.4+dfsg1-6 We believe that the bug you reported is fixed in the latest version of ogre, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 684...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Manuel A. Fernandez Montecelo manuel.montez...@gmail.com (supplier of updated ogre package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 10 Oct 2012 20:47:20 +0100 Source: ogre Binary: libogre-dev libogre-1.7.4 libogre-1.7.4-dbg ogre-doc ogre-tools blender-ogrexml Architecture: source amd64 all Version: 1.7.4+dfsg1-6 Distribution: unstable Urgency: low Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org Changed-By: Manuel A. Fernandez Montecelo manuel.montez...@gmail.com Description: blender-ogrexml - Blender Exporter for OGRE libogre-1.7.4 - 3D Object-Oriented Graphics Rendering Engine (libraries) libogre-1.7.4-dbg - 3D Object-Oriented Graphics Rendering Engine (debugging libs) libogre-dev - 3D Object-Oriented Graphics Rendering Engine (development files) ogre-doc - 3D Object-Oriented Graphics Rendering Engine (documentation) ogre-tools - 3D Object-Oriented Graphics Rendering Engine (tools) Closes: 674633 684218 Changes: ogre (1.7.4+dfsg1-6) unstable; urgency=low . * Remove Samples altogether, since almost all of them contain or depend on non-free items (fonts and some media objects, see Debian and upstream bug report). After contacting upstream, they are not inclined to resolve the issue soon (read: it will take years and several major releases, if it happens at all). All of them are removed and there will be no attempt to track which ones are DFSG-compliant; it is quite a burden (thus decreasing the time that can be devoted to maintain the package in good shape, follow closely upstream updates, etc), and this is even more complicated with different sets of samples in every release (as it is the case now, with v1.7 and v1.8 in the Debian archive). This change encompasses the following actions/changes: - Repack the source (simply removing all ./Samples/) - Remove patch change_sample_cfg_path.patch, of no use now - Remove corresponding sample packages from debian/control - Remove files debian/*samples*.install - Closes: #684218 (ogre contains non-free font from larabie collection) * Force Build-Depends and Depends of libogre-dev on version 1.49 (this particular one since it is the default for Wheezy). OGRE exposes internal source code
Bug#684219: marked as done (ogre-1.8 contains non-free font from larabie collection)
Your message dated Mon, 15 Oct 2012 11:18:45 + with message-id e1tnih3-0001ie...@franck.debian.org and subject line Bug#684219: fixed in ogre-1.8 1.8.0+dfsg1-2 has caused the Debian Bug report #684219, regarding ogre-1.8 contains non-free font from larabie collection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684219: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684219 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: ogre-1.8 Version: 1.8.0-1 Severity: serious Tags: upstream Forwarded: http://ogre3d.org/mantis/view.php?id=546 People reported to me that the package contains the Larabie fonts, which are considered non-free [1], and there are packages for fonts-larabie which are indeed in non-free [2] containing the same files [3]: Samples/Media/fonts/bluebold.ttf Samples/Media/fonts/bluecond.ttf Samples/Media/fonts/bluehigh.ttf Samples/Media/fonts/solo5.ttf This affects both ogre and ogre-1.8 packages, submitting independent bug reports. This is reported upstream in the hope that they will fix it in upcoming releases [4], but in the meantime the package will need a new sourceful upload with a new .orig.tar file without these files in order to fix the issue. Regards. [1] http://lists.debian.org/debian-legal/2001/10/msg00059.html [2] http://packages.debian.org/search?keywords=fonts-larabie [3] http://anonscm.debian.org/viewvc/pkg-fonts/packages/fonts-larabie/trunk/ [4] http://ogre3d.org/mantis/view.php?id=546 -- Manuel A. Fernandez Montecelo manuel.montez...@gmail.com ---End Message--- ---BeginMessage--- Source: ogre-1.8 Source-Version: 1.8.0+dfsg1-2 We believe that the bug you reported is fixed in the latest version of ogre-1.8, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 684...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Manuel A. Fernandez Montecelo manuel.montez...@gmail.com (supplier of updated ogre-1.8 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 10 Oct 2012 21:42:07 +0100 Source: ogre-1.8 Binary: libogre-1.8-dev libogre-1.8.0 libogre-1.8.0-dbg ogre-1.8-doc ogre-1.8-tools blender-ogrexml-1.8 Architecture: source amd64 all Version: 1.8.0+dfsg1-2 Distribution: unstable Urgency: low Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org Changed-By: Manuel A. Fernandez Montecelo manuel.montez...@gmail.com Description: blender-ogrexml-1.8 - Blender Exporter for OGRE libogre-1.8-dev - 3D Object-Oriented Graphics Rendering Engine (development files) libogre-1.8.0 - 3D Object-Oriented Graphics Rendering Engine (libraries) libogre-1.8.0-dbg - 3D Object-Oriented Graphics Rendering Engine (debugging libs) ogre-1.8-doc - 3D Object-Oriented Graphics Rendering Engine (documentation) ogre-1.8-tools - 3D Object-Oriented Graphics Rendering Engine (tools) Closes: 684219 687013 688582 Changes: ogre-1.8 (1.8.0+dfsg1-2) unstable; urgency=low . * Remove Samples altogether, since almost all of them contain or depend on non-free items (fonts and some media objects, see Debian and upstream bug report). After contacting upstream, they are not inclined to resolve the issue soon (read: it will take years and several major releases, if it happens at all). All of them are removed and there will be no attempt to track which ones are DFSG-compliant; it is quite a burden (thus decreasing the time that can be devoted to maintain the package in good shape, follow closely upstream updates, etc), and this is even more complicated with different sets of samples in every release (as it is the case now, with v1.7 and v1.8 in the Debian archive). This change encompasses the following actions/changes: - Repack the source (simply removing all ./Samples/) - Remove patch change_sample_cfg_path.patch, of no use now - Remove corresponding sample packages from debian/control - Remove files debian/*samples*.install - Closes: #684219 (ogre contains non-free font from larabie collection) * Force Build-Depends and Depends of libogre-dev on version 1.49 (this particular one since
Bug#690542: nut-nutrition: Segmentation fault amd64
Package: nut-nutrition Version: 15.5-1 Severity: grave Justification: renders package unusable Dear Maintainer, on a 64-bit system nut-nutrition quits with 'Segmentation fault' right after start. On 32-bit this doesn't happen. Removing, purging, then re-installing the package didn't help. The segfault unfortunately makes the package completely unusable. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.6-0.towo-siduction-amd64 (SMP w/1 CPU core; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nut-nutrition depends on: ii libc6 2.13-35 nut-nutrition recommends no packages. nut-nutrition suggests no packages. -- no debconf information
Bug#689718: marked as done (xmame-sdl,xmess-sdl: missing copyright file after upgrade from squeeze)
Your message dated Mon, 15 Oct 2012 12:18:16 + with message-id e1tnjce-00087b...@franck.debian.org and subject line Bug#689718: fixed in mess 0.146-3 has caused the Debian Bug report #689718, regarding xmame-sdl,xmess-sdl: missing copyright file after upgrade from squeeze to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689718 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xmame-sdl,xmess-sdl Version: 0.146-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: affects -1 + xmame-common xmess-common A test with piuparts revealed that package $package misses the copyright file after an upgrade from squeeze to wheezy, which is a violation of Policy 12.5 : http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile After the upgrade /usr/share/doc/$package/ is just an empty directory. Additional info may be available here: http://wiki.debian.org/MissingCopyrightFile There is something bad going on with the symlink to directory conversion that is needed if the xmame-common or xmess-common package was installed. From the attached logfile (scroll to the bottom): 1m2.1s INFO: dirname part contains a symlink: /usr/share/doc/xmess-sdl/changelog.Debian.gz != /usr/share/doc/xmess-common/changelog.Debian.gz (xmess-sdl) /usr/share/doc/xmess-sdl/changelog.gz != /usr/share/doc/xmess-common/changelog.gz (xmess-sdl) /usr/share/doc/xmess-sdl/copyright != /usr/share/doc/xmess-common/copyright (xmess-sdl) 1m3.2s ERROR: FAIL: debsums reports modifications inside the chroot: debsums: missing file /usr/share/doc/xmess-sdl/changelog.Debian.gz (from xmess-sdl package) debsums: missing file /usr/share/doc/xmess-sdl/changelog.gz (from xmess-sdl package) debsums: missing file /usr/share/doc/xmess-sdl/copyright (from xmess-sdl package) cheers, Andreas xmess-common_None.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: mess Source-Version: 0.146-3 We believe that the bug you reported is fixed in the latest version of mess, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 689...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cesare Falco cesare.fa...@gmail.com (supplier of updated mess package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 05 Aug 2012 22:56:44 +0200 Source: mess Binary: mame-tools mess mess-data xmame-tools xmess-sdl xmess-x sdlmame-tools Architecture: source amd64 all Version: 0.146-3 Distribution: unstable Urgency: low Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org Changed-By: Cesare Falco cesare.fa...@gmail.com Description: mame-tools - Tools for MAME and MESS mess - Multi Emulator Super System (MESS) mess-data - Data files for the Multi Emulator Super System (MESS) sdlmame-tools - Transitional package for sdlmame-tools xmame-tools - Transitional package for mame-tools xmess-sdl - Transitional package for xmess-sdl xmess-x- Transitional package for xmess-x Closes: 685470 689718 Changes: mess (0.146-3) unstable; urgency=low . [ Cesare Falco ] * Modified default options in mess.ini to reflect Mame * Removed unnecessary contributed manpages * mess-data.dirs: Create empty /usr/local/* dirs . [ Emmanuel Kasper ] * Add xmess-x.preinst and xmess-sdl.preinst to remove danglink symlinks when upgrading from squeeze (closes: bug#685470, #689718) Checksums-Sha1: d88e35ef2b128795f491d18323d71003436cdec2 2493 mess_0.146-3.dsc a0bb3fb3680a6a7d859c3bac6d84b206a28d6c48 52176 mess_0.146-3.debian.tar.xz 43924cc0d7c64fa1aeef1e36d0f14e4a64ab73ee 774230 mame-tools_0.146-3_amd64.deb d2e9603c4d09a8d09e453cbd34099c5d57e4e42e 9346966 mess_0.146-3_amd64.deb 67720643373a3e5f5fe376db83654e4dcd35537b 31884278 mess-data_0.146-3_all.deb df7373a4742203548de6dc2ca09fc6d62b9b62cc 37978 xmame-tools_0.146-3_all.deb bf229032d1a6c436a774c94e1a6252ef1e16ec16 38110 xmess-sdl_0.146-3_all.deb ede16c5a79ac6a3463fd5a8dfc55113aa0f1fd18 38108 xmess-x_0.146-3_all.deb 37a4803f06d3434a5b5fc08e5d041aba64d6d468 37978
Bug#685470: marked as done (xmess-x,xmess-sdl: missing copyright file after squeeze-wheezy upgrade)
Your message dated Mon, 15 Oct 2012 12:18:16 + with message-id e1tnjce-00087y...@franck.debian.org and subject line Bug#685470: fixed in mess 0.146-3 has caused the Debian Bug report #685470, regarding xmess-x,xmess-sdl: missing copyright file after squeeze-wheezy upgrade to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 685470: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685470 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xmess-x,xmess-sdl Version: 0.146-2 Severity: serious Justification: Policy 12.5 User: debian...@lists.debian.org Usertags: piuparts Hi, during an experimental test with piuparts I noticed that the copyright file of your package sis missing after an upgrade from squeeze to wheezy. Cheers, Andreas ---End Message--- ---BeginMessage--- Source: mess Source-Version: 0.146-3 We believe that the bug you reported is fixed in the latest version of mess, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 685...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cesare Falco cesare.fa...@gmail.com (supplier of updated mess package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 05 Aug 2012 22:56:44 +0200 Source: mess Binary: mame-tools mess mess-data xmame-tools xmess-sdl xmess-x sdlmame-tools Architecture: source amd64 all Version: 0.146-3 Distribution: unstable Urgency: low Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org Changed-By: Cesare Falco cesare.fa...@gmail.com Description: mame-tools - Tools for MAME and MESS mess - Multi Emulator Super System (MESS) mess-data - Data files for the Multi Emulator Super System (MESS) sdlmame-tools - Transitional package for sdlmame-tools xmame-tools - Transitional package for mame-tools xmess-sdl - Transitional package for xmess-sdl xmess-x- Transitional package for xmess-x Closes: 685470 689718 Changes: mess (0.146-3) unstable; urgency=low . [ Cesare Falco ] * Modified default options in mess.ini to reflect Mame * Removed unnecessary contributed manpages * mess-data.dirs: Create empty /usr/local/* dirs . [ Emmanuel Kasper ] * Add xmess-x.preinst and xmess-sdl.preinst to remove danglink symlinks when upgrading from squeeze (closes: bug#685470, #689718) Checksums-Sha1: d88e35ef2b128795f491d18323d71003436cdec2 2493 mess_0.146-3.dsc a0bb3fb3680a6a7d859c3bac6d84b206a28d6c48 52176 mess_0.146-3.debian.tar.xz 43924cc0d7c64fa1aeef1e36d0f14e4a64ab73ee 774230 mame-tools_0.146-3_amd64.deb d2e9603c4d09a8d09e453cbd34099c5d57e4e42e 9346966 mess_0.146-3_amd64.deb 67720643373a3e5f5fe376db83654e4dcd35537b 31884278 mess-data_0.146-3_all.deb df7373a4742203548de6dc2ca09fc6d62b9b62cc 37978 xmame-tools_0.146-3_all.deb bf229032d1a6c436a774c94e1a6252ef1e16ec16 38110 xmess-sdl_0.146-3_all.deb ede16c5a79ac6a3463fd5a8dfc55113aa0f1fd18 38108 xmess-x_0.146-3_all.deb 37a4803f06d3434a5b5fc08e5d041aba64d6d468 37978 sdlmame-tools_0.146-3_amd64.deb Checksums-Sha256: c2e472d88f5e9d183860419317e23e1d58ed331b22ab596577e900d07cba372a 2493 mess_0.146-3.dsc c1a826fe760a1752480adcad7d29773cd3f50d0653912bc42b1df3d596f4c0b6 52176 mess_0.146-3.debian.tar.xz 7d90148032e4eb79255f83de18943b9c8a9dc920a7ac1f49be35112f4a13f8dd 774230 mame-tools_0.146-3_amd64.deb ebb89e4bf7647422df85aaea4f709d952ddd4223af7560646ea60847f701f244 9346966 mess_0.146-3_amd64.deb 48c3d52546a1895fa226937686e50250219a72b534e94779f1bf733943ae070f 31884278 mess-data_0.146-3_all.deb 97710889dcfae40a913ec94eaa21901d45dd951e12e50f2eca6218602a0761a7 37978 xmame-tools_0.146-3_all.deb 23cb70553508c1adfac181f6b941b0439e4e814570e363fea1e65f5e28ad7c75 38110 xmess-sdl_0.146-3_all.deb c9739e9c6a8d41071034f23e6288175c5861119b0247aec31c9db386f9f31472 38108 xmess-x_0.146-3_all.deb 8d4744ac179f6ec48a28ad819c244cd2eccf0a73a0e56b611e8f87edfe65a855 37978 sdlmame-tools_0.146-3_amd64.deb Files: c94b9a6a060ec2520078439d4912b03a 2493 non-free/games optional mess_0.146-3.dsc 1b67f54aafb4b24dbd6062750df0bbd4 52176 non-free/games optional mess_0.146-3.debian.tar.xz d98901826c362c93501b1c6d6a65342e 774230 non-free/utils optional
Bug#690148: Please give back gcc-mingw-w64 (so it rebuilds using gcc-4.6 4.6.3-12)
On 2012-10-15 14:13, Philipp Kern wrote: On Mon, Oct 15, 2012 at 01:33:16AM +0200, Cyril Brulebois wrote: Stephen Kitt st...@sk2.org (14/10/2012): Now that gcc-4.6 4.6.3-12 is installed in unstable on all architectures, would it be possible to give gcc-mingw-w64 back on all buildds? This will cause it to be rebuilt using gcc-4.6 4.6.3-12; since the latter's version ends up in the resulting binary packages' versions, a binNMU shouldn't be necessary... gb gcc-mingw-w64_7 . ALL a package which failed to build can be given back. That's really an alias for “please give it another chance to build (successfully)”. If you want to get a(n already successfully built) package rebuilt against a new set of packages, that's where binNMUs come into play. And if would've been cool if you could send a rationale for why the binNMU is needed (I simply don't know why one has to recompile against a new gcc, and there's no bug# reference) to debian-release@lists.d.o (Cc'ed). (binNMUs migrate automatically if present, hence it's also slightly relevant for wheezy release management.) Surely it would be more efficient to do a maintainer upload fixing RC bug #690148, and you'll get the rebuilds for free? I started looking at this bug yesterday, the fix is easy but I did not have time to check all binary packages. Patch to follow if you want it. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690556: condor: CVE-2012-4462
Package: condor Severity: grave Tags: security patch Justification: user security hole Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for details and a patch. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 689054 is grave
Processing commands for cont...@bugs.debian.org: severity 689054 grave Bug #689054 [libgpod-cil] libgpod-cil: Wrong architecture field value in libgpod-cil package definition Severity set to 'grave' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 689054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689054 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#682824: hylafax: needs update for wheezy
Hi Thijs, Il giorno dom, 14/10/2012 alle 16.00 +0200, Thijs Kinkhorst ha scritto: This security issue was fixed in unstable, thanks for that, but wheezy is still lacking the fix. This is because the unstable version cannot migrate due to it containing many auxilliary fixes. Could you coordinate with the release team to make an upload to testing-proposed-updates with the security fix? A few days ago I prepared a package for t-p-u. A diff that explain the package changes is already appended to the unblock request. See #685230. If you may check the diff and unblock the freeze exception, please do it. Thanks, Giuseppe -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#674324: ruby-net-sftp: cloning and reassigning to ruby-mocha
Package: ruby-net-sftp Followup-For: Bug #674324 Control: clone 674324 -1 Control: reassign -1 ruby-mocha Control: affects -1 ruby-net-sftp Control: severity -1 normal Control: forwarded -1 https://github.com/freerange/mocha/issues/99 Hi! This turns out to be a variant of a problem in ruby-mocha, already reported upstream. The minimal example to reproduce this issue with ruby-mocha is attached. Therefore, I am cloning and reaffecting to ruby-mocha. The original bug will be closed by an upload of ruby-net-sftp, deactivating the problematic test. Cheers, Cédric bug_mocha.rb Description: application/ruby signature.asc Description: Digital signature
Processed: ruby-net-sftp: cloning and reassigning to ruby-mocha
Processing control commands: clone 674324 -1 Bug #674324 [src:ruby-net-sftp] ruby-net-sftp: FTBFS: test failed Bug 674324 cloned as bug 690562 reassign -1 ruby-mocha Bug #690562 [src:ruby-net-sftp] ruby-net-sftp: FTBFS: test failed Bug reassigned from package 'src:ruby-net-sftp' to 'ruby-mocha'. No longer marked as found in versions ruby-net-sftp/1:2.0.5-2. Ignoring request to alter fixed versions of bug #690562 to the same values previously set affects -1 ruby-net-sftp Bug #690562 [ruby-mocha] ruby-net-sftp: FTBFS: test failed Added indication that 690562 affects ruby-net-sftp severity -1 normal Bug #690562 [ruby-mocha] ruby-net-sftp: FTBFS: test failed Severity set to 'normal' from 'serious' forwarded -1 https://github.com/freerange/mocha/issues/99 Bug #690562 [ruby-mocha] ruby-net-sftp: FTBFS: test failed Changed Bug forwarded-to-address to 'https://github.com/freerange/mocha/issues/99' from 'http://net-ssh.lighthouseapp.com/projects/36253-net-ssh/tickets/62-net-sftp-fails-with-mocha-0113' -- 674324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674324 690562: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689889: marked as done (Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2))
Your message dated Mon, 15 Oct 2012 15:02:36 + with message-id e1tnmbg-00025b...@franck.debian.org and subject line Bug#689889: fixed in echolot 2.1.8-7 has caused the Debian Bug report #689889, regarding Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689889 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: echolot Version: 2.1.8-6 Severity: serious Tags: patch Dear Maintainer, Andreas Beckmann deb...@abeckmann.de reported in -devel that your package (as well as 27 others) ships a folder either in /var/run or /var/lock. This is forbidden by policy. Lintian detects the problem and warns as follow: /var/run may be a temporary filesystem, so any directories or files needed /there must be created dynamically at boot time. Refer to Debian Policy Manual section 9.3.2 (Writing the scripts) for details. Severity: serious, Certainty: possible Check: files, Type: binary, udeb which is why I am reporting this bug with severity serious (and there fore, release critical). Please fix your package. I have attached what I believe is a good fix the problem, however, I haven't tried it, and I haven't tested if something more for creating the necessary folder at runtime should be added. Please make sure to test before applying the patch blindly. Cheers, Thomas Goirand (zigo) diff -u echolot-2.1.8/debian/changelog echolot-2.1.8/debian/changelog --- echolot-2.1.8/debian/changelog +++ echolot-2.1.8/debian/changelog @@ -1,3 +1,10 @@ +echolot (2.1.8-6.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Fixes handling of the /var/run/echolot folder life cycle (Closes: #XX). + + -- Thomas Goirand z...@debian.org Sat, 06 Oct 2012 16:59:36 +0800 + echolot (2.1.8-6) unstable; urgency=low * In postrm during purge remove (rm -rf) /var/lib/echolot instead of diff -u echolot-2.1.8/debian/echolot.init echolot-2.1.8/debian/echolot.init --- echolot-2.1.8/debian/echolot.init +++ echolot-2.1.8/debian/echolot.init @@ -25,7 +25,8 @@ # You probably don't want to mess with stuff below this line -PIDFILE=/var/run/echolot/pingd.pid +RUNFLD=/var/run/echolot +PIDFILE=${RUNFLD}/pingd.pid CHECKULIMIT=1 CHECKUID=1 USER=echolot @@ -41,6 +42,13 @@ # Reads config file (will override defaults above) [ -r /etc/default/echolot ] . /etc/default/echolot +if [ ! -d ${RUNFLD} ] ; then + mkdir -p ${RUNFLD} || true + if [ -d ${RUNFLD} ] ; then + chown ${USER}:${GROUP} ${RUNFLD} + chmod 02770 ${RUNFLD} + fi +fi wait_for_deaddaemon () { PID=$1 diff -u echolot-2.1.8/debian/echolot.postinst echolot-2.1.8/debian/echolot.postinst --- echolot-2.1.8/debian/echolot.postinst +++ echolot-2.1.8/debian/echolot.postinst @@ -30,10 +30,6 @@ if ( ! dpkg-statoverride --list /var/lib/echolot /dev/null ); then dpkg-statoverride --update --add root echolot 02775 /var/lib/echolot fi -# and /var/run/echolot -if ( ! dpkg-statoverride --list /var/run/echolot /dev/null ); then - dpkg-statoverride --update --add root echolot 02770 /var/run/echolot -fi #DEBHELPER# diff -u echolot-2.1.8/debian/echolot.postrm echolot-2.1.8/debian/echolot.postrm --- echolot-2.1.8/debian/echolot.postrm +++ echolot-2.1.8/debian/echolot.postrm @@ -6,6 +6,7 @@ purge) rm -rf /var/lib/echolot rm -rf /var/log/echolot + rm -rf /var/run/echolot rmdir /etc/echolot/templates 2/dev/null || true rmdir /etc/echolot 2/dev/null || true dpkg-statoverride --remove /var/run/echolot /dev/null 21 || true only in patch2: unchanged: --- echolot-2.1.8.orig/debian/echolot.dirs +++ echolot-2.1.8/debian/echolot.dirs @@ -1,7 +1,6 @@ usr/bin usr/share/perl5 var/lib/echolot -var/run/echolot var/log/echolot etc/echolot etc/default ---End Message--- ---BeginMessage--- Source: echolot Source-Version: 2.1.8-7 We believe that the bug you reported is fixed in the latest version of echolot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 689...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Palfrader wea...@debian.org (supplier of updated echolot package) (This message was generated automatically at their request; if you believe that there is a problem with it
Bug#689054: marked as done (libgpod-cil: Wrong architecture field value in libgpod-cil package definition)
Your message dated Mon, 15 Oct 2012 15:04:56 + with message-id e1tnmdw-00047u...@franck.debian.org and subject line Bug#689054: fixed in libgpod 0.8.2-7 has caused the Debian Bug report #689054, regarding libgpod-cil: Wrong architecture field value in libgpod-cil package definition to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 689054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689054 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libgpod-cil Version: 0.8.2-6 Severity: important Tags: patch Dear Maintainer, libgpod-cil package of the libgpod project has a wrong architecture entry: - Normally -cil packages are arch-independent but, - This one isn't because the library contains interoperability/marshalling (unsafe) code. - Package should be compiled differently, then, in each arch. - Proof of this is the file configure.ac of upstream: http://gtkpod.git.sourceforge.net/git/gitweb.cgi?p=gtkpod/libgpod;a=blob;f=configure.ac;h=669d433a47536ed5504eed12766f4876b476efa6;hb=HEAD (Line 318, with different GMCS_FLAGS determined by ac_cv_alignof_double) - The upstram bug is: https://bugzilla.gnome.org/show_bug.cgi?id=684876 Patch to fix this upstream in debian git is simple: diff --git a/debian/control b/debian/control index 145766c..50ae277 100644 --- a/debian/control +++ b/debian/control @@ -138,7 +138,7 @@ Description: Python bindings for libgpod Package: libgpod-cil Section: cli-mono -Architecture: all +Architecture: any Depends: ${cli:Depends}, ${misc:Depends} Description: CLI bindings for libgpod libgpod is a library meant to abstract access to an iPod's content. It Thanks very much. Andres G. Aragoneses (Banshee developer) -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise'), (100, 'precise-backports') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-31-generic (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgpod-cil depends on: ii libglib2.0-cil 2.12.10-2ubuntu4 ii libgpod40.8.2-6~hyper1+precise ii libgtk2.0-cil 2.12.10-2ubuntu4 ii libmono-corlib4.0-cil 2.10.8.1-5~dhx1~precise1 ii libmono-system-core4.0-cil 2.10.8.1-5~dhx1~precise1 libgpod-cil recommends no packages. libgpod-cil suggests no packages. ---End Message--- ---BeginMessage--- Source: libgpod Source-Version: 0.8.2-7 We believe that the bug you reported is fixed in the latest version of libgpod, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 689...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chow Loong Jin hyper...@debian.org (supplier of updated libgpod package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 15 Oct 2012 21:58:33 +0800 Source: libgpod Binary: libgpod-nogtk-dev libgpod4-nogtk libgpod-dev libgpod4 libgpod-common libgpod-doc python-gpod libgpod-cil libgpod-cil-dev Architecture: source amd64 all Version: 0.8.2-7 Distribution: unstable Urgency: low Maintainer: gtkpod Maintainers pkg-gtkpod-de...@lists.alioth.debian.org Changed-By: Chow Loong Jin hyper...@debian.org Description: libgpod-cil - CLI bindings for libgpod libgpod-cil-dev - CLI bindings for libgpod -- development files libgpod-common - common files for libgpod libgpod-dev - development files for libgpod libgpod-doc - documentation for libgpod libgpod-nogtk-dev - development files for libgpod (version without artwork support) libgpod4 - library to read and write songs and artwork to an iPod libgpod4-nogtk - library to read and write songs to an iPod python-gpod - Python bindings for libgpod Closes: 689054 Changes: libgpod (0.8.2-7) unstable; urgency=low . * [1c86366] Make -cil packages non-arch-all (Closes: #689054) * [e819dd1] Bump debhelper build-dep version to 9 * [810a91d] Set libgpod-cil-dev section to cli-mono * [a5c3888] No-change bump of Standards-Version to 3.9.3 Checksums-Sha1: cd8b6a9eecf12a394234db43e02595c3eab5b82e 3068
Bug#688233: marked as done (/usr/bin/uim-module-manager: modifies conffiles (policy 10.7.3): /etc/uim/installed-modules.scm, /etc/uim/loader.scm)
Your message dated Mon, 15 Oct 2012 15:05:27 + with message-id e1tnmer-0004ir...@franck.debian.org and subject line Bug#688233: fixed in uim-chewing 0.1.0-3 has caused the Debian Bug report #688233, regarding /usr/bin/uim-module-manager: modifies conffiles (policy 10.7.3): /etc/uim/installed-modules.scm, /etc/uim/loader.scm to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688233 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: uim-utils Version: 1:1.8.1-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: affects -1 + uim-yahoo-jp uim-viqr uim-social-ime fail/uim-skk uim-prime uim-pinyin uim-mozc uim-m17nlib uim-look uim-latin uim-latin uim-ipa-x-sampa uim-google-cgiapi-jp uim-chewing uim-canna uim-byeoru uim-baidu-olime-jp uim-anthy uim-ajax-ime Hi, during a test with piuparts I noticed that all the uim module packages modify conffiles. This is forbidden by the policy, see http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files 10.7.3: [...] The easy way to achieve this behavior is to make the configuration file a conffile. [...] This implies that the default version will be part of the package distribution, and must not be modified by the maintainer scripts during installation (or at any other time). Note that once a package ships a modified version of that conffile, dpkg will prompt the user for an action how to handle the upgrade of this modified conffile (that was not modified by the user). Further in 10.7.3: [...] must not ask unnecessary questions (particularly during upgrades) [...] If a configuration file is customized by a maintainer script after having asked some debconf questions, it may not be marked as a conffile. Instead a template could be installed in /usr/share and used by the postinst script to fill in the custom values and create (or update) the configuration file (preserving any user modifications!). This file must be removed during postrm purge. ucf(1) may help with these tasks. See also http://wiki.debian.org/DpkgConffileHandling In https://lists.debian.org/debian-devel/2012/09/msg00412.html and followups it has been agreed that these bugs are to be filed with severity serious. debsums reports modification of the following files, from the attached log (scroll to the bottom...): /etc/uim/installed-modules.scm /etc/uim/loader.scm Having the registration/unregistration of the modules done by uim-module-manager is perfectly fine, only the registration database files must not be conffiles and must be cleaned up during postrm purge. cheers, Andreas uim-yahoo-jp_1:1.8.1-2.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: uim-chewing Source-Version: 0.1.0-3 We believe that the bug you reported is fixed in the latest version of uim-chewing, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kan-Ru Chen (陳侃如) kos...@debian.org (supplier of updated uim-chewing package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 15 Oct 2012 21:51:10 +0800 Source: uim-chewing Binary: uim-chewing Architecture: source amd64 Version: 0.1.0-3 Distribution: unstable Urgency: medium Maintainer: IME Packaging Team pkg-ime-de...@lists.alioth.debian.org Changed-By: Kan-Ru Chen (陳侃如) kos...@debian.org Description: uim-chewing - Universal Input Method - Chewing plugin Closes: 688233 Changes: uim-chewing (0.1.0-3) unstable; urgency=medium . * Team upload. * Urgency set medium to fix RC bug. * debian/uim-chewing.postinst, debian/uim-chewing.prerm: Change uim registration directory from /etc/uim to /var/lib/uim (Closes: #688233). Checksums-Sha1: dafa47d840ce087d5cddf0094c100d38febd59db 2025 uim-chewing_0.1.0-3.dsc 22e3e9350d4c5bdfe99f17956fb90c25984bd84e 3537 uim-chewing_0.1.0-3.debian.tar.gz 7215c893d7810b38c3551f813efaea241118a10f 24268 uim-chewing_0.1.0-3_amd64.deb Checksums-Sha256: ded12603b20b4b7ce88dac03816e0b15260152fc4ae9b3d41775b59a19beb0da 2025
Processed: unarchiving 665890, found 665890 in 0.3.1-2
Processing commands for cont...@bugs.debian.org: unarchive 665890 Bug #665890 {Done: Laszlo Boszormenyi (GCS) g...@debian.hu} [src:python-greenlet] python-greenlet: FTBFS on mips*: error: $fp cannot be used in asm here Unarchived Bug 665890 found 665890 0.3.1-2 Bug #665890 {Done: Laszlo Boszormenyi (GCS) g...@debian.hu} [src:python-greenlet] python-greenlet: FTBFS on mips*: error: $fp cannot be used in asm here Marked as found in versions python-greenlet/0.3.1-2. thanks Stopping processing here. Please contact me if you need assistance. -- 665890: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665890 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690556: [condor-debian] Bug#690556: condor: CVE-2012-4462
On Oct 15, 2012, at 9:01 AM, Moritz Muehlenhoff j...@inutil.org wrote: Package: condor Severity: grave Tags: security patch Justification: user security hole Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for details and a patch. This bug only affects the Aviary contrib module, which isn't built in the Debian condor package. Thanks and regards, Jaime Frey UW-Madison Condor Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687786: diff for NMU version 3.2-1.1
Hi, Pushed to Git repo. Regards, Boris 2012-09-30, 05:27, Antoine Beaupré wrote: tags 687786 + pending thanks Dear maintainer, I've uploaded an NMU for opticalraytracer on behalf of Pablo Duboue to the DELAYED/7 queue. This was part of a Bug Squashing Party in Montreal to fix release critical bugs in Wheezy. Let me know if the upload needs to be canceled or is inappropriate. Here's the patch for that upload. I wasn't able to push to the git repository unfortunately. A. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690574: oss4-base: depends on linux-sound-base
Source: oss4-base Version: 4.2-build2006-2 Severity: serious The alsa-driver source package is on its way out. oss4-base is the only thing depending on it. Please fix. Cheers, Julien signature.asc Description: Digital signature
Processed: reassign 690574 to oss4-base
Processing commands for cont...@bugs.debian.org: reassign 690574 oss4-base Bug #690574 [src:oss4-base] oss4-base: depends on linux-sound-base Warning: Unknown package 'src:oss4-base' Bug reassigned from package 'src:oss4-base' to 'oss4-base'. No longer marked as found in versions oss4-base/4.2-build2006-2. Ignoring request to alter fixed versions of bug #690574 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 690574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690148: Please give back gcc-mingw-w64 (so it rebuilds using gcc-4.6 4.6.3-12)
Hi Jonathan, On Mon, 15 Oct 2012 14:49:31 +0100, Jonathan Wiltshire j...@debian.org wrote: Surely it would be more efficient to do a maintainer upload fixing RC bug #690148, and you'll get the rebuilds for free? I started looking at this bug yesterday, the fix is easy but I did not have time to check all binary packages. Patch to follow if you want it. If you've got the patch to hand I'd appreciate it. As you say the fix is easy, but I won't have time to work on it this evening... Regards, Stephen signature.asc Description: PGP signature
Processed: found 690574 in 4.2-build2006-2
Processing commands for cont...@bugs.debian.org: found 690574 4.2-build2006-2 Bug #690574 [oss4-base] oss4-base: depends on linux-sound-base Marked as found in versions oss4/4.2-build2006-2. thanks Stopping processing here. Please contact me if you need assistance. -- 690574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: fixed 690532 in 4.2.2.dfsg.1-5+deb70u2
Processing commands for cont...@bugs.debian.org: fixed 690532 4.2.2.dfsg.1-5+deb70u2 Bug #690532 [isc-dhcp-client] CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH Marked as fixed in versions isc-dhcp/4.2.2.dfsg.1-5+deb70u2. thanks Stopping processing here. Please contact me if you need assistance. -- 690532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)
Julien Cristau jcris...@debian.org writes: On Sat, Oct 13, 2012 at 20:56:00 +0200, Ansgar Burchardt wrote: Stuart Prescott stu...@debian.org writes: Looking at the underscore package in squeeze-backports, it is not possible to build it from source using packages in squeeze+squeeze-backports. In particular, the uglifyjs package (provided by node-uglify in sid) is not in squeeze/squeeze-backports. I modified the package in backports to not compress the *.js files: Any chance you could do that for wheezy too? Sure. I've attached the debdiff for an upload to wheezy (there's a newer version in unstable). The changes are the same as in the backport. Ansgar diff -Nru underscore-1.1.6/debian/changelog underscore-1.1.6/debian/changelog --- underscore-1.1.6/debian/changelog 2011-04-22 11:30:22.0 +0200 +++ underscore-1.1.6/debian/changelog 2012-10-15 20:48:23.0 +0200 @@ -1,3 +1,10 @@ +underscore (1.1.6-1+deb7u1) wheezy; urgency=low + + * Include uncompressed version of *.js to avoid a build-dependency on +uglifyjs. (Closes: #679669) + + -- Ansgar Burchardt ans...@debian.org Mon, 15 Oct 2012 20:46:34 +0200 + underscore (1.1.6-1) unstable; urgency=low * New upstream release. diff -Nru underscore-1.1.6/debian/control underscore-1.1.6/debian/control --- underscore-1.1.6/debian/control 2011-04-22 11:25:13.0 +0200 +++ underscore-1.1.6/debian/control 2012-10-15 20:46:31.0 +0200 @@ -5,8 +5,7 @@ Uploaders: Jonas Smedegaard d...@jones.dk Build-Depends: cdbs, debhelper (= 6), - dh-buildinfo, - uglifyjs + dh-buildinfo Standards-Version: 3.9.2 Homepage: http://documentcloud.github.com/underscore/ Vcs-Git: git://git.debian.org/git/collab-maint/underscore diff -Nru underscore-1.1.6/debian/rules underscore-1.1.6/debian/rules --- underscore-1.1.6/debian/rules 2011-04-22 11:30:00.0 +0200 +++ underscore-1.1.6/debian/rules 2012-10-15 20:46:31.0 +0200 @@ -28,7 +28,7 @@ CDBS_BUILD_DEPENDS_rules_upstream-tarball = CDBS_BUILD_DEPENDS_rules_utils_copyright-check = -CDBS_BUILD_DEPENDS += , uglifyjs +#CDBS_BUILD_DEPENDS += , uglifyjs DEB_UPSTREAM_URL = http://githubredir.debian.net/github/documentcloud/underscore/ DEB_UPSTREAM_TARBALL_BASENAME = $(DEB_UPSTREAM_TARBALL_VERSION) @@ -47,6 +47,7 @@ build/$(libpkgname):: $(js-min) $(js-min): debian/%.min.js: $(js-basedir)%.js - uglifyjs -o $@ $ + #uglifyjs -o $@ $ + ln -sf $ $@ clean:: rm -f debian/*.js
Bug#690532: [pkg-dhcp-devel] Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH
control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote: All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the samba package is installed, are called with a PATH environment variable containing this: Using the term backdoor is inappropriate and quite misleading as it implies malicious activity. The issue is actually a build system sanitization issue. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: [pkg-dhcp-devel] Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH
Processing control commands: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH Bug #690532 [isc-dhcp-client] CVE-2012-2248: build system paths used in -DCLIENT_PATH Ignoring request to change the title of bug#690532 to the same title -- 690532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)
On Mon, Oct 15, 2012 at 20:59:24 +0200, Ansgar Burchardt wrote: Sure. I've attached the debdiff for an upload to wheezy (there's a newer version in unstable). The changes are the same as in the backport. Ack, please go ahead. Thanks, Julien signature.asc Description: Digital signature
Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)
Julien Cristau jcris...@debian.org writes: On Mon, Oct 15, 2012 at 20:59:24 +0200, Ansgar Burchardt wrote: Sure. I've attached the debdiff for an upload to wheezy (there's a newer version in unstable). The changes are the same as in the backport. Ack, please go ahead. Uploaded (without using DELAYED/* as I don't think that matters much for tpu). Ansgar -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690532: [pkg-dhcp-devel] Bug#690532: Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH
On Mon, Oct 15, 2012 at 3:01 PM, Michael Gilbert wrote: control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote: All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the samba package is installed, are called with a PATH environment variable containing this: Using the term backdoor is inappropriate and quite misleading as it implies malicious activity. The issue is actually a build system sanitization issue. Also, to be fair, the same conclusions can be drawn on different architectures for paths like /build/buildd-isc-dhcp-*: https://buildd.debian.org/status/fetch.php?pkg=isc-dhcparch=i386ver=4.2.4-2stamp=1347600978 Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679669: marked as done (underscore: build-dependency on uglifyjs not satisfiable in wheezy)
Your message dated Mon, 15 Oct 2012 19:17:57 + with message-id e1tnqan-e7...@franck.debian.org and subject line Bug#679669: fixed in underscore 1.1.6-1+deb7u1 has caused the Debian Bug report #679669, regarding underscore: build-dependency on uglifyjs not satisfiable in wheezy to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 679669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679669 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: underscore Version: 1.1.6-1 Severity: serious underscore in wheezy build-depends on uglifyjs, which is missing there. This needs to be fixed before release. Cheers, Julien signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: underscore Source-Version: 1.1.6-1+deb7u1 We believe that the bug you reported is fixed in the latest version of underscore, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 679...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ansgar Burchardt ans...@debian.org (supplier of updated underscore package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 15 Oct 2012 20:46:34 +0200 Source: underscore Binary: libjs-underscore Architecture: all source Version: 1.1.6-1+deb7u1 Distribution: wheezy Urgency: low Maintainer: Debian Javascript Maintainers pkg-javascript-de...@lists.alioth.debian.org Changed-By: Ansgar Burchardt ans...@debian.org Closes: 679669 Description: libjs-underscore - JavaScript's functional programming helper library Changes: underscore (1.1.6-1+deb7u1) wheezy; urgency=low . * Include uncompressed version of *.js to avoid a build-dependency on uglifyjs. (Closes: #679669) Checksums-Sha1: aedd8fed1d76fb40ff4abb1bc97bc34a9fe21345 1996 underscore_1.1.6-1+deb7u1.dsc d1454dc7ad55f1456f140ccedbf0d9ad83480b88 4371 underscore_1.1.6-1+deb7u1.debian.tar.gz 04c7160635b35a0bb7cad9b62bd2521d3b346911 30832 libjs-underscore_1.1.6-1+deb7u1_all.deb Checksums-Sha256: 237633fa4b42839d32cea0b3c543e159104fb4064532ac6f909b9a0e0662e24b 1996 underscore_1.1.6-1+deb7u1.dsc e5c3ef98a556569aabd0903ce293015a129b0c4e472852b802ed3ac70f6fc9aa 4371 underscore_1.1.6-1+deb7u1.debian.tar.gz 5fb574061083548eaff3e67bbec5750fdfb74486d4a4084592aba29ce2fdc8a4 30832 libjs-underscore_1.1.6-1+deb7u1_all.deb Files: 5e856b96c104b4bff33df65f9bdef224 1996 web optional underscore_1.1.6-1+deb7u1.dsc 0291f19dbddd0d1436269ff412fec845 4371 web optional underscore_1.1.6-1+deb7u1.debian.tar.gz 22bbdc900c744327ec5f18d02cf94e54 30832 web optional libjs-underscore_1.1.6-1+deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQfF9PAAoJEIATJTTdNH3IOJwP/3uLs0ljk7n6AIqN0Zygv6vP 0/nphCDwnbUwPzPj873aeaSxkrVmZiTjH1TA7d9kaM8Gnhz3D4VUpC0A19FB35EO bnIy3Z0DxZpUUXupWn8eAZ8C5cjC+Im/m0Aodn4YlKRX0H8j4Ouk3KFbglohubuU GK9DHkQdPdeNrtoqvzYOatFnbQsEisSIJ+YlaOl/XIc5b2y302eWn5twR7MgBCU1 VlK7HOkUpEXq7WVh3t0PaI3XmzfgfyjFV3EyFEpH9s81v5K7TgBusvlaqZMHs4We 3FKzLtJw3R+Om6gbYoVebpeRudkWoK+NGaIEm2IEeyj0EYWywtm7j3rhT1WfWNDF AUGae5wRB6Y4q9ovhW3dvM0Nc/4UW9oKeo1Oc1GInhaQLClfgGeTd9SnH1LRtpgI goNF0FGpUZXBTwf04S2zP9ahN28W5xyQvvYJj3+ZPzr8CEOHucQ/Ixwi57AwT5No kiKHfN3+RkrbUXJxuOfcEA+1Cs7hrdNw+sRmUYrbGeJN+S5xIc2EoYxJ1LLrj/GI 6OfR77Q8mmq1rHfLy1Si4k6OKWkwVqS1IGCrRD0c3+LZjqPjPokjlmkxa7PfgVxK svQps3oD9TpDyiKyXm4b2/wfzMkMkmTdy96Ip6wAYxW16lwi5oXbNFPHKQOjcwtl Nlq9xD4zBT89fIBw/wqv =o8+t -END PGP SIGNATUREEnd Message---
Bug#690532: marked as done (CVE-2012-2248: build system paths used in -DCLIENT_PATH)
Your message dated Mon, 15 Oct 2012 19:17:47 + with message-id e1tnqad-bb...@franck.debian.org and subject line Bug#690532: fixed in isc-dhcp 4.2.4-3 has caused the Debian Bug report #690532, regarding CVE-2012-2248: build system paths used in -DCLIENT_PATH to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 690532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: isc-dhcp-client Version: 4.2.2.dfsg.1-5 Severity: critical Tags: security patch While debugging another issue, Mithrandir, mbiebl and I stumbled upon the following: All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the samba package is installed, are called with a PATH environment variable containing this: PATH=/home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin:/sbin:/bin:/usr/sbin:/usr/bin Since hooks (at least samba) can call arbitrary commands and are running as uid 0 (root), this poses a security issue when the following assumptions are true: 1. The system you want to exploit has samba installed (or any other package which comes with a dhclient-enter-hook). 2. The attacker has the possibility of obtaining the username zero79 and thus can create executable files in /home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin 3. The DHCP hook needs to be called to trigger the exploit, which happens at least on system start or after /etc/init.d/networking restart, possibly also when just renewing the dhcp-lease (unverified). Here is a demonstration of this issue: zero79@squeezevm:~$ id -a uid=1001(zero79) gid=1001(zero79) groups=1001(zero79) zero79@squeezevm:~$ mkdir -p source/git/isc-dhcp/debian/tmp/usr/sbin zero79@squeezevm:~$ cat source/git/isc-dhcp/debian/tmp/usr/sbin/mv 'EOF' #!/bin/sh echo my script is run as: $(whoami) $(id -a) /tmp/exploited EOF zero79@squeezevm:~$ chmod +x source/git/isc-dhcp/debian/tmp/usr/sbin/mv root@squeezevm:~# /etc/init.d/networking restart Restarting networking (via systemctl): networking.service. root@squeezevm:~# ls -hltr /tmp total 8.0K -rw-r--r-- 1 root root 966 Oct 14 13:42 samba -rw-r--r-- 1 root root 65 Oct 14 14:02 exploited root@squeezevm:~# cat /tmp/exploited my script is run as: root uid=0(root) gid=0(root) groups=0(root) At this point, zero79 has root access to the system. Raphael Geissert has resolved this issue in a timely fashion, his statement follows and his patch is attached: The insertion of that path does not appear to be malicious. Rather, it appears to be a mistake in debian/rules as --prefix is set to $(pwd)/debian/tmp/, instead of setting DESTDIR when calling make install. client/Makefile.am defines CLIENT_PATH to PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin, which is later injected into the env. Due to what appears to be a bug in squeeze's Makefile.am, squeeze is not affected. Attached patch fixes the problem. Since I've already built the package for wheezy, I'm going to upload it. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: armel i386 Kernel: Linux 3.5.0 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages isc-dhcp-client depends on: ii debianutils 4.3.2 ii iproute 20120521-3 ii isc-dhcp-common 4.2.2.dfsg.1-5 ii libc62.13-35 isc-dhcp-client recommends no packages. Versions of packages isc-dhcp-client suggests: pn avahi-autoipd none pn resolvconf none -- no debconf information diff -Nru isc-dhcp-4.2.2.dfsg.1/debian/rules isc-dhcp-4.2.2.dfsg.1/debian/rules --- isc-dhcp-4.2.2.dfsg.1/debian/rules 2012-09-17 16:48:31.0 -0500 +++ isc-dhcp-4.2.2.dfsg.1/debian/rules 2012-10-14 15:12:29.0 -0500 @@ -39,8 +39,8 @@ dh_testdir ./configure \ - --prefix=$(DESTDIR)/usr \ - --sysconfdir=$(DESTDIR)/etc/dhcp \ + --prefix=/usr \ + --sysconfdir=/etc/dhcp \ --with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \ --with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \ --with-cli-lease-file=/var/lib/dhcp/dhclient.leases \ @@ -67,8 +67,8 @@ dh_testdir ./configure \ - --prefix=$(DESTDIR)/usr \ - --sysconfdir=$(DESTDIR)/etc/dhcp \ + --prefix=/usr \ + --sysconfdir=/etc/dhcp \ --with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \ --with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \ --with-cli-lease-file=/var/lib/dhcp/dhclient.leases \ @@ -99,7 +99,7 @@ dh_installdirs -A # Add here
Processed: xserver-xorg-input-tslib unusable
Processing commands for cont...@bugs.debian.org: severity 674821 grave Bug #674821 [xserver-xorg-input-tslib] xserver-xorg-input-tslib: undefined symbol: xf86XInputSetScreen reported when X loads tslib_drv.so Severity set to 'grave' from 'important' thank Stopping processing here. Please contact me if you need assistance. -- 674821: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674821 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: retitle 576972 to libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS
Processing commands for cont...@bugs.debian.org: retitle 576972 libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS Bug #576972 [libatlas3gf-base] libatlas3gf-base: octave does not work with this version Bug #598638 [libatlas3gf-base] lapack: update-alternatives breaks application linking Bug #624318 [libatlas3gf-base] Subject: liblapack.so.3gf: undefined symbol: ATL_dGetNB Bug #638236 [libatlas3gf-base] /usr/lib/liblapack.so.3gf: undefined symbol: ATL_chem Bug #676726 [libatlas3gf-base] libopenblas-base, libatlas3-base: Coinstalling libatlas3-base and libopenblas-base breaks LAPACK Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS' from 'libatlas3gf-base: octave does not work with this version' Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS' from 'lapack: update-alternatives breaks application linking' Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS' from 'Subject: liblapack.so.3gf: undefined symbol: ATL_dGetNB' Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS' from '/usr/lib/liblapack.so.3gf: undefined symbol: ATL_chem' Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS' from 'libopenblas-base, libatlas3-base: Coinstalling libatlas3-base and libopenblas-base breaks LAPACK' thanks Stopping processing here. Please contact me if you need assistance. -- 576972: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576972 598638: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598638 624318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624318 638236: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638236 676726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676726 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: limit source to gnumed-client, tagging 685351
Processing commands for cont...@bugs.debian.org: #gnumed-client (1.1.17+dfsg-1) unstable; urgency=low # # * debian/JS: Provide source code of remaining JavaScript files #Closes: #685351 # limit source gnumed-client Limiting to bugs with field 'source' containing at least one of 'gnumed-client' Limit currently set to 'source':'gnumed-client' tags 685351 + pending Bug #685351 [src:gnumed-client] src:gnumed-client: Missing source code for *.js files Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 685351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#685351: marked as done (src:gnumed-client: Missing source code for *.js files)
Your message dated Mon, 15 Oct 2012 20:47:35 + with message-id e1tnrzx-0001pk...@franck.debian.org and subject line Bug#685351: fixed in gnumed-client 1.1.17+dfsg-1 has caused the Debian Bug report #685351, regarding src:gnumed-client: Missing source code for *.js files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 685351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: src:gnumed-client Version: 1.1.17-1 Severity: serious Justification: Policy 2.1 gnumed-doc installs /usr/share/doc/gnumed/user-manual/rsrc/System/JSTreeContrib/jquery.jstree.js. However, the file is present in the source package without source code. Instructions on which tools were used to create it are also missing. And the lack of copyright notices probably renders the package non-distributable. All or most of these issues seem to apply to other javascript files in the package (like jquery.foswiki.js). ---End Message--- ---BeginMessage--- Source: gnumed-client Source-Version: 1.1.17+dfsg-1 We believe that the bug you reported is fixed in the latest version of gnumed-client, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 685...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille ti...@debian.org (supplier of updated gnumed-client package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 15 Oct 2012 12:37:29 +0200 Source: gnumed-client Binary: gnumed-client gnumed-client-de gnumed-common gnumed-doc Architecture: source all Version: 1.1.17+dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian Med Packaging Team debian-med-packag...@lists.alioth.debian.org Changed-By: Andreas Tille ti...@debian.org Description: gnumed-client - medical practice management - Client gnumed-client-de - medical practice management - Client for German users gnumed-common - medical practice management - common files gnumed-doc - medical practice management - Documentation Closes: 685351 Changes: gnumed-client (1.1.17+dfsg-1) unstable; urgency=low . * debian/copyright: Document what JavaSource files are removed from upstream tarball * debian/README.source: Document that some JavaScript files were removed and some were provided as source * debian/JS: Provide source code of remaining JavaScript files Closes: #685351 * debian/dh_linktrees: deleted because dh_linktrees tries to work on files which are removed now - rather use dh_links instead Checksums-Sha1: 10bb08ed0f0d4d05b59b29855c71d2d215f74829 1683 gnumed-client_1.1.17+dfsg-1.dsc 56a29eeaae923622b407e05157f9c96c84262e8b 5387020 gnumed-client_1.1.17+dfsg.orig.tar.xz fd58d043d3c1b15fc95b061ab8efb4afd60db28b 33090 gnumed-client_1.1.17+dfsg-1.debian.tar.gz 0b482575a635b0f9c6e81f8579e16ab0497db9ab 1506650 gnumed-client_1.1.17+dfsg-1_all.deb d6bbe476153c43b64eb920027e00368d52c954d8 15910 gnumed-client-de_1.1.17+dfsg-1_all.deb 1e24d7e76349ee7ff57d6f9a3a44a41e1c9cfcd7 137188 gnumed-common_1.1.17+dfsg-1_all.deb 32785392c235f9cde07fb407b3fcea14c977d7c2 1053944 gnumed-doc_1.1.17+dfsg-1_all.deb Checksums-Sha256: e82cb58c193edb93b1a09afb157dd4f3ec14ad95e88859fb79554b279cbb0f48 1683 gnumed-client_1.1.17+dfsg-1.dsc 1a9437740a6d969a1158a858a0d2b985e0dd9e5bae8e1341059cbfbd59d90557 5387020 gnumed-client_1.1.17+dfsg.orig.tar.xz e18e88d97efab0294b4da7219756be98ba20098e5cff801fa1b7ef2ceaa65722 33090 gnumed-client_1.1.17+dfsg-1.debian.tar.gz eba73772a0e9c00eba9267d1ea3c28bcc3803abd29dc9bbeda07e284941a9b9e 1506650 gnumed-client_1.1.17+dfsg-1_all.deb 9e79f029f958531d651cd78081f3055b30900852669c59b4108d81030b926665 15910 gnumed-client-de_1.1.17+dfsg-1_all.deb 2f50bea3c186df498f1e9ce05b9d51d622aa60d8aebdb91152359fec4fa4ee97 137188 gnumed-common_1.1.17+dfsg-1_all.deb ca2512d4298d1c588bad01bf929d2af9dc9b072090da19468d2febdd6d3d9ad7 1053944 gnumed-doc_1.1.17+dfsg-1_all.deb Files: 86b7dea626886fe769e96950630ec1e4 1683 misc optional gnumed-client_1.1.17+dfsg-1.dsc c2edee90656b87fbe70c75a6f1a9061a 5387020 misc optional gnumed-client_1.1.17+dfsg.orig.tar.xz
Bug#680816: marked as done (libcatalyst-plugin-unicode-encoding-perl: FTBFS: tests failed)
Your message dated Mon, 15 Oct 2012 21:17:38 + with message-id e1tns2c-0003f5...@franck.debian.org and subject line Bug#680816: fixed in libcatalyst-perl 5.90015-1 has caused the Debian Bug report #680816, regarding libcatalyst-plugin-unicode-encoding-perl: FTBFS: tests failed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 680816: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: libcatalyst-plugin-unicode-encoding-perl Version: 1.7-1 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20120708 qa-ftbfs Justification: FTBFS on amd64 Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part: make[1]: Entering directory `/«PKGBUILDDIR»' PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e test_harness(0, 'inc', 'blib/lib', 'blib/arch') t/*.t t/01use.t . ok t/04live.t ok t/05config.t .. ok t/06request_decode.t .. ok t/07nested_params.t ... skipped: Need Catalyst::Plugin::Params::Nested # Failed test at t/08charset_utf8.t line 21. # got: '2' # expected: '1' # Failed test at t/08charset_utf8.t line 26. # got: '2' # expected: '1' # Looks like you failed 2 tests of 7. t/08charset_utf8.t Dubious, test returned 2 (wstat 512, 0x200) Failed 1/6 test programs. 2/52 subtests failed. Failed 2/7 subtests Test Summary Report --- t/08charset_utf8.t (Wstat: 512 Tests: 7 Failed: 2) Failed tests: 4, 6 Non-zero exit status: 2 Files=6, Tests=52, 3 wallclock secs ( 0.04 usr 0.03 sys + 3.26 cusr 0.31 csys = 3.64 CPU) Result: FAIL make[1]: *** [test_dynamic] Error 2 The full build log is available from: http://people.debian.org/~lucas/logs/2012/07/08/libcatalyst-plugin-unicode-encoding-perl_1.7-1_unstable.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on EC2 VM instances from Amazon Web Services, using a clean, minimal and up-to-date chroot. Every failed build was retried once to eliminate random failures. ---End Message--- ---BeginMessage--- Source: libcatalyst-perl Source-Version: 5.90015-1 We believe that the bug you reported is fixed in the latest version of libcatalyst-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 680...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. intrigeri intrig...@debian.org (supplier of updated libcatalyst-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 17 Jul 2012 19:10:37 -0500 Source: libcatalyst-perl Binary: libcatalyst-perl Architecture: source all Version: 5.90015-1 Distribution: unstable Urgency: low Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: intrigeri intrig...@debian.org Description: libcatalyst-perl - elegant Model-View-Controller Web Application Framework Closes: 680816 681422 681423 681425 683656 Changes: libcatalyst-perl (5.90015-1) unstable; urgency=low . * Team upload. . [ Jotam Jr. Trejo ] * Imported Upstream version 5.90015 - fixes the FTBFS in libtest-www-mechanize-catalyst-perl (Closes: #681422) - fixes Catalyst-Plugin-StackTrace (Closes: #681423) - fixes Catalyst-Plugin-Session-State-Cookie (Closes: #681425) - fixes Catalyst-Plugin-Unicode-Encoding (Closes: #680816) * Added myself to Uploaders and Copyright . [ intrigeri ] * Drop erroneous and harmful Conflicts/Provides/Replaces on libcatalyst-controller-actionrole-perl. Closes: #683656 * Add Breaks on libcatalystx-simplelogin-perl ( 0.17) and libcatalyst-actionrole-acl-perl ( 0.07). Checksums-Sha1: 6be47cedd46ec974b8dd265c0642f18ec6273eac 3798 libcatalyst-perl_5.90015-1.dsc a0f844ae404fa98a29aaceef7948cf34af46f8af 273978 libcatalyst-perl_5.90015.orig.tar.gz 26c5ee47532d80c55642b97b0db694dfcc6fc3a8 9112 libcatalyst-perl_5.90015-1.debian.tar.xz
Bug#683656: marked as done (libcatalyst-perl: Drop erroneous and harmful Conflicts/Provides/Replaces on libcatalyst-controller-actionrole-perl)
Your message dated Mon, 15 Oct 2012 21:17:38 + with message-id e1tns2c-0003fp...@franck.debian.org and subject line Bug#683656: fixed in libcatalyst-perl 5.90015-1 has caused the Debian Bug report #683656, regarding libcatalyst-perl: Drop erroneous and harmful Conflicts/Provides/Replaces on libcatalyst-controller-actionrole-perl to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683656 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libcatalyst-controller-actionrole-perl Version: 0.15-1 Severity: serious Tags: sid Justification: uninstallable in sid User: debian...@lists.debian.org Usertags: piuparts Hi, libcatalyst-controller-actionrole-perl is no longer installable in sid as it was merged into libcatalyst-perl [1]. The upgrade path shoudl work without transitional packages since * old libcatalyst-controller-actionrole-perl Depends: libcatalyst-perl * new libcatalyst-perl Conflicts/Replaces/Provides libcatalyst-controller-actionrole-perl I'm not sure what would happen in wheezy if this package is removed from sid right now - are there enough rdepends to keep it in wheezy? [1] http://packages.qa.debian.org/libc/libcatalyst-perl/news/20120626T041806Z.html Andreas ---End Message--- ---BeginMessage--- Source: libcatalyst-perl Source-Version: 5.90015-1 We believe that the bug you reported is fixed in the latest version of libcatalyst-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. intrigeri intrig...@debian.org (supplier of updated libcatalyst-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 17 Jul 2012 19:10:37 -0500 Source: libcatalyst-perl Binary: libcatalyst-perl Architecture: source all Version: 5.90015-1 Distribution: unstable Urgency: low Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org Changed-By: intrigeri intrig...@debian.org Description: libcatalyst-perl - elegant Model-View-Controller Web Application Framework Closes: 680816 681422 681423 681425 683656 Changes: libcatalyst-perl (5.90015-1) unstable; urgency=low . * Team upload. . [ Jotam Jr. Trejo ] * Imported Upstream version 5.90015 - fixes the FTBFS in libtest-www-mechanize-catalyst-perl (Closes: #681422) - fixes Catalyst-Plugin-StackTrace (Closes: #681423) - fixes Catalyst-Plugin-Session-State-Cookie (Closes: #681425) - fixes Catalyst-Plugin-Unicode-Encoding (Closes: #680816) * Added myself to Uploaders and Copyright . [ intrigeri ] * Drop erroneous and harmful Conflicts/Provides/Replaces on libcatalyst-controller-actionrole-perl. Closes: #683656 * Add Breaks on libcatalystx-simplelogin-perl ( 0.17) and libcatalyst-actionrole-acl-perl ( 0.07). Checksums-Sha1: 6be47cedd46ec974b8dd265c0642f18ec6273eac 3798 libcatalyst-perl_5.90015-1.dsc a0f844ae404fa98a29aaceef7948cf34af46f8af 273978 libcatalyst-perl_5.90015.orig.tar.gz 26c5ee47532d80c55642b97b0db694dfcc6fc3a8 9112 libcatalyst-perl_5.90015-1.debian.tar.xz 28c87c3a7023b8a0bafe0743700d23a61f39ce90 282924 libcatalyst-perl_5.90015-1_all.deb Checksums-Sha256: 2745653983150329b9518c805dd7d28dcfb361027fbca7e9860125c8bd79d351 3798 libcatalyst-perl_5.90015-1.dsc f7ffc991ee3b50ef2153156f96586421bab14d0d01e6ec83095b047c79defc3a 273978 libcatalyst-perl_5.90015.orig.tar.gz f35e7e756ca4ce37615eab43a537a3a38ce401bb206ed60a5dd5370d858a024b 9112 libcatalyst-perl_5.90015-1.debian.tar.xz b7dbc2f6cb99f450983e4acf4c95fec3d480c71485379c6100fe41659af016d0 282924 libcatalyst-perl_5.90015-1_all.deb Files: 9b8734ac249616364536850b26c58c72 3798 perl optional libcatalyst-perl_5.90015-1.dsc 1a9698eeac5e5c958df5d509c2a342c6 273978 perl optional libcatalyst-perl_5.90015.orig.tar.gz ad7d51011a11980d288d3084e60d5034 9112 perl optional libcatalyst-perl_5.90015-1.debian.tar.xz cef21c5d892429eb3227009e8bc09068 282924 perl optional libcatalyst-perl_5.90015-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux)
Bug#674324: marked as done (ruby-net-sftp: FTBFS: test failed)
Your message dated Mon, 15 Oct 2012 21:36:30 + with message-id e1tnsks-000861...@franck.debian.org and subject line Bug#674324: fixed in ruby-net-sftp 1:2.0.5-3 has caused the Debian Bug report #674324, regarding ruby-net-sftp: FTBFS: test failed to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 674324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674324 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: ruby-net-sftp Version: 1:2.0.5-2 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20120524 qa-ftbfs Justification: FTBFS on amd64 Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part: fakeroot debian/rules binary dh binary --buildsystem=ruby --with ruby dh_testroot -O--buildsystem=ruby dh_prep -O--buildsystem=ruby dh_installdirs -O--buildsystem=ruby dh_auto_install -O--buildsystem=ruby Entering dh_ruby --install install -d /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby install -D -m644 lib/net/sftp.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp.rb install -D -m644 lib/net/sftp/constants.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/constants.rb install -D -m644 lib/net/sftp/version.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/version.rb install -D -m644 lib/net/sftp/request.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/request.rb install -D -m644 lib/net/sftp/operations/download.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/download.rb install -D -m644 lib/net/sftp/operations/dir.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/dir.rb install -D -m644 lib/net/sftp/operations/file_factory.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/file_factory.rb install -D -m644 lib/net/sftp/operations/upload.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/upload.rb install -D -m644 lib/net/sftp/operations/file.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/file.rb install -D -m644 lib/net/sftp/response.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/response.rb install -D -m644 lib/net/sftp/packet.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/packet.rb install -D -m644 lib/net/sftp/protocol.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol.rb install -D -m644 lib/net/sftp/protocol/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/base.rb install -D -m644 lib/net/sftp/protocol/03/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/03/base.rb install -D -m644 lib/net/sftp/protocol/04/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/04/base.rb install -D -m644 lib/net/sftp/protocol/04/name.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/04/name.rb install -D -m644 lib/net/sftp/protocol/04/attributes.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/04/attributes.rb install -D -m644 lib/net/sftp/protocol/01/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/01/base.rb install -D -m644 lib/net/sftp/protocol/01/name.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/01/name.rb install -D -m644 lib/net/sftp/protocol/01/attributes.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/01/attributes.rb install -D -m644 lib/net/sftp/protocol/06/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/06/base.rb install -D -m644 lib/net/sftp/protocol/06/attributes.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/06/attributes.rb install -D -m644 lib/net/sftp/protocol/02/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/02/base.rb install -D -m644 lib/net/sftp/protocol/05/base.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/05/base.rb install -D -m644 lib/net/sftp/errors.rb /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/errors.rb install -D -m644 lib/net/sftp/session.rb
Processed: Re: Bug#689221: installation-reports: QNAP TS-409U does not reboot after installation
Processing commands for cont...@bugs.debian.org: reassign 689221 mdadm Bug #689221 [installation-reports] installation-reports: QNAP TS-409U does not reboot after installation Bug reassigned from package 'installation-reports' to 'mdadm'. Ignoring request to alter found versions of bug #689221 to the same values previously set Ignoring request to alter fixed versions of bug #689221 to the same values previously set found 689221 3.1.4-1+8efb9d1+squeeze1 Bug #689221 [mdadm] installation-reports: QNAP TS-409U does not reboot after installation Marked as found in versions mdadm/3.1.4-1+8efb9d1+squeeze1. forcemerge 621786 689221 Bug #621786 [mdadm] mdadm: invalid pointer or memory corruption on armel system when accessing mtdblock devices Bug #689221 [mdadm] installation-reports: QNAP TS-409U does not reboot after installation Severity set to 'critical' from 'important' There is no source info for the package 'mdadm' at version '3.1.4.1-0' with architecture '' Unable to make a source version for version '3.1.4.1-0' Marked as found in versions 3.1.4.1-0. Added tag(s) moreinfo. Bug #621786 [mdadm] mdadm: invalid pointer or memory corruption on armel system when accessing mtdblock devices There is no source info for the package 'mdadm' at version '3.1.4.1-0' with architecture '' Unable to make a source version for version '3.1.4.1-0' Marked as found in versions mdadm/3.1.4-1+8efb9d1+squeeze1. Merged 621786 689221 usertags 621786 + pca.it-installation User is l...@pca.it There were no usertags set. Usertags are now: pca.it-installation. thanks Stopping processing here. Please contact me if you need assistance. -- 621786: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621786 689221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690594: tasksel: execution aborted due to compilation errors
Package: tasksel Version: 3.13 Severity: serious Hi, After upgrading from tasksel 2.89, I get the following error: $ tasksel --help Type of arg 1 to each must be hash (not subroutine entry) at /usr/bin/tasksel line 223, near )) Execution of /usr/bin/tasksel aborted due to compilation errors. Seems like you should 'use 5.014' and/or have a versioned Depends on perl-base. Cheers, Raphael Geissert -- System Information: Debian Release: wheezy/sid APT prefers testing Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Versions of packages tasksel depends on: ii apt 0.8.15.10 ii debconf [debconf-2.0] 1.5.38 ii liblocale-gettext-perl 1.05-6 ii tasksel-data3.13 tasksel recommends no packages. tasksel suggests no packages. -- debconf information: tasksel/title: tasksel/desktop: gnome tasksel/first: Laptop, Standard system tasksel/tasks: -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#684535: ping for unblock (hyperestraier: FTBFS on s390x)
hi, On Fri, Oct 12, 2012 at 9:16 AM, Hideki Yamane henr...@debian.or.jp wrote: Hi, Have you already asked for unblock? I haven't yet, I should clear up some tasks about this. regards, -- KURASHIKI Satoru -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#685970: openjpeg: CVE-2012-3535
I've uploaded an nmu to delayed/2 fixing this issue. See attached patch diffed against testing and includes the multiarch conversion as well. Best wishes, Mike openjpeg.patch Description: Binary data
Bug#690142: remote named DoS on recursor (CVE-2012-5166)
Hi, I've canceled this nmu. There were a lot of Makefile and other files unrelated to the security fix that got included vs -4.2. Also, an nmu requirement is to attach the full diff to the bug report to help the maintainer out later. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#684535: ping for unblock (hyperestraier: FTBFS on s390x)
user debian-de...@debian.or.jp usertags 684535 debianjp thanks On Tue, 16 Oct 2012 08:53:08 +0900 Satoru KURASHIKI lur...@gmail.com wrote: I haven't yet, I should clear up some tasks about this. Okay, please let me know if it'd be okay. -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690632: solarpowerlog: bashism in /bin/sh script
Package: solarpowerlog Version: 0.23a-1 Severity: serious User: debian-rele...@lists.debian.org Usertags: goal-dash Hello maintainer, While performing an archive wide checkbashisms (from the 'devscripts' package) check I've found your package containing a /bin/sh script making use of a bashism. checkbashisms' output: possible bashism in ./etc/init.d/solarpowerlog line 59 (alternative test command ([[ foo ]] should be [ foo ])): [[ ! -e $PIDDIR ]] mkdir -p $PIDDIR chown $USER $PIDDIR possible bashism in ./etc/init.d/solarpowerlog line 63 (alternative test command ([[ foo ]] should be [ foo ])): [[ ! -e $LOGDIR ]] mkdir -p $LOGDIR chown $USER $LOGDIR Not using bash (or a Debian Policy conformant shell interpreter which doesn't provide such an extra feature) as /bin/sh is likely to lead to errors or unexpected behaviours. You can find hints about how to fix bashisms at: https://wiki.ubuntu.com/DashAsBinSh Thank you, Raphael Geissert -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#690556: marked as done (condor: CVE-2012-4462)
Your message dated Tue, 16 Oct 2012 07:47:04 +0200 with message-id 20121016054704.ga20...@inutil.org and subject line Re: [condor-debian] Bug#690556: condor: CVE-2012-4462 has caused the Debian Bug report #690556, regarding condor: CVE-2012-4462 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 690556: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: condor Severity: grave Tags: security patch Justification: user security hole Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for details and a patch. Cheers, Moritz ---End Message--- ---BeginMessage--- On Mon, Oct 15, 2012 at 10:46:02AM -0500, Jaime Frey wrote: On Oct 15, 2012, at 9:01 AM, Moritz Muehlenhoff j...@inutil.org wrote: Package: condor Severity: grave Tags: security patch Justification: user security hole Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for details and a patch. This bug only affects the Aviary contrib module, which isn't built in the Debian condor package. Thanks, I'll update the Debian Security Tracker. Cheers, Moritz---End Message---
Bug#690655: RM: openvas2 [wheezy] -- RoM; abandoned-upstream
Package: release.debian.org Version: N/A Priority: grave Tags: rm I would like to request the Release Managers to remove *all* of the OpenVAS 2.x packages from the current testing distribution. This includes the following packages: - libopenvas2 / libopenvas2-dev (version 2.0.4-2.1) - libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1) - openvas-client (version 2.0.5-1.1) - openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2) - openvas-server / openvas-server-dev (version 2.0.3-6) In addition, please also remove the following package: - harden-remoteaudit: it depends on openvas-server (I have sent a bug to the package to update this dependency) Support for OpenVAS 2 was discontinued last year [2]. Providing OpenVAS 2 to our Debian 'stable' users in our upcoming release is not really a good idea. Even though the scanner/client works 'as it is', users will not be able to download new plugins for this release from the OpenVAs servers and it will not be possible for them to find recent vulnerabilities in hosts they scan. For the last 2 years I have provided experimental versions of OpenVAS 3, which seem to have not received to much attention from users. In any case since that version is also going to be discontinued upstream. Since the latest OpenVAS release is version 5 [1] (released May this year) I will work towards providing OpenVAS 5 in our unstable distribution. And, once available, will try to make backports available for Wheezy too. Removing the OpenVAS 2 packages from testing simplifies handling upgrades to the newer version and also installations of the backports of OpenVAS 5 packages in Wheezy. Regards Javier signature.asc Description: Digital signature