Bug#687923: [pkg-bacula-devel] Bug#687923: bacula: needs update for wheezy

[Alexander Golovko]

В Sun, 14 Oct 2012 15:57:40 +0200
Thijs Kinkhorst th...@debian.org пишет:

 Hi,
 
 CVE-2012-4430 was fixed in unstable and stable, thanks for that, but
 wheezy is still lacking the fix. This is because the unstable version
 cannot migrate due to it containing many auxilliary fixes. Could you
 coordinate with the release team to make an upload to
 testing-proposed-updates with the security fix?

Thank you for reminder, i'm already in work on preparing upload
to wheezy (see #689003)

-- 
with best regards,
Alexander Golovko
email: alexan...@ankalagon.ru
xmpp: alexan...@ankalagon.ru


signature.asc
Description: PGP signature

Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf

[Franck Joncourt]

Hi Gregor,

I have not found the time to work on psad since Wedneday, so if you want to fix 
psad please do so. I let you know when I am ready to work on it.


Regards,

--
Franck


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690492: love_0.8.0-2_i386.changes REJECTED

[Bas Wijnen]

On Sun, Oct 14, 2012 at 11:05:28PM +0200, Ansgar Burchardt wrote:
  Update: this bug was already worked around in the Debian package: the
  files included by upstream are not used, and the debian library package
  is used instead. The embeded copy is in the upstream source, and that is
  an upstream bug (which should trigger the lintian warning).
 
 Are you sure the Debian package does not use the embedded copy? The
 lintian error seems to be triggered by the binary package (as it
 includes the path).

I was pretty sure, but you seem to be right. Ah, now I see: here's the
entry from the changelog:
* Tried to removed internal glee, but it doesn't seem to like the
system's one

So it wasn't used, indeed.

Thanks for the clarification,
Bas


signature.asc
Description: Digital signature

Bug#688413: accountsservice: Makes gnome-shell crash

[Josselin Mouette]

Le dimanche 14 octobre 2012 à 11:37 +0200, Gianluca Ciccarelli a
écrit : 
 tags 688413 + unreproducible
 
 In wheezy i386 I have switched back and forth between two
 users, without seeing the error reported. I didn't
 experience it in sid i386 either.

My way to reproduce it is:
- login user1
- gdmflexiserver, login user2
- gdmflexiserver, login user3
- logout user3
- at the login prompt, log as user1
- the VT switches to vt7 (user1) but user1’s shell crashes.

-- 
 .''`.  Josselin Mouette
: :' :
`. `'
  `-


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#688847: libav: multiple CVEs in ffmpeg/libav

[Moritz Muehlenhoff]

On Sun, Oct 14, 2012 at 05:00:54PM -0400, Reinhard Tartler wrote:
 On Wed, Sep 26, 2012 at 4:22 AM, Yves-Alexis Perez cor...@debian.org wrote:
  Source: libav
  Severity: grave
  Justification: user security hole
 
  Hi,
 
  it seems that a huge pile of CVE were allocated for ffmpeg/libav
 
 short status update:
 
 Most/all of the CVEs have now been backported upstream. Before
 releaseing 0.8.4, I need to review the list to ensure that nothing was
 forgotten. You can help with this by reviewing the list here:
 
 http://git.libav.org/?p=libav.git;a=shortlog;h=refs/heads/release/0.8

Hi Reinhard,
I double-checked the list and the following CVE IDs fixed in the ffmpeg
0.11 release are not yet present in the 0.8 git branch (some are ffmpeg-specific
I suppose):

CVE-2012-2774, 59a4b73531428d2f420b4dad545172c8483ced0f
CVE-2012-2782, 9a57a37b7041581c10629c8241260a5d7bfbc1e7
CVE-2012-2783, d85b3c4fff4c4b255232fcc01edbd57f19d60998
CVE-2012-2785, 326f7a68bbd429c63fd2f19f4050658982b5b081
   d462949974668ffb013467d12dc4934b9106fe19
CVE-2012-2790, 2837d8dc276760db1821b81df3f794a90bfa56e6
CVE-2012-2791, 0846719dd11ab3f7a7caee13e7af71f71d913389
CVE-2012-2792, d442c4462a2692e27a24e1a9d0eb6f18725c7bd8
CVE-2012-2795, a0abefb0af64a311b15141062c77dd577ba590a3
   2a7063de547b1d8fb1cef523469390fb59fb2c50
   b3a43515827f3d22a881c33b87384f01c86786fd
CVE-2012-2796, 5e59a77cec804a9b44c60ea22c17beba6453ef23
CVE-2012-2797, cca9528524c7a4b91451f4322bd50849af5d057e
CVE-2012-2799, 64bd7f8e4db1742e86c5ed02bd530688b74063e3
CVE-2012-2803, 951cbea56fdc03ef96d07fbd7e5bed755d42ac8a
CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04

None of these are merged into 0.5.x, has the code diverged so much?

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690492: marked as done (love: uses embedded copy of GLee)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 07:48:23 +
with message-id e1tnfpt-0004kl...@franck.debian.org
and subject line Bug#690492: fixed in love 0.8.0-2
has caused the Debian Bug report #690492,
regarding love: uses embedded copy of GLee
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690492: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690492
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: love
Version: 0.8.0-1
Severity: serious
Justification: package gets rejected by ftp-master.

LÖVE includes a copy of GLee, which is also packaged in Debian. It
should use that package instead.


signature.asc
Description: Digital signature
---End Message---
---BeginMessage---
Source: love
Source-Version: 0.8.0-2

We believe that the bug you reported is fixed in the latest version of
love, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Wijnen wij...@debian.org (supplier of updated love package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 14 Oct 2012 15:01:02 +0200
Source: love
Binary: love love-dbg love-doc
Architecture: source all i386
Version: 0.8.0-2
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Bas Wijnen wij...@debian.org
Description: 
 love   - 2D game development framework based on Lua and OpenGL
 love-dbg   - 2D game development framework - debugging symbols
 love-doc   - 2D game development framework - documentation
Closes: 690394 690492 690494
Changes: 
 love (0.8.0-2) unstable; urgency=low
 .
   * Team upload.
   * Convert copyright file to machine readable format.
   * Add copyright information for utf8-cpp. Closes: #690394
   * Add hardening flags to build rules. Closes: #690494
   * Replace included GLee with system version. Closes: #690492
Checksums-Sha1: 
 bd6af0bbe9d39437bdea786b3c6962ca9a95325d 2194 love_0.8.0-2.dsc
 9d192eb240d6aa6d35bf6f8813cf92b863a77f33 105808 love_0.8.0-2.debian.tar.bz2
 768b3d2d483b14fe5bfa94d3f203f2fadbe7b9db 894842 love-doc_0.8.0-2_all.deb
 e18ca8d7de44dfb7ae51cb9d17d821d499dcf07b 930976 love_0.8.0-2_i386.deb
 f30da44ddbca48fe22f272c461b882fa1ff351d0 3624562 love-dbg_0.8.0-2_i386.deb
Checksums-Sha256: 
 4579602229b0faa24cf1021ad234c7715abec5a26ae0a7f041b54ec5346b6c17 2194 
love_0.8.0-2.dsc
 998d1f2aecc3133979f632524aa6f5d16b03973325efd413fbf81bf7cc32e164 105808 
love_0.8.0-2.debian.tar.bz2
 b0cebae3d3e0558ccf8042bd764592ce4df0225df63652b51592e0e730e1c092 894842 
love-doc_0.8.0-2_all.deb
 b65b8f9cfa20a9b969c3f2582401953da4ccb8b51a95f330478d7de9acd9a5d9 930976 
love_0.8.0-2_i386.deb
 aef2758d29a79e8ac895a8d42ea902552e35b49ed3f8148e1d1bc4036e602b80 3624562 
love-dbg_0.8.0-2_i386.deb
Files: 
 633bc3900878939bc2b1b108a7d04301 2194 interpreters optional love_0.8.0-2.dsc
 b70b8d39b160d1ec60d2658113aa0ee0 105808 interpreters optional 
love_0.8.0-2.debian.tar.bz2
 d1e77a8acf2d213da533e43c2be5e683 894842 doc optional love-doc_0.8.0-2_all.deb
 65ff5f45aeb2c63dbe3f19888b865b1d 930976 interpreters optional 
love_0.8.0-2_i386.deb
 8f1318652a8652285188218bae93c3f4 3624562 debug extra love-dbg_0.8.0-2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlB7vZMACgkQFShl+2J8z5XGdgCfZUYX9ThOoUB4/DAFw9UyrFbl
KA4An2kyJpyVX8lhpmHhjDcoV/cTUbSn
=DyUm
-END PGP SIGNATUREEnd Message---

Bug#690394: marked as done (love: incomplete copyright file)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 07:48:23 +
with message-id e1tnfpt-0004kf...@franck.debian.org
and subject line Bug#690394: fixed in love 0.8.0-2
has caused the Debian Bug report #690394,
regarding love: incomplete copyright file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690394
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---

Source: love
Version: 0.8.0-1
Severity: serious
Justification: Policy 12.5

src/libraries/utf8/ contains embedded copy of the UTF8-CPP library, 
which is copyrighted by Nemanja Trifunovic and licensed under the Boost 
Software License. This information is not included in the copyright 
file.


--
Jakub Wilk
---End Message---
---BeginMessage---
Source: love
Source-Version: 0.8.0-2

We believe that the bug you reported is fixed in the latest version of
love, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Wijnen wij...@debian.org (supplier of updated love package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 14 Oct 2012 15:01:02 +0200
Source: love
Binary: love love-dbg love-doc
Architecture: source all i386
Version: 0.8.0-2
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Bas Wijnen wij...@debian.org
Description: 
 love   - 2D game development framework based on Lua and OpenGL
 love-dbg   - 2D game development framework - debugging symbols
 love-doc   - 2D game development framework - documentation
Closes: 690394 690492 690494
Changes: 
 love (0.8.0-2) unstable; urgency=low
 .
   * Team upload.
   * Convert copyright file to machine readable format.
   * Add copyright information for utf8-cpp. Closes: #690394
   * Add hardening flags to build rules. Closes: #690494
   * Replace included GLee with system version. Closes: #690492
Checksums-Sha1: 
 bd6af0bbe9d39437bdea786b3c6962ca9a95325d 2194 love_0.8.0-2.dsc
 9d192eb240d6aa6d35bf6f8813cf92b863a77f33 105808 love_0.8.0-2.debian.tar.bz2
 768b3d2d483b14fe5bfa94d3f203f2fadbe7b9db 894842 love-doc_0.8.0-2_all.deb
 e18ca8d7de44dfb7ae51cb9d17d821d499dcf07b 930976 love_0.8.0-2_i386.deb
 f30da44ddbca48fe22f272c461b882fa1ff351d0 3624562 love-dbg_0.8.0-2_i386.deb
Checksums-Sha256: 
 4579602229b0faa24cf1021ad234c7715abec5a26ae0a7f041b54ec5346b6c17 2194 
love_0.8.0-2.dsc
 998d1f2aecc3133979f632524aa6f5d16b03973325efd413fbf81bf7cc32e164 105808 
love_0.8.0-2.debian.tar.bz2
 b0cebae3d3e0558ccf8042bd764592ce4df0225df63652b51592e0e730e1c092 894842 
love-doc_0.8.0-2_all.deb
 b65b8f9cfa20a9b969c3f2582401953da4ccb8b51a95f330478d7de9acd9a5d9 930976 
love_0.8.0-2_i386.deb
 aef2758d29a79e8ac895a8d42ea902552e35b49ed3f8148e1d1bc4036e602b80 3624562 
love-dbg_0.8.0-2_i386.deb
Files: 
 633bc3900878939bc2b1b108a7d04301 2194 interpreters optional love_0.8.0-2.dsc
 b70b8d39b160d1ec60d2658113aa0ee0 105808 interpreters optional 
love_0.8.0-2.debian.tar.bz2
 d1e77a8acf2d213da533e43c2be5e683 894842 doc optional love-doc_0.8.0-2_all.deb
 65ff5f45aeb2c63dbe3f19888b865b1d 930976 interpreters optional 
love_0.8.0-2_i386.deb
 8f1318652a8652285188218bae93c3f4 3624562 debug extra love-dbg_0.8.0-2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlB7vZMACgkQFShl+2J8z5XGdgCfZUYX9ThOoUB4/DAFw9UyrFbl
KA4An2kyJpyVX8lhpmHhjDcoV/cTUbSn
=DyUm
-END PGP SIGNATUREEnd Message---

Bug#689371: marked as done (scscp-imcce: FTBFS on some systems: scscpscconnect test hangs)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 08:49:07 +
with message-id e1tngmf-0007mr...@franck.debian.org
and subject line Bug#689371: fixed in scscp-imcce 0.7.1+ds-1
has caused the Debian Bug report #689371,
regarding scscp-imcce: FTBFS on some systems: scscpscconnect test hangs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689371
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: scscp-imcce
Version: 0.7.0+ds-2
Severity: serious
Justification: fails to build from source

Builds of scscp-imcce for several platforms (in virtual environments
with networking aggressively disabled?) have been failing because the
scscpscconnect test hangs:

PASS: scscpgetversion
make[3]: *** [check-TESTS] Terminated
make[1]: *** wait: No child processes.  Stop.
make[1]: *** Waiting for unfinished jobs
make[1]: *** wait: No child processes.  Stop.
make[2]: *** [check-am] Terminated
make: *** [build-arch] Terminated
Build killed with signal TERM after 150 minutes of inactivity

Could you please take a look?

Thanks!
---End Message---
---BeginMessage---
Source: scscp-imcce
Source-Version: 0.7.1+ds-1

We believe that the bug you reported is fixed in the latest version of
scscp-imcce, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jerome Benoit calcu...@rezozer.net (supplier of updated scscp-imcce package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 14 Oct 2012 22:48:17 +
Source: scscp-imcce
Binary: libscscp0 libscscp0-dev libscscp0-dbg libscscp-doc
Architecture: source amd64 all
Version: 0.7.1+ds-1
Distribution: unstable
Urgency: low
Maintainer: Debian Science Maintainers 
debian-science-maintain...@lists.alioth.debian.org
Changed-By: Jerome Benoit calcu...@rezozer.net
Description: 
 libscscp-doc - IMCCE SCSCP C Library -- reference manual
 libscscp0  - IMCCE SCSCP C Library -- library package
 libscscp0-dbg - IMCCE SCSCP C Library -- debug symbols package
 libscscp0-dev - IMCCE SCSCP C Library -- development package
Closes: 689371
Changes: 
 scscp-imcce (0.7.1+ds-1) unstable; urgency=low
 .
   * New upstream version:
 - Fix test hangs. (Closes: #689371)
 - Integrate previous minor fixes.
   * Debianization:
 - Update debian/repack script.
 - Minor fixes.
Checksums-Sha1: 
 b68598eb965626ff21ca2ac9dbc4fd2bd043a1c0 2225 scscp-imcce_0.7.1+ds-1.dsc
 8765394afb10959cf5e70b1db8007555a26acd03 94572 scscp-imcce_0.7.1+ds.orig.tar.xz
 593e70d639262dd1b6cef03e2d3212f3523d2aa2 8984 
scscp-imcce_0.7.1+ds-1.debian.tar.xz
 7f1a043e05f6bc9c8e6e7b21c28378e83e667641 77444 libscscp0_0.7.1+ds-1_amd64.deb
 4fe620630b9a59e0488558bca67a2a72fd1f506f 71852 
libscscp0-dev_0.7.1+ds-1_amd64.deb
 c50dc3021131082e2be43b7a6dc5b2d064eb4085 149118 
libscscp0-dbg_0.7.1+ds-1_amd64.deb
 40fd37b5286feaf5ffe029620ef4a99c9c5c5017 424310 libscscp-doc_0.7.1+ds-1_all.deb
Checksums-Sha256: 
 d4353bcc0ddb66a721b1ad237beba01c9290aa91e7c6b0a9f99da892d8392389 2225 
scscp-imcce_0.7.1+ds-1.dsc
 092ca78f74ab04c7e94616346a608af2926b5a5229f5591f7a9606b78a32352b 94572 
scscp-imcce_0.7.1+ds.orig.tar.xz
 2873d6604ac697890db46d631c2e9ea252510846fd669546a2b53f558251ee3b 8984 
scscp-imcce_0.7.1+ds-1.debian.tar.xz
 3ae7b406cad163994968025929d02d9b069857840ced0ddb37490bec6d5e346a 77444 
libscscp0_0.7.1+ds-1_amd64.deb
 582e319cd516455ff7f2bd8d9e90cac64084ff2486b6402735b12616438164a0 71852 
libscscp0-dev_0.7.1+ds-1_amd64.deb
 ae4eadb51291d0109e27c99c25f702501bef1ca231ab085003ae3c21e8b12fd9 149118 
libscscp0-dbg_0.7.1+ds-1_amd64.deb
 e386a224a2f4f3477bfc4426713a3708d0bb1e98c4f9f9834c8377f99fcee533 424310 
libscscp-doc_0.7.1+ds-1_all.deb
Files: 
 b154ce190f006db836d8e09e8698d6f6 2225 math extra scscp-imcce_0.7.1+ds-1.dsc
 e14c35c7109abc92f6efa3edf612835c 94572 math extra 
scscp-imcce_0.7.1+ds.orig.tar.xz
 e5e9f672b4686b0d36dacf4a49b9a246 8984 math extra 
scscp-imcce_0.7.1+ds-1.debian.tar.xz
 e3955af1d4e5485bae34ee9e475eb5fb 77444 libs extra 
libscscp0_0.7.1+ds-1_amd64.deb
 ea61b8412e7f152c0dfabd8365a13d5f 71852 libdevel extra 

Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH

[Michael Stapelberg]

Package: isc-dhcp-client
Version: 4.2.2.dfsg.1-5
Severity: critical
Tags: security patch


While debugging another issue, Mithrandir, mbiebl and I stumbled upon
the following:

All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the
samba package is installed, are called with a PATH environment variable
containing this:

PATH=/home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin:/sbin:/bin:/usr/sbin:/usr/bin

Since hooks (at least samba) can call arbitrary commands and are
running as uid 0 (root), this poses a security issue when the following
assumptions are true:

1. The system you want to exploit has samba installed (or any other
   package which comes with a dhclient-enter-hook).
2. The attacker has the possibility of obtaining the username zero79
   and thus can create executable files in
   /home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin
3. The DHCP hook needs to be called to trigger the exploit, which
   happens at least on system start or after /etc/init.d/networking
   restart, possibly also when just renewing the dhcp-lease
   (unverified).

Here is a demonstration of this issue:

zero79@squeezevm:~$ id -a
uid=1001(zero79) gid=1001(zero79) groups=1001(zero79)
zero79@squeezevm:~$ mkdir -p source/git/isc-dhcp/debian/tmp/usr/sbin
zero79@squeezevm:~$ cat source/git/isc-dhcp/debian/tmp/usr/sbin/mv 'EOF'
#!/bin/sh
echo my script is run as: $(whoami) $(id -a)  /tmp/exploited
EOF
zero79@squeezevm:~$ chmod +x source/git/isc-dhcp/debian/tmp/usr/sbin/mv
root@squeezevm:~# /etc/init.d/networking restart
Restarting networking (via systemctl): networking.service.
root@squeezevm:~# ls -hltr /tmp
total 8.0K
-rw-r--r-- 1 root root 966 Oct 14 13:42 samba
-rw-r--r-- 1 root root  65 Oct 14 14:02 exploited
root@squeezevm:~# cat /tmp/exploited 
my script is run as: root uid=0(root) gid=0(root) groups=0(root)

At this point, zero79 has root access to the system.

Raphael Geissert has resolved this issue in a timely fashion, his
statement follows and his patch is attached:

 The insertion of that path does not appear to be malicious. Rather, it 
 appears to be a mistake in debian/rules as --prefix is set to 
 $(pwd)/debian/tmp/, instead of setting DESTDIR when calling make 
 install. client/Makefile.am defines CLIENT_PATH to 
 PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin, which is later injected 
 into the env.

 Due to what appears to be a bug in squeeze's Makefile.am, squeeze is not 
 affected.

 Attached patch fixes the problem.

 Since I've already built the package for wheezy, I'm going to upload it. 

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: armel
i386

Kernel: Linux 3.5.0 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages isc-dhcp-client depends on:
ii  debianutils  4.3.2
ii  iproute  20120521-3
ii  isc-dhcp-common  4.2.2.dfsg.1-5
ii  libc62.13-35

isc-dhcp-client recommends no packages.

Versions of packages isc-dhcp-client suggests:
pn  avahi-autoipd  none
pn  resolvconf none

-- no debconf information
diff -Nru isc-dhcp-4.2.2.dfsg.1/debian/rules isc-dhcp-4.2.2.dfsg.1/debian/rules
--- isc-dhcp-4.2.2.dfsg.1/debian/rules	2012-09-17 16:48:31.0 -0500
+++ isc-dhcp-4.2.2.dfsg.1/debian/rules	2012-10-14 15:12:29.0 -0500
@@ -39,8 +39,8 @@
 	dh_testdir
 
 	./configure \
-		--prefix=$(DESTDIR)/usr \
-		--sysconfdir=$(DESTDIR)/etc/dhcp \
+		--prefix=/usr \
+		--sysconfdir=/etc/dhcp \
 		--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
 		--with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
 		--with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
@@ -67,8 +67,8 @@
 	dh_testdir
 
 	./configure \
-		--prefix=$(DESTDIR)/usr \
-		--sysconfdir=$(DESTDIR)/etc/dhcp \
+		--prefix=/usr \
+		--sysconfdir=/etc/dhcp \
 		--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
 		--with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
 		--with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
@@ -99,7 +99,7 @@
 	dh_installdirs -A
 
 	# Add here commands to install the package into debian/tmp.
-	$(MAKE) install
+	$(MAKE) install DESTDIR=$(DESTDIR)
 
 	mkdir -p $(DESTDIR)/etc/dhcp
 

Bug#688847: libav: multiple CVEs in ffmpeg/libav

[Reinhard Tartler]

On Mon, Oct 15, 2012 at 3:39 AM, Moritz Muehlenhoff j...@inutil.org wrote:
 On Sun, Oct 14, 2012 at 05:00:54PM -0400, Reinhard Tartler wrote:
 On Wed, Sep 26, 2012 at 4:22 AM, Yves-Alexis Perez cor...@debian.org wrote:
  Source: libav
  Severity: grave
  Justification: user security hole
 
  Hi,
 
  it seems that a huge pile of CVE were allocated for ffmpeg/libav

 short status update:

 Most/all of the CVEs have now been backported upstream. Before
 releaseing 0.8.4, I need to review the list to ensure that nothing was
 forgotten. You can help with this by reviewing the list here:

 http://git.libav.org/?p=libav.git;a=shortlog;h=refs/heads/release/0.8

 Hi Reinhard,
 I double-checked the list and the following CVE IDs fixed in the ffmpeg
 0.11 release are not yet present in the 0.8 git branch (some are 
 ffmpeg-specific
 I suppose):

 CVE-2012-2774, 59a4b73531428d2f420b4dad545172c8483ced0f
 CVE-2012-2782, 9a57a37b7041581c10629c8241260a5d7bfbc1e7
 CVE-2012-2783, d85b3c4fff4c4b255232fcc01edbd57f19d60998
 CVE-2012-2785, 326f7a68bbd429c63fd2f19f4050658982b5b081
d462949974668ffb013467d12dc4934b9106fe19
 CVE-2012-2790, 2837d8dc276760db1821b81df3f794a90bfa56e6
 CVE-2012-2791, 0846719dd11ab3f7a7caee13e7af71f71d913389
 CVE-2012-2792, d442c4462a2692e27a24e1a9d0eb6f18725c7bd8
 CVE-2012-2795, a0abefb0af64a311b15141062c77dd577ba590a3
2a7063de547b1d8fb1cef523469390fb59fb2c50
b3a43515827f3d22a881c33b87384f01c86786fd
 CVE-2012-2796, 5e59a77cec804a9b44c60ea22c17beba6453ef23
 CVE-2012-2797, cca9528524c7a4b91451f4322bd50849af5d057e
 CVE-2012-2799, 64bd7f8e4db1742e86c5ed02bd530688b74063e3
 CVE-2012-2803, 951cbea56fdc03ef96d07fbd7e5bed755d42ac8a
 CVE-2012-2804, 4a80ebe491609e04110a1dd540a0ca79d3be3d04

Those are commits from ffmpeg, and do not necessarily apply to libav
as well. Our current working list looks like this:

fixed:
CVE-2012-2772 (cb7190cd2c691fd93e4d3664f3fce6c19ee001dd)
CVE-2012-2775 (9853e41aa0a6cfff629ff7009685eb8bf8d64e7f)
CVE-2012-2777 (c20a69630619d14ae92c5541d52c579d7c8f3e94)
CVE-2012-2779 (891918431db628db17885ed947ee387b29826a64)
CVE-2012-2784 (same as CVE-2012-2777)
CVE-2012-2785 (326f7a68bbd429c63fd2f19f4050658982b5b081
d462949974668ffb013467d12dc4934b9106fe19)
CVE-2012-2786 (ee715f49a06bf3898246d01b056284a9bb1bcbb9)
CVE-2012-2787 (b146d74730ab9ec5abede9066f770ad851e45fbc)
CVE-2012-2788 (0af49a63c7f87876486ab09482d5b26b95abce60)
CVE-2012-2789 (99f392a584dd10b553facc8e819f2c7e982e176d)
CVE-2012-2790 (66197988b1ee914825afbc3084e6da63f862068a)
CVE-2012-2792 (065b3a1cfa3f23aedf76244b3f3883ba913173ff)
CVE-2012-2793 (b631e4ed64f7d1b9ca8f897fda31140e8d1fad81)
CVE-2012-2796 (1100acbab26883007898c53efeb289f562c6e514)
CVE-2012-2776 (e4d4044339b9c3b0f45f7203cd026eda3c0414c0)
CVE-2012-2794 (2d09cdbaf2f449ba23d54e97e94bd97ca22208c6)
CVE-2012-2800 (ae3da0ae5550053583a6f281ea7fd940497ea0d1)
CVE-2012-2795 (607f57152c59bcec26caaf2060a86d96f76c4e8b
f48fbf2eb5ba7015c65b31c266edf399dd6a82b1
6a99310fce49f51773ab7d8ffa4f4748bbf58db9)
CVE-2012-2798 (d05f72c75445969cd7bdb1d860635c9880c67fb6)
CVE-2012-2799 (d65d8347314b645051e336aed141aaf32a6c0d02)
CVE-2012-2801 (85f477935cd6b34e6ec2716b20e15ce748277a89)

submitted:
CVE-2012-2783 (has been oked, but looks shady)

invalid?:
CVE-2012-2774 -- ffmpeg fix is not a fix, it's unclear what real issue
it is supposed to fix
CVE-2012-2804 -- same as above
CVE-2012-2782 -- Ronald says it does not apply to us
CVE-2012-2797 -- Justin says it's completely wrong
CVE-2012-2803 -- looks very shady

other:
CVE-2012-2791 (0846719dd11ab3f7a7caee13e7af71f71d913389) -- needs
input from kostya
CVE-2012-2802 -- Justin said he'd fix it differently


 None of these are merged into 0.5.x, has the code diverged so much?

I arrived only today from my two week trip and will work on backports
for 0.7-0.5 this week. Sorry for the delay.

Cheers,
Reinhard

-- 
regards,
Reinhard


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690067: syslog-ng-core: symlink conffile issues

[Gergely Nagy]

Gergely Nagy alger...@balabit.hu writes:

 The easy fix is to remove debian/syslog-ng-core.conffiles. That has the
 downside of not allowing the user to easily change the symlink to point
 somewhere else (like a custom unit file) unless he diverts the file,
 which is kind of awkward.

 But alas, that's still less trouble than causing a mess with symlink
 conffiles, apparently.

 I've fixed it in my git tree, will poke GCS to pick it over for the next
 syslog-ng upload.

Mostly for myself, but replacing the symlinks with real conffiles that
.include the former symlink targets may be an even better course of
action. I'll test that over the next few days, and see how upgrades
behave.

-- 
|8]


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684218: marked as done (ogre contains non-free font from larabie collection)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 11:18:11 +
with message-id e1tnigv-00012t...@franck.debian.org
and subject line Bug#684218: fixed in ogre 1.7.4+dfsg1-6
has caused the Debian Bug report #684218,
regarding ogre contains non-free font from larabie collection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
684218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684218
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: ogre
Version: 1.7.4-5
Severity: serious
Tags: upstream
Forwarded: http://ogre3d.org/mantis/view.php?id=546

People reported to me that the package contains the Larabie fonts,
which are considered non-free [1], and there are packages for
fonts-larabie which are indeed in non-free [2] containing the same
files [3]:

   Samples/Media/fonts/bluebold.ttf
   Samples/Media/fonts/bluecond.ttf
   Samples/Media/fonts/bluehigh.ttf
   Samples/Media/fonts/solo5.ttf

This affects both ogre and ogre-1.8 packages, submitting
independent bug reports.

This is reported upstream in the hope that they will fix it in
upcoming releases [4], but in the meantime the package will need a new
sourceful upload with a new .orig.tar file without these files in
order to fix the issue.

Regards.


[1] http://lists.debian.org/debian-legal/2001/10/msg00059.html
[2] http://packages.debian.org/search?keywords=fonts-larabie
[3] http://anonscm.debian.org/viewvc/pkg-fonts/packages/fonts-larabie/trunk/
[4] http://ogre3d.org/mantis/view.php?id=546

-- 
Manuel A. Fernandez Montecelo manuel.montez...@gmail.com
---End Message---
---BeginMessage---
Source: ogre
Source-Version: 1.7.4+dfsg1-6

We believe that the bug you reported is fixed in the latest version of
ogre, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 684...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Manuel A. Fernandez Montecelo manuel.montez...@gmail.com (supplier of updated 
ogre package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 10 Oct 2012 20:47:20 +0100
Source: ogre
Binary: libogre-dev libogre-1.7.4 libogre-1.7.4-dbg ogre-doc ogre-tools 
blender-ogrexml
Architecture: source amd64 all
Version: 1.7.4+dfsg1-6
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Manuel A. Fernandez Montecelo manuel.montez...@gmail.com
Description: 
 blender-ogrexml - Blender Exporter for OGRE
 libogre-1.7.4 - 3D Object-Oriented Graphics Rendering Engine (libraries)
 libogre-1.7.4-dbg - 3D Object-Oriented Graphics Rendering Engine (debugging 
libs)
 libogre-dev - 3D Object-Oriented Graphics Rendering Engine (development files)
 ogre-doc   - 3D Object-Oriented Graphics Rendering Engine (documentation)
 ogre-tools - 3D Object-Oriented Graphics Rendering Engine (tools)
Closes: 674633 684218
Changes: 
 ogre (1.7.4+dfsg1-6) unstable; urgency=low
 .
   * Remove Samples altogether, since almost all of them contain or depend on
 non-free items (fonts and some media objects, see Debian and upstream bug
 report).
 After contacting upstream, they are not inclined to resolve the issue soon
 (read: it will take years and several major releases, if it happens at 
all).
 All of them are removed and there will be no attempt to track which ones 
are
 DFSG-compliant; it is quite a burden (thus decreasing the time that can be
 devoted to maintain the package in good shape, follow closely upstream
 updates, etc), and this is even more complicated with different sets of
 samples in every release (as it is the case now, with v1.7 and v1.8 in the
 Debian archive).
 This change encompasses the following actions/changes:
 - Repack the source (simply removing all ./Samples/)
 - Remove patch change_sample_cfg_path.patch, of no use now
 - Remove corresponding sample packages from debian/control
 - Remove files debian/*samples*.install
 - Closes: #684218 (ogre contains non-free font from larabie collection)
   * Force Build-Depends and Depends of libogre-dev on version 1.49 (this
 particular one since it is the default for Wheezy).  OGRE exposes internal
 source code 

Bug#684219: marked as done (ogre-1.8 contains non-free font from larabie collection)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 11:18:45 +
with message-id e1tnih3-0001ie...@franck.debian.org
and subject line Bug#684219: fixed in ogre-1.8 1.8.0+dfsg1-2
has caused the Debian Bug report #684219,
regarding ogre-1.8 contains non-free font from larabie collection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
684219: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: ogre-1.8
Version: 1.8.0-1
Severity: serious
Tags: upstream
Forwarded: http://ogre3d.org/mantis/view.php?id=546

People reported to me that the package contains the Larabie fonts,
which are considered non-free [1], and there are packages for
fonts-larabie which are indeed in non-free [2] containing the same
files [3]:

   Samples/Media/fonts/bluebold.ttf
   Samples/Media/fonts/bluecond.ttf
   Samples/Media/fonts/bluehigh.ttf
   Samples/Media/fonts/solo5.ttf

This affects both ogre and ogre-1.8 packages, submitting
independent bug reports.

This is reported upstream in the hope that they will fix it in
upcoming releases [4], but in the meantime the package will need a new
sourceful upload with a new .orig.tar file without these files in
order to fix the issue.

Regards.


[1] http://lists.debian.org/debian-legal/2001/10/msg00059.html
[2] http://packages.debian.org/search?keywords=fonts-larabie
[3] http://anonscm.debian.org/viewvc/pkg-fonts/packages/fonts-larabie/trunk/
[4] http://ogre3d.org/mantis/view.php?id=546

-- 
Manuel A. Fernandez Montecelo manuel.montez...@gmail.com
---End Message---
---BeginMessage---
Source: ogre-1.8
Source-Version: 1.8.0+dfsg1-2

We believe that the bug you reported is fixed in the latest version of
ogre-1.8, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 684...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Manuel A. Fernandez Montecelo manuel.montez...@gmail.com (supplier of updated 
ogre-1.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 10 Oct 2012 21:42:07 +0100
Source: ogre-1.8
Binary: libogre-1.8-dev libogre-1.8.0 libogre-1.8.0-dbg ogre-1.8-doc 
ogre-1.8-tools blender-ogrexml-1.8
Architecture: source amd64 all
Version: 1.8.0+dfsg1-2
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Manuel A. Fernandez Montecelo manuel.montez...@gmail.com
Description: 
 blender-ogrexml-1.8 - Blender Exporter for OGRE
 libogre-1.8-dev - 3D Object-Oriented Graphics Rendering Engine (development 
files)
 libogre-1.8.0 - 3D Object-Oriented Graphics Rendering Engine (libraries)
 libogre-1.8.0-dbg - 3D Object-Oriented Graphics Rendering Engine (debugging 
libs)
 ogre-1.8-doc - 3D Object-Oriented Graphics Rendering Engine (documentation)
 ogre-1.8-tools - 3D Object-Oriented Graphics Rendering Engine (tools)
Closes: 684219 687013 688582
Changes: 
 ogre-1.8 (1.8.0+dfsg1-2) unstable; urgency=low
 .
   * Remove Samples altogether, since almost all of them contain or depend on
 non-free items (fonts and some media objects, see Debian and upstream bug
 report).
 After contacting upstream, they are not inclined to resolve the issue soon
 (read: it will take years and several major releases, if it happens at 
all).
 All of them are removed and there will be no attempt to track which ones 
are
 DFSG-compliant; it is quite a burden (thus decreasing the time that can be
 devoted to maintain the package in good shape, follow closely upstream
 updates, etc), and this is even more complicated with different sets of
 samples in every release (as it is the case now, with v1.7 and v1.8 in the
 Debian archive).
 This change encompasses the following actions/changes:
 - Repack the source (simply removing all ./Samples/)
 - Remove patch change_sample_cfg_path.patch, of no use now
 - Remove corresponding sample packages from debian/control
 - Remove files debian/*samples*.install
 - Closes: #684219 (ogre contains non-free font from larabie collection)
   * Force Build-Depends and Depends of libogre-dev on version 1.49 (this
 particular one since 

Bug#690542: nut-nutrition: Segmentation fault amd64

[Julius Hader]

Package: nut-nutrition
Version: 15.5-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

on a 64-bit system nut-nutrition quits with 'Segmentation fault' right after 
start. On 32-bit this doesn't happen. 

Removing, purging, then re-installing the package didn't help.

The segfault unfortunately makes the package completely unusable.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-0.towo-siduction-amd64 (SMP w/1 CPU core; PREEMPT)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nut-nutrition depends on:
ii  libc6  2.13-35

nut-nutrition recommends no packages.

nut-nutrition suggests no packages.

-- no debconf information 

Bug#689718: marked as done (xmame-sdl,xmess-sdl: missing copyright file after upgrade from squeeze)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 12:18:16 +
with message-id e1tnjce-00087b...@franck.debian.org
and subject line Bug#689718: fixed in mess 0.146-3
has caused the Debian Bug report #689718,
regarding xmame-sdl,xmess-sdl: missing copyright file after upgrade from squeeze
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689718
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: xmame-sdl,xmess-sdl
Version: 0.146-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + xmame-common xmess-common

A test with piuparts revealed that package $package misses the copyright
file after an upgrade from squeeze to wheezy, which is a violation of
Policy 12.5 :
http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile

After the upgrade /usr/share/doc/$package/ is just an empty directory.

Additional info may be available here:
http://wiki.debian.org/MissingCopyrightFile

There is something bad going on with the symlink to directory conversion
that is needed if the xmame-common or xmess-common package was installed.

From the attached logfile (scroll to the bottom):

1m2.1s INFO: dirname part contains a symlink:
  /usr/share/doc/xmess-sdl/changelog.Debian.gz != 
/usr/share/doc/xmess-common/changelog.Debian.gz (xmess-sdl)
  /usr/share/doc/xmess-sdl/changelog.gz != 
/usr/share/doc/xmess-common/changelog.gz (xmess-sdl)
  /usr/share/doc/xmess-sdl/copyright != /usr/share/doc/xmess-common/copyright 
(xmess-sdl)

1m3.2s ERROR: FAIL: debsums reports modifications inside the chroot:
  debsums: missing file /usr/share/doc/xmess-sdl/changelog.Debian.gz (from 
xmess-sdl package)
  debsums: missing file /usr/share/doc/xmess-sdl/changelog.gz (from xmess-sdl 
package)
  debsums: missing file /usr/share/doc/xmess-sdl/copyright (from xmess-sdl 
package)


cheers,

Andreas


xmess-common_None.log.gz
Description: GNU Zip compressed data
---End Message---
---BeginMessage---
Source: mess
Source-Version: 0.146-3

We believe that the bug you reported is fixed in the latest version of
mess, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cesare Falco cesare.fa...@gmail.com (supplier of updated mess package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 05 Aug 2012 22:56:44 +0200
Source: mess
Binary: mame-tools mess mess-data xmame-tools xmess-sdl xmess-x sdlmame-tools
Architecture: source amd64 all
Version: 0.146-3
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Cesare Falco cesare.fa...@gmail.com
Description: 
 mame-tools - Tools for MAME and MESS
 mess   - Multi Emulator Super System (MESS)
 mess-data  - Data files for the Multi Emulator Super System (MESS)
 sdlmame-tools - Transitional package for sdlmame-tools
 xmame-tools - Transitional package for mame-tools
 xmess-sdl  - Transitional package for xmess-sdl
 xmess-x- Transitional package for xmess-x
Closes: 685470 689718
Changes: 
 mess (0.146-3) unstable; urgency=low
 .
   [ Cesare Falco ]
   * Modified default options in mess.ini to reflect Mame
   * Removed unnecessary contributed manpages
   * mess-data.dirs: Create empty /usr/local/* dirs
 .
   [ Emmanuel Kasper ]
   * Add xmess-x.preinst and xmess-sdl.preinst to remove danglink symlinks
   when upgrading from squeeze (closes: bug#685470, #689718)
Checksums-Sha1: 
 d88e35ef2b128795f491d18323d71003436cdec2 2493 mess_0.146-3.dsc
 a0bb3fb3680a6a7d859c3bac6d84b206a28d6c48 52176 mess_0.146-3.debian.tar.xz
 43924cc0d7c64fa1aeef1e36d0f14e4a64ab73ee 774230 mame-tools_0.146-3_amd64.deb
 d2e9603c4d09a8d09e453cbd34099c5d57e4e42e 9346966 mess_0.146-3_amd64.deb
 67720643373a3e5f5fe376db83654e4dcd35537b 31884278 mess-data_0.146-3_all.deb
 df7373a4742203548de6dc2ca09fc6d62b9b62cc 37978 xmame-tools_0.146-3_all.deb
 bf229032d1a6c436a774c94e1a6252ef1e16ec16 38110 xmess-sdl_0.146-3_all.deb
 ede16c5a79ac6a3463fd5a8dfc55113aa0f1fd18 38108 xmess-x_0.146-3_all.deb
 37a4803f06d3434a5b5fc08e5d041aba64d6d468 37978 

Bug#685470: marked as done (xmess-x,xmess-sdl: missing copyright file after squeeze-wheezy upgrade)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 12:18:16 +
with message-id e1tnjce-00087y...@franck.debian.org
and subject line Bug#685470: fixed in mess 0.146-3
has caused the Debian Bug report #685470,
regarding xmess-x,xmess-sdl: missing copyright file after squeeze-wheezy 
upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
685470: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685470
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: xmess-x,xmess-sdl
Version: 0.146-2
Severity: serious
Justification: Policy 12.5
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during an experimental test with piuparts I noticed that the copyright
file of your package sis missing after an upgrade from squeeze to
wheezy.


Cheers,

Andreas
---End Message---
---BeginMessage---
Source: mess
Source-Version: 0.146-3

We believe that the bug you reported is fixed in the latest version of
mess, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 685...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cesare Falco cesare.fa...@gmail.com (supplier of updated mess package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 05 Aug 2012 22:56:44 +0200
Source: mess
Binary: mame-tools mess mess-data xmame-tools xmess-sdl xmess-x sdlmame-tools
Architecture: source amd64 all
Version: 0.146-3
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team pkg-games-de...@lists.alioth.debian.org
Changed-By: Cesare Falco cesare.fa...@gmail.com
Description: 
 mame-tools - Tools for MAME and MESS
 mess   - Multi Emulator Super System (MESS)
 mess-data  - Data files for the Multi Emulator Super System (MESS)
 sdlmame-tools - Transitional package for sdlmame-tools
 xmame-tools - Transitional package for mame-tools
 xmess-sdl  - Transitional package for xmess-sdl
 xmess-x- Transitional package for xmess-x
Closes: 685470 689718
Changes: 
 mess (0.146-3) unstable; urgency=low
 .
   [ Cesare Falco ]
   * Modified default options in mess.ini to reflect Mame
   * Removed unnecessary contributed manpages
   * mess-data.dirs: Create empty /usr/local/* dirs
 .
   [ Emmanuel Kasper ]
   * Add xmess-x.preinst and xmess-sdl.preinst to remove danglink symlinks
   when upgrading from squeeze (closes: bug#685470, #689718)
Checksums-Sha1: 
 d88e35ef2b128795f491d18323d71003436cdec2 2493 mess_0.146-3.dsc
 a0bb3fb3680a6a7d859c3bac6d84b206a28d6c48 52176 mess_0.146-3.debian.tar.xz
 43924cc0d7c64fa1aeef1e36d0f14e4a64ab73ee 774230 mame-tools_0.146-3_amd64.deb
 d2e9603c4d09a8d09e453cbd34099c5d57e4e42e 9346966 mess_0.146-3_amd64.deb
 67720643373a3e5f5fe376db83654e4dcd35537b 31884278 mess-data_0.146-3_all.deb
 df7373a4742203548de6dc2ca09fc6d62b9b62cc 37978 xmame-tools_0.146-3_all.deb
 bf229032d1a6c436a774c94e1a6252ef1e16ec16 38110 xmess-sdl_0.146-3_all.deb
 ede16c5a79ac6a3463fd5a8dfc55113aa0f1fd18 38108 xmess-x_0.146-3_all.deb
 37a4803f06d3434a5b5fc08e5d041aba64d6d468 37978 sdlmame-tools_0.146-3_amd64.deb
Checksums-Sha256: 
 c2e472d88f5e9d183860419317e23e1d58ed331b22ab596577e900d07cba372a 2493 
mess_0.146-3.dsc
 c1a826fe760a1752480adcad7d29773cd3f50d0653912bc42b1df3d596f4c0b6 52176 
mess_0.146-3.debian.tar.xz
 7d90148032e4eb79255f83de18943b9c8a9dc920a7ac1f49be35112f4a13f8dd 774230 
mame-tools_0.146-3_amd64.deb
 ebb89e4bf7647422df85aaea4f709d952ddd4223af7560646ea60847f701f244 9346966 
mess_0.146-3_amd64.deb
 48c3d52546a1895fa226937686e50250219a72b534e94779f1bf733943ae070f 31884278 
mess-data_0.146-3_all.deb
 97710889dcfae40a913ec94eaa21901d45dd951e12e50f2eca6218602a0761a7 37978 
xmame-tools_0.146-3_all.deb
 23cb70553508c1adfac181f6b941b0439e4e814570e363fea1e65f5e28ad7c75 38110 
xmess-sdl_0.146-3_all.deb
 c9739e9c6a8d41071034f23e6288175c5861119b0247aec31c9db386f9f31472 38108 
xmess-x_0.146-3_all.deb
 8d4744ac179f6ec48a28ad819c244cd2eccf0a73a0e56b611e8f87edfe65a855 37978 
sdlmame-tools_0.146-3_amd64.deb
Files: 
 c94b9a6a060ec2520078439d4912b03a 2493 non-free/games optional mess_0.146-3.dsc
 1b67f54aafb4b24dbd6062750df0bbd4 52176 non-free/games optional 
mess_0.146-3.debian.tar.xz
 d98901826c362c93501b1c6d6a65342e 774230 non-free/utils optional 

Bug#690148: Please give back gcc-mingw-w64 (so it rebuilds using gcc-4.6 4.6.3-12)

[Jonathan Wiltshire]

On 2012-10-15 14:13, Philipp Kern wrote:

On Mon, Oct 15, 2012 at 01:33:16AM +0200, Cyril Brulebois wrote:

Stephen Kitt st...@sk2.org (14/10/2012):
 Now that gcc-4.6 4.6.3-12 is installed in unstable on all
 architectures, would it be possible to give gcc-mingw-w64 back on
 all buildds? This will cause it to be rebuilt using gcc-4.6
 4.6.3-12; since the latter's version ends up in the resulting 
binary

 packages' versions, a binNMU shouldn't be necessary...

   gb gcc-mingw-w64_7 . ALL
a package which failed to build can be given back. That's really an
alias for “please give it another chance to build (successfully)”. 
If

you want to get a(n already successfully built) package rebuilt
against a new set of packages, that's where binNMUs come into play.


And if would've been cool if you could send a rationale for why the 
binNMU is
needed (I simply don't know why one has to recompile against a new 
gcc, and

there's no bug# reference) to debian-release@lists.d.o (Cc'ed).

(binNMUs migrate automatically if present, hence it's also slightly 
relevant

for wheezy release management.)


Surely it would be more efficient to do a maintainer upload fixing RC
bug #690148, and you'll get the rebuilds for free?

I started looking at this bug yesterday, the fix is easy but I did not
have time to check all binary packages. Patch to follow if you want it.


--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690556: condor: CVE-2012-4462

[Moritz Muehlenhoff]

Package: condor
Severity: grave
Tags: security patch
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for
details and a patch.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: severity of 689054 is grave

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 severity 689054 grave
Bug #689054 [libgpod-cil] libgpod-cil: Wrong architecture field value in 
libgpod-cil package definition
Severity set to 'grave' from 'important'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
689054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#682824: hylafax: needs update for wheezy

[Giuseppe Sacco]

Hi Thijs,

Il giorno dom, 14/10/2012 alle 16.00 +0200, Thijs Kinkhorst ha scritto:
 This security issue was fixed in unstable, thanks for that, but
 wheezy is still lacking the fix. This is because the unstable version
 cannot migrate due to it containing many auxilliary fixes. Could you
 coordinate with the release team to make an upload to
 testing-proposed-updates with the security fix?

A few days ago I prepared a package for t-p-u. A diff that explain the
package changes is already appended to the unblock request. See #685230.

If you may check the diff and unblock the freeze exception, please do
it.

Thanks,
Giuseppe


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#674324: ruby-net-sftp: cloning and reassigning to ruby-mocha

[Cédric Boutillier]

Package: ruby-net-sftp
Followup-For: Bug #674324
Control: clone 674324 -1
Control: reassign -1 ruby-mocha
Control: affects -1 ruby-net-sftp
Control: severity -1 normal
Control: forwarded -1 https://github.com/freerange/mocha/issues/99

Hi!

This turns out to be a variant of a problem in ruby-mocha, already
reported upstream. The minimal example to reproduce this issue with
ruby-mocha is attached.

Therefore, I am cloning and reaffecting to ruby-mocha. The original bug
will be closed by an upload of ruby-net-sftp, deactivating the
problematic test.

Cheers,

Cédric




bug_mocha.rb
Description: application/ruby


signature.asc
Description: Digital signature

Processed: ruby-net-sftp: cloning and reassigning to ruby-mocha

[Debian Bug Tracking System]

Processing control commands:

 clone 674324 -1
Bug #674324 [src:ruby-net-sftp] ruby-net-sftp: FTBFS: test failed
Bug 674324 cloned as bug 690562
 reassign -1 ruby-mocha
Bug #690562 [src:ruby-net-sftp] ruby-net-sftp: FTBFS: test failed
Bug reassigned from package 'src:ruby-net-sftp' to 'ruby-mocha'.
No longer marked as found in versions ruby-net-sftp/1:2.0.5-2.
Ignoring request to alter fixed versions of bug #690562 to the same values 
previously set
 affects -1 ruby-net-sftp
Bug #690562 [ruby-mocha] ruby-net-sftp: FTBFS: test failed
Added indication that 690562 affects ruby-net-sftp
 severity -1 normal
Bug #690562 [ruby-mocha] ruby-net-sftp: FTBFS: test failed
Severity set to 'normal' from 'serious'
 forwarded -1 https://github.com/freerange/mocha/issues/99
Bug #690562 [ruby-mocha] ruby-net-sftp: FTBFS: test failed
Changed Bug forwarded-to-address to 
'https://github.com/freerange/mocha/issues/99' from 
'http://net-ssh.lighthouseapp.com/projects/36253-net-ssh/tickets/62-net-sftp-fails-with-mocha-0113'

-- 
674324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674324
690562: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690562
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#689889: marked as done (Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2))

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 15:02:36 +
with message-id e1tnmbg-00025b...@franck.debian.org
and subject line Bug#689889: fixed in echolot 2.1.8-7
has caused the Debian Bug report #689889,
regarding Ships a folder in /var/run or /var/lock (Policy Manual section 9.3.2)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689889: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689889
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: echolot
Version: 2.1.8-6
Severity: serious
Tags: patch

Dear Maintainer,

Andreas Beckmann deb...@abeckmann.de reported in -devel that your package
(as well as 27 others) ships a folder either in /var/run or /var/lock. This
is forbidden by policy.

Lintian detects the problem and warns as follow:

/var/run may be a temporary filesystem, so any directories or files needed
/there must be created dynamically at boot time.

Refer to Debian Policy Manual section 9.3.2 (Writing the scripts) for
details.

Severity: serious, Certainty: possible
Check: files, Type: binary, udeb

which is why I am reporting this bug with severity serious (and there fore,
release critical).

Please fix your package. I have attached what I believe is a good fix the
problem, however, I haven't tried it, and I haven't tested if something more
for creating the necessary folder at runtime should be added. Please make
sure to test before applying the patch blindly.

Cheers,

Thomas Goirand (zigo)
diff -u echolot-2.1.8/debian/changelog echolot-2.1.8/debian/changelog
--- echolot-2.1.8/debian/changelog
+++ echolot-2.1.8/debian/changelog
@@ -1,3 +1,10 @@
+echolot (2.1.8-6.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Fixes handling of the /var/run/echolot folder life cycle (Closes: #XX).
+
+ -- Thomas Goirand z...@debian.org  Sat, 06 Oct 2012 16:59:36 +0800
+
 echolot (2.1.8-6) unstable; urgency=low
 
   * In postrm during purge remove (rm -rf) /var/lib/echolot instead of
diff -u echolot-2.1.8/debian/echolot.init echolot-2.1.8/debian/echolot.init
--- echolot-2.1.8/debian/echolot.init
+++ echolot-2.1.8/debian/echolot.init
@@ -25,7 +25,8 @@
 # You probably don't want to mess with stuff below this line
 
 
-PIDFILE=/var/run/echolot/pingd.pid
+RUNFLD=/var/run/echolot
+PIDFILE=${RUNFLD}/pingd.pid
 CHECKULIMIT=1
 CHECKUID=1
 USER=echolot
@@ -41,6 +42,13 @@
 # Reads config file (will override defaults above)
 [ -r /etc/default/echolot ]  . /etc/default/echolot
 
+if [ ! -d ${RUNFLD} ] ; then
+	mkdir -p ${RUNFLD} || true
+	if [ -d ${RUNFLD} ] ; then
+		chown ${USER}:${GROUP} ${RUNFLD}
+		chmod 02770 ${RUNFLD}
+	fi
+fi
 
 wait_for_deaddaemon () {
 	PID=$1
diff -u echolot-2.1.8/debian/echolot.postinst echolot-2.1.8/debian/echolot.postinst
--- echolot-2.1.8/debian/echolot.postinst
+++ echolot-2.1.8/debian/echolot.postinst
@@ -30,10 +30,6 @@
 if ( ! dpkg-statoverride --list /var/lib/echolot  /dev/null ); then
 	dpkg-statoverride --update --add root echolot 02775 /var/lib/echolot
 fi
-# and /var/run/echolot
-if ( ! dpkg-statoverride --list /var/run/echolot  /dev/null ); then
-	dpkg-statoverride --update --add root echolot 02770 /var/run/echolot
-fi
 
 #DEBHELPER#
 
diff -u echolot-2.1.8/debian/echolot.postrm echolot-2.1.8/debian/echolot.postrm
--- echolot-2.1.8/debian/echolot.postrm
+++ echolot-2.1.8/debian/echolot.postrm
@@ -6,6 +6,7 @@
 	purge)
 		rm -rf /var/lib/echolot
 		rm -rf /var/log/echolot
+		rm -rf /var/run/echolot
 		rmdir /etc/echolot/templates 2/dev/null || true
 		rmdir /etc/echolot 2/dev/null || true
 		dpkg-statoverride --remove /var/run/echolot /dev/null 21 || true
only in patch2:
unchanged:
--- echolot-2.1.8.orig/debian/echolot.dirs
+++ echolot-2.1.8/debian/echolot.dirs
@@ -1,7 +1,6 @@
 usr/bin
 usr/share/perl5
 var/lib/echolot
-var/run/echolot
 var/log/echolot
 etc/echolot
 etc/default
---End Message---
---BeginMessage---
Source: echolot
Source-Version: 2.1.8-7

We believe that the bug you reported is fixed in the latest version of
echolot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader wea...@debian.org (supplier of updated echolot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it 

Bug#689054: marked as done (libgpod-cil: Wrong architecture field value in libgpod-cil package definition)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 15:04:56 +
with message-id e1tnmdw-00047u...@franck.debian.org
and subject line Bug#689054: fixed in libgpod 0.8.2-7
has caused the Debian Bug report #689054,
regarding libgpod-cil: Wrong architecture field value in libgpod-cil package 
definition
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libgpod-cil
Version: 0.8.2-6
Severity: important
Tags: patch

Dear Maintainer,

libgpod-cil package of the libgpod project has a wrong architecture entry:
- Normally -cil packages are arch-independent but,
- This one isn't because the library contains interoperability/marshalling
(unsafe) code.
- Package should be compiled differently, then, in each arch.
- Proof of this is the file configure.ac of upstream:
http://gtkpod.git.sourceforge.net/git/gitweb.cgi?p=gtkpod/libgpod;a=blob;f=configure.ac;h=669d433a47536ed5504eed12766f4876b476efa6;hb=HEAD
(Line 318, with different GMCS_FLAGS determined by ac_cv_alignof_double)
- The upstram bug is: https://bugzilla.gnome.org/show_bug.cgi?id=684876

Patch to fix this upstream in debian git is simple:

diff --git a/debian/control b/debian/control
index 145766c..50ae277 100644
--- a/debian/control
+++ b/debian/control
@@ -138,7 +138,7 @@ Description: Python bindings for libgpod

 Package: libgpod-cil
 Section: cli-mono
-Architecture: all
+Architecture: any
 Depends: ${cli:Depends}, ${misc:Depends}
 Description: CLI bindings for libgpod
  libgpod is a library meant to abstract access to an iPod's content. It


Thanks very much.
 Andres G. Aragoneses (Banshee developer)

-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500,
'precise'), (100, 'precise-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-31-generic (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libgpod-cil depends on:
ii  libglib2.0-cil  2.12.10-2ubuntu4
ii  libgpod40.8.2-6~hyper1+precise
ii  libgtk2.0-cil   2.12.10-2ubuntu4
ii  libmono-corlib4.0-cil   2.10.8.1-5~dhx1~precise1
ii  libmono-system-core4.0-cil  2.10.8.1-5~dhx1~precise1

libgpod-cil recommends no packages.

libgpod-cil suggests no packages.
---End Message---
---BeginMessage---
Source: libgpod
Source-Version: 0.8.2-7

We believe that the bug you reported is fixed in the latest version of
libgpod, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chow Loong Jin hyper...@debian.org (supplier of updated libgpod package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 15 Oct 2012 21:58:33 +0800
Source: libgpod
Binary: libgpod-nogtk-dev libgpod4-nogtk libgpod-dev libgpod4 libgpod-common 
libgpod-doc python-gpod libgpod-cil libgpod-cil-dev
Architecture: source amd64 all
Version: 0.8.2-7
Distribution: unstable
Urgency: low
Maintainer: gtkpod Maintainers pkg-gtkpod-de...@lists.alioth.debian.org
Changed-By: Chow Loong Jin hyper...@debian.org
Description: 
 libgpod-cil - CLI bindings for libgpod
 libgpod-cil-dev - CLI bindings for libgpod -- development files
 libgpod-common - common files for libgpod
 libgpod-dev - development files for libgpod
 libgpod-doc - documentation for libgpod
 libgpod-nogtk-dev - development files for libgpod (version without artwork 
support)
 libgpod4   - library to read and write songs and artwork to an iPod
 libgpod4-nogtk - library to read and write songs to an iPod
 python-gpod - Python bindings for libgpod
Closes: 689054
Changes: 
 libgpod (0.8.2-7) unstable; urgency=low
 .
   * [1c86366] Make -cil packages non-arch-all (Closes: #689054)
   * [e819dd1] Bump debhelper build-dep version to 9
   * [810a91d] Set libgpod-cil-dev section to cli-mono
   * [a5c3888] No-change bump of Standards-Version to 3.9.3
Checksums-Sha1: 
 cd8b6a9eecf12a394234db43e02595c3eab5b82e 3068 

Bug#688233: marked as done (/usr/bin/uim-module-manager: modifies conffiles (policy 10.7.3): /etc/uim/installed-modules.scm, /etc/uim/loader.scm)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 15:05:27 +
with message-id e1tnmer-0004ir...@franck.debian.org
and subject line Bug#688233: fixed in uim-chewing 0.1.0-3
has caused the Debian Bug report #688233,
regarding /usr/bin/uim-module-manager: modifies conffiles (policy 10.7.3): 
/etc/uim/installed-modules.scm, /etc/uim/loader.scm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
688233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688233
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: uim-utils
Version: 1:1.8.1-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: affects -1 + uim-yahoo-jp uim-viqr uim-social-ime fail/uim-skk 
uim-prime uim-pinyin uim-mozc uim-m17nlib uim-look uim-latin uim-latin 
uim-ipa-x-sampa uim-google-cgiapi-jp uim-chewing uim-canna uim-byeoru 
uim-baidu-olime-jp uim-anthy uim-ajax-ime

Hi,

during a test with piuparts I noticed that all the uim module packages
modify conffiles. This is forbidden by the policy, see
http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

10.7.3: [...] The easy way to achieve this behavior is to make the
configuration file a conffile. [...] This implies that the default
version will be part of the package distribution, and must not be
modified by the maintainer scripts during installation (or at any
other time).

Note that once a package ships a modified version of that conffile,
dpkg will prompt the user for an action how to handle the upgrade of
this modified conffile (that was not modified by the user).

Further in 10.7.3: [...] must not ask unnecessary questions
(particularly during upgrades) [...]

If a configuration file is customized by a maintainer script after
having asked some debconf questions, it may not be marked as a
conffile. Instead a template could be installed in /usr/share and used
by the postinst script to fill in the custom values and create (or
update) the configuration file (preserving any user modifications!).
This file must be removed during postrm purge.
ucf(1) may help with these tasks.
See also http://wiki.debian.org/DpkgConffileHandling

In https://lists.debian.org/debian-devel/2012/09/msg00412.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

debsums reports modification of the following files,
from the attached log (scroll to the bottom...):

  /etc/uim/installed-modules.scm
  /etc/uim/loader.scm


Having the registration/unregistration of the modules done by 
uim-module-manager is perfectly fine, only the registration
database files must not be conffiles and must be cleaned up
during postrm purge.


cheers,

Andreas


uim-yahoo-jp_1:1.8.1-2.log.gz
Description: GNU Zip compressed data
---End Message---
---BeginMessage---
Source: uim-chewing
Source-Version: 0.1.0-3

We believe that the bug you reported is fixed in the latest version of
uim-chewing, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 688...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) kos...@debian.org (supplier of updated uim-chewing package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 15 Oct 2012 21:51:10 +0800
Source: uim-chewing
Binary: uim-chewing
Architecture: source amd64
Version: 0.1.0-3
Distribution: unstable
Urgency: medium
Maintainer: IME Packaging Team pkg-ime-de...@lists.alioth.debian.org
Changed-By: Kan-Ru Chen (陳侃如) kos...@debian.org
Description: 
 uim-chewing - Universal Input Method - Chewing plugin
Closes: 688233
Changes: 
 uim-chewing (0.1.0-3) unstable; urgency=medium
 .
   * Team upload.
   * Urgency set medium to fix RC bug.
   * debian/uim-chewing.postinst,
 debian/uim-chewing.prerm: Change uim registration directory from
 /etc/uim to /var/lib/uim (Closes: #688233).
Checksums-Sha1: 
 dafa47d840ce087d5cddf0094c100d38febd59db 2025 uim-chewing_0.1.0-3.dsc
 22e3e9350d4c5bdfe99f17956fb90c25984bd84e 3537 uim-chewing_0.1.0-3.debian.tar.gz
 7215c893d7810b38c3551f813efaea241118a10f 24268 uim-chewing_0.1.0-3_amd64.deb
Checksums-Sha256: 
 ded12603b20b4b7ce88dac03816e0b15260152fc4ae9b3d41775b59a19beb0da 2025 

Processed: unarchiving 665890, found 665890 in 0.3.1-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 unarchive 665890
Bug #665890 {Done: Laszlo Boszormenyi (GCS) g...@debian.hu} 
[src:python-greenlet] python-greenlet: FTBFS on mips*: error: $fp cannot be 
used in asm here
Unarchived Bug 665890
 found 665890 0.3.1-2
Bug #665890 {Done: Laszlo Boszormenyi (GCS) g...@debian.hu} 
[src:python-greenlet] python-greenlet: FTBFS on mips*: error: $fp cannot be 
used in asm here
Marked as found in versions python-greenlet/0.3.1-2.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
665890: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665890
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690556: [condor-debian] Bug#690556: condor: CVE-2012-4462

[Jaime Frey]

On Oct 15, 2012, at 9:01 AM, Moritz Muehlenhoff j...@inutil.org wrote:

 Package: condor
 Severity: grave
 Tags: security patch
 Justification: user security hole
 
 Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for
 details and a patch.


This bug only affects the Aviary contrib module, which isn't built in the 
Debian condor package. 

Thanks and regards,
Jaime Frey
UW-Madison Condor Team


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#687786: diff for NMU version 3.2-1.1

[Boris Pek]

Hi,

Pushed to Git repo.

Regards,
Boris


2012-09-30, 05:27, Antoine Beaupré wrote:
 tags 687786 + pending
 thanks

 Dear maintainer,

 I've uploaded an NMU for opticalraytracer on behalf of Pablo Duboue to
 the DELAYED/7 queue. This was part of a Bug Squashing Party in Montreal
 to fix release critical bugs in Wheezy.

 Let me know if the upload needs to be canceled or is inappropriate.

 Here's the patch for that upload. I wasn't able to push to the git
 repository unfortunately.

 A.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690574: oss4-base: depends on linux-sound-base

[Julien Cristau]

Source: oss4-base
Version: 4.2-build2006-2
Severity: serious

The alsa-driver source package is on its way out.  oss4-base is the only
thing depending on it.  Please fix.

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: reassign 690574 to oss4-base

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 reassign 690574 oss4-base
Bug #690574 [src:oss4-base] oss4-base: depends on linux-sound-base
Warning: Unknown package 'src:oss4-base'
Bug reassigned from package 'src:oss4-base' to 'oss4-base'.
No longer marked as found in versions oss4-base/4.2-build2006-2.
Ignoring request to alter fixed versions of bug #690574 to the same values 
previously set
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
690574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690574
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690148: Please give back gcc-mingw-w64 (so it rebuilds using gcc-4.6 4.6.3-12)

[Stephen Kitt]

Hi Jonathan,

On Mon, 15 Oct 2012 14:49:31 +0100, Jonathan Wiltshire j...@debian.org wrote:
 Surely it would be more efficient to do a maintainer upload fixing RC
 bug #690148, and you'll get the rebuilds for free?
 
 I started looking at this bug yesterday, the fix is easy but I did not
 have time to check all binary packages. Patch to follow if you want it.

If you've got the patch to hand I'd appreciate it. As you say the fix is
easy, but I won't have time to work on it this evening...

Regards,

Stephen


signature.asc
Description: PGP signature

Processed: found 690574 in 4.2-build2006-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 found 690574 4.2-build2006-2
Bug #690574 [oss4-base] oss4-base: depends on linux-sound-base
Marked as found in versions oss4/4.2-build2006-2.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
690574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690574
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: fixed 690532 in 4.2.2.dfsg.1-5+deb70u2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 fixed 690532 4.2.2.dfsg.1-5+deb70u2
Bug #690532 [isc-dhcp-client] CVE-2012-2248: backdoor for user zero79 due to 
dhclient’s hook $PATH
Marked as fixed in versions isc-dhcp/4.2.2.dfsg.1-5+deb70u2.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
690532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)

[Ansgar Burchardt]

Julien Cristau jcris...@debian.org writes:
 On Sat, Oct 13, 2012 at 20:56:00 +0200, Ansgar Burchardt wrote:
 Stuart Prescott stu...@debian.org writes:
  Looking at the underscore package in squeeze-backports, it is not possible 
  to 
  build it from source using packages in squeeze+squeeze-backports. In 
  particular, the uglifyjs package (provided by node-uglify in sid) is not 
  in 
  squeeze/squeeze-backports.
 
 I modified the package in backports to not compress the *.js files:
 
 Any chance you could do that for wheezy too?

Sure.  I've attached the debdiff for an upload to wheezy (there's a
newer version in unstable).  The changes are the same as in the
backport.

Ansgar
diff -Nru underscore-1.1.6/debian/changelog underscore-1.1.6/debian/changelog
--- underscore-1.1.6/debian/changelog	2011-04-22 11:30:22.0 +0200
+++ underscore-1.1.6/debian/changelog	2012-10-15 20:48:23.0 +0200
@@ -1,3 +1,10 @@
+underscore (1.1.6-1+deb7u1) wheezy; urgency=low
+
+  * Include uncompressed version of *.js to avoid a build-dependency on
+uglifyjs. (Closes: #679669)
+
+ -- Ansgar Burchardt ans...@debian.org  Mon, 15 Oct 2012 20:46:34 +0200
+
 underscore (1.1.6-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru underscore-1.1.6/debian/control underscore-1.1.6/debian/control
--- underscore-1.1.6/debian/control	2011-04-22 11:25:13.0 +0200
+++ underscore-1.1.6/debian/control	2012-10-15 20:46:31.0 +0200
@@ -5,8 +5,7 @@
 Uploaders: Jonas Smedegaard d...@jones.dk
 Build-Depends: cdbs,
  debhelper (= 6),
- dh-buildinfo,
- uglifyjs
+ dh-buildinfo
 Standards-Version: 3.9.2
 Homepage: http://documentcloud.github.com/underscore/
 Vcs-Git: git://git.debian.org/git/collab-maint/underscore
diff -Nru underscore-1.1.6/debian/rules underscore-1.1.6/debian/rules
--- underscore-1.1.6/debian/rules	2011-04-22 11:30:00.0 +0200
+++ underscore-1.1.6/debian/rules	2012-10-15 20:46:31.0 +0200
@@ -28,7 +28,7 @@
 CDBS_BUILD_DEPENDS_rules_upstream-tarball =
 CDBS_BUILD_DEPENDS_rules_utils_copyright-check =
 
-CDBS_BUILD_DEPENDS += , uglifyjs
+#CDBS_BUILD_DEPENDS += , uglifyjs
 
 DEB_UPSTREAM_URL = http://githubredir.debian.net/github/documentcloud/underscore/
 DEB_UPSTREAM_TARBALL_BASENAME = $(DEB_UPSTREAM_TARBALL_VERSION)
@@ -47,6 +47,7 @@
 
 build/$(libpkgname):: $(js-min)
 $(js-min): debian/%.min.js: $(js-basedir)%.js
-	uglifyjs -o $@ $
+	#uglifyjs -o $@ $
+	ln -sf $ $@
 clean::
 	rm -f debian/*.js

Bug#690532: [pkg-dhcp-devel] Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH

[Michael Gilbert]

control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH

On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote:
 All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the
 samba package is installed, are called with a PATH environment variable
 containing this:

Using the term backdoor is inappropriate and quite misleading as it
implies malicious activity.  The issue is actually a build system
sanitization issue.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: [pkg-dhcp-devel] Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH

[Debian Bug Tracking System]

Processing control commands:

 retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH
Bug #690532 [isc-dhcp-client] CVE-2012-2248: build system paths used in 
-DCLIENT_PATH
Ignoring request to change the title of bug#690532 to the same title

-- 
690532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)

[Julien Cristau]

On Mon, Oct 15, 2012 at 20:59:24 +0200, Ansgar Burchardt wrote:

 Sure.  I've attached the debdiff for an upload to wheezy (there's a
 newer version in unstable).  The changes are the same as in the
 backport.
 
Ack, please go ahead.

Thanks,
Julien


signature.asc
Description: Digital signature

Bug#679669: tpu upload for #679669 (underscore: build-depends on uglifyjs)

[Ansgar Burchardt]

Julien Cristau jcris...@debian.org writes:
 On Mon, Oct 15, 2012 at 20:59:24 +0200, Ansgar Burchardt wrote:
 Sure.  I've attached the debdiff for an upload to wheezy (there's a
 newer version in unstable).  The changes are the same as in the
 backport.
 
 Ack, please go ahead.

Uploaded (without using DELAYED/* as I don't think that matters much for
tpu).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690532: [pkg-dhcp-devel] Bug#690532: Bug#690532: CVE-2012-2248: backdoor for user zero79 due to dhclient’s hook $PATH

[Michael Gilbert]

On Mon, Oct 15, 2012 at 3:01 PM, Michael Gilbert wrote:
 control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH

 On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote:
 All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the
 samba package is installed, are called with a PATH environment variable
 containing this:

 Using the term backdoor is inappropriate and quite misleading as it
 implies malicious activity.  The issue is actually a build system
 sanitization issue.

Also, to be fair, the same conclusions can be drawn on different
architectures for paths like /build/buildd-isc-dhcp-*:
https://buildd.debian.org/status/fetch.php?pkg=isc-dhcparch=i386ver=4.2.4-2stamp=1347600978

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#679669: marked as done (underscore: build-dependency on uglifyjs not satisfiable in wheezy)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 19:17:57 +
with message-id e1tnqan-e7...@franck.debian.org
and subject line Bug#679669: fixed in underscore 1.1.6-1+deb7u1
has caused the Debian Bug report #679669,
regarding underscore: build-dependency on uglifyjs not satisfiable in wheezy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: underscore
Version: 1.1.6-1
Severity: serious

underscore in wheezy build-depends on uglifyjs, which is missing there.
This needs to be fixed before release.

Cheers,
Julien


signature.asc
Description: Digital signature
---End Message---
---BeginMessage---
Source: underscore
Source-Version: 1.1.6-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
underscore, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ansgar Burchardt ans...@debian.org (supplier of updated underscore package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 15 Oct 2012 20:46:34 +0200
Source: underscore
Binary: libjs-underscore
Architecture: all source
Version: 1.1.6-1+deb7u1
Distribution: wheezy
Urgency: low
Maintainer: Debian Javascript Maintainers 
pkg-javascript-de...@lists.alioth.debian.org
Changed-By: Ansgar Burchardt ans...@debian.org
Closes: 679669
Description: 
 libjs-underscore - JavaScript's functional programming helper library
Changes: 
 underscore (1.1.6-1+deb7u1) wheezy; urgency=low
 .
   * Include uncompressed version of *.js to avoid a build-dependency on
 uglifyjs. (Closes: #679669)
Checksums-Sha1: 
 aedd8fed1d76fb40ff4abb1bc97bc34a9fe21345 1996 underscore_1.1.6-1+deb7u1.dsc
 d1454dc7ad55f1456f140ccedbf0d9ad83480b88 4371 
underscore_1.1.6-1+deb7u1.debian.tar.gz
 04c7160635b35a0bb7cad9b62bd2521d3b346911 30832 
libjs-underscore_1.1.6-1+deb7u1_all.deb
Checksums-Sha256: 
 237633fa4b42839d32cea0b3c543e159104fb4064532ac6f909b9a0e0662e24b 1996 
underscore_1.1.6-1+deb7u1.dsc
 e5c3ef98a556569aabd0903ce293015a129b0c4e472852b802ed3ac70f6fc9aa 4371 
underscore_1.1.6-1+deb7u1.debian.tar.gz
 5fb574061083548eaff3e67bbec5750fdfb74486d4a4084592aba29ce2fdc8a4 30832 
libjs-underscore_1.1.6-1+deb7u1_all.deb
Files: 
 5e856b96c104b4bff33df65f9bdef224 1996 web optional 
underscore_1.1.6-1+deb7u1.dsc
 0291f19dbddd0d1436269ff412fec845 4371 web optional 
underscore_1.1.6-1+deb7u1.debian.tar.gz
 22bbdc900c744327ec5f18d02cf94e54 30832 web optional 
libjs-underscore_1.1.6-1+deb7u1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQfF9PAAoJEIATJTTdNH3IOJwP/3uLs0ljk7n6AIqN0Zygv6vP
0/nphCDwnbUwPzPj873aeaSxkrVmZiTjH1TA7d9kaM8Gnhz3D4VUpC0A19FB35EO
bnIy3Z0DxZpUUXupWn8eAZ8C5cjC+Im/m0Aodn4YlKRX0H8j4Ouk3KFbglohubuU
GK9DHkQdPdeNrtoqvzYOatFnbQsEisSIJ+YlaOl/XIc5b2y302eWn5twR7MgBCU1
VlK7HOkUpEXq7WVh3t0PaI3XmzfgfyjFV3EyFEpH9s81v5K7TgBusvlaqZMHs4We
3FKzLtJw3R+Om6gbYoVebpeRudkWoK+NGaIEm2IEeyj0EYWywtm7j3rhT1WfWNDF
AUGae5wRB6Y4q9ovhW3dvM0Nc/4UW9oKeo1Oc1GInhaQLClfgGeTd9SnH1LRtpgI
goNF0FGpUZXBTwf04S2zP9ahN28W5xyQvvYJj3+ZPzr8CEOHucQ/Ixwi57AwT5No
kiKHfN3+RkrbUXJxuOfcEA+1Cs7hrdNw+sRmUYrbGeJN+S5xIc2EoYxJ1LLrj/GI
6OfR77Q8mmq1rHfLy1Si4k6OKWkwVqS1IGCrRD0c3+LZjqPjPokjlmkxa7PfgVxK
svQps3oD9TpDyiKyXm4b2/wfzMkMkmTdy96Ip6wAYxW16lwi5oXbNFPHKQOjcwtl
Nlq9xD4zBT89fIBw/wqv
=o8+t
-END PGP SIGNATUREEnd Message---

Bug#690532: marked as done (CVE-2012-2248: build system paths used in -DCLIENT_PATH)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 19:17:47 +
with message-id e1tnqad-bb...@franck.debian.org
and subject line Bug#690532: fixed in isc-dhcp 4.2.4-3
has caused the Debian Bug report #690532,
regarding CVE-2012-2248: build system paths used in -DCLIENT_PATH
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690532: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: isc-dhcp-client
Version: 4.2.2.dfsg.1-5
Severity: critical
Tags: security patch


While debugging another issue, Mithrandir, mbiebl and I stumbled upon
the following:

All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as samba when the
samba package is installed, are called with a PATH environment variable
containing this:

PATH=/home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin:/sbin:/bin:/usr/sbin:/usr/bin

Since hooks (at least samba) can call arbitrary commands and are
running as uid 0 (root), this poses a security issue when the following
assumptions are true:

1. The system you want to exploit has samba installed (or any other
   package which comes with a dhclient-enter-hook).
2. The attacker has the possibility of obtaining the username zero79
   and thus can create executable files in
   /home/zero79/source/git/isc-dhcp/debian/tmp/usr/sbin
3. The DHCP hook needs to be called to trigger the exploit, which
   happens at least on system start or after /etc/init.d/networking
   restart, possibly also when just renewing the dhcp-lease
   (unverified).

Here is a demonstration of this issue:

zero79@squeezevm:~$ id -a
uid=1001(zero79) gid=1001(zero79) groups=1001(zero79)
zero79@squeezevm:~$ mkdir -p source/git/isc-dhcp/debian/tmp/usr/sbin
zero79@squeezevm:~$ cat source/git/isc-dhcp/debian/tmp/usr/sbin/mv 'EOF'
#!/bin/sh
echo my script is run as: $(whoami) $(id -a)  /tmp/exploited
EOF
zero79@squeezevm:~$ chmod +x source/git/isc-dhcp/debian/tmp/usr/sbin/mv
root@squeezevm:~# /etc/init.d/networking restart
Restarting networking (via systemctl): networking.service.
root@squeezevm:~# ls -hltr /tmp
total 8.0K
-rw-r--r-- 1 root root 966 Oct 14 13:42 samba
-rw-r--r-- 1 root root  65 Oct 14 14:02 exploited
root@squeezevm:~# cat /tmp/exploited 
my script is run as: root uid=0(root) gid=0(root) groups=0(root)

At this point, zero79 has root access to the system.

Raphael Geissert has resolved this issue in a timely fashion, his
statement follows and his patch is attached:

 The insertion of that path does not appear to be malicious. Rather, it 
 appears to be a mistake in debian/rules as --prefix is set to 
 $(pwd)/debian/tmp/, instead of setting DESTDIR when calling make 
 install. client/Makefile.am defines CLIENT_PATH to 
 PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin, which is later injected 
 into the env.

 Due to what appears to be a bug in squeeze's Makefile.am, squeeze is not 
 affected.

 Attached patch fixes the problem.

 Since I've already built the package for wheezy, I'm going to upload it. 

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: armel
i386

Kernel: Linux 3.5.0 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages isc-dhcp-client depends on:
ii  debianutils  4.3.2
ii  iproute  20120521-3
ii  isc-dhcp-common  4.2.2.dfsg.1-5
ii  libc62.13-35

isc-dhcp-client recommends no packages.

Versions of packages isc-dhcp-client suggests:
pn  avahi-autoipd  none
pn  resolvconf none

-- no debconf information
diff -Nru isc-dhcp-4.2.2.dfsg.1/debian/rules isc-dhcp-4.2.2.dfsg.1/debian/rules
--- isc-dhcp-4.2.2.dfsg.1/debian/rules	2012-09-17 16:48:31.0 -0500
+++ isc-dhcp-4.2.2.dfsg.1/debian/rules	2012-10-14 15:12:29.0 -0500
@@ -39,8 +39,8 @@
 	dh_testdir
 
 	./configure \
-		--prefix=$(DESTDIR)/usr \
-		--sysconfdir=$(DESTDIR)/etc/dhcp \
+		--prefix=/usr \
+		--sysconfdir=/etc/dhcp \
 		--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
 		--with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
 		--with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
@@ -67,8 +67,8 @@
 	dh_testdir
 
 	./configure \
-		--prefix=$(DESTDIR)/usr \
-		--sysconfdir=$(DESTDIR)/etc/dhcp \
+		--prefix=/usr \
+		--sysconfdir=/etc/dhcp \
 		--with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
 		--with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
 		--with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
@@ -99,7 +99,7 @@
 	dh_installdirs -A
 
 	# Add here 

Processed: xserver-xorg-input-tslib unusable

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 severity 674821 grave
Bug #674821 [xserver-xorg-input-tslib] xserver-xorg-input-tslib: undefined 
symbol: xf86XInputSetScreen reported when X loads tslib_drv.so
Severity set to 'grave' from 'important'
 thank
Stopping processing here.

Please contact me if you need assistance.
-- 
674821: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: retitle 576972 to libatlas3-base: when the LAPACK alternative points to ATLAS, the BLAS alternative should always point to ATLAS

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 retitle 576972 libatlas3-base: when the LAPACK alternative points to ATLAS, 
 the BLAS alternative should always point to ATLAS
Bug #576972 [libatlas3gf-base] libatlas3gf-base: octave does not work with this 
version
Bug #598638 [libatlas3gf-base] lapack: update-alternatives breaks application 
linking
Bug #624318 [libatlas3gf-base] Subject: liblapack.so.3gf: undefined symbol: 
ATL_dGetNB
Bug #638236 [libatlas3gf-base] /usr/lib/liblapack.so.3gf: undefined symbol: 
ATL_chem
Bug #676726 [libatlas3gf-base] libopenblas-base, libatlas3-base: Coinstalling 
libatlas3-base and libopenblas-base breaks LAPACK
Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to 
ATLAS, the BLAS alternative should always point to ATLAS' from 
'libatlas3gf-base: octave does not work with this version'
Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to 
ATLAS, the BLAS alternative should always point to ATLAS' from 'lapack: 
update-alternatives breaks application linking'
Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to 
ATLAS, the BLAS alternative should always point to ATLAS' from 'Subject: 
liblapack.so.3gf: undefined symbol: ATL_dGetNB'
Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to 
ATLAS, the BLAS alternative should always point to ATLAS' from 
'/usr/lib/liblapack.so.3gf: undefined symbol: ATL_chem'
Changed Bug title to 'libatlas3-base: when the LAPACK alternative points to 
ATLAS, the BLAS alternative should always point to ATLAS' from 
'libopenblas-base, libatlas3-base: Coinstalling libatlas3-base and 
libopenblas-base breaks LAPACK'
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
576972: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576972
598638: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598638
624318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624318
638236: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638236
676726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676726
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: limit source to gnumed-client, tagging 685351

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 #gnumed-client (1.1.17+dfsg-1) unstable; urgency=low
 #
 #  * debian/JS: Provide source code of remaining JavaScript files
 #Closes: #685351
 #
 limit source gnumed-client
Limiting to bugs with field 'source' containing at least one of 'gnumed-client'
Limit currently set to 'source':'gnumed-client'

 tags 685351 + pending
Bug #685351 [src:gnumed-client] src:gnumed-client: Missing source code for *.js 
files
Added tag(s) pending.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
685351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685351
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#685351: marked as done (src:gnumed-client: Missing source code for *.js files)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 20:47:35 +
with message-id e1tnrzx-0001pk...@franck.debian.org
and subject line Bug#685351: fixed in gnumed-client 1.1.17+dfsg-1
has caused the Debian Bug report #685351,
regarding src:gnumed-client: Missing source code for *.js files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
685351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685351
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: src:gnumed-client
Version: 1.1.17-1
Severity: serious
Justification: Policy 2.1

gnumed-doc installs
/usr/share/doc/gnumed/user-manual/rsrc/System/JSTreeContrib/jquery.jstree.js.
However, the file is present in the source package without source
code. Instructions on which tools were used to create it are also
missing. And the lack of copyright notices probably renders the
package non-distributable.

All or most of these issues seem to apply to other javascript files in
the package (like jquery.foswiki.js).
---End Message---
---BeginMessage---
Source: gnumed-client
Source-Version: 1.1.17+dfsg-1

We believe that the bug you reported is fixed in the latest version of
gnumed-client, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 685...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille ti...@debian.org (supplier of updated gnumed-client package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 15 Oct 2012 12:37:29 +0200
Source: gnumed-client
Binary: gnumed-client gnumed-client-de gnumed-common gnumed-doc
Architecture: source all
Version: 1.1.17+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Med Packaging Team 
debian-med-packag...@lists.alioth.debian.org
Changed-By: Andreas Tille ti...@debian.org
Description: 
 gnumed-client - medical practice management - Client
 gnumed-client-de - medical practice management - Client for German users
 gnumed-common - medical practice management - common files
 gnumed-doc - medical practice management - Documentation
Closes: 685351
Changes: 
 gnumed-client (1.1.17+dfsg-1) unstable; urgency=low
 .
   * debian/copyright: Document what JavaSource files are removed from
 upstream tarball
   * debian/README.source: Document that some JavaScript files were removed
 and some were provided as source
   * debian/JS: Provide source code of remaining JavaScript files
 Closes: #685351
   * debian/dh_linktrees: deleted because dh_linktrees tries to work on
 files which are removed now - rather use dh_links instead
Checksums-Sha1: 
 10bb08ed0f0d4d05b59b29855c71d2d215f74829 1683 gnumed-client_1.1.17+dfsg-1.dsc
 56a29eeaae923622b407e05157f9c96c84262e8b 5387020 
gnumed-client_1.1.17+dfsg.orig.tar.xz
 fd58d043d3c1b15fc95b061ab8efb4afd60db28b 33090 
gnumed-client_1.1.17+dfsg-1.debian.tar.gz
 0b482575a635b0f9c6e81f8579e16ab0497db9ab 1506650 
gnumed-client_1.1.17+dfsg-1_all.deb
 d6bbe476153c43b64eb920027e00368d52c954d8 15910 
gnumed-client-de_1.1.17+dfsg-1_all.deb
 1e24d7e76349ee7ff57d6f9a3a44a41e1c9cfcd7 137188 
gnumed-common_1.1.17+dfsg-1_all.deb
 32785392c235f9cde07fb407b3fcea14c977d7c2 1053944 
gnumed-doc_1.1.17+dfsg-1_all.deb
Checksums-Sha256: 
 e82cb58c193edb93b1a09afb157dd4f3ec14ad95e88859fb79554b279cbb0f48 1683 
gnumed-client_1.1.17+dfsg-1.dsc
 1a9437740a6d969a1158a858a0d2b985e0dd9e5bae8e1341059cbfbd59d90557 5387020 
gnumed-client_1.1.17+dfsg.orig.tar.xz
 e18e88d97efab0294b4da7219756be98ba20098e5cff801fa1b7ef2ceaa65722 33090 
gnumed-client_1.1.17+dfsg-1.debian.tar.gz
 eba73772a0e9c00eba9267d1ea3c28bcc3803abd29dc9bbeda07e284941a9b9e 1506650 
gnumed-client_1.1.17+dfsg-1_all.deb
 9e79f029f958531d651cd78081f3055b30900852669c59b4108d81030b926665 15910 
gnumed-client-de_1.1.17+dfsg-1_all.deb
 2f50bea3c186df498f1e9ce05b9d51d622aa60d8aebdb91152359fec4fa4ee97 137188 
gnumed-common_1.1.17+dfsg-1_all.deb
 ca2512d4298d1c588bad01bf929d2af9dc9b072090da19468d2febdd6d3d9ad7 1053944 
gnumed-doc_1.1.17+dfsg-1_all.deb
Files: 
 86b7dea626886fe769e96950630ec1e4 1683 misc optional 
gnumed-client_1.1.17+dfsg-1.dsc
 c2edee90656b87fbe70c75a6f1a9061a 5387020 misc optional 
gnumed-client_1.1.17+dfsg.orig.tar.xz
 

Bug#680816: marked as done (libcatalyst-plugin-unicode-encoding-perl: FTBFS: tests failed)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 21:17:38 +
with message-id e1tns2c-0003f5...@franck.debian.org
and subject line Bug#680816: fixed in libcatalyst-perl 5.90015-1
has caused the Debian Bug report #680816,
regarding libcatalyst-plugin-unicode-encoding-perl: FTBFS: tests failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
680816: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: libcatalyst-plugin-unicode-encoding-perl
Version: 1.7-1
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20120708 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
 make[1]: Entering directory `/«PKGBUILDDIR»'
 PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e 
 test_harness(0, 'inc', 'blib/lib', 'blib/arch') t/*.t
 t/01use.t . ok
 t/04live.t  ok
 t/05config.t .. ok
 t/06request_decode.t .. ok
 t/07nested_params.t ... skipped: Need Catalyst::Plugin::Params::Nested
 
 #   Failed test at t/08charset_utf8.t line 21.
 #  got: '2'
 # expected: '1'
 
 #   Failed test at t/08charset_utf8.t line 26.
 #  got: '2'
 # expected: '1'
 # Looks like you failed 2 tests of 7.
 t/08charset_utf8.t  
 Dubious, test returned 2 (wstat 512, 0x200)
 Failed 1/6 test programs. 2/52 subtests failed.
 Failed 2/7 subtests 
 
 Test Summary Report
 ---
 t/08charset_utf8.t  (Wstat: 512 Tests: 7 Failed: 2)
   Failed tests:  4, 6
   Non-zero exit status: 2
 Files=6, Tests=52,  3 wallclock secs ( 0.04 usr  0.03 sys +  3.26 cusr  0.31 
 csys =  3.64 CPU)
 Result: FAIL
 make[1]: *** [test_dynamic] Error 2

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2012/07/08/libcatalyst-plugin-unicode-encoding-perl_1.7-1_unstable.log

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on EC2 VM instances from
Amazon Web Services, using a clean, minimal and up-to-date chroot. Every
failed build was retried once to eliminate random failures.


---End Message---
---BeginMessage---
Source: libcatalyst-perl
Source-Version: 5.90015-1

We believe that the bug you reported is fixed in the latest version of
libcatalyst-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 680...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
intrigeri intrig...@debian.org (supplier of updated libcatalyst-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 17 Jul 2012 19:10:37 -0500
Source: libcatalyst-perl
Binary: libcatalyst-perl
Architecture: source all
Version: 5.90015-1
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org
Changed-By: intrigeri intrig...@debian.org
Description: 
 libcatalyst-perl - elegant Model-View-Controller Web Application Framework
Closes: 680816 681422 681423 681425 683656
Changes: 
 libcatalyst-perl (5.90015-1) unstable; urgency=low
 .
   * Team upload.
 .
   [ Jotam Jr. Trejo ]
   * Imported Upstream version 5.90015
 - fixes the FTBFS in libtest-www-mechanize-catalyst-perl (Closes: #681422)
 - fixes Catalyst-Plugin-StackTrace (Closes: #681423)
 - fixes Catalyst-Plugin-Session-State-Cookie (Closes: #681425)
 - fixes Catalyst-Plugin-Unicode-Encoding (Closes: #680816)
   * Added myself to Uploaders and Copyright
 .
   [ intrigeri ]
   * Drop erroneous and harmful Conflicts/Provides/Replaces
 on libcatalyst-controller-actionrole-perl.
 Closes: #683656
   * Add Breaks on libcatalystx-simplelogin-perl ( 0.17) and
 libcatalyst-actionrole-acl-perl ( 0.07).
Checksums-Sha1: 
 6be47cedd46ec974b8dd265c0642f18ec6273eac 3798 libcatalyst-perl_5.90015-1.dsc
 a0f844ae404fa98a29aaceef7948cf34af46f8af 273978 
libcatalyst-perl_5.90015.orig.tar.gz
 26c5ee47532d80c55642b97b0db694dfcc6fc3a8 9112 
libcatalyst-perl_5.90015-1.debian.tar.xz
 

Bug#683656: marked as done (libcatalyst-perl: Drop erroneous and harmful Conflicts/Provides/Replaces on libcatalyst-controller-actionrole-perl)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 21:17:38 +
with message-id e1tns2c-0003fp...@franck.debian.org
and subject line Bug#683656: fixed in libcatalyst-perl 5.90015-1
has caused the Debian Bug report #683656,
regarding libcatalyst-perl: Drop erroneous and harmful 
Conflicts/Provides/Replaces on libcatalyst-controller-actionrole-perl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
683656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683656
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libcatalyst-controller-actionrole-perl
Version: 0.15-1
Severity: serious
Tags: sid
Justification: uninstallable in sid
User: debian...@lists.debian.org
Usertags: piuparts


Hi,

libcatalyst-controller-actionrole-perl is no longer installable in sid
as it was merged into libcatalyst-perl [1].

The upgrade path shoudl work without transitional packages since
* old libcatalyst-controller-actionrole-perl Depends: libcatalyst-perl
* new libcatalyst-perl Conflicts/Replaces/Provides
libcatalyst-controller-actionrole-perl

I'm not sure what would happen in wheezy if this package is removed from
sid right now - are there enough rdepends to keep it in wheezy?


[1] 
http://packages.qa.debian.org/libc/libcatalyst-perl/news/20120626T041806Z.html

Andreas
---End Message---
---BeginMessage---
Source: libcatalyst-perl
Source-Version: 5.90015-1

We believe that the bug you reported is fixed in the latest version of
libcatalyst-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 683...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
intrigeri intrig...@debian.org (supplier of updated libcatalyst-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 17 Jul 2012 19:10:37 -0500
Source: libcatalyst-perl
Binary: libcatalyst-perl
Architecture: source all
Version: 5.90015-1
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group pkg-perl-maintain...@lists.alioth.debian.org
Changed-By: intrigeri intrig...@debian.org
Description: 
 libcatalyst-perl - elegant Model-View-Controller Web Application Framework
Closes: 680816 681422 681423 681425 683656
Changes: 
 libcatalyst-perl (5.90015-1) unstable; urgency=low
 .
   * Team upload.
 .
   [ Jotam Jr. Trejo ]
   * Imported Upstream version 5.90015
 - fixes the FTBFS in libtest-www-mechanize-catalyst-perl (Closes: #681422)
 - fixes Catalyst-Plugin-StackTrace (Closes: #681423)
 - fixes Catalyst-Plugin-Session-State-Cookie (Closes: #681425)
 - fixes Catalyst-Plugin-Unicode-Encoding (Closes: #680816)
   * Added myself to Uploaders and Copyright
 .
   [ intrigeri ]
   * Drop erroneous and harmful Conflicts/Provides/Replaces
 on libcatalyst-controller-actionrole-perl.
 Closes: #683656
   * Add Breaks on libcatalystx-simplelogin-perl ( 0.17) and
 libcatalyst-actionrole-acl-perl ( 0.07).
Checksums-Sha1: 
 6be47cedd46ec974b8dd265c0642f18ec6273eac 3798 libcatalyst-perl_5.90015-1.dsc
 a0f844ae404fa98a29aaceef7948cf34af46f8af 273978 
libcatalyst-perl_5.90015.orig.tar.gz
 26c5ee47532d80c55642b97b0db694dfcc6fc3a8 9112 
libcatalyst-perl_5.90015-1.debian.tar.xz
 28c87c3a7023b8a0bafe0743700d23a61f39ce90 282924 
libcatalyst-perl_5.90015-1_all.deb
Checksums-Sha256: 
 2745653983150329b9518c805dd7d28dcfb361027fbca7e9860125c8bd79d351 3798 
libcatalyst-perl_5.90015-1.dsc
 f7ffc991ee3b50ef2153156f96586421bab14d0d01e6ec83095b047c79defc3a 273978 
libcatalyst-perl_5.90015.orig.tar.gz
 f35e7e756ca4ce37615eab43a537a3a38ce401bb206ed60a5dd5370d858a024b 9112 
libcatalyst-perl_5.90015-1.debian.tar.xz
 b7dbc2f6cb99f450983e4acf4c95fec3d480c71485379c6100fe41659af016d0 282924 
libcatalyst-perl_5.90015-1_all.deb
Files: 
 9b8734ac249616364536850b26c58c72 3798 perl optional 
libcatalyst-perl_5.90015-1.dsc
 1a9698eeac5e5c958df5d509c2a342c6 273978 perl optional 
libcatalyst-perl_5.90015.orig.tar.gz
 ad7d51011a11980d288d3084e60d5034 9112 perl optional 
libcatalyst-perl_5.90015-1.debian.tar.xz
 cef21c5d892429eb3227009e8bc09068 282924 perl optional 
libcatalyst-perl_5.90015-1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

Bug#674324: marked as done (ruby-net-sftp: FTBFS: test failed)

[Debian Bug Tracking System]

Your message dated Mon, 15 Oct 2012 21:36:30 +
with message-id e1tnsks-000861...@franck.debian.org
and subject line Bug#674324: fixed in ruby-net-sftp 1:2.0.5-3
has caused the Debian Bug report #674324,
regarding ruby-net-sftp: FTBFS: test failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
674324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674324
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: ruby-net-sftp
Version: 1:2.0.5-2
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20120524 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
  fakeroot debian/rules binary
 dh binary --buildsystem=ruby --with ruby
dh_testroot -O--buildsystem=ruby
dh_prep -O--buildsystem=ruby
dh_installdirs -O--buildsystem=ruby
dh_auto_install -O--buildsystem=ruby
   Entering dh_ruby --install
 install -d /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby
 install -D -m644 lib/net/sftp.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp.rb
 install -D -m644 lib/net/sftp/constants.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/constants.rb
 install -D -m644 lib/net/sftp/version.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/version.rb
 install -D -m644 lib/net/sftp/request.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/request.rb
 install -D -m644 lib/net/sftp/operations/download.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/download.rb
 install -D -m644 lib/net/sftp/operations/dir.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/dir.rb
 install -D -m644 lib/net/sftp/operations/file_factory.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/file_factory.rb
 install -D -m644 lib/net/sftp/operations/upload.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/upload.rb
 install -D -m644 lib/net/sftp/operations/file.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/operations/file.rb
 install -D -m644 lib/net/sftp/response.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/response.rb
 install -D -m644 lib/net/sftp/packet.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/packet.rb
 install -D -m644 lib/net/sftp/protocol.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol.rb
 install -D -m644 lib/net/sftp/protocol/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/base.rb
 install -D -m644 lib/net/sftp/protocol/03/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/03/base.rb
 install -D -m644 lib/net/sftp/protocol/04/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/04/base.rb
 install -D -m644 lib/net/sftp/protocol/04/name.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/04/name.rb
 install -D -m644 lib/net/sftp/protocol/04/attributes.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/04/attributes.rb
 install -D -m644 lib/net/sftp/protocol/01/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/01/base.rb
 install -D -m644 lib/net/sftp/protocol/01/name.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/01/name.rb
 install -D -m644 lib/net/sftp/protocol/01/attributes.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/01/attributes.rb
 install -D -m644 lib/net/sftp/protocol/06/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/06/base.rb
 install -D -m644 lib/net/sftp/protocol/06/attributes.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/06/attributes.rb
 install -D -m644 lib/net/sftp/protocol/02/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/02/base.rb
 install -D -m644 lib/net/sftp/protocol/05/base.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/protocol/05/base.rb
 install -D -m644 lib/net/sftp/errors.rb 
 /«PKGBUILDDIR»/debian/ruby-net-sftp/usr/lib/ruby/vendor_ruby/net/sftp/errors.rb
 install -D -m644 lib/net/sftp/session.rb 
 

Processed: Re: Bug#689221: installation-reports: QNAP TS-409U does not reboot after installation

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 reassign 689221 mdadm
Bug #689221 [installation-reports] installation-reports: QNAP TS-409U does not 
reboot after installation
Bug reassigned from package 'installation-reports' to 'mdadm'.
Ignoring request to alter found versions of bug #689221 to the same values 
previously set
Ignoring request to alter fixed versions of bug #689221 to the same values 
previously set
 found 689221 3.1.4-1+8efb9d1+squeeze1
Bug #689221 [mdadm] installation-reports: QNAP TS-409U does not reboot after 
installation
Marked as found in versions mdadm/3.1.4-1+8efb9d1+squeeze1.
 forcemerge 621786 689221
Bug #621786 [mdadm] mdadm: invalid pointer or memory corruption on armel system 
when accessing mtdblock devices
Bug #689221 [mdadm] installation-reports: QNAP TS-409U does not reboot after 
installation
Severity set to 'critical' from 'important'
There is no source info for the package 'mdadm' at version '3.1.4.1-0' with 
architecture ''
Unable to make a source version for version '3.1.4.1-0'
Marked as found in versions 3.1.4.1-0.
Added tag(s) moreinfo.
Bug #621786 [mdadm] mdadm: invalid pointer or memory corruption on armel system 
when accessing mtdblock devices
There is no source info for the package 'mdadm' at version '3.1.4.1-0' with 
architecture ''
Unable to make a source version for version '3.1.4.1-0'
Marked as found in versions mdadm/3.1.4-1+8efb9d1+squeeze1.
Merged 621786 689221
 usertags 621786 + pca.it-installation
User is l...@pca.it
There were no usertags set.
Usertags are now: pca.it-installation.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
621786: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621786
689221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689221
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690594: tasksel: execution aborted due to compilation errors

[Raphael Geissert]

Package: tasksel
Version: 3.13
Severity: serious

Hi,

After upgrading from tasksel 2.89, I get the following error:

$ tasksel --help
Type of arg 1 to each must be hash (not subroutine entry) at /usr/bin/tasksel 
line 223, near ))
Execution of /usr/bin/tasksel aborted due to compilation errors.

Seems like you should 'use 5.014' and/or have a versioned Depends on
perl-base.

Cheers,
Raphael Geissert

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
Architecture: i386 (i686)

Shell: /bin/sh linked to /bin/dash

Versions of packages tasksel depends on:
ii  apt 0.8.15.10
ii  debconf [debconf-2.0]   1.5.38
ii  liblocale-gettext-perl  1.05-6
ii  tasksel-data3.13

tasksel recommends no packages.

tasksel suggests no packages.

-- debconf information:
  tasksel/title:
  tasksel/desktop: gnome
  tasksel/first: Laptop, Standard system
  tasksel/tasks:


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684535: ping for unblock (hyperestraier: FTBFS on s390x)

[Satoru KURASHIKI]

hi,

On Fri, Oct 12, 2012 at 9:16 AM, Hideki Yamane henr...@debian.or.jp wrote:
 Hi,

  Have you already asked for unblock?

I haven't yet, I should clear up some tasks about this.

regards,
-- 
KURASHIKI Satoru


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#685970: openjpeg: CVE-2012-3535

[Michael Gilbert]

I've uploaded an nmu to delayed/2 fixing this issue.  See attached
patch diffed against testing and includes the multiarch conversion as
well.

Best wishes,
Mike


openjpeg.patch
Description: Binary data

Bug#690142: remote named DoS on recursor (CVE-2012-5166)

[Michael Gilbert]

Hi, I've canceled this nmu. There were a lot of Makefile and other
files unrelated to the security fix that got included vs -4.2.  Also,
an nmu requirement is to attach the full diff to the bug report to
help the maintainer out later.

Best wishes,
Mike


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684535: ping for unblock (hyperestraier: FTBFS on s390x)

[Hideki Yamane]

user debian-de...@debian.or.jp
usertags 684535 debianjp
thanks


On Tue, 16 Oct 2012 08:53:08 +0900
Satoru KURASHIKI lur...@gmail.com wrote:
 I haven't yet, I should clear up some tasks about this.

 Okay, please let me know if it'd be okay.


-- 
Regards,

 Hideki Yamane henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690632: solarpowerlog: bashism in /bin/sh script

[Raphael Geissert]

Package: solarpowerlog
Version: 0.23a-1
Severity: serious
User: debian-rele...@lists.debian.org
Usertags: goal-dash

Hello maintainer,

While performing an archive wide checkbashisms (from the 'devscripts' 
package) check I've found your package containing a /bin/sh script making 
use of a bashism.

checkbashisms' output:
possible bashism in ./etc/init.d/solarpowerlog line 59 (alternative test 
command ([[ foo ]] should be [ foo ])):
[[ ! -e $PIDDIR ]]  mkdir -p $PIDDIR  chown $USER $PIDDIR
possible bashism in ./etc/init.d/solarpowerlog line 63 (alternative test 
command ([[ foo ]] should be [ foo ])):
[[ ! -e $LOGDIR ]]  mkdir -p $LOGDIR  chown $USER $LOGDIR

Not using bash (or a Debian Policy conformant shell interpreter which 
doesn't provide such an extra feature) as /bin/sh is likely to lead to 
errors or unexpected behaviours.

You can find hints about how to fix bashisms at:
https://wiki.ubuntu.com/DashAsBinSh

Thank you,
Raphael Geissert


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#690556: marked as done (condor: CVE-2012-4462)

[Debian Bug Tracking System]

Your message dated Tue, 16 Oct 2012 07:47:04 +0200
with message-id 20121016054704.ga20...@inutil.org
and subject line Re: [condor-debian] Bug#690556: condor: CVE-2012-4462
has caused the Debian Bug report #690556,
regarding condor: CVE-2012-4462
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
690556: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690556
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: condor
Severity: grave
Tags: security patch
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for
details and a patch.

Cheers,
Moritz
---End Message---
---BeginMessage---
On Mon, Oct 15, 2012 at 10:46:02AM -0500, Jaime Frey wrote:
 On Oct 15, 2012, at 9:01 AM, Moritz Muehlenhoff j...@inutil.org wrote:
 
  Package: condor
  Severity: grave
  Tags: security patch
  Justification: user security hole
  
  Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4462 for
  details and a patch.
 
 
 This bug only affects the Aviary contrib module, which isn't built in the 
 Debian condor package. 

Thanks, I'll update the Debian Security Tracker.

Cheers,
Moritz---End Message---

Bug#690655: RM: openvas2 [wheezy] -- RoM; abandoned-upstream

[Javier Fernández-Sanguino Peña]

Package: release.debian.org
Version: N/A
Priority: grave
Tags: rm

I would like to request the Release Managers to remove *all* of the OpenVAS
2.x packages from the current testing distribution. This includes the
following packages:

- libopenvas2 /  libopenvas2-dev (version 2.0.4-2.1)
- libopenvasnasl2 / libopenvasnasl2-dev (version 2.0.2-2.1)
- openvas-client (version 2.0.5-1.1)
- openvas-plugins-base / openvas-plugins-dfsg (version 1:20100705-2)
- openvas-server / openvas-server-dev (version 2.0.3-6)

In addition, please also remove the following package:

 - harden-remoteaudit: it depends on openvas-server (I have sent 
   a bug to the package to update this dependency)

Support for OpenVAS 2 was discontinued last year [2]. Providing
OpenVAS 2 to our Debian 'stable' users in our upcoming release is not
really a good idea. Even though the scanner/client works 'as it is',
users will not be able to download new plugins for this release from
the OpenVAs servers and it will not be possible for them to find
recent vulnerabilities in hosts they scan.

For the last  2 years I have provided experimental versions of OpenVAS
3, which seem to have not received to much attention from users. In
any case since that version is also going to be discontinued upstream.
Since the latest OpenVAS release is version 5 [1]  (released May this
year) I will work towards providing OpenVAS 5 in our unstable
distribution. And, once available, will try to make backports
available for Wheezy too.

Removing the OpenVAS 2 packages from testing simplifies handling
upgrades to the newer version and also installations of the backports
of OpenVAS 5 packages in Wheezy.

Regards

Javier


signature.asc
Description: Digital signature