Bug#751498: closed by Laszlo Boszormenyi (GCS) g...@debian.org (Bug#751498: fixed in python-greenlet 0.4.5-1)
Hi Bálint, On Fri, Dec 19, 2014 at 10:21 PM, Balint Reczey bal...@balintreczey.hu wrote: On Sat, 15 Nov 2014 13:49:10 +0100 Ivo De Decker iv...@debian.org wrote: The arm* build failure is fixed by this patch from ubuntu (tested on abel): http://patches.ubuntu.com/p/python-greenlet/python-greenlet_0.4.2-1ubuntu1.patch T-p-u sounds a bit better, do you plan going this way? If you don't have time now I would happily fix this in an NMU. I've updated the package[1]. Can someone test it on any ARM architecture to see if it builds correctly? Will ask the Release Team for a t-p-u upload. Thanks, Laszlo/GCS [1] dget -x http://www.barcikacomp.hu/gcs/python-greenlet_0.4.2-2.dsc -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 772811
Processing commands for cont...@bugs.debian.org: tags 772811 + pending Bug #772811 {Done: Willi Mann wi...@debian.org} [unrtf] unrtf: CVE-2014-9274 CVE-2014-9275 Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 772811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772811 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: found 772811 in unrtf/0.21.5-1
Processing commands for cont...@bugs.debian.org: found 772811 unrtf/0.21.5-1 Bug #772811 {Done: Willi Mann wi...@debian.org} [unrtf] unrtf: CVE-2014-9274 CVE-2014-9275 Marked as found in versions unrtf/0.21.5-1. thanks Stopping processing here. Please contact me if you need assistance. -- 772811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772811 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773359: archs list
For clarity I used the list from: http://en.wikipedia.org/wiki/Threading_Building_Blocks#Systems_supported and https://software.intel.com/sites/products/collateral/hpc/tbb/Intel_tbb4_product_brief.pdf [...] Portability—Intel® TBB is validated and commercially supported on Windows*, Linux*, and Mac OS* X platforms, using multiple compilers. It is also available on FreeBSD*, IA Solaris*, XBox* 360, and PowerPC-based systems via the open source community. [...] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
Hello Barak, On Thu, 18 Dec 2014, Barak A. Pearlmutter wrote: ettercap (1:0.8.1-3) unstable; urgency=high . * Patch a bunch of security vulnerabilities (closes: #773416) Thanks for the prompt reaction. ettercap is also in Squeeze and thus covered by our LTS initiative. Do you feel like providing a fixed package for Squeeze? If yes, please have a look at http://wiki.debian.org/LTS/Development but note that if you provide the fixed package and send a mail to debian-...@lists.debian.org, someone will gladly do the administrative part of the work for you. Thanks! -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773463: marked as done (jasper: CVE-2014-8137 CVE-2014-8138)
Your message dated Mon, 22 Dec 2014 09:49:34 + with message-id e1y2zcm-0002wl...@franck.debian.org and subject line Bug#773463: fixed in jasper 1.900.1-debian1-2.3 has caused the Debian Bug report #773463, regarding jasper: CVE-2014-8137 CVE-2014-8138 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: jasper Version: 1.900.1-7 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for jasper. CVE-2014-8137[0]: double-free in in jas_iccattrval_destroy() CVE-2014-8138[1]: heap overflow in jp2_decode() If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8137 [1] https://security-tracker.debian.org/tracker/CVE-2014-8138 [2] http://www.ocert.org/advisories/ocert-2014-012.html Regards, Salvatore ---End Message--- ---BeginMessage--- Source: jasper Source-Version: 1.900.1-debian1-2.3 We believe that the bug you reported is fixed in the latest version of jasper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso car...@debian.org (supplier of updated jasper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 20 Dec 2014 08:42:19 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-debian1-2.3 Distribution: unstable Urgency: high Maintainer: Roland Stigge sti...@antcom.de Changed-By: Salvatore Bonaccorso car...@debian.org Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Closes: 773463 Changes: jasper (1.900.1-debian1-2.3) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Add 05-CVE-2014-8137.patch patch. CVE-2014-8137: double-free in in jas_iccattrval_destroy(). (Closes: #773463) * Add 06-CVE-2014-8138.patch patch. CVE-2014-8138: heap overflow in jp2_decode(). (Closes: #773463) Checksums-Sha1: f23cea82d64d7e2acc330ec6de54f68c403ef1e7 1927 jasper_1.900.1-debian1-2.3.dsc cbb3b585cb0d72a459d076c21f1ad569931bcbcf 28632 jasper_1.900.1-debian1-2.3.debian.tar.xz Checksums-Sha256: 0dcecadbe4a969c764814399c75a7d2b18bea52125a250915e5e9d78bb09e37e 1927 jasper_1.900.1-debian1-2.3.dsc ca5afbcb803a756ac35e060753f412bbd2d044c39e9af97c29000932f76d86c4 28632 jasper_1.900.1-debian1-2.3.debian.tar.xz Files: 5bba53e10d4ac1009eea3f9f1333c9f8 1927 graphics optional jasper_1.900.1-debian1-2.3.dsc b323f814a3d367e471451b1c47175bd9 28632 graphics optional jasper_1.900.1-debian1-2.3.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUl+P+AAoJEAVMuPMTQ89EICwQAJsGQukkB4b5lcX8yLgabJGg 6Q5MjjPlZvZ1KtbB6yIymrBKHh1kMdTZlL5YcIk7gJBigQBxQ671WqsFlItl4AD9 wSRx2C2tbdbXWhKXh55iTMKdThRN85QgnKiFq/hm5dFrnRYTXFYWfUvmLS/KHA6n jFhK/7wXsmnNQ8hUcff8w965sQEsY22I8X3fku131U0rO78oGzm/KrOPX2Lt35xP HBhLEIMY3kCs5MjHhA6p/+qNI8wB+j7mueT0TQlSqEaYRzGYzBpo2lRPe9RhqUup lGbpQEQDJSAgh0ZKETp4+sut1XAKcELVw3pEaRIxtL++mJcKN6uJUJFnVSdzfpnr 5jEab/N++AnDzpFntd12Gh+kWpi5KV9PtFDa+aaiDxfmFYV4ZCHwbw6laVjwfZLS X2oT1QFLQv4Gb8KOPZridts0D+bCgKk7ehOwFXDTYkbBIGZa5AS4hWuB+REWo7UL Gn3aGJimcoIGL1yEF2c0alLKGC6L6NIRGyfKRWRm4nWpY7sSdcE9QOm/bYE0QVY2 +1U4dfNan9uJO9r3QnLpeDtFrrdSPpJ1P3RPLx7pmdxeSbR7ygL4w4ZGFG2GZUU1 PsFmioWdMGNniX6PcvFqjHewWSn1JT0DReesPNJXMPdexqViqgwMK4tH7v2whWcB luQgFUgZu3K4OHuvA/4B =+nnr -END PGP SIGNATUREEnd Message---
Bug#725284: hdparm + systemd: Patch to restore configuration after resume
On Wed, 25 Dec 2013 17:33:04 +0100 Ralf Jung p...@ralfj.de wrote: adding the attached systemd unit fixes restoring the hdparm configuration when systemd is used. I'd appreciate if you could add this (or a similar solution) to the package. I second this (works for me), although I suppose it would be even better with Type=oneshot since it is not starting a daemon (works for me too). BTW even if the udev-based solution looks smarter, adding this unit would at least restore the exepected behaviour. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751498: closed by Laszlo Boszormenyi (GCS) g...@debian.org (Bug#751498: fixed in python-greenlet 0.4.5-1)
Hi Laszlo, 2014-12-22 9:11 GMT+01:00 László Böszörményi (GCS) g...@debian.org: Hi Bálint, On Fri, Dec 19, 2014 at 10:21 PM, Balint Reczey bal...@balintreczey.hu wrote: On Sat, 15 Nov 2014 13:49:10 +0100 Ivo De Decker iv...@debian.org wrote: The arm* build failure is fixed by this patch from ubuntu (tested on abel): http://patches.ubuntu.com/p/python-greenlet/python-greenlet_0.4.2-1ubuntu1.patch T-p-u sounds a bit better, do you plan going this way? If you don't have time now I would happily fix this in an NMU. I've updated the package[1]. Can someone test it on any ARM architecture to see if it builds correctly? Will ask the Release Team for a t-p-u upload. It built fine on armel. Cheers, Balint -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772233: marked as done (gnunet: bashism in /bin/sh script)
Your message dated Mon, 22 Dec 2014 10:04:08 + with message-id e1y2zqs-0008l2...@franck.debian.org and subject line Bug#772233: fixed in gnunet 0.10.1-2.1 has caused the Debian Bug report #772233, regarding gnunet: bashism in /bin/sh script to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772233 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gnunet Severity: serious Version: 0.10.1-2 User: debian-rele...@lists.debian.org Usertags: goal-dash Hi, I've ran checkbashisms (from the 'devscripts' package) over the whole archive and I found that your package has a /bin/sh script that uses a bashism. checkbashisms' output: possible bashism in ./usr/bin/gnunet-gns-import line 29 (should be VAR=${VAR}foo): options+=-c $OPTARG possible bashism in ./usr/bin/gnunet-gns-proxy-setup-ca line 11 (should be VAR=${VAR}foo): options+=-c $OPTARG possible bashism in ./usr/bin/gnunet-gns-proxy-setup-ca line 42 (should be word 21): certutil -D -n GNS Proxy CA -d ~/.mozilla/firefox/*.default /dev/null 21 possible bashism in ./usr/bin/gnunet-gns-proxy-setup-ca line 49 (should be word 21): certutil -D -n GNS Proxy CA -d ~/.pki/nssdb /dev/null 21 Not using bash (or a Debian Policy compliant shell interpreter that doesn't provide such an extra feature) as /bin/sh is likely to lead to errors or unexpected behaviours. Please be aware that dash is the default /bin/sh. Please closely examine the above output and the script, and determine what the proper severity of the bug is, and adjust it accordingly. If it's important or greater please hurry to get this fixed for jessie. Hints about how to fix bashisms can be found at: https://wiki.ubuntu.com/DashAsBinSh Thanks in advance, Raphael Geissert ---End Message--- ---BeginMessage--- Source: gnunet Source-Version: 0.10.1-2.1 We believe that the bug you reported is fixed in the latest version of gnunet, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Balint Reczey bal...@balintreczey.hu (supplier of updated gnunet package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 20 Dec 2014 09:59:13 +0100 Source: gnunet Binary: gnunet gnunet-client gnunet-common gnunet-dbg gnunet-server gnunet-dev Architecture: source amd64 all Version: 0.10.1-2.1 Distribution: unstable Urgency: medium Maintainer: Bertrand Marc beberk...@gmail.com Changed-By: Balint Reczey bal...@balintreczey.hu Description: gnunet - secure, trust-based peer-to-peer framework (meta) gnunet-client - transitional dummy package gnunet-common - transitional dummy package gnunet-dbg - secure, trust-based peer-to-peer framework (debug) gnunet-dev - secure, trust-based peer-to-peer framework (development) gnunet-server - transitional dummy package Closes: 772233 Changes: gnunet (0.10.1-2.1) unstable; urgency=medium . * Non-maintainer upload. . [Raphael Geissert] * Fix bashisms (Closes: #772233) Checksums-Sha1: 473fcb7492d2ed543cbd9920b08aabe5b162ee81 2608 gnunet_0.10.1-2.1.dsc ce399b255b4b1f633c610683888210da713f00cb 38344 gnunet_0.10.1-2.1.debian.tar.xz 1cba6408b8ecdfbd3d1206927531b4b0977cde08 1707408 gnunet_0.10.1-2.1_amd64.deb 3e9b0146d341b63534683efa82cad53e245c1707 112046 gnunet-client_0.10.1-2.1_all.deb f59e57a1fc381bedd2194c8fa5f722196f42cd33 112046 gnunet-common_0.10.1-2.1_all.deb f4bb28abc76311073d8d5ed7201b50fdd71f9737 4196066 gnunet-dbg_0.10.1-2.1_amd64.deb 373687416f24eb057f87c9e3411436c2b8580023 112046 gnunet-server_0.10.1-2.1_all.deb aa06cf523012178f5339efa4515b9333fd6735f6 313040 gnunet-dev_0.10.1-2.1_amd64.deb Checksums-Sha256: 18733b9ffdbfb14f37d685bdd8ce1cda61b59bc8f8fdfc8e579ea5856006368e 2608 gnunet_0.10.1-2.1.dsc 5bf3883d3f1e3e08889dc4d408f84cf6f70e299fff3d6cbcc30baa2b77bab4fd 38344 gnunet_0.10.1-2.1.debian.tar.xz 676b1ebbf9f8f49cc6c86222c9f8f64d2606ff7a8da86ec5ab995d423e1f5edc 1707408 gnunet_0.10.1-2.1_amd64.deb 69edde9aa44a546978b10ef1ba9ad155846ba2f839f06ec7e8fddedd2f1f6a04 112046
Bug#772956: indeed fixed
Hi, tlsdate 0.12-2 has been built on mips and mipsel with kernel 3.16 now, so this bug is indeed fixed. https://buildd.debian.org/status/fetch.php?pkg=tlsdatearch=mipselver=0.0.12-2stamp=1419203607 has Kernel: Linux 3.16.0-0.bpo.4-loongson-3 mipsel (mips64) https://buildd.debian.org/status/fetch.php?pkg=tlsdatearch=mipsver=0.0.12-2stamp=1419205324 has Kernel: Linux 3.16.0-0.bpo.4-octeon mips (mips64) cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#773416: fixed in ettercap 1:0.8.1-3
Hi dear Raphael, fortunately oldstable is almost unaffected by this kind of CVEs, because almost all of them refers to code written after the squeeze release, anyway here we go, this should be the only patch useful for squeeze folks --- ettercap-0.7.3.orig/src/dissectors/ec_cvs.c +++ ettercap-0.7.3/src/dissectors/ec_cvs.c @@ -70,7 +70,7 @@ { DECLARE_DISP_PTR_END(ptr, end); char tmp[MAX_ASCII_ADDR_LEN]; - char *p; + u_char *p; size_t i; /* don't complain about unused var */ @@ -92,6 +92,8 @@ /* move over the cvsroot path */ ptr += strlen(CVS_LOGIN) + 1; + if (ptr = end) + return NULL; /* go until \n */ while(*ptr != '\n' ptr != end) ptr++; cheers, Gianfranco Il Lunedì 22 Dicembre 2014 10:45, Raphael Hertzog hert...@debian.org ha scritto: Hello Barak, On Thu, 18 Dec 2014, Barak A. Pearlmutter wrote: ettercap (1:0.8.1-3) unstable; urgency=high . * Patch a bunch of security vulnerabilities (closes: #773416) Thanks for the prompt reaction. ettercap is also in Squeeze and thus covered by our LTS initiative. Do you feel like providing a fixed package for Squeeze? If yes, please have a look at http://wiki.debian.org/LTS/Development but note that if you provide the fixed package and send a mail to debian-...@lists.debian.org, someone will gladly do the administrative part of the work for you. Thanks! -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731583: sudo FQDN issue: upstream fixed it
On 2014-12-21 20:49, Michael Gilbert wrote: On Sun, Dec 14, 2014 at 11:02 AM, Christian Kastner wrote: I just noticed that I never uploaded the debdiffs to the BTS, so here they are for 1.8.11p2 in unstable and 1.8.10p3 in testing. I reviewed and sponsored your upload to unstable. Let me know how the unblock negotiation goes with the release team now that they have a package in unstable to review. If they reject that, please let me know, and I will look at sponsoring the tpu. I actually already had asked the RT, although when following up on this, I forgot to CC this bug. You can find my RT plea here: https://bugs.debian.org/773319 I'll report back once I have received an answer. Thanks! Christian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
On Mon, 22 Dec 2014, Gianfranco Costamagna wrote: Hi dear Raphael, fortunately oldstable is almost unaffected by this kind of CVEs, because almost all of them refers to code written after the squeeze release, anyway here we go, this should be the only patch useful for squeeze folks Thanks for the info! So the only remaining CVE would be https://security-tracker.debian.org/tracker/CVE-2014-9380 and https://security-tracker.debian.org/tracker/CVE-2014-9381 for the CVS dissector. BTW, https://security-tracker.debian.org/tracker/CVE-2014-9376 mentions also ec_dhcp.c which is present in the squeeze version. Do you confirm that it is also unaffected? And also https://security-tracker.debian.org/tracker/CVE-2014-9378 mentions ec_imap.c which is present in the squeeze version. Do you also confirm that it is unaffected? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: found 771700 in freecol/0.10.5+dfsg-1
Processing commands for cont...@bugs.debian.org: found 771700 freecol/0.10.5+dfsg-1 Bug #771700 {Done: Vincent Fourmond fourm...@debian.org} [freecol] [freecol] freecol freezes on intro Marked as found in versions freecol/0.10.5+dfsg-1. thanks Stopping processing here. Please contact me if you need assistance. -- 771700: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771700 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
Hi Raphael, Thanks for the info! So the only remaining CVE would be https://security-tracker.debian.org/tracker/CVE-2014-9380 and https://security-tracker.debian.org/tracker/CVE-2014-9381 for the CVS dissector. yes, I think yes. BTW, https://security-tracker.debian.org/tracker/CVE-2014-9376 mentions also ec_dhcp.c which is present in the squeeze version. Do you confirm that it is also unaffected? I don't see the (opt = get_dhcp_option(DHCP_OPT_FQDN, options, end)) != NULL) in the 0.7.3, so I presume the code wasn't yet implemented (0.7.3 doesn't look for option 81 in dhcp answer) https://github.com/Ettercap/ettercap/commit/8cda3a8cf00b9d40c50c8b3408782b43d3bea062 (introduced support on 0.7.6, may 2013) And also https://security-tracker.debian.org/tracker/CVE-2014-9378 mentions ec_imap.c which is present in the squeeze version. Do you also confirm that it is unaffected? it shouldn't be, since the if (!strcmp(s-data, PLAIN)) { method seems to be not implemented yet in 0.7.3 https://github.com/Ettercap/ettercap/commit/35289f8789e6c31644954cbdfbe1bdda101e97b3introduced around 29 Sep 2011 and v0.7.5 introduced around 29 Sep 2011 HTH cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772793: marked as done (cpio: CVE-2014-9112)
Your message dated Mon, 22 Dec 2014 12:04:08 + with message-id e1y31ia-0004w2...@franck.debian.org and subject line Bug#772793: fixed in cpio 2.11+dfsg-4 has caused the Debian Bug report #772793, regarding cpio: CVE-2014-9112 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: cpio Severity: grave Tags: security Hi, please see http://seclists.org/fulldisclosure/2014/Nov/74 for the original report. Patches: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b Cheers, Moritz ---End Message--- ---BeginMessage--- Source: cpio Source-Version: 2.11+dfsg-4 We believe that the bug you reported is fixed in the latest version of cpio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anibal Monsalve Salazar ani...@debian.org (supplier of updated cpio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Dec 2014 11:42:11 + Source: cpio Binary: cpio cpio-win32 Architecture: source all amd64 Version: 2.11+dfsg-4 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar ani...@debian.org Changed-By: Anibal Monsalve Salazar ani...@debian.org Description: cpio - GNU cpio -- a program to manage archives of files cpio-win32 - GNU cpio -- a program to manage archives of files (win32 build) Closes: 772793 Changes: cpio (2.11+dfsg-4) unstable; urgency=high . [ Michael Gilbert mgilb...@debian.org ] * Fix CVE-2014-9112: null pointer dereference issues. Add the following upstream patches: fd262d11.patch f6a8a2cb.patch Closes: #772793. Checksums-Sha1: 842c7974e4c2dfc22131fb34ef33fd7c76aab1c1 1843 cpio_2.11+dfsg-4.dsc 4c87848435285e1fc2145a9c3436f3fbd1520d2d 17756 cpio_2.11+dfsg-4.debian.tar.xz 0108fefc04a565afc6b73780abc452befe88d248 59308 cpio-win32_2.11+dfsg-4_all.deb 9247eca2c2f4ab973e80f9b24529ac1046e076f9 176982 cpio_2.11+dfsg-4_amd64.deb Checksums-Sha256: 452d32f8d4eb9c5bd3a6bd5e49adfc7fbe1f502d1883c51ebb5a6d26c84b4c73 1843 cpio_2.11+dfsg-4.dsc 108718317981eb792866f5ca7d2cee4dd2c5f2b54ce45628719148c321b8fed7 17756 cpio_2.11+dfsg-4.debian.tar.xz 005e3f0a1096058e8f73c99c7abe2a54874bdeb5f05cd2b3db914be4dce34e1f 59308 cpio-win32_2.11+dfsg-4_all.deb 31e181b71a4d8b945258180a41c8bb523adeb79cb7f86e3861102df56c4bd0cc 176982 cpio_2.11+dfsg-4_amd64.deb Files: 5e37306cc5c7a3038a51405827286ee7 1843 utils important cpio_2.11+dfsg-4.dsc b138e08817577210c860defbbe4ab2b5 17756 utils important cpio_2.11+dfsg-4.debian.tar.xz 9730d792bedd956e06ba7e262359d1d9 59308 utils extra cpio-win32_2.11+dfsg-4_all.deb 581a5e1155fe3e3eade27058c1bf7f50 176982 utils important cpio_2.11+dfsg-4_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUmAbSAAoJEHxWrP6UeJfYSM4P/RdFRjPNEi/qdmvFok2lE0M0 6SfCxqUfHc6wqcCW7syjBHz7gcDQmWRKh4Jf94B761reFqk6VrQFbfQjNGmJ+UBD FSs5ut1mlITeLIxllvrer4a+LrKaFn/zYNuMPk6cFRqXCALa6+A5XOY2O6nDOgKB 7Gg15i9KFgdq0JrE3bHBXKOJz4+qn98K2zpBG9Cyqjg38QR4cfTlFJYc7tE33cIe MMInr9XW+sS750wOLVwOEUezj6LW6jelk/2m9EpDQeKCvWbq6fIMCCoAVX0VV7za JyZPDENBlZjfmmuiu3Hw17l9iZKDBee5j+KOMT3rOE8mVMUOMGI41RgJWMTUNFIi VbyJIjcPfj9ULgox3O7Ah3GzqWpfq04SV3NDCDaT7EaP6E8idkMcFoZdT6YUJ+y6 +a20xUj5axWVKoWlkxz2KdDoexAM2rzvOhOfXh3zBs1pysPjbBup8G2fJxdoG9u0 wg+X4rbQh1oijryQXOm9mDwHXt7u7Ez500Iw8cbYDLjutq7LCBnWjWKMYF5I818n OYIU10d6z0LMDvQrYfROcKB/3WBz50eHU1wFO+GE34dtIxut54XN7FNLNcpWnQEt wTgBr9rsc5NzeznoxnxtV6KpdscxV6+gECydPS8IHQI79VMX7KL3I9NHI3JjOGdO Shz6kd0uZgYPajzV3Cyj =TOCN -END PGP SIGNATUREEnd Message---
Bug#768095: openvswitch-datapath-dkms fails to build on Debian 7.7 3.2.0-4-amd64 (3.2.63-2+deb7u1)
Hi, * Thomas Goirand z...@debian.org [141125 14:15]: On 11/25/2014 12:32 AM, Jonathan Dupart wrote: Hi, I am looking for a sponsor for the package openvswitch to correct bug #768095. This bug prevents building the openvswitch kernel module with the last stable kernel. As openvswitch maintainer requested an NMU, i built a package [1] with the patch already used by Ubuntu to fix the same bug [2] (i use this fix since 10 days on live servers). I attached a full debdiff of the changes. [1]: http://mentors.debian.net/package/openvswitch http://mentors.debian.net/debian/pool/main/o/openvswitch/openvswitch_1.4.2+git20120612-9.1~deb7u1.1.dsc [2]: https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1379201 [...] When the release team has approved your change, then I can sponsor it. The patch has been accepted, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770955#24 Regards, -- Jonathan Dupart -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773041: Bug#773318: clamav dies/hangs
* Marc Dequènes (duck) | 2014-12-22 02:52:02 [+0100]: Coin, On 2014-12-21 22:16, Sebastian Andrzej Siewior wrote: On 2014-12-20 12:12:13 [+0100], Andreas Cadhalpun wrote: As it shows that clamd hangs in libmspack, I think this is bug #773041 [1]. A possible fix is mentioned in [2]. I can upload this simple fix quickly, nevertheless i did not have time to proofread it. Any comment? It would be nice if we could keep this in sync. I will look at this in tonight at the latest and give more feedback. Is the security team aware of the various in-tree copy of this library? #67 tries / tried to track them. Joss filled #675560 tagged security. Yes. Atleast clamav can be triggered via remote. Not sure about the others. Regards. Sebastian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772457: [Pkg-fonts-devel] Bug#772457: Bug#772457: fonts-droid: Possibly typo in debian/maintscript
Michael Gilbert mgilb...@debian.org writes: On Sun, Dec 14, 2014 at 6:55 AM, Vasudev Kamath wrote: You are right, its a typo. We never built a binary called fonts-android. I've fixed this in git, I've kept it in unreleased state so some one can push it to the archive and file a unblock request. (I hope its valid candidate for unblock request.). Hi, I reviewed and sponsored your changes. An unblock request isn't necessarily required when the only changes are for RC bug fixes. Hi Mike, Thanks for the upload. I think an unblock request is already applied by ivodd, as seen on PTS page. May be its as you said automatic. Cheers, -- Vasudev Kamath http://copyninja.info Connect on ~friendica: copyni...@samsargika.copyninja.info IRC nick: copyninja | vasudev {irc.oftc.net | irc.freenode.net} GPG Key: C517 C25D E408 759D 98A4 C96B 6C8F 74AE 8770 0B7E signature.asc Description: PGP signature
Processed: nss: diff for NMU version 2:3.17.2-1.1
Processing control commands: tags 773625 + patch Bug #773625 [src:nss] nss: CVE-2014-1569 information leak Added tag(s) patch. tags 773625 + pending Bug #773625 [src:nss] nss: CVE-2014-1569 information leak Added tag(s) pending. -- 773625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 773642 is serious
Processing commands for cont...@bugs.debian.org: severity 773642 serious Bug #773642 [jenkins-job-builder] jenkins-job-builder: deleting jobs is completly broken Severity set to 'serious' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 773642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773642 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773625: nss: diff for NMU version 2:3.17.2-1.1
Control: tags 773625 + patch Control: tags 773625 + pending Hi, I've prepared an NMU for nss (versioned as 2:3.17.2-1.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should cancel it or delay it longer. -- Matt diff -Nru nss-3.17.2/debian/changelog nss-3.17.2/debian/changelog --- nss-3.17.2/debian/changelog 2014-10-17 21:22:21.0 -0700 +++ nss-3.17.2/debian/changelog 2014-12-21 19:46:52.0 -0800 @@ -1,3 +1,10 @@ +nss (2:3.17.2-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2014-1569. Closes: #773625. + + -- Matt Kraai kr...@debian.org Sun, 21 Dec 2014 19:46:52 -0800 + nss (2:3.17.2-1) unstable; urgency=medium * New upstream release. diff -Nru nss-3.17.2/debian/patches/98_CVE-2014-1569.patch nss-3.17.2/debian/patches/98_CVE-2014-1569.patch --- nss-3.17.2/debian/patches/98_CVE-2014-1569.patch 1969-12-31 16:00:00.0 -0800 +++ nss-3.17.2/debian/patches/98_CVE-2014-1569.patch 2014-12-21 20:02:10.0 -0800 @@ -0,0 +1,155 @@ +Description: Be more strict on DER length decoding in quickder.c +Origin: https://hg.mozilla.org/projects/nss/rev/a163e09dc4d5 +Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 +Last-Update: 2014-12-21 + +# HG changeset patch +# User J.C. Jones jjo...@mozilla.com +# Date 1415421927 28800 +# Node ID a163e09dc4d5e90f609f25cf63fae46711b55f73 +# Parent b6db7a6d2e2c35609450ea8569cc179feffe45e0 +Bug 1064670 - (CVE-2014-1569) ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data (r=wtc) + +diff --git a/lib/util/quickder.c b/lib/util/quickder.c +--- nss.orig/nss/lib/util/quickder.c nss/nss/lib/util/quickder.c +@@ -11,65 +11,120 @@ + #include secasn1.h /* for SEC_ASN1GetSubtemplate */ + #include secitem.h + + /* + * simple definite-length ASN.1 decoder + */ + + static unsigned char* definite_length_decoder(const unsigned char *buf, +- const unsigned int length, +- unsigned int *data_length, ++ const unsigned int buf_length, ++ unsigned int *out_data_length, + PRBool includeTag) + { + unsigned char tag; +-unsigned int used_length= 0; +-unsigned int data_len; ++unsigned int used_length = 0; ++unsigned int data_length = 0; ++unsigned char length_field_len = 0; ++unsigned char byte; ++unsigned int i; + +-if (used_length = length) ++if (used_length = buf_length) + { ++/* Tag field was not found! */ + return NULL; + } + tag = buf[used_length++]; + +-/* blow out when we come to the end */ + if (tag == 0) + { ++/* End-of-contents octects should not be present in DER because ++ DER doesn't use the indefinite length form. */ + return NULL; + } + +-if (used_length = length) ++if ((tag 0x1F) == 0x1F) + { ++/* High tag number (a tag number 30) is not supported */ + return NULL; + } +-data_len = buf[used_length++]; + +-if (data_len0x80) ++if (used_length = buf_length) + { +-int len_count = data_len 0x7f; ++/* Length field was not found! */ ++return NULL; ++} ++byte = buf[used_length++]; + +-data_len = 0; ++if (!(byte 0x80)) ++{ ++/* Short form: The high bit is not set. */ ++data_length = byte; /* clarity; we're returning a 32-bit int. */ ++} ++else ++{ ++/* Long form. Extract the field length */ ++length_field_len = byte 0x7F; ++if (length_field_len == 0) ++{ ++/* DER doesn't use the indefinite length form. */ ++return NULL; ++} + +-while (len_count-- 0) ++if (length_field_len sizeof(data_length)) + { +-if (used_length = length) ++/* We don't support an extended length field longer than ++ 4 bytes (2^32) */ ++return NULL; ++} ++ ++if (length_field_len (buf_length - used_length)) ++{ ++/* Extended length field was not found */ ++return NULL; ++} ++ ++/* Iterate across the extended length field */ ++for (i = 0; i length_field_len; i++) ++{ ++byte = buf[used_length++]; ++data_length = (data_length 8) | byte; ++ ++if (i == 0) + { +-return NULL; ++PRBool too_long = PR_FALSE; ++if (length_field_len == 1) ++{ ++too_long = ((byte 0x80) == 0); /* Short form suffices */ ++} ++else ++{ ++too_long = (byte == 0); /* This zero byte can be omitted */ ++} ++if (too_long) ++
Bug#773431: Wrapper already exists
Hi, mate-terminal already contains a mate-terminal.wrapper program that provides the options required for x-terminal-emulator, but update-alternatives is called with mate-terminal instead of mate-terminal.wrapper. I think it's just necessary to use update-alternatives in the maintainer scripts to remove the mate-terminal alternative and add a mate-terminal.wrapper one, but I'm not sure how to do so. -- Matt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
Thanks for the prompt reaction. My pleasure. ettercap is also in Squeeze and thus covered by our LTS initiative. Do you feel like providing a fixed package for Squeeze? If yes, please have a look at http://wiki.debian.org/LTS/Development but note that if you provide the fixed package and send a mail to debian-...@lists.debian.org, someone will gladly do the administrative part of the work for you. The expert here is Gianfranco Costamagna, so I'd trust his determination as the which patches need to be back-ported. If he wants to prepare the updates, that would be best. My direct involvement wouldn't, I think, add any value. Cheers, --Barak. signature.asc Description: PGP signature
Bug#773720: sox: CVE-2014-8145
Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771877: original symlink target is not an absolute path on libdb5.3-java_5.3.28-7~deb8u1
I have the same problem. Is there any way this can be fixed given that the buggy version has already been installed? Regards, Jan On Sun, 21 Dec 2014 14:00:11 +0100 Tangui Morlier tan...@tangui.eu.org wrote: The post-removal script fails during the upgrade of libdb5.3-java from version 5.3.28-6 to 5.3.28-7~deb8u1. dpkg-maintscript-helper says « error: original symlink target is not an absolute path ». I assume this is linked to the symlink_to_dir that has been solved but my apt stays blocked on this error, probably because I've installed the buggous version of the package. Is there a way to solve it ? Tangui -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773720: sox: CVE-2014-8145
On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso car...@debian.org wrote: Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Hi, I've a package ready for wheezy-security and I've notified the security team. However, before uploading it I've been waiting for their permission as the documentation says. I have yet to hear from the team. Note that I have not prepared a package for oldstable, I am suppose to do that as well? -Pascal -- Homepage (http://organact.mine.nu) Debian GNU/Linux (http://www.debian.org) COMunité/LACIME: École de technologie supérieure (http://www.comunite.ca) ISIP Laboratory: McGill (http://www.isip.ece.mcgill.ca) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773722: unzip: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Source: unzip Version: 6.0-4 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for unzip. (disclaimer I was not yet able to verify any of those, but oCert advisory claims to affect all unzip = 6.0). CVE-2014-8139[0]: CRC32 heap overflow CVE-2014-8140[1]: heap overflow in test_compr_eb CVE-2014-8141[2]: heap overflow in getZip64Data If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. More information are found in the corresponding Red Hat bugzilla entries. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8139 [1] https://security-tracker.debian.org/tracker/CVE-2014-8140 [2] https://security-tracker.debian.org/tracker/CVE-2014-8141 [3] http://www.ocert.org/advisories/ocert-2014-011.html Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: [bts-link] source package tiff
Processing commands for cont...@bugs.debian.org: # # bts-link upstream status pull for source package tiff # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # user bts-link-upstr...@lists.alioth.debian.org Setting user to bts-link-upstr...@lists.alioth.debian.org (was bts-link-de...@lists.alioth.debian.org). # remote status report for #741451 (http://bugs.debian.org/741451) # Bug title: tiffcp: malloc(): memory corruption: 0x7f732ee68d90 # * http://bugzilla.maptools.org/show_bug.cgi?id=2480 # * remote status changed: NEW - RESOLVED # * remote resolution changed: (?) - FIXED # * closed upstream tags 741451 + fixed-upstream Bug #741451 [libtiff-tools] tiffcp: malloc(): memory corruption: 0x7f732ee68d90 Added tag(s) fixed-upstream. usertags 741451 - status-NEW Usertags were: status-NEW. Usertags are now: . usertags 741451 + status-RESOLVED resolution-FIXED There were no usertags set. Usertags are now: status-RESOLVED resolution-FIXED. thanks Stopping processing here. Please contact me if you need assistance. -- 741451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773724: libxshmfence: FTBFS: Test failure
Source: libxshmfence Version: 1.1-4 Severity: serious From my pbuilder build log (on amd64, with DISPLAY unset): ... make check-TESTS make[4]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' make[5]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' FAIL: xshmfence_test make[6]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' make[6]: Nothing to be done for 'all'. make[6]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' === libxshmfence 1.1: test/test-suite.log === # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: xshmfence_test xshmfence_alloc_shm: Permission denied Testsuite summary for libxshmfence 1.1 # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 See test/test-suite.log Please report to https://bugs.freedesktop.org/enter_bug.cgi?product=xorg Makefile:678: recipe for target 'test-suite.log' failed make[5]: *** [test-suite.log] Error 1 make[5]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' Makefile:784: recipe for target 'check-TESTS' failed make[4]: *** [check-TESTS] Error 2 make[4]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' Makefile:857: recipe for target 'check-am' failed make[3]: *** [check-am] Error 2 make[3]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' Makefile:487: recipe for target 'check-recursive' failed make[2]: *** [check-recursive] Error 1 make[2]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build' dh_auto_test: make -j1 check VERBOSE=1 returned exit code 2 debian/rules:27: recipe for target 'override_dh_auto_test' failed make[1]: *** [override_dh_auto_test] Error 2 make[1]: Leaving directory '/tmp/buildd/libxshmfence-1.1' debian/rules:13: recipe for target 'build' failed make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- Daniel Schepler -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773720: sox: CVE-2014-8145
Hi Pascal, On Mon, Dec 22, 2014 at 11:06:20AM -0500, Pascal Giard wrote: On Mon, Dec 22, 2014 at 10:55 AM, Salvatore Bonaccorso car...@debian.org wrote: Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Hi, I've a package ready for wheezy-security and I've notified the security team. However, before uploading it I've been waiting for their permission as the documentation says. I have yet to hear from the team. Jupp, thats fine, I have seen it. I will follow-up on the other mail shortly. Note that I have not prepared a package for oldstable, I am suppose to do that as well? If you want yes, the following link gives the documentation for it https://wiki.debian.org/LTS/Development . Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: efibootmgr: duplicate bootnum created
Processing control commands: fixed -1 0.11.0-3 Bug #773726 [efibootmgr] efibootmgr: duplicate bootnum created Marked as fixed in versions efibootmgr/0.11.0-3. -- 773726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773726 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773726: efibootmgr: duplicate bootnum created
Package: efibootmgr Version: 0.7.0-2 Severity: serious Tags: upstream fixed-upstream jessie Control: fixed -1 0.11.0-3 This is to resolve upstream issue https://github.com/vathpela/efibootmgr/issues/7 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741451: Bugfix
On 19/12/14 22:05, Balint Reczey wrote: Hi Jay, [...] Cheers, Balint Hi guys, I didn't notice that upstream made a fix based on what I found. I'll try to prepare an NMU right now. Tomasz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773722: unzip: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
El 22/12/14 a las 17:29, Salvatore Bonaccorso escribió: Source: unzip Version: 6.0-4 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for unzip. (disclaimer I was not yet able to verify any of those, but oCert advisory claims to affect all unzip = 6.0). CVE-2014-8139[0]: CRC32 heap overflow CVE-2014-8140[1]: heap overflow in test_compr_eb CVE-2014-8141[2]: heap overflow in getZip64Data If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. More information are found in the corresponding Red Hat bugzilla entries. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8139 [1] https://security-tracker.debian.org/tracker/CVE-2014-8140 [2] https://security-tracker.debian.org/tracker/CVE-2014-8141 [3] http://www.ocert.org/advisories/ocert-2014-011.html Ok, there are patches available in all cases. Working on it. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773726: efibootmgr: duplicate bootnum created
Looks like this bug also needed this, which was already in 0.11.0-1: https://github.com/vathpela/efibootmgr/commit/301c0628f7fa7333791d2b5d79eb8e02fc848ee7 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773729: efibootmgr: better document and handle bootorder -o option
Package: efibootmgr Version: 0.9.0-2 Severity: serious Tags: upstream fixed-upstream jessie Control: fixed -1 0.11.0-1 This is to fix upstream bug: https://github.com/vathpela/efibootmgr/issues/12 We need to pull these in: https://github.com/vathpela/efibootmgr/commit/568c4357342159b0194ccc09b396d0e2f985f068 https://github.com/vathpela/efibootmgr/commit/b857ce058d6f7fa3fa47c839bc86de243cd1fd4e This contains both a documentation fix and a fix to the -o flag to match expected behavior. This is a serious bug in the maintainer's opinion because otherwise setting the boot order is poorly documented and difficult to use. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: efibootmgr: better document and handle bootorder -o option
Processing control commands: fixed -1 0.11.0-1 Bug #773729 [efibootmgr] efibootmgr: better document and handle bootorder -o option Marked as fixed in versions efibootmgr/0.11.0-1. -- 773729: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773729 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773463: marked as done (jasper: CVE-2014-8137 CVE-2014-8138)
Your message dated Mon, 22 Dec 2014 18:03:06 + with message-id e1y37jy-0007bu...@franck.debian.org and subject line Bug#773463: fixed in jasper 1.900.1-7+squeeze3 has caused the Debian Bug report #773463, regarding jasper: CVE-2014-8137 CVE-2014-8138 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: jasper Version: 1.900.1-7 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for jasper. CVE-2014-8137[0]: double-free in in jas_iccattrval_destroy() CVE-2014-8138[1]: heap overflow in jp2_decode() If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8137 [1] https://security-tracker.debian.org/tracker/CVE-2014-8138 [2] http://www.ocert.org/advisories/ocert-2014-012.html Regards, Salvatore ---End Message--- ---BeginMessage--- Source: jasper Source-Version: 1.900.1-7+squeeze3 We believe that the bug you reported is fixed in the latest version of jasper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz deb...@alteholz.de (supplier of updated jasper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Dec 2014 16:20:04 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source i386 Version: 1.900.1-7+squeeze3 Distribution: squeeze-lts Urgency: high Maintainer: Roland Stigge sti...@antcom.de Changed-By: Thorsten Alteholz deb...@alteholz.de Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - The JasPer JPEG-2000 runtime library Closes: 773463 Changes: jasper (1.900.1-7+squeeze3) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * Add 05-CVE-2014-8137.patch patch. CVE-2014-8137: double-free in in jas_iccattrval_destroy(). (Closes: #773463) * Add 06-CVE-2014-8138.patch patch. CVE-2014-8138: heap overflow in jp2_decode(). (Closes: #773463) Checksums-Sha1: acacab34a553f821da022c3567195f215542b234 1844 jasper_1.900.1-7+squeeze3.dsc a20dc389f5962661b7ab81777c8316f8faee3a99 1143400 jasper_1.900.1.orig.tar.gz b802d115f420ce04a404bd7a4bca68199f9f980c 53813 jasper_1.900.1-7+squeeze3.diff.gz 1317f8d48f3b51ca0a5d34ae7237cad046cdd646 145216 libjasper1_1.900.1-7+squeeze3_i386.deb d9b9e6061b1c5676356396f03a97aec2b7437755 550998 libjasper-dev_1.900.1-7+squeeze3_i386.deb 4df4f092722c02bf2388e872a557ca8410d65493 24098 libjasper-runtime_1.900.1-7+squeeze3_i386.deb Checksums-Sha256: 3cf9d45eddbe1a71241bda184aa0c4c9860dcaa30a164857d65f0d6890cff00e 1844 jasper_1.900.1-7+squeeze3.dsc 6cf104e2811f6088ca1dc76d87dd27c55178d3ccced20db8858d28ae22911a94 1143400 jasper_1.900.1.orig.tar.gz be3c229f99a6144a5830506ac52161d758ca1d11fe420877b551d232d92f9bcc 53813 jasper_1.900.1-7+squeeze3.diff.gz 7c602c62967a0cdea35c7329ea90ebe3def5afbe4404388c6ea9f0b1cb1704ce 145216 libjasper1_1.900.1-7+squeeze3_i386.deb 745f293b6a626480ac3d43e82bbcc6b18e5a14d458b1b6c506e28e669cb32adc 550998 libjasper-dev_1.900.1-7+squeeze3_i386.deb fa2f3fa5d8b5afb1e3aa82f9b23b091412068d62db963cebb8c4064dca72237c 24098 libjasper-runtime_1.900.1-7+squeeze3_i386.deb Files: e16307b23e6974decec6ffcd43a1e086 1844 graphics optional jasper_1.900.1-7+squeeze3.dsc 4ae3dd938fd15f22f30577db5c9f27e9 1143400 graphics optional jasper_1.900.1.orig.tar.gz b61923746650c9237675cc395acb04b8 53813 graphics optional jasper_1.900.1-7+squeeze3.diff.gz b0cfb9fcbf7fd77dd6590d801a14bacb 145216 libs optional libjasper1_1.900.1-7+squeeze3_i386.deb 43726387b0ab32b07d63aeb585041d2b 550998 libdevel optional libjasper-dev_1.900.1-7+squeeze3_i386.deb 247ea3888c269fc4315e069623d975ce 24098 graphics optional libjasper-runtime_1.900.1-7+squeeze3_i386.deb -BEGIN PGP
Bug#773722: marked as done (unzip: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141)
Your message dated Mon, 22 Dec 2014 18:36:42 + with message-id e1y37qu-0005gm...@franck.debian.org and subject line Bug#773722: fixed in unzip 6.0-13 has caused the Debian Bug report #773722, regarding unzip: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773722: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: unzip Version: 6.0-4 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for unzip. (disclaimer I was not yet able to verify any of those, but oCert advisory claims to affect all unzip = 6.0). CVE-2014-8139[0]: CRC32 heap overflow CVE-2014-8140[1]: heap overflow in test_compr_eb CVE-2014-8141[2]: heap overflow in getZip64Data If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities Exposures) ids in your changelog entry. More information are found in the corresponding Red Hat bugzilla entries. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8139 [1] https://security-tracker.debian.org/tracker/CVE-2014-8140 [2] https://security-tracker.debian.org/tracker/CVE-2014-8141 [3] http://www.ocert.org/advisories/ocert-2014-011.html Regards, Salvatore ---End Message--- ---BeginMessage--- Source: unzip Source-Version: 6.0-13 We believe that the bug you reported is fixed in the latest version of unzip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Vila sanv...@debian.org (supplier of updated unzip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Dec 2014 19:16:10 +0100 Source: unzip Binary: unzip Architecture: source amd64 Version: 6.0-13 Distribution: unstable Urgency: medium Maintainer: Santiago Vila sanv...@debian.org Changed-By: Santiago Vila sanv...@debian.org Description: unzip - De-archiver for .zip files Closes: 773722 Changes: unzip (6.0-13) unstable; urgency=medium . * Apply upstream fix for three security bugs. Closes: #773722. CVE-2014-8139: CRC32 verification heap-based overflow CVE-2014-8140: out-of-bounds write issue in test_compr_eb() CVE-2014-8141: out-of-bounds read issues in getZip64Data() Checksums-Sha1: f7b1be73e9039266337b9f6d962c0d455b4350a7 1311 unzip_6.0-13.dsc 5663fba14ac26549c487c573d6df6a4db673f13d 13512 unzip_6.0-13.debian.tar.xz c42b7221cde3acc12f6197620ea28a2752eab299 160690 unzip_6.0-13_amd64.deb Checksums-Sha256: 029ccdf813e6fd884139b7ba904e4ba5e5356fbb26a56a42ae5e618424989ac4 1311 unzip_6.0-13.dsc 1278b3d077ea388f59b1890ea34a1791b524c7634d52bbdb9f733cd0906d975b 13512 unzip_6.0-13.debian.tar.xz 7ca14e05e59c115f7b056b6ff8cec8851258f528012a3f2a735478f19dd99f39 160690 unzip_6.0-13_amd64.deb Files: af8c8bc702b4343e6942d72e9fc7b41e 1311 utils optional unzip_6.0-13.dsc b66659905826c0725bdb98a336bb156d 13512 utils optional unzip_6.0-13.debian.tar.xz c93df3e23ec23a456f63d6a1aebd4962 160690 utils optional unzip_6.0-13_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJUmGBpAAoJEEHOfwufG4syNy4H/AntJeXy8XyizN0YYvfETMEG q/CbIqj28GKty/PPVhQXjPVdaK0RGzbp0Oq/wUEVn1ww+tQgZnxKcR7/4z/nX2fd 6+uv+NzuLsx7d6bAoOFJIxOYhfqAQCWxZHtE8b+TDEd9YFC/Z82Ib9G8VrQdOdaU 4UFLjw0waPBZJ2eGG6+vB+E+vwkB/hPYMG87Unj7373IF5vhB52Eb6ikdTd7ZbH6 fBLstEcgnq/gskxhN3YxSKnTci50/2VCsjo8Y1im1Moc94nllvDvWfvWXWEOkCmQ B5Ucf0LzWqGQC4vuEqRCrAYgh7vqtdGQOvM1mPPz3lIl4cJ8rxrDrONRdzF0otQ= =D/bI -END PGP SIGNATUREEnd Message---
Processed: tagging 772043
Processing commands for cont...@bugs.debian.org: tags 772043 + patch Bug #772043 [github-backup] option parsing 100% broken Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. -- 772043: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#718699: marked as done (Changelog is not in UTF8)
Your message dated Mon, 22 Dec 2014 19:00:12 + with message-id e1y38de-bb...@franck.debian.org and subject line Bug#718699: fixed in python-mysqldb 1.3.4-1 has caused the Debian Bug report #718699, regarding Changelog is not in UTF8 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718699: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718699 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: python-mysqldb Version: 1.2.3-2 Severity: serious Hello, the package declares Standards-Version: 3.9.2 but the changelog is encoded in latin1. Since policy version 3.8.1.0, debian/changelog files must be encoded in UTF-8. This is currently breaking nm.debian.org in a way which cannot be worked around by me. See bug #717851. Ciao, Enrico -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-mysqldb depends on: ii libc6 2.17-7 ii libmysqlclient18 5.5.31+dfsg-1 ii python2.7.5-2 ii zlib1g1:1.2.8.dfsg-1 python-mysqldb recommends no packages. Versions of packages python-mysqldb suggests: ii mysql-server 5.5.31+dfsg-1 ii python-egenix-mxdatetime 3.2.5-1 pn python-mysqldb-dbgnone -- no debconf information ---End Message--- ---BeginMessage--- Source: python-mysqldb Source-Version: 1.3.4-1 We believe that the bug you reported is fixed in the latest version of python-mysqldb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 718...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Brian May b...@debian.org (supplier of updated python-mysqldb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 20 Nov 2014 15:10:36 +1100 Source: python-mysqldb Binary: python-mysqldb python-mysqldb-dbg python3-mysqldb python3-mysqldb-dbg Architecture: source amd64 Version: 1.3.4-1 Distribution: experimental Urgency: low Maintainer: Debian Python Modules Team python-modules-t...@lists.alioth.debian.org Changed-By: Brian May b...@debian.org Description: python-mysqldb - Python interface to MySQL python-mysqldb-dbg - Python interface to MySQL (debug extension) python3-mysqldb - Python interface to MySQL python3-mysqldb-dbg - Python interface to MySQL (debug extension) Closes: 718699 768096 Changes: python-mysqldb (1.3.4-1) experimental; urgency=low . [ Jakub Wilk ] * Use canonical URIs for Vcs-* fields. * Drop obsolete Conflicts/Replaces with python2.3-mysqldb and python2.4-mysqldb. . [ Thomas Goirand ] * The changelog is now again fully encoded in UTF-8 (Closes: 718699). . [ Brian May ] * Use mysqlclient fork (Closes: #768096). * Drop old patches. * Add support for Python 3.3 and greater. Checksums-Sha1: 520a29cc183a22d2c70c23f9683223806886de9e 2443 python-mysqldb_1.3.4-1.dsc e432bdfc72810eef1ced42088a8ac5c289db 77492 python-mysqldb_1.3.4.orig.tar.gz 5d006d9616a520e9aa58e50e654d2215ce6a0bbd 9068 python-mysqldb_1.3.4-1.debian.tar.xz 18039344e828fe818420222b179b289359b4218e 50538 python-mysqldb_1.3.4-1_amd64.deb f792e695a020ac9691aa50670d4bab2cf620b3df 27650 python-mysqldb-dbg_1.3.4-1_amd64.deb a54912ba9e650cd6bb55b51cf4fbf040bb11a563 44648 python3-mysqldb_1.3.4-1_amd64.deb 944958d28061b2076fa2335c6a9c8d757aa421f2 28006 python3-mysqldb-dbg_1.3.4-1_amd64.deb Checksums-Sha256: cd6187c810272991be2895c9d66b658e5461131ea49b644e7a4e591fe3893ba0 2443 python-mysqldb_1.3.4-1.dsc a0263383f8ac33ad12d68dc61fa8ccbee41244ce916287c6cee71bf8aea82c5c 77492 python-mysqldb_1.3.4.orig.tar.gz 25f10d1c7af2a61fa62a70f0a4a241702669e923ef45b4b4c147fbbb55f1a4e8 9068 python-mysqldb_1.3.4-1.debian.tar.xz fbe769f60dc2a37a889e95f1b403aa34956a8b8a89604aba00649c3a1f343a11 50538 python-mysqldb_1.3.4-1_amd64.deb d5636067a8480bd3464f9e45f00a2ce4bace17edf91c190c557c5d98f91e4469 27650 python-mysqldb-dbg_1.3.4-1_amd64.deb
Bug#747141: [debhelper-devel] Bug#747141: dh_installdocs --link-doc forces source-version dependencies (Was: Re: [debhelper-devel] Bug#747141: closed by Niels Thykier ni...@thykier.net (Bug#747141:
Hi Niels, On Mon, 22 Dec 2014 08:25:03 +0100, Niels Thykier ni...@thykier.net wrote: On Mon, 22 Dec 2014 00:36:05 +, ow...@bugs.debian.org (Debian Bug Tracking System) wrote: #747141: debhelper: dh_installdocs --link-doc forces source-version dependencies Unfortunately the bug I reported isn't fixed (see https://bugs.debian.org/747141#5 for my original message); with debhelper 9.20141222, I still end up with incorrect versioned dependencies between the arch: any packages built by gcc-mingw-w64: dh_installdocs adds a dependency on gcc-mingw-w64-base (= 14.3), where 14.3 is the *source* version and not the binary version (which is 4.9.1-19+14.3 in this case and correctly added by debian/rules). Okay, I guess I realise what happens now that breaks your case. We use dpkg-parsechangelog -l. During a binNMU this returns the binNMU version (i.e. source version plus +bX), but I guess you set your own binary version? The best I can give you is the eqv. of a pkg (= ${binary:Version}). This minor modification (from our PoV) should not change the output in the general case, and /may/ fix your case. It should indeed, and it seems better to me generally speaking, since the dependency should be on the binary version anyway. There are other packages in the archive which produce binary packages with versions other than the source version! However, if that does not work, then I am afraid your self-chosen version scheme cannot be handled automatically by debhelper and you would have to do the link-doc manually. AFAICT for this to work, you *must* use identical versions for the binary packages that are affected by the --link-doc parameter. In that case (and perhaps in general), what would be nice would be to have dh_installdocs allow the version to be specified; currently I run dh_installdocs then sed the substvars to remove the dependency added by dh_installdocs. Regarding the arch: any to arch: all and vice-versa cases you fixed, what about transitional and/or metapackages? Given that they are empty, I don't see anything in Policy or in practice which would prevent arch: all metapackages depending on arch: any binary packages without a strict versioned dependency to provide their changelog and copyright... You cannot have a correct match between an arch:all and an arch:any package during a binNMU (or at least, not until debhelper started extracting the binNMU changelog parts into a separate file). But then you can only safely do it with an arch:all linking to an arch:any. However, with the interface debhelper provided, this never worked, because we would generate a pkg (= ${bVersion}) and after a binNMU the arch:all version would still depend on the old ${bVersion} (since it is not rebuilt). Instead of succeeding such a build and allow broken packages (uninstallable) packages to reach the archive, we now error out[1]. This is especially helpful, since a lot of people seem to get these work. Yup, I understand the reasoning behind the change. (I'm guessing s/work/wrong/ in that last sentence!) (gcc-mingw-w64 does this in a binNMU-friendly way.) Except, you are (at least, in theory) doing it very very wrong! Your metadata package does not force the exact version between itself and the link-doc target packages. This allows the versions to go out of sync and we could (in theory) end up in a situation where the copyright file do not accurately reflect the copyright/license statements of the metapackage[2]. Admittedly, for an empty metapackage, this example is a bit contrived (as the non-content is hardly copyrightable). However, people might cargo-cult your setup into another package breaking theirs (from a legal PoV). It's the empty part I'm relying on ;-). That's why I was asking only about transitional and metapackages. I would strongly recommend getting this particular use-case (arch:all metapackage - arch:any non-metapackage) officially sanctioned before using it. Primarily to say it is in fact a valid use and secondarily to highlight the cases, where it *is* valid (which is definitely far from all cases). That makes sense, I'll do that... Even then, I doubt this is a scenario that debhelper will support out of the box. As mentioned, a fair share of debhelper users have gotten this wrong, so I will go with the safe-rather-than-sorry approach here. Yes, that seems perfectly sensible. As long as debhelper doesn't actively prevent it I won't complain! Regards, Stephen pgpZFdMVqDsVM.pgp Description: OpenPGP digital signature
Bug#767037: Grub EFI fallback - patches for review
On Sun, Dec 21, 2014 at 08:24:08PM +, Steve McIntyre wrote: On Sun, Dec 21, 2014 at 10:49:59AM +, Ian Campbell wrote: On Sat, 2014-12-20 at 09:45 +0100, David Härdeman wrote: one option that doesn't seem to have been considered would be to create a separate package (let's call it UEFIx) that installs an UEFI binary to EFI/boot/bootx64.efi. That binary could then do what the UEFI BIOS should've done (i.e. look at the EFI vars for bootorder, bootnext, etc and then go on to load the right bootloader). Interesting idea, does this stub bootloader already exist, or is it something someone would need to write? (Either way I think it's likely too late for Jessie, but perhaps something to think about for Stretch) Exactly. :-/ I tried writing a stub bootloader. It works fine in a TianoCore QEMU environmentunfortunately it's a no go on my HP laptop (8570p). The HP UEFI BIOS helpfully deletes the BootOrder variable altogether :/ So...it was a promising idea, but one that won't work :( -- David Härdeman -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772811: marked as done (unrtf: CVE-2014-9274 CVE-2014-9275)
Your message dated Mon, 22 Dec 2014 21:35:06 + with message-id e1y3ad8-0007ez...@franck.debian.org and subject line Bug#772811: fixed in unrtf 0.21.5-2 has caused the Debian Bug report #772811, regarding unrtf: CVE-2014-9274 CVE-2014-9275 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772811 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: unrtf Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2014/12/03/4 for more information and references to patches. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: unrtf Source-Version: 0.21.5-2 We believe that the bug you reported is fixed in the latest version of unrtf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Willi Mann wi...@debian.org (supplier of updated unrtf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Dec 2014 20:20:33 +0100 Source: unrtf Binary: unrtf Architecture: source Version: 0.21.5-2 Distribution: unstable Urgency: medium Maintainer: Willi Mann wi...@debian.org Changed-By: Willi Mann wi...@debian.org Description: unrtf - RTF to other formats converter Closes: 772811 Changes: unrtf (0.21.5-2) unstable; urgency=medium . * Security fixes, closes: #772811 - Fix CVE-2014-9274: check that accesses to color table stay within bounds - Fix CVE-2014-9275: various crashes * possible security fixes: - Fix Invalid read of size 4 in attr_get_param - attr_get_param(): Silence a warning message again Checksums-Sha1: a3b1b1c30b53c6964b3dd6b634b7ac79d8e5e0bf 1826 unrtf_0.21.5-2.dsc c842d255fe4f58fd59087539c56dc3341c38e91a 6520 unrtf_0.21.5-2.debian.tar.xz Checksums-Sha256: 85e884cc33ae1263da85ae2187171be22a115d47e812f80717e761289d694b78 1826 unrtf_0.21.5-2.dsc aa5ed95dc62d1644a70bb865dbb4b49f27bee0e1f6f5ef1f45b4482c6257e968 6520 unrtf_0.21.5-2.debian.tar.xz Files: 9143fb7be2e7cd092da5d9795cdf9528 1826 text optional unrtf_0.21.5-2.dsc 72e895914d6f25ad7835d2c85733e9a1 6520 text optional unrtf_0.21.5-2.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUmHd7AAoJEIy+IZx0V22BW90QAIxnbPaO4+ZeyLEfTWADOfWl HXMF05gAvoHEtE9XCAwljmd0yszt+JvlC5NJ9bKuBlTx4p4H5QpvnXvd4ToN0QY+ ltERpuy9z0uHN/lQdv5cMGu2NPRrKxxgYYZHH9JfDggK1PcHRZMJnX12/Mj3GxMf 4rJ936CiYpvGbl4YEGfzAZSvSJ5eLZgiKkP6Z1wItexoIQfw/l3RJcochBLh/YVo PpWvxtwO6kV0vl5WAcOKHx35WSfO7RUQuXHz12+5Agwg3i5EZa7qZ3zvrjcz3fTi 20FPdjLNkOUlJw2D5pU8sMrjAIsHVh+2p8MTo0++AqHZLnUUbPsaqd1QGNWL1iWm EtMFCF7Asi1V6WfelezdTwWs5HBFxzAzbz5C8eomHI9I7yv0mn51LEJalVWBTG4Q Ao0+5S6afQ3jKwRCn78jRGo7c5qG9A9cjsZZyMCIRoc3Izsy7nt7LUsfoWfkB3nv zGzc9OmL/Dc8Eclw/PGF2U7qT7XGNHJJLJafVFsI0JJK+NzWYuOJYFMEfxQCTEAf fosMqAq86UID6AgT03qihpJb1tsy4fP1WhdwvGKRvfCnXAuzMjby3XOoG+CaV0zj 7SP05WpySaxOfwTz0EnHLAn9widgjAIEGyJm1UvXiF2xfjSpwWKk/+0JV/djaYTO u/rQfVGcjgHE4/ZGCich =/app -END PGP SIGNATUREEnd Message---
Bug#773750: nut-client: Fails to install
Package: nut-client Version: 2.7.2-1+b3 Severity: serious Justification: Fails to install due to failing to start The package fails to configure on install due to ups-monitor service failing to start due to lack of configuration and failed to gracefully handle case of no valid configuration. This causes to package installation to fail which is a violation of debian packaging guidelines. -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nut-client depends on: ii adduser 3.113+nmu3 ii init-system-helpers 1.22 ii libc62.19-13 ii libupsclient42.7.2-1+b3 ii lsb-base 4.1+Debian13+nmu1 Versions of packages nut-client recommends: ii bash-completion 1:2.1-4 Versions of packages nut-client suggests: ii nut-monitor 2.7.2-1 -- Configuration Files: /etc/nut/nut.conf [Errno 13] Permission denied: u'/etc/nut/nut.conf' /etc/nut/upsmon.conf [Errno 13] Permission denied: u'/etc/nut/upsmon.conf' /etc/nut/upssched.conf [Errno 13] Permission denied: u'/etc/nut/upssched.conf' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773041: Bug#773318: clamav dies/hangs
On 2014-12-22 02:52:02 [+0100], Marc Dequènes (duck) wrote: I can upload this simple fix quickly, nevertheless i did not have time to proofread it. Any comment? I plan to add the following patch to clamav. I added a small comment why we have the busy loop there. So far it looks like a good idea. The only problem is that we need off_t beeing 64bit (LFS) or it won't work on 32bit. No problem on Debian side… I added upstream on CC hoping that they will take this or do something about it :) If nobody objects, I push this tomorrow into the clamav repo. From 9041fefc0d48aa3c307baa20c5cc4b7eceafe616 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior sebast...@breakpoint.cc Date: Mon, 22 Dec 2014 22:10:47 +0100 Subject: [PATCH] make frame_end off_t Debian bts #773041, #772891 contains a report of a .cab file which causes an endless loop. Eric Sharkey diagnosed the problem as frame_end is 32bit and overflows and the result the loop makes no progress. He also added that making it off_t (and so 64bit with LFS) fixes the problem. The problem seems that after the overflow, window_posn is larger than frame_end and therefore we never enter the loop to make progress. But we still have out_bytes 0 so we don't leave the outer loop either. This patch is based on Eric Sharkey comments. Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc --- mspack/qtmd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mspack/qtmd.c b/mspack/qtmd.c index 12b27f5608c4..6e1640579119 100644 --- a/mspack/qtmd.c +++ b/mspack/qtmd.c @@ -253,7 +253,8 @@ struct qtmd_stream *qtmd_init(struct mspack_system *system, } int qtmd_decompress(struct qtmd_stream *qtm, off_t out_bytes) { - unsigned int frame_todo, frame_end, window_posn, match_offset, range; + unsigned int frame_todo, window_posn, match_offset, range; + off_t frame_end; unsigned char *window, *i_ptr, *i_end, *runsrc, *rundest; int i, j, selector, extra, sym, match_length; unsigned short H, L, C, symf; -- 2.1.3 Sebastian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
Package: isc-dhcp-client Version: 4.3.1-5 Severity: grave Justification: renders package unusable [Well, correction can be done manually, but this is really annoying.] I've been using wicd to connect via WiFi for years, and this has always worked, but now the /etc/resolv.conf file is no longer updated. The /etc/wicd/dhclient.conf.template file is used by wicd and contains here (this is the default + the prepend line): # If you're reading this, you're probably reading either: # /etc/wicd/dhclient.conf.template.default # or # /etc/wicd/dhclient.conf.template # or # a generated dhclient configuration in /var/run # (these files could be in different locations, as determined by your # packager or system administrator, but those are the default pathes) # # Here's what you need to know: # The .default file is copied by wicd to dhclient.conf.template if # dhclient.conf.template does not exist. If dhclient.conf.template # does exist, the .default file is not used. This is to allow # upgrades of the package without destroying user changes. # # In other words, if you want to change the generated dhclient # configuration, you need to change dhclient.conf.template, # NOT dhclient.conf.template.default # wicd will replace $_HOSTNAME in the following line with # the appropriate hostname for this system send host-name $_HOSTNAME; # Prepend the local DNS server (BIND), but also Google DNS servers, # as BIND times out on network congestion. prepend domain-name-servers 127.0.0.1, 8.8.8.8, 8.8.4.4; As you can see, there is a prepend line, but the /etc/resolv.conf file was still unmodified (last modified on 2014-09-30 00:39:52), with incorrect settings (nameserver 192.168.1.1 only). I had to modify it manually. /var/log/syslog says about dhclient: Dec 22 21:39:18 xvii dhclient: Internet Systems Consortium DHCP Client 4.3.1 Dec 22 21:39:18 xvii dhclient: Copyright 2004-2014 Internet Systems Consortium. Dec 22 21:39:18 xvii dhclient: All rights reserved. Dec 22 21:39:18 xvii dhclient: For info, please visit https://www.isc.org/software/dhcp/ Dec 22 21:39:18 xvii dhclient: Dec 22 21:39:18 xvii dhclient: Listening on LPF/wlan0/00:21:6a:47:b3:80 Dec 22 21:39:18 xvii dhclient: Sending on LPF/wlan0/00:21:6a:47:b3:80 Dec 22 21:39:18 xvii dhclient: Sending on Socket/fallback Dec 22 21:39:18 xvii dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 8 Dec 22 21:39:20 xvii dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Dec 22 21:39:20 xvii dhclient: DHCPOFFER from 192.168.0.1 Dec 22 21:39:20 xvii dhclient: DHCPACK from 192.168.0.1 Dec 22 21:39:20 xvii dhclient: bound to 192.168.0.6 -- renewal in 124409 seconds. Note: resolvconf is installed, but the files in the /etc/resolvconf directory have old timestamps: -rw-r--r-- 1 481 2013-02-06 20:55:06 interface-order -rw-r--r-- 10 2012-09-10 11:55:45 resolv.conf.d/base -rw-r--r-- 1 151 2012-09-10 11:55:45 resolv.conf.d/head -rw-r--r-- 1 72 2012-10-21 13:51:50 resolv.conf.d/original -rw-r--r-- 10 2012-10-21 14:45:20 resolv.conf.d/tail lrwxrwxrwx 1 15 2012-10-21 14:45:12 run - /run/resolvconf/ -rwxr-xr-x 1 249 2009-01-28 03:59:31 update-libc.d/avahi-daemon* -rwxr-xr-x 1 426 2012-04-27 17:54:50 update-libc.d/postfix* -rwxr-xr-x 1 3195 2012-09-10 11:55:45 update.d/dnscache* -rwxr-xr-x 1 4624 2013-02-06 20:55:06 update.d/libc* thus have not been modified for a long time. /run/resolvconf/resolv.conf was modified on 2014-12-22 21:39:20 and contains correct settings: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 nameserver 8.8.8.8 nameserver 8.8.4.4 but isn't taken into account, since /etc/resolv.conf is not a symlink to it (I don't know why, but it was a symlink in the past). So, it appears that dhclient modifies the wrong file. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages isc-dhcp-client depends on: ii debianutils 4.4+b1 ii iproute2 3.16.0-2 ii isc-dhcp-common 4.3.1-5 ii libc6 2.19-13 ii libdns-export100 1:9.9.5.dfsg-7 ii libirs-export91 1:9.9.5.dfsg-7 ii libisc-export95 1:9.9.5.dfsg-7 isc-dhcp-client recommends no packages. Versions of packages isc-dhcp-client suggests: ii avahi-autoipd 0.6.31-4+b2 ii resolvconf 1.76 -- Configuration Files: /etc/dhcp/dhclient.conf changed: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
Bug#773751: race condition between fur and fex_cleanup
Package: fex Version: 20140917-1 Severity: serious Tags: security patch upstream pending confirmed jessie As upstream has released a new version of the fex package which closes a security issue and there is no CVE assigned, we'll use this bug to track the issue. Problem is: a race condition between fur and fex_cleanup may create internal instead of external user. With the default configuration no auto registration is possible and no exploit is possible. You must have allowed user self registration via fex.ph. Background is a timing race condition that fex_cleanup will throw away the external user flag if the link a user is sent is not clicked/visited before fex_cleanup is run (i.e. usually next day). The user account will then be created with full internal user privileges instead of the reduced externel priv. set. The new release is currently being prepared for uploading into Debian. Some minor updates that have nothing to do with the issue at hand are currently being discussed between me and upstream. I'd guess we can have a new fixed version in unstable before end of this year - maybe even before Xmas. As we don't have a version in stable, I'll prepare uploads of wheezy-backports and squeeze-backports once we're in jessie with the new version. Since the other security fixes haven't been backported to oldstable (yet), it seems not very logical to start with this (rather minor) one. Best, Kilian signature.asc Description: Digital signature
Bug#773724: marked as done (libxshmfence: FTBFS: Test failure)
Your message dated Tue, 23 Dec 2014 00:58:55 +0100 with message-id 2014135855.gx1...@betterave.cristau.org and subject line Re: Bug#773724: libxshmfence: FTBFS: Test failure has caused the Debian Bug report #773724, regarding libxshmfence: FTBFS: Test failure to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773724 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: libxshmfence Version: 1.1-4 Severity: serious From my pbuilder build log (on amd64, with DISPLAY unset): ... make check-TESTS make[4]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' make[5]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' FAIL: xshmfence_test make[6]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' make[6]: Nothing to be done for 'all'. make[6]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' === libxshmfence 1.1: test/test-suite.log === # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: xshmfence_test xshmfence_alloc_shm: Permission denied Testsuite summary for libxshmfence 1.1 # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 See test/test-suite.log Please report to https://bugs.freedesktop.org/enter_bug.cgi?product=xorg Makefile:678: recipe for target 'test-suite.log' failed make[5]: *** [test-suite.log] Error 1 make[5]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' Makefile:784: recipe for target 'check-TESTS' failed make[4]: *** [check-TESTS] Error 2 make[4]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' Makefile:857: recipe for target 'check-am' failed make[3]: *** [check-am] Error 2 make[3]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' Makefile:487: recipe for target 'check-recursive' failed make[2]: *** [check-recursive] Error 1 make[2]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build' dh_auto_test: make -j1 check VERBOSE=1 returned exit code 2 debian/rules:27: recipe for target 'override_dh_auto_test' failed make[1]: *** [override_dh_auto_test] Error 2 make[1]: Leaving directory '/tmp/buildd/libxshmfence-1.1' debian/rules:13: recipe for target 'build' failed make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- Daniel Schepler ---End Message--- ---BeginMessage--- On Mon, Dec 22, 2014 at 08:35:15 -0800, Daniel Schepler wrote: Source: libxshmfence Version: 1.1-4 Severity: serious From my pbuilder build log (on amd64, with DISPLAY unset): ... make check-TESTS make[4]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' make[5]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' FAIL: xshmfence_test make[6]: Entering directory '/tmp/buildd/libxshmfence-1.1/build/test' make[6]: Nothing to be done for 'all'. make[6]: Leaving directory '/tmp/buildd/libxshmfence-1.1/build/test' === libxshmfence 1.1: test/test-suite.log === # TOTAL: 1 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 .. contents:: :depth: 2 FAIL: xshmfence_test xshmfence_alloc_shm: Permission denied Fix your setup, /dev/shm needs to be world-writable. Cheers, Julien signature.asc Description: Digital signature ---End Message---
Bug#768369: Acknowledgement ([libjpeg62-turbo] [DOS] Stack smashing)
A small addition to the test case in Message #114: In test-768369.c lines 193 and 194 are swapped therefore an undefined value is given to malloc. When cleaning up this leads to a crash as now the stack smashing is fixed. Kind regards, Bernhard -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773764: network-manager-strongswan: bug in config file means strongswan unrecognised
Package: network-manager-strongswan Version: 1.3.0-1.1 Severity: grave Tags: patch The properties line in the config file shown in this diff does not specify the full path to the .so. On my machine, this means that network-manager fails to recognise the strongswan plugin, rendering this package useless. I assume (though am unable to verify) that this would affect most or all users of this package. Making this change and restarting network-manager makes the strongswan VPN configuration option visible; removing the patch and restarting n-m makes it disapppear again, so this certainly seems to be the cause of the bug. --- /etc/NetworkManager/VPN/nm-strongswan-service.name~ 2014-07-16 16:46:32.0 +0100 +++ /etc/NetworkManager/VPN/nm-strongswan-service.name 2014-12-23 00:04:46.292478154 + @@ -5,4 +5,4 @@ [GNOME] auth-dialog=/usr/lib/NetworkManager/nm-strongswan-auth-dialog -properties=libnm-strongswan-properties +properties=/usr/lib/NetworkManager/libnm-strongswan-properties -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages network-manager-strongswan depends on: ii gconf-service3.2.6-3 ii libart-2.0-2 2.3.21-2 ii libatk1.0-0 2.14.0-1 ii libbonobo2-0 2.32.1-3 ii libbonoboui2-0 2.24.5-2 ii libc62.19-13 ii libcairo21.14.0-2.1 ii libdbus-1-3 1.8.12-1 ii libdbus-glib-1-2 0.102-1 ii libfontconfig1 2.11.0-6.3 ii libfreetype6 2.5.2-2 ii libgconf-2-4 3.2.6-3 ii libgdk-pixbuf2.0-0 2.31.1-2+b1 ii libglib2.0-0 2.42.1-1 ii libgnome-2-0 2.32.1-5 ii libgnome-keyring03.12.0-1+b1 ii libgnomecanvas2-02.30.3-2 ii libgnomeui-0 2.24.5-3 ii libgnomevfs2-0 1:2.24.4-6+b1 ii libgtk2.0-0 2.24.25-1 ii libice6 2:1.0.9-1+b1 ii libnm-glib-vpn1 0.9.10.0-4 ii libnm-glib4 0.9.10.0-4 ii libnm-util2 0.9.10.0-4 ii liborbit-2-0 1:2.14.19-0.3 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libpangoft2-1.0-01.36.8-3 ii libpopt0 1.16-10 ii libsm6 2:1.2.2-1+b1 ii network-manager 0.9.10.0-4 ii strongswan-nm5.2.1-4 network-manager-strongswan recommends no packages. network-manager-strongswan suggests no packages. -- Configuration Files: /etc/NetworkManager/VPN/nm-strongswan-service.name changed: [VPN Connection] name=strongswan service=org.freedesktop.NetworkManager.strongswan program=/usr/lib/ipsec/charon-nm [GNOME] auth-dialog=/usr/lib/NetworkManager/nm-strongswan-auth-dialog properties=/usr/lib/NetworkManager/libnm-strongswan-properties -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 773751
Processing commands for cont...@bugs.debian.org: tags 773751 + fixed-upstream Bug #773751 [fex] race condition between fur and fex_cleanup Added tag(s) fixed-upstream. thanks Stopping processing here. Please contact me if you need assistance. -- 773751: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773751 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
On 2014-12-22 22:38:36 +0100, Vincent Lefevre wrote: I've been using wicd to connect via WiFi for years, and this has always worked, but now the /etc/resolv.conf file is no longer updated. The /etc/wicd/dhclient.conf.template file is used by wicd and contains here (this is the default + the prepend line): # If you're reading this, you're probably reading either: # /etc/wicd/dhclient.conf.template.default # or # /etc/wicd/dhclient.conf.template # or # a generated dhclient configuration in /var/run # (these files could be in different locations, as determined by your # packager or system administrator, but those are the default pathes) # # Here's what you need to know: # The .default file is copied by wicd to dhclient.conf.template if # dhclient.conf.template does not exist. If dhclient.conf.template # does exist, the .default file is not used. This is to allow # upgrades of the package without destroying user changes. # # In other words, if you want to change the generated dhclient # configuration, you need to change dhclient.conf.template, # NOT dhclient.conf.template.default # wicd will replace $_HOSTNAME in the following line with # the appropriate hostname for this system send host-name $_HOSTNAME; # Prepend the local DNS server (BIND), but also Google DNS servers, # as BIND times out on network congestion. prepend domain-name-servers 127.0.0.1, 8.8.8.8, 8.8.4.4; This is actually a template file used by wicd to generate the real dhclient config file. In the past, the generated file was in some special place and dhclient was called with the -cf option, but this is no longer the case, and /etc/dhcp/dhclient.conf is now regenerated and wicd no longer uses the -cf option. This /etc/dhcp/dhclient.conf file contains (without the comments): send host-name = gethostname(); prepend domain-name-servers 127.0.0.1, 8.8.8.8, 8.8.4.4; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers; As you can see, though there's the prepend domain-name-servers ... line, the /etc/resolv.conf file is not updated. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
On 2014-12-23 02:20:54 +0100, Vincent Lefevre wrote: This /etc/dhcp/dhclient.conf file contains (without the comments): I forgot: option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; send host-name = gethostname(); prepend domain-name-servers 127.0.0.1, 8.8.8.8, 8.8.4.4; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers; As you can see, though there's the prepend domain-name-servers ... line, the /etc/resolv.conf file is not updated. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
Processing control commands: reassign -1 src:wicd Bug #773749 [isc-dhcp-client] isc-dhcp-client: no longer updates /etc/resolv.conf Bug reassigned from package 'isc-dhcp-client' to 'src:wicd'. No longer marked as found in versions isc-dhcp/4.3.1-5. Ignoring request to alter fixed versions of bug #773749 to the same values previously set -- 773749: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773749 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
control: reassign -1 src:wicd On Mon, Dec 22, 2014 at 8:20 PM, Vincent Lefevre wrote: This is actually a template file used by wicd to generate the real dhclient config file. In the past, the generated file was in some special place and dhclient was called with the -cf option, but this is no longer the case, and /etc/dhcp/dhclient.conf is now regenerated and wicd no longer uses the -cf option. This /etc/dhcp/dhclient.conf file contains (without the comments): If wicd is modifying files owned by the isc-dhcp-client package, then that is a policy violation and is surely the origin of the problem. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
Processing control commands: reassign -1 src:wicd Bug #773749 [src:wicd] isc-dhcp-client: no longer updates /etc/resolv.conf Ignoring request to reassign bug #773749 to the same package -- 773749: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773749 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773768: ghc: fails to install: cannot open shared object file: No such file or directory
Package: ghc Version: 7.8.20141119-8 Severity: grave Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ghc fails to install (in clean cowbuilder chroot): Setting up ghc (7.8.20141119-8) ... /usr/lib/ghc/bin/ghc: error while loading shared libraries: libHShaskeline-0.7.1.2-ghc7.8.3.20141119.so: cannot open shared object file: No such file or directory /usr/lib/ghc/bin/ghc-pkg: error while loading shared libraries: libHSterminfo-0.4.0.0-ghc7.8.3.20141119.so: cannot open shared object file: No such file or directory dpkg: error processing package ghc (--configure): subprocess installed post-installation script returned error exit status 127 Errors were encountered while processing: ghc E: Sub-process /usr/bin/dpkg returned an error code (1) - Jonas -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQF8BAEBCgBmBQJUmMt1XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3NjQ4ODQwMTIyRTJDNTBFQzUxRDQwRTI0 RUMxQjcyMjM3NEY5QkQ2AAoJEE7BtyI3T5vW4ycIAKUURV8HCHdlo0di7ry2Ld8g emR1SVMJcVGqOA8NjOPtpEw7Oin6ThgjdnwYCcxTyJ2F5DGsV9RQ2HeuyDnkbe5K 3nKElof49RIV9eXJs7XKAOay06KOWep5cy9QrhpY8j+2VOBXIqgAqikLr6CKaYKq h9mq86MWK0/LuBJTnNEt5qxugSYo7NoCpFacb1qp2MAXUtDrdLo04qPxvuJLapUP pQd3/GBzE5So/i5g6m8Vuj+o38LklEJxGpfhnVwBiFHACHbzVU/tZJP4zsRf3/w/ TJSSQB/yhpGQeOhjjOk79O7Gx6YnwnsJvuDzzb3fleaYNxpXRHnqW0GoYv5sYOQ= =BpVX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
On 2014-12-22 20:40:57 -0500, Michael Gilbert wrote: control: reassign -1 src:wicd On Mon, Dec 22, 2014 at 8:20 PM, Vincent Lefevre wrote: This is actually a template file used by wicd to generate the real dhclient config file. In the past, the generated file was in some special place and dhclient was called with the -cf option, but this is no longer the case, and /etc/dhcp/dhclient.conf is now regenerated and wicd no longer uses the -cf option. This /etc/dhcp/dhclient.conf file contains (without the comments): If wicd is modifying files owned by the isc-dhcp-client package, then that is a policy violation and is surely the origin of the problem. I agree that it shouldn't do that. I doubt that's the origin of the problem, though, since the config file still seems to be OK. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#773749: isc-dhcp-client: no longer updates /etc/resolv.conf
Processing commands for cont...@bugs.debian.org: reassign 773749 wicd-daemon 1.7.2.4-4.1 Bug #773749 [src:wicd] isc-dhcp-client: no longer updates /etc/resolv.conf Bug reassigned from package 'src:wicd' to 'wicd-daemon'. Ignoring request to alter found versions of bug #773749 to the same values previously set Ignoring request to alter fixed versions of bug #773749 to the same values previously set Bug #773749 [wicd-daemon] isc-dhcp-client: no longer updates /etc/resolv.conf Marked as found in versions wicd/1.7.2.4-4.1. retitle 773749 wicd-daemon modifies /etc/dhcp/dhclient.conf, owned by isc-dhcp-client - breaks /etc/resolv.conf settings Bug #773749 [wicd-daemon] isc-dhcp-client: no longer updates /etc/resolv.conf Changed Bug title to 'wicd-daemon modifies /etc/dhcp/dhclient.conf, owned by isc-dhcp-client - breaks /etc/resolv.conf settings' from 'isc-dhcp-client: no longer updates /etc/resolv.conf' End of message, stopping processing here. Please contact me if you need assistance. -- 773749: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773749 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: git-daemon-run: Depend on runit which fails to install due to missing inittab
Processing commands for cont...@bugs.debian.org: reassign 773770 runit Bug #773770 [git-daemon-run] git-daemon-run: Depend on runit which fails to install due to missing inittab Bug reassigned from package 'git-daemon-run' to 'runit'. No longer marked as found in versions jessie. Ignoring request to alter fixed versions of bug #773770 to the same values previously set tags 773770 jessie sid experimental Bug #773770 [runit] git-daemon-run: Depend on runit which fails to install due to missing inittab Added tag(s) sid, experimental, and jessie. forcemerge 766187 773770 Bug #766187 [runit] runit: Fails to install runit after fresh install of jessie beta2 Bug #766187 [runit] runit: Fails to install runit after fresh install of jessie beta2 Added tag(s) sid, jessie, and experimental. Bug #773770 [runit] git-daemon-run: Depend on runit which fails to install due to missing inittab Severity set to 'grave' from 'normal' Added indication that 773770 affects bcron-run,twoftpd-run,git-daemon-run The source bcron-run and version 0.10-3 do not appear to match any binary packages The source git-daemon-run and version 1:2.1.1-1 do not appear to match any binary packages The source twoftpd-run and version 1.42-1 do not appear to match any binary packages Marked as found in versions runit/2.1.2-1, runit/2.1.2-2, git-daemon-run/1:2.1.1-1, twoftpd-run/1.42-1, and bcron-run/0.10-3. Added tag(s) patch. Merged 766187 773770 affects 773770 + src:git git-daemon-run Bug #773770 [runit] git-daemon-run: Depend on runit which fails to install due to missing inittab Bug #766187 [runit] runit: Fails to install runit after fresh install of jessie beta2 Added indication that 773770 affects src:git Added indication that 766187 affects src:git quit Stopping processing here. Please contact me if you need assistance. -- 766187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766187 773770: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773770 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771971: dpkg hangs installing init during upgrade from wheezy to jessie
Hello all, I also had this problem when upgrading my amd64 laptop from wheezy to jessie. My apt and general system configuration on this machine was not particularly hygienic or well documented, so mine might not be a very high signal datapoint, however I was ultimately able to complete the upgrade. I use full disk encryption so my heart initially jumped up my throat when I hung on Selecting previously unselected package init. with 100% CPU utilization on a single core. After some ugly desperate kludging, including: sudo rm /var/cache/apt/archives/lock and running `sudo apt-get dist-upgrade` several times (all hanging), I eventually simply ran: sudo apt-get install init which succeeded, and was then able to proceed with `sudo apt-get dist-upgrade`. --bryan PS, much thanks to all debian developers and maintainers for your hard work! I love you! -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: your mail
Processing commands for cont...@bugs.debian.org: reopen 771871 Bug #771871 {Done: Matthew Grant m...@mattgrant.net.nz} [netscript-2.4] netscript: fails to install due to insserv rejecting the script header: There is a loop between service networking and netscript if started 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions netscript-2.4/5.4.6. End of message, stopping processing here. Please contact me if you need assistance. -- 771871: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771871 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771871: marked as done (netscript: fails to install due to insserv rejecting the script header: There is a loop between service networking and netscript if started)
Your message dated Tue, 23 Dec 2014 05:51:01 + with message-id e1y3in3-0004du...@franck.debian.org and subject line Bug#771871: fixed in netscript-2.4 5.4.8 has caused the Debian Bug report #771871, regarding netscript: fails to install due to insserv rejecting the script header: There is a loop between service networking and netscript if started to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 771871: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771871 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: netscript Version: 2.4_5.4.5 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install due to insserv rejecting the script header. Some notes are available from at https://wiki.debian.org/LSBInitScripts From the attached log (scroll to the bottom...): Selecting previously unselected package netscript-2.4. (Reading database ... 7753 files and directories currently installed.) Preparing to unpack .../netscript-2.4_5.4.5_all.deb ... Unpacking netscript-2.4 (5.4.5) ... Setting up netscript-2.4 (5.4.5) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults insserv: There is a loop between service networking and netscript if started insserv: loop involving service netscript at depth 4 insserv: loop involving service networking at depth 3 insserv: loop involving service procps at depth 2 insserv: loop involving service mountnfs at depth 8 insserv: loop involving service mountall at depth 6 insserv: loop involving service urandom at depth 7 insserv: There is a loop between service networking and netscript if started insserv: exiting now without changing boot order! update-rc.d: error: insserv rejected the script header dpkg: error processing package netscript-2.4 (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: netscript-2.4 cheers, Andreas netscript-2.4_5.4.5.log.gz Description: application/gzip ---End Message--- ---BeginMessage--- Source: netscript-2.4 Source-Version: 5.4.8 We believe that the bug you reported is fixed in the latest version of netscript-2.4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 771...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthew Grant m...@mattgrant.net.nz (supplier of updated netscript-2.4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 23 Dec 2014 17:50:04 +1300 Source: netscript-2.4 Binary: netscript-2.4 netscript-ipfilter Architecture: source all Version: 5.4.8 Distribution: unstable Urgency: medium Maintainer: Matthew Grant m...@mattgrant.net.nz Changed-By: Matthew Grant m...@mattgrant.net.nz Description: netscript-2.4 - Linux 2.4/2.6/3.x router/firewall/VM host network config system. netscript-ipfilter - Linux 2.6/3.x iptables management system. Closes: 771871 Changes: netscript-2.4 (5.4.8) unstable; urgency=medium . * Remove sysvint/inserv support for package. (Closes: #771871) Revert totally removing ifupdown emulation/Provides as this breaks too many things. This just removes the dependency loop in /etc/init.d files which is unfixable. Checksums-Sha1: 5b1ad873f6372fba13d60f2d0762a97160d1c113 1480 netscript-2.4_5.4.8.dsc e2ff6732ebd1c19a8c167c1f91e5b82576245b73 72476 netscript-2.4_5.4.8.tar.gz 78a0174d9a9e0ed775f13ab3f327bb48f7b31c71 52584 netscript-2.4_5.4.8_all.deb e2db5bbb00482aa963a17472fb7f36aa12a07b94 27050 netscript-ipfilter_5.4.8_all.deb Checksums-Sha256: 565704871cb8f75f2905bd91482e3820bc562d8081ba4e8d01fa7c2f3b02b3d8 1480 netscript-2.4_5.4.8.dsc aa313f62f9cb5d6cdcb010260d07ed541c6da049aa241cf87e41df76b21a8602 72476 netscript-2.4_5.4.8.tar.gz bc2e4399a871f7b79bc29d0c1f09d15748209666e401b9ac2ec98b9d13859ad7 52584 netscript-2.4_5.4.8_all.deb 05cd9dc46b1b4ea37cedca6b78045e5e69b8fc6d4727e34934a79c4949a6ec44 27050 netscript-ipfilter_5.4.8_all.deb Files: 328cf3df5b5859b3875c9bbcdbbd4443 1480 net optional netscript-2.4_5.4.8.dsc