Bug#718982: docbook2x cannot be installed anymore
Hi Daniel thanks for the fast and prompt answer. Unfortunately I deleted the package because I wanted to upload a NMU version, and for some reason the package didn't get published anymore on mentors. I also tried to dcut the old package but also dcut file is still there. Tomorrow morning I'll try to bump the version and upload again, hoping some script will clean up things at some points. I never had this kind of issues on mentors, and I uploaded already a lot of packages. Otherwise I think you can grab the debian directory from mentors and rebuild it if needed I still see files on the ftp site ftp://mentors.debian.net/ Unless I cannot figure out what's wrong with mentors today, I'll publish on github or wherever you think is more appropriate! Thanks for your time Gianfranco Sent from Yahoo! Mail on Android
Bug#718982: docbook2x cannot be installed anymore
I made my changes available here https://github.com/LocutusOfBorg/docbook2x Mentors seems to be still stuck on some packages, seems to be a general problem. Could you please take it from here? this is particularly the commit I'm referring to https://github.com/LocutusOfBorg/docbook2x/commit/bd2579ba06e759ae594a9f510e26abf427152726 many thanks Gianfranco Da: Daniel Leidert daniel.leid...@wgdd.de A: Gianfranco Costamagna costamagnagianfra...@yahoo.it; 718...@bugs.debian.org Inviato: Giovedì 8 Agosto 2013 20:10 Oggetto: Re: Bug#718982: docbook2x cannot be installed anymore Am Mittwoch, den 07.08.2013, 13:40 +0100 schrieb Gianfranco Costamagna: Package: docbook2x Version: 0.8.8-8 Severity: serious Dear Maintainer, please consider upload of my package available on mentors [1], because now docbook2x cannot be installed on sid anymore. I cannot build/rebuild anymore packages I maintain in debian. There is no docbook2x package on mentors.d.n. I can adopt the package. Please go ahead. It is up for adoption. Regards, Daniel -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#718982: docbook2x cannot be installed anymore
Ok for some other obscure reasons now mentors works again https://mentors.debian.net/package/docbook2x - Messaggio originale - Da: Daniel Leidert daniel.leid...@wgdd.de A: Gianfranco Costamagna costamagnagianfra...@yahoo.it; 718...@bugs.debian.org Cc: Inviato: Venerdì 9 Agosto 2013 11:44 Oggetto: Re: Bug#718982: docbook2x cannot be installed anymore Am Freitag, den 09.08.2013, 08:51 +0100 schrieb Gianfranco Costamagna: I made my changes available here https://github.com/LocutusOfBorg/docbook2x Got it from there. Here are my comments: - If you add yourself to Uploaders, you don't need an NMU version number. Yeah, I noticed when I uploaded on mentors, I forgot it - I'd appreciate if you drop cdbs over debhelper (or do you prefer cdbs?). I don't have an opinion, but I would like to switch to debhelper too, unfortunately I don't know how to do it, do you have any sort of guide? - When changing to a debhelper rules file, I recommend to add autotools-dev ( 20100122.1~) and call its addon (hardening should be automatically enabled with dh 9). Even if you stay with cdbs update the config.* files. Already done, it was another lintian warning ;) - About the VCS. For some reason, the alioth SCM browser is broken for debian-xml-sgml (still points to CVS). However, the Vcs-Svn is svn://anonscm.debian.org/debian-xml-sgml/packages/docbook2x/trunk/ now. However, you are free to change to git if you want to adopt the package (open bug http://bugs.debian.org/660682). In this case you should close the RFA bug too. changed, and I'm already closing this bug, I'll commit on svn after the upload if possible - There are some more bug reports which you might to target, e.g. #516165, #597454, #631078 ... Since this bug is pretty serious (at least to me) I'm planning to fix bugs in a future upload, if possible Regards, Daniel Thanks for your time, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#718982: docbook2x cannot be installed anymore
Package: docbook2x Version: 0.8.8-8 Severity: serious Dear Maintainer, please consider upload of my package available on mentors [1], because now docbook2x cannot be installed on sid anymore. I cannot build/rebuild anymore packages I maintain in debian. I can adopt the package. Gianfranco [1] http://mentors.debian.net/package/docbook2x
Bug#718982: (no subject)
From the log [snip] Setting up libxml-parser-perl (2.41-1+b1) ... Setting up libxml-sax-expat-perl (0.40-2) ... update-perl-sax-parsers: Registering Perl SAX parser XML::SAX::Expat with priority 50... update-perl-sax-parsers: Updating overall Perl SAX parser modules info file... Replacing config file /etc/perl/XML/SAX/ParserDetails.ini with new version Processing triggers for sgml-base ... Setting up docbook2x (0.8.8-8) ... /var/lib/dpkg/info/docbook2x.postinst: 10: /var/lib/dpkg/info/docbook2x.postinst: install-info: not found dpkg: error processing docbook2x (--configure): subprocess installed post-installation script returned error exit status 127 Processing triggers for libc-bin ... Processing triggers for ca-certificates ... Updating certificates in /etc/ssl/certs... 157 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.ddone. Errors were encountered while processing: docbook2x E: Sub-process /usr/bin/dpkg returned an error code (1) Gianfranco
Bug#684828: (no subject)
Sorry why this bug is still open? uglifyjs reached testing months ago, I think this bug can be closed, in order to allow backbone reach testing bests, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746863: FTBFS src:insighttoolkit4
Hi, Il Mercoledì 2 Luglio 2014 13:15, Gert Wollny gw.foss...@gmail.com ha scritto: My bad, I got irritated by the parallel build. The failing command seems to be /usr/bin/gccxml -fxml-start=_cable_ -fxml=/«PKGBUILDDIR»/BUILD/Wrapping/Modules/ITKCommon/vcl_complex.xml --gccxml-gcc-options /«PKGBUILDDIR»/BUILD/Wrapping/Modules/ITKCommon/gcc_xml.inc -DCSWIG -DCABLE_CONFIGURATION -DITK_MANUAL_INSTANTIATION /«PKGBUILDDIR»/BUILD/Wrapping/Modules/ITKCommon/vcl_complex.cxx /usr/bin/cmake -E cmake_progress_report /«PKGBUILDDIR»/BUILD/CMakeFiles Seems like something is wrong with the generated Wrapping/Modules/ITKCommon/gcc_xml.inc is anybody making any progress with this? I found that with DITK_WRAP_PYTHON:BOOL=OFF but this seems not so helpful, unless we want to remove the python support, right? I'm really lost about any possibility to fix this bug. The package is quite big, and studying it requires too much effort for my time I hope somebody else will find a solution for this bug, thanks Gianfranco best Gert -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746863: FTBFS src:insighttoolkit4
Hi Matt and all! Il Lunedì 14 Luglio 2014 22:09, Matt McCormick matt.mccorm...@kitware.com ha scritto: Hi, First, please note I made an error regarding the GCCXML bug tracker -- it is still in the old location. However, Steve's patch has now been merged upstream. I was able to reproduce the build error, but it only occurs when using the gccxml package. The build completes fine with a local build of upstream GCCXML Git master. But, after examining the sources of the package [1] and comparing to Git master, significant differences are not apparent. mmm I see a really significant difference https://github.com/gccxml/gccxml/commit/7a9a1ce1f94b20ff99a1c1fbc55abaee1ea8abde so I'm packaging the new gccxml locally and rebuilding insighttoolkit4 right now, thanks for helping with this! I'll report as soon as the build finishes cheers, Gianfranco As a result, I suspect it has to do with how GCCXML finds its default include's. Punting to Brad King or others for input on this. Thanks, Matt [1] https://packages.debian.org/sid/gccxml On Sun, Jul 13, 2014 at 12:30 PM, Matt McCormick matt.mccorm...@kitware.com wrote: I will see if I can reproduce the build error. As a side note, the GCCXML bug tracker has moved (now at the gccxml/gccxml project on GitHub). I've created a pull request for Steve's stl algo patch here: https://github.com/gccxml/gccxml/pull/8 -- To unsubscribe, send mail to 746863-unsubscr...@bugs.debian.org. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754884: milkyway shouldn't be in jessie
Source: boinc-app-milkyway Severity: serious Version: 0.18d-4 The package is slightly outdated, and not working anymore. If the new git snapshots will continue to give computation error this package I'm afraid won't be ready for jessie. thanks Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746863: FTBFS src:insighttoolkit4
Hi again to all, Il Martedì 15 Luglio 2014 13:03, Gianfranco Costamagna costamagnagianfra...@yahoo.it ha scritto: Hi Matt and all! Il Lunedì 14 Luglio 2014 22:09, Matt McCormick matt.mccorm...@kitware.com ha scritto: Hi, First, please note I made an error regarding the GCCXML bug tracker -- it is still in the old location. However, Steve's patch has now been merged upstream. I was able to reproduce the build error, but it only occurs when using the gccxml package. The build completes fine with a local build of upstream GCCXML Git master. But, after examining the sources of the package [1] and comparing to Git master, significant differences are not apparent. mmm I see a really significant difference https://github.com/gccxml/gccxml/commit/7a9a1ce1f94b20ff99a1c1fbc55abaee1ea8abde so I'm packaging the new gccxml locally and rebuilding insighttoolkit4 right now, thanks for helping with this! I'll report as soon as the build finishes The build of the new gccxml was successful (one patch dropped, merged upstream and nothing more to say). And the rebuild of insighttoolkit4 with the new gccxml too (only tested i386). So for this package should just be needed a rebuild (and to tightteen the build dependencies for gccxml) and for the latter a new upload seems to fix this issue. Steve, since you are uploader of both packages, do you think is feasible this solution? I can do it if you allow me to, but I'll need a sponsor and a NMU for a new upstream snapshot is not a good idea. (sorry for the noise in the bugs reassign) thanks, Gianfranco cheers, Gianfranco As a result, I suspect it has to do with how GCCXML finds its default include's. Punting to Brad King or others for input on this. Thanks, Matt [1] https://packages.debian.org/sid/gccxml On Sun, Jul 13, 2014 at 12:30 PM, Matt McCormick matt.mccorm...@kitware.com wrote: I will see if I can reproduce the build error. As a side note, the GCCXML bug tracker has moved (now at the gccxml/gccxml project on GitHub). I've created a pull request for Steve's stl algo patch here: https://github.com/gccxml/gccxml/pull/8 -- To unsubscribe, send mail to 746863-unsubscr...@bugs.debian.org. -- To unsubscribe, send mail to 746863-unsubscr...@bugs.debian.org. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746863: [Debian-med-packaging] Bug#746863: FTBFS src:insighttoolkit4
Unfortunately seems that the gccxml changes are almost 0 (I got confused by the commits exactly one month ago). However the builds in my pbuilder chroot went successfully, I did a cmake .. with the parameters in rules file, and the make was successful. (did not run dpkg or fakeroot, since the build failure was in make and reproducible with manual cmake issuing) So my opinion is that rebuilding gccxml with a newer unstable programs (gcc-4.9?) did the trick or the autoconf stuff fixed this issue, rather than the new upstream release (that has no differences from the debian one, just one line that shouldn't have any effect and the patch merged). So if my guess is right my two builds (I'm rebuilding both amd64 and i386 at the same time) will succeed and I'll report here. Unfortunately this will take some hours, I'm still around 30% of the build process for both of them The debdiff for insighttoolkit4 is fairly trivial diff -Nru insighttoolkit4-4.5.2/debian/changelog insighttoolkit4-4.5.2/debian/changelog --- insighttoolkit4-4.5.2/debian/changelog 2014-07-01 23:17:24.0 +0200 +++ insighttoolkit4-4.5.2/debian/changelog 2014-07-16 12:08:55.0 +0200 @@ -1,3 +1,11 @@ +insighttoolkit4 (4.5.2-4) unstable; urgency=medium + + * Team upload. + * control.in: bump gccxml dep to 0.9.0+git20140716-1 to ensure + up-to-date support for GCC 4.9. + + -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Wed, 16 Jul 2014 12:07:29 +0200 + insighttoolkit4 (4.5.2-3) unstable; urgency=medium * control.in: bump gccxml dep to 0.9.0+git20140610-2 to ensure diff -Nru insighttoolkit4-4.5.2/debian/control.in insighttoolkit4-4.5.2/debian/control.in --- insighttoolkit4-4.5.2/debian/control.in 2014-07-01 23:15:52.0 +0200 +++ insighttoolkit4-4.5.2/debian/control.in 2014-07-16 12:10:02.0 +0200 @@ -8,7 +8,7 @@ Build-Depends: debhelper (= 9), cmake, swig (= 2.0), - gccxml (= 0.9.0+git20140610-2), + gccxml (= 0.9.0+git20140716-1), zlib1g-dev (= 1.2.2), libpng12-dev, libtiff-dev, Gianfranco Il Mercoledì 16 Luglio 2014 12:13, Gert Wollny gw.foss...@gmail.com ha scritto: On Tue, 2014-07-15 at 23:14 +0200, Andreas Tille wrote: [...] I could do the sponsering if needed. Please confirm that debian/makeSource.sh really fetches the source you are working on. I also think *if* I would do the upload and nobody would beat me I would switch to xz compression for the original tarball. After the new gccxml package becomes available in sid I could do the insighttoolkit4 upload. best regards, Gert -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749128: (no subject)
Hi, I just packaged 3.9.0.1 and put it on mentors this is the debdiff (just the debian directory, without the removed patch) A basic test didn't show any problem. --- filezilla-3.8.0/debian/changelog 2014-06-09 00:43:43.0 +0200 +++ filezilla-3.9.0.1/debian/changelog 2014-07-23 17:23:50.0 +0200 @@ -1,3 +1,12 @@ +filezilla (3.9.0.1-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream release (Closes: #749128) + * Switch to gnutls28-dev, required by configure script. + * Drop 02_wx3.0-compat.patch. + + -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Wed, 23 Jul 2014 17:08:21 +0200 + filezilla (3.8.0-1.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru filezilla-3.8.0/debian/control filezilla-3.9.0.1/debian/control --- filezilla-3.8.0/debian/control 2014-06-09 00:41:07.0 +0200 +++ filezilla-3.9.0.1/debian/control 2014-07-23 17:19:01.0 +0200 @@ -3,8 +3,8 @@ Priority: optional Maintainer: Adrien Cunin adri2...@ubuntu.com Build-Depends: debhelper (= 9), autotools-dev, pkg-config, dh-autoreconf, - libwxgtk2.8-dev, wx-common, libgtk2.0-dev, - libidn11-dev, gettext, libgnutls-dev (= 2.8.3), imagemagick, libdbus-1-dev, + libwxgtk3.0-dev, wx-common, libgtk2.0-dev, + libidn11-dev, gettext, libgnutls28-dev (= 3.1.12), imagemagick, libdbus-1-dev, libtinyxml-dev, libsqlite3-dev Standards-Version: 3.9.5 Homepage: http://filezilla-project.org/ diff -Nru filezilla-3.8.0/debian/patches/01_remove-xdg-check.patch filezilla-3.9.0.1/debian/patches/01_remove-xdg-check.patch --- filezilla-3.8.0/debian/patches/01_remove-xdg-check.patch 2014-04-29 04:35:05.0 +0200 +++ filezilla-3.9.0.1/debian/patches/01_remove-xdg-check.patch 2014-07-23 17:07:06.0 +0200 [PATCH REMOVED] diff -Nru filezilla-3.8.0/debian/patches/series filezilla-3.9.0.1/debian/patches/series --- filezilla-3.8.0/debian/patches/series 2014-06-09 00:48:28.0 +0200 +++ filezilla-3.9.0.1/debian/patches/series 2014-07-23 17:23:29.0 +0200 @@ -1,3 +1 @@ 01_remove-xdg-check.patch -# Disabled while upstream works on porting - see #749128: -# 02_wx3.0-compat.patch thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754220: Re: virtualbox: FTBFS with GCC 4.9 as default
Hi to all, unfortunately I'm just a DM, not a DD and I cannot upload anything :( The major showstopper is that somebody should give a test try to the new package, to be sure it works with xorg-server 1.16 and the mesa showliness (with 3D acceleration) has been fixed Also the guest-additions needs to be tested with the new xorg. I did the tests by myself, and all was good, but I think some more feedbacks would be nice, in order to speedup the upload :) cheers, Gianfranco Il Venerdì 25 Luglio 2014 14:53, Balint Reczey bal...@balintreczey.hu ha scritto: On 07/22/2014 04:06 PM, Vlad Orlov wrote: I see there's a new fixed version waiting at http://mentors.debian.net/package/virtualbox All RC bugs of virtualbox have been fixed by Gianfranco in git[1]. (Thanks! :-)) Gianfranco, do you plan a release in the next days? Cheers, Balint [1] http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#755327: Upstream commit
Hi Colin, David and Mattias. I found the upstream repository, and the upstream commit that fixes this issue. https://github.com/CESNET/gridsite/commit/2124d471f9fc1eed4bf5893ed2701350357c01af Since the code was just too old to be useful they just dropped it, I tested in a clean trusty environment and everything still builds fine (curl 7.35.0), and in a clean sid pbuilder environment (curl 7.37.1) This is the debdiff diff -Nru gridsite-2.0.4/debian/changelog gridsite-2.0.4/debian/changelog --- gridsite-2.0.4/debian/changelog 2014-05-12 15:51:28.0 +0200 +++ gridsite-2.0.4/debian/changelog 2014-07-31 11:11:23.0 +0200 @@ -1,3 +1,11 @@ +gridsite (2.0.4-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-pick upstream commit 2124d471f9fc + to fix a FTBFS with curl = 7.37.1 (Closes: #755327) + + -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Thu, 31 Jul 2014 11:10:15 +0200 + gridsite (2.0.4-3) unstable; urgency=medium * Add missing Build-Requires on pkg-config (Closes: #747768) diff -Nru gridsite-2.0.4/debian/patches/curl-defines.patch gridsite-2.0.4/debian/patches/curl-defines.patch --- gridsite-2.0.4/debian/patches/curl-defines.patch 1970-01-01 01:00:00.0 +0100 +++ gridsite-2.0.4/debian/patches/curl-defines.patch 2014-07-31 11:08:09.0 +0200 @@ -0,0 +1,38 @@ +From 2124d471f9fc1eed4bf5893ed2701350357c01af Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= val...@civ.zcu.cz +Date: Mon, 21 Jul 2014 11:10:42 +0200 +Subject: [PATCH] Remove ancient curl compatibility stuff. This fixes build + with curl 7.37.1 on Fedora 22/rawhide. + +--- + src/htcp.c | 14 -- + 1 file changed, 14 deletions(-) + +diff --git a/src/htcp.c b/src/htcp.c +index 6d60720..3e1f5a4 100644 +--- a/src/htcp.c b/src/htcp.c +@@ -59,20 +59,6 @@ + + #include gridsite.h + +-/* deal with older versions of libcurl and curl.h */ +- +-#ifndef CURLOPT_WRITEDATA +-#define CURLOPT_WRITEDATA CURLOPT_FILE +-#endif +- +-#ifndef CURLOPT_READDATA +-#define CURLOPT_READDATA CURLOPT_FILE +-#endif +- +-#ifndef CURLE_HTTP_RETURNED_ERROR +-#define CURLE_HTTP_RETURNED_ERROR CURLE_HTTP_NOT_FOUND +-#endif +- + #define HTCP_GET 1 + #define HTCP_PUT 2 + #define HTCP_DELETE 3 +-- +2.0.3 + diff -Nru gridsite-2.0.4/debian/patches/series gridsite-2.0.4/debian/patches/series --- gridsite-2.0.4/debian/patches/series 2014-05-12 15:46:46.0 +0200 +++ gridsite-2.0.4/debian/patches/series 2014-07-31 11:12:11.0 +0200 @@ -3,3 +3,4 @@ gridsite-httpd24.patch gridsite-fprintf.patch gridsite-return-type.patch +curl-defines.patch cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#755327: gridsite: FTBFS: htcp.c:65:27: error: 'CURLOPT_FILE' undeclared (first use in this function)
Il Domenica 3 Agosto 2014 2:33, Vincent Cheng vch...@debian.org ha scritto: Hi Gianfranco, Hi dear Vincent and Colin since the upload is already in deferred I don't think there is much here rather than finding what breaked your patch. Your proposed debdiff doesn't seem to apply cleanly (did you actually test it?)... Yes, as usual I triple tested it, on my system (old curl), on utopic pbuilder and on sid pbuilder (both new curl) dpkg-source: info: using source format `3.0 (quilt)' dpkg-source: info: building gridsite using existing ./gridsite_2.0.4.orig.tar.gz patching file src/htcp.c Hunk #1 FAILED at 59. 1 out of 1 hunk FAILED dpkg-source: info: fuzz is not allowed when applying patches dpkg-source: info: if patch 'curl-defines.patch' is correctly applied by quilt, use 'quilt refresh' to update it dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -g0 -E -b -B .pc/curl-defines.patch/ --reject-file=- gridsite-2.0.4.orig.cAX2KS/debian/patches/curl-defines.patch gave error exit status 1 dpkg-buildpackage: error: dpkg-source -b gridsite-2.0.4 gave error exit status 2 patch -p1 ../debdiff patching file debian/changelog patching file debian/patches/curl-defines.patch patching file debian/patches/series http://mentors.debian.net/package/gridsite I see, the copy-pasted stripped the tab + #define HTCP_GET 1 + #define HTCP_PUT 2 + #define HTCP_DELETE 3 + #define HTCP_GET 1 + #define HTCP_PUT 2 + #define HTCP_DELETE 3 maybe next time I'll send the patch as attachment, to avoid this kind of problems Aside from that, I have to say that I prefer Colin's proposed debdiff rather than yours; testing for older versions of curl rather than just getting rid of legacy code is the right approach and makes it easier to backport this package if desired. I have _nothing_ against Colin's approach (we already discussed it a little on irc). But look at the define ++#if (LIBCURL_VERSION_NUM 0x070907) do you want to really to backport this package to a system with a curl packaged in 2002??? curl (7.9.7-1) unstable; urgency=low Wed, 15 May 2002 21:09:19 +0200 oldstable has already 7.21, so I don't see the point in maintaining such code, moreover because upstream just dropped it completely. So if you want to go with this approach is fine for me, since ubuntu already took the patch. But I still think that having an upstream commit cherry-picked (alrady used by fedora people) can help in maintaining the code https://github.com/CESNET/gridsite/commit/2124d471f9fc1eed4bf5893ed2701350357c01af http://pkgs.fedoraproject.org/cgit/gridsite.git/tree/curl-opts.patch Have a nice day! Just my .02$ Gianfranco Regards, Vincent -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752544: Fixed also in experimental
Hi, according to #50, this bug is fixed from upstream for versions greater than 2.41.3. Since the bug wasn't automatically been marked as fixed for the experimental branch (now uploaded in unstable), I'm marking it as such, letting the package (hopefully) reach testing. thanks, Gianfranco Sent from Yahoo Mail on Android, please escuse brevity, typos and top-posting.
Bug#763078: confirmed llvm change broke ghc
Hi Joey,
llvm maintainer (Sylvestre) says that llvm-3.4 is going to disappear (not
before jessie, but somewhen after), and llvm-3.5 is built correctly on
arm{el,hf}.
Isn't it better to just upload with llvm-3.5 and do some binNMUs instead of
using the old one and be hit (or be a blocker) for the future RM llvm-3.4 bug?
I'm just wondering if there is something behind the 3.4 decision.
Have many thanks,
Gianfranco
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#763238: gambas3: FTBFS: dh_install: gambas3-gb-jit missing files (usr/lib/gambas3/gb.jit.*), aborting
Hi José, I prepared a patch for this RC and submitted upstream. It has been accepted (with a little modification) and committed also on debian git http://anonscm.debian.org/cgit/pkg-gambas/gambas3.git/tree/debian/patches/fix-llvm-3.5.patch Feel free to test and upload at your wish :) thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762403: (no subject)
Hi, the failing architectures mentioned above seems to have been built correctly the latest version 3.14.1-1. However now it has failed for hurd and sparc (I noticed after sending the control command, sorry), but since they aren't release architectures I guess this bug can be closed :) cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#713040: Patch available
Hi Jonas, I'm willing to help in fixing this bug, however the patch is really trivial, so I'm wondering if there is something behind the scenes that is preventing this bug to be fixed (do you want to ship the package in jessie?), so I'm giving you my help in fixing/testing it if necessary. (also let me know if I can look for a sponsor to NMU the package, I would really like to have your approval for it). Also I noticed there is an ubuntu delta listed here [1] that might be useful to cherry-pick in debian. [1] https://patches.ubuntu.com/x/xfonts-scalable-nonfree/xfonts-scalable-nonfree_4.2.1-3.1ubuntu1.patch have many thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#713040: Patch available
Hi Jonas, As requested, I took over the package maintenance and put the package on mentors. Notable changes: * Acknowledge previous NMU. * Set myself and Jonas as Uploaders. * Set Debian Fonts Task Force as Maintainer. * Bump std-version to 3.9.6, no changes required. * Bump debhelper and compat level to 9. [ Andrew Ayer ] * Correct symlinks in X11 fonts directory (Closes: #713040) [ Colin Watson ] * Use maintscript support in dh_installdeb rather than writing out dpkg-maintscript-helper commands by hand. We now simply Pre-Depend on a new enough version of dpkg rather than using 'dpkg-maintscript-helper supports' guards, leading to more predictable behaviour on upgrades. (Closes: #659734) * Correctly propagate debian/control changes from previous NMU to debian/control.in. https://mentors.debian.net/package/xfonts-scalable-nonfree I'm attaching the debdiff for our comvenience, and I'll join the font team looking for a sponsor as suggested :) thanks, G. debdiff Description: Binary data
Bug#713040: Bug#659734: Bug#713040: Patch available
As you wish Jonas ;) dropped and reuploaded on mentors :) cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741580: poedit: Please update to use wxwidgets3.0
Hi all, I did a quick check of the poedit trac system. Seems that ftl is needed to build poedit with wx-3.0 http://trac.poedit.net/ticket/568 Do you plan to enable ftl in wx? Attaching a log file with the debdiff of the trivial patch diff -Nru wxwidgets3.0-3.0.0/debian/rules wxwidgets3.0-3.0.0/debian/rules --- wxwidgets3.0-3.0.0/debian/rules 2014-05-21 06:08:05.0 +0200 +++ wxwidgets3.0-3.0.0/debian/rules 2014-06-06 09:52:52.0 +0200 @@ -81,6 +81,7 @@ GTK_CONFIGURE_OPTIONS = $(COMMON_CONFIGURE_OPTIONS) \ --enable-display \ + --enable-stl \ --enable-geometry \ --enable-graphics_ctx \ --enable-mediactrl \ cheers, Gianfranco log Description: Binary data
Bug#746863: Cannot reproduce
tags 746863 moreinfo + unreproducible severity 746863 normal thanks Hi Mattias, since this bug report a lot of changes have appeared in gcc-4.9 headers, and now following a discussion on debian-med mail list seems that nobody has been able to reproduce this problem. Feel free to reopen if you can find a way to reliably reproduce this problem again. Closing to let the package reach testing Thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746863: FTBFS src:insighttoolkit4
Il Mercoledì 2 Luglio 2014 12:50, Gert Wollny gw.foss...@gmail.com ha scritto: T here must be something wrong with your setup because what is failing is a plain CC compile command /usr/bin/cc that should never include the files from /usr/share/gccxml-0.9/GCC/4.9/ as it does in this build. Besides, from the compiler flags SSE is not enabled, and unless g++-4.9 on i386 suddenly enables this with -O2, compilation should not include any *mmintrn.h headers. Sorry but so there must be something wrong in the *debian buildd* setup, since this build log is taken from here [1] [2] this isn't my build, but the official one. [1] https://buildd.debian.org/status/fetch.php?pkg=insighttoolkit4arch=i386ver=4.5.2-3stamp=1404281010 [2] https://buildd.debian.org/status/package.php?p=insighttoolkit4suite=unstable cheers, Gianfranco best Gert -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751432: (no subject)
Hi, what is the status of this bug? the severity now is RC, so I grab the patch and uploaded on mentors [1] Can anybody from the maintainer team please give a feedback/upload? [1] https://mentors.debian.net/package/gdcm thanks Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736814: boinc-client recommends the removed ia32-libs
Hi Adrian, thanks for your bug report. Unfortunately this bug has already been fixed in the latest git on alioth. Will be fixed in the next upload, but I cannot do it, since I'm a DM and for the introduction of the server packages this upload will need an action from a DD and go in the new queue (unfortunately). I hope this bug will be fixed soon, since ia32 has been dropped long time ago Gianfranco Il Domenica 26 Gennaio 2014 23:03, Adrian Bunk b...@stusta.de ha scritto: Package: boinc-client Version: 7.2.33+dfsg-1 Severity: serious boinc-client recommends the removed package ia32-libs. -- pkg-boinc-devel mailing list pkg-boinc-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-boinc-devel
Bug#738849: Please enable webview support for wx3.0
Package: libwxgtk3.0-0 Severity: serious The wx3.0 package *should* depend from libwebkitgtk-3.0-dev. The last boinc release needs webwview support, and I finally spotted why I didn't succeed in building it on a clean debian environment. Your build log clearly says that you are enabling webview checking for --enable-printarch... yes checking for --enable-svg... yes checking for --enable-webkit... yes checking for --enable-webview... yes checking for --enable-graphics_ctx... yes BUT after that you can see it gets disabled checking for linux/joystick.h... yes checking for python... /usr/bin/python configure: WARNING: webkitgtk not found. configure: WARNING: WebKit not available, disabling wxWebView checking for WEBKIT... checking for CAIRO... yes checking for cairo_push_group... yes boinc fails with this log, while building with a custom wx3.0 library doesn't fail. I can upload on mentors or a debdiff here if needed. thanks. G. /usr/include/wx-3.0/wx/vector.h:44:23: warning: previous declaration of 'void wxQsort(void*, size_t, size_t, wxSortCallback, const void*)' [-Wredundant-decls] WXDLLIMPEXP_BASE void wxQsort(void* pbase, size_t total_elems, ^ In file included from NoticeListCtrl.cpp:36:0: NoticeListCtrl.h:48:25: error: 'wxWebViewEvent' has not been declared void OnLinkClicked( wxWebViewEvent event ); ^ NoticeListCtrl.h:49:26: error: 'wxWebViewEvent' has not been declared void OnWebViewError( wxWebViewEvent event ); ^ NoticeListCtrl.h:59:5: error: 'wxWebView' does not name a type wxWebView* m_browser; ^ NoticeListCtrl.cpp:53:72: error: invalid use of non-static member function 'void CNoticeListCtrl::OnLinkClicked(int)' EVT_WEBVIEW_NAVIGATING(ID_LIST_NOTIFICATIONSVIEW, CNoticeListCtrl::OnLinkClicked) ^ NoticeListCtrl.cpp:53:85: error: 'EVT_WEBVIEW_NAVIGATING' was not declared in this scope EVT_WEBVIEW_NAVIGATING(ID_LIST_NOTIFICATIONSVIEW, CNoticeListCtrl::OnLinkClicked) ^ NoticeListCtrl.cpp:54:5: error: expected '}' before 'EVT_WEBVIEW_ERROR' EVT_WEBVIEW_ERROR(ID_LIST_NOTIFICATIONSVIEW, CNoticeListCtrl::OnWebViewError) Building wx [1] https://buildd.debian.org/status/fetch.php?pkg=wxwidgets3.0arch=i386ver=3.0.0-2stamp=1385783568 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#738849: Acknowledgement (Please enable webview support for wx3.0)
Attaching the debdiff (I didn't bump the std-version) After further looking at the configure log I found some problems: - you use the embedded libnotify because you don't add the debian one - you don't enable sdl support - you don't enable libmspack support I attached two debdiff, one fixing this bug alone, the second fixing all of them. BR, Gianfranco 738849.debdiff Description: Binary data 738849-v2.debdiff Description: Binary data
Bug#745228: flex: Flex 2.5.39-3 has a typo in installman
Package: flex Version: 2.5.39-3 Severity: serious Dear Manoj, (opening this bug just to prevet flex reach testing) This commit [1] introduced a bug in rules files (probably a typo) -override_dh_installman: +verride_dh_installman: this prevents the override_dh_installman to be executed. Also changing the changelog after a release is not a good pratice (a typo of course), would be nice to have it reverted debian/changelog @@ -19,7 +27,6 @@ flex (2.5.39-2) unstable; urgency=low flex (2.5.39-1) unstable; urgency=medium - * New upstream release * internationalization: added support for various languages. Fix make install target to not fail when the flex++ program is already @@ -42,7 +49,6 @@ flex (2.5.39-1) unstable; urgency=medium build system in the NMU are not needed, dh does the right thing. * The new upstream release added the prototypes in re-entrant mode, so we are no longer carrying those patches. - -- Manoj Srivastava sriva...@debian.org Thu, 10 Apr 2014 18:06:12 -0700 How do you feel about fixing if they are bugs? Sorry for the serious severity, but I don't think this package should reach testing... Feel free to downgrade if it was intended. [1] http://anonscm.debian.org/gitweb/?p=users/srivasta/debian/flex.git;a=commitdiff;h=bc29909df3c662da30d80f22ded71b05988ac965 Happy Easter! Gianfranco
Bug#744896: upstream fixed this bug
tags 744896 fixed-upstream Hi, I would like to inform you that the bug has been fixed upstream https://gist.github.com/FROGGS/11191811 thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731823: Fixed in mentors, can anybody please sponsor?
Hi *
file vtkXYPlotActor.class
vtkXYPlotActor.class: compiled Java class data, version 49.0 (Java 1.5)
file vtkTypeInt16Array.class
vtkTypeInt16Array.class: compiled Java class data, version 49.0 (Java 1.5)
the trick was this patch
+--- a/CMake/vtkWrapJava.cmake
b/CMake/vtkWrapJava.cmake
+@@ -204,7 +204,7 @@ MACRO(VTK_GENERATE_JAVA_DEPENDENCIES TARGET)
+ ADD_CUSTOM_COMMAND(
+ OUTPUT ${driver}
+ COMMAND ${JAVA_COMPILE}
+- -source 5 -classpath
${javaPath} ${srcPath}/vtk${TARGET}Driver.java
++ -source 1.5 -target 1.5 -classpath ${javaPath}
${srcPath}/vtk${TARGET}Driver.java
+ DEPENDS ${sources}
+ )
+ ADD_CUSTOM_COMMAND(TARGET ${TARGET} SOURCE ${TARGET} DEPENDS ${driver})
So I started from jordi's patch, added this, rebuilt, checked the binary,
uploaded on mentors...
changestool for adding the orig tar.gz (sick, mentors wants it)
waiting for a sponsor ;)
cheers,
Gianfranco
Bug#747108: I: Fixed in mentors, can anybody please sponsor?
Hi *
Like for the other bug 731823 I did the same trick for this RC bug.
However I'm not sure if the TCL patches from Jordi should be applied here too
or not.
the trick was this patch
--- vtk6-6.0.0.orig/Wrapping/Java/CMakeLists.txt
+++ vtk6-6.0.0/Wrapping/Java/CMakeLists.txt
@@ -237,7 +237,7 @@
add_custom_command(
OUTPUT ${VTK_BINARY_DIR}/java/javac_stamp.txt
DEPENDS ${VTK_JAVA_SOURCE_FILES}
COMMAND ${JAVA_COMPILE} ${JAVAC_OPTIONS}
- -source 1.5 -classpath
${VTK_JAVA_HOME}/..${SEPARATOR}${ECLIPSE_SWT_LIBRARIES} -sourcepath
${VTK_SOURCE_DIR}/Wrapping/Java/ -d ${VTK_BINARY_DIR}/java
+ -source 1.5 -target 1.5 -classpath
${VTK_JAVA_HOME}/..${SEPARATOR}${ECLIPSE_SWT_LIBRARIES} -sourcepath
${VTK_SOURCE_DIR}/Wrapping/Java/ -d ${VTK_BINARY_DIR}/java
${VTK_BINARY_DIR}/java/vtk/*.java
${VTK_BINARY_DIR}/java/vtk/rendering/*.java
${VTK_BINARY_DIR}/java/vtk/rendering/awt/*.java ${SWT_FILES}
COMMAND ${CMAKE_COMMAND} -E touch ${VTK_BINARY_DIR}/java/javac_stamp.txt
COMMENT Compiling Java Classes
waiting for a sponsor on mentors;)
cheers,
Gianfranco
Bug#747108: I: Fixed in mentors, can anybody please sponsor?
Hi Anton,
Thanks to you for the upload!
Since you are in the debian science team, can you please also upload vtk?
http://bugs.debian.org/731823
and also, do you think the vtk tcl fixes should be cherry picked to vtk6 too?
cheers,
Gianfranco
Il Venerdì 9 Maggio 2014 23:36, Anton Gladky gl...@debian.org ha scritto:
Hi Gianfranco,
thanks for the help! I integrated your fix into the next upload.
Regards
Anton
2014-05-09 19:03 GMT+02:00 Gianfranco Costamagna
costamagnagianfra...@yahoo.it:
Hi *
Like for the other bug 731823 I did the same trick for this RC bug.
However I'm not sure if the TCL patches from Jordi should be applied here
too or not.
the trick was this patch
--- vtk6-6.0.0.orig/Wrapping/Java/CMakeLists.txt
+++ vtk6-6.0.0/Wrapping/Java/CMakeLists.txt
@@ -237,7 +237,7 @@ add_custom_command(
OUTPUT ${VTK_BINARY_DIR}/java/javac_stamp.txt
DEPENDS ${VTK_JAVA_SOURCE_FILES}
COMMAND ${JAVA_COMPILE} ${JAVAC_OPTIONS}
- -source 1.5 -classpath
${VTK_JAVA_HOME}/..${SEPARATOR}${ECLIPSE_SWT_LIBRARIES} -sourcepath
${VTK_SOURCE_DIR}/Wrapping/Java/ -d ${VTK_BINARY_DIR}/java
+ -source 1.5 -target 1.5 -classpath
${VTK_JAVA_HOME}/..${SEPARATOR}${ECLIPSE_SWT_LIBRARIES} -sourcepath
${VTK_SOURCE_DIR}/Wrapping/Java/ -d ${VTK_BINARY_DIR}/java
${VTK_BINARY_DIR}/java/vtk/*.java
${VTK_BINARY_DIR}/java/vtk/rendering/*.java
${VTK_BINARY_DIR}/java/vtk/rendering/awt/*.java ${SWT_FILES}
COMMAND ${CMAKE_COMMAND} -E touch ${VTK_BINARY_DIR}/java/javac_stamp.txt
COMMENT Compiling Java Classes
waiting for a sponsor on mentors;)
cheers,
Gianfranco
--
debian-science-maintainers mailing list
debian-science-maintain...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers
Bug#731823: Bug#747108: I: Fixed in mentors, can anybody please sponsor?
Hi Anton, thanks again for the upload, but are you sure my patch alone is
enough?
Because I started from Jordi's modifications, that were into the
allpatches.patch patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=42;bug=731823
I don't know if it works without them, did you test it?
also the tcl patch and the missing ${shlibs:Depends} should be fixed in my
opinion
Gianfranco
Il Sabato 10 Maggio 2014 10:24, Anton Gladky gl...@debian.org ha scritto:
Hi Gianfranco,
thanks for the fix! I have applied your patch and made an upload.
http://anonscm.debian.org/gitweb/?p=collab-maint/vtk.git;a=commitdiff;h=5e721d4f2721b41c528ccd5960e6196ff4a77318
Anton
2014-05-10 0:09 GMT+02:00 Gianfranco Costamagna
costamagnagianfra...@yahoo.it:
Hi Anton,
Thanks to you for the upload!
Since you are in the debian science team, can you please also upload vtk?
http://bugs.debian.org/731823
and also, do you think the vtk tcl fixes should be cherry picked to vtk6
too?
cheers,
Gianfranco
Il Venerdì 9 Maggio 2014 23:36, Anton Gladky gl...@debian.org ha scritto:
Hi Gianfranco,
thanks for the help! I integrated your fix into the next upload.
Regards
Anton
2014-05-09 19:03 GMT+02:00 Gianfranco Costamagna
costamagnagianfra...@yahoo.it:
Hi *
Like for the other bug 731823 I did the same trick for this RC bug.
However I'm not sure if the TCL patches from Jordi should be applied here
too or not.
the trick was this patch
--- vtk6-6.0.0.orig/Wrapping/Java/CMakeLists.txt
+++ vtk6-6.0.0/Wrapping/Java/CMakeLists.txt
@@ -237,7 +237,7 @@ add_custom_command(
OUTPUT ${VTK_BINARY_DIR}/java/javac_stamp.txt
DEPENDS ${VTK_JAVA_SOURCE_FILES}
COMMAND ${JAVA_COMPILE} ${JAVAC_OPTIONS}
- -source 1.5 -classpath
${VTK_JAVA_HOME}/..${SEPARATOR}${ECLIPSE_SWT_LIBRARIES} -sourcepath
${VTK_SOURCE_DIR}/Wrapping/Java/ -d ${VTK_BINARY_DIR}/java
+ -source 1.5 -target 1.5 -classpath
${VTK_JAVA_HOME}/..${SEPARATOR}${ECLIPSE_SWT_LIBRARIES} -sourcepath
${VTK_SOURCE_DIR}/Wrapping/Java/ -d ${VTK_BINARY_DIR}/java
${VTK_BINARY_DIR}/java/vtk/*.java
${VTK_BINARY_DIR}/java/vtk/rendering/*.java
${VTK_BINARY_DIR}/java/vtk/rendering/awt/*.java ${SWT_FILES}
COMMAND ${CMAKE_COMMAND} -E touch
${VTK_BINARY_DIR}/java/javac_stamp.txt
COMMENT Compiling Java Classes
waiting for a sponsor on mentors;)
cheers,
Gianfranco
--
debian-science-maintainers mailing list
debian-science-maintain...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731823: Not fixed.
Hi all, I grabbed the deb from debian incoming and this bug is NOT fixed. Can you please upload again with the real fix from mentors? There is also a build failure on kfreebsd-amd64, don't know if related to this fix https://buildd.debian.org/status/fetch.php?pkg=vtkarch=kfreebsd-amd64ver=5.8.0-16stamp=1399720557 cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749292: (no subject)
Can you please git add debian/patches/wx-config-conditionalise-webview-in-std.patch and commit? I think you forgot to add the patch (I saw it in incoming) :) The patch is really nice for the debian problem, however I was thinking as you said in the other bug about a more general problem, maybe upstream will give us an answer if we can make the package behave more like the media package Let me know if I can do something! thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749843: (no subject)
Thanks Olly for this, it is really good to have a tracker for this issue! We are discussing the transition here https://lists.alioth.debian.org/pipermail/pkg-boinc-devel/2014-May/thread.html https://lists.alioth.debian.org/pipermail/pkg-boinc-devel/2014-May/005523.html https://lists.alioth.debian.org/pipermail/pkg-boinc-devel/2014-May/005540.html https://lists.alioth.debian.org/pipermail/pkg-boinc-devel/2014-May/005545.html and many other places else. I plan to leave this boinc_7.2.47+dfsg-3 reach testing (in two days), in order to have the last major backport for wheezy (because the new release won't be backported because of the wx version) As soon as this boinc reach testing I'll backport the new one (already in deferred) Changes-file: boinc_7.2.47+dfsg-3~bpo70+1_amd64.changes Location: DEFERRED Delayed-Until: 2014-06-02 16:13:24 Delay-Remaining: 3 days 07:10 After this I'll focus on having boinc on sid (we are pretty much there) Do you have any timeline for the switch? We are cleaning up our patches, I would like to don't mess unstable with too many uploads. Just tell me when is the last chance to upload and I'll do it :) Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749843: Tagging the bug severity as important, to let current boinc version reach testing
tag 749843 important thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#729158: ia64 not keeping up
Since ia64 isn't keeping up in debian I think this bug is the only blocker left for the testing migration Ivo, how do you think about closing it? thanks, Gianfranco
Bug#739663: Processed: libboinc7: fails to upgrade from 'wheezy' - trying to overwrite /usr/lib/libboinc_zip.so.7
Hi Andreas, I tried to add a Break+Replaces, but it didn't work, I think because now boinc-dev is not a real package anymore, just a transition virtual package. For this reason I only added a breaks on libboinc7, and I tested on a virtual machine. It seems to be working, but this is the first time I play with breaks/replaces fields, so I might be wrong somewhere. this is the commit, I'll upload a version in the next few days if no answer, since I think this bug is pretty serious. http://anonscm.debian.org/gitweb/?p=pkg-boinc/boinc.git;a=commitdiff;h=c993dd1d92d58a03562c52c3d2f8b180303eb84f Can I kindly ask you to review the patch? many thanks, Gianfranco Il Venerdì 21 Febbraio 2014 2:51, Debian Bug Tracking System ow...@bugs.debian.org ha scritto: Processing control commands: affects -1 + boinc-dev Bug #739663 [libboinc7] libboinc7: fails to upgrade from 'wheezy' - trying to overwrite /usr/lib/libboinc_zip.so.7 Added indication that 739663 affects boinc-dev -- 739663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739663 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- pkg-boinc-devel mailing list pkg-boinc-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-boinc-devel
Bug#739663: Processed: libboinc7: fails to upgrade from 'wheezy' - trying to overwrite /usr/lib/libboinc_zip.so.7
Il Venerdì 21 Febbraio 2014 14:54, Andreas Beckmann a...@debian.org ha scritto: On 2014-02-21 14:37, Gianfranco Costamagna wrote: Hi Andreas, I tried to add a Break+Replaces, but it didn't work, How did this look like? And how did it fail? I dont't honestly remember, it failed with almost the same error, or something related to a missing boinc-dev package I think because now boinc-dev is not a real package anymore, just a transition virtual package. Since the B+R you add are versioned, they only match against real packages. And the old one is a real package. For this reason I only added a breaks on libboinc7, and I tested on a virtual machine. It seems to be working, but this is the first time I play with breaks/replaces fields, so I might be wrong somewhere. This probably breaks if I torture-test it :-) And it will definitely break in case you add a transitional boing-dev package. mmm this is something I don't understand, and moreover the problem is that I manually try to upgrade packages with dpkg, and in this case I needed to add manually libboinc7 IIRC to the list. So I don't know exactly how to test for this bug, this is why help is really needed ;) this is the commit, I'll upload a version in the next few days if no answer, since I think this bug is pretty serious. http://anonscm.debian.org/gitweb/?p=pkg-boinc/boinc.git;a=commitdiff;h=c993dd1d92d58a03562c52c3d2f8b180303eb84f Can I kindly ask you to review the patch? 7.0.39+dfsg-1 is the version that split up boinc-dev? And this was the first upload of the new 7.0.39+dfsg upstream, i.e. there have not been any 7.0.39+dfsg-1~experimental0 or similar versions? this is the version that has some library moved from one package to another, no, this is the first upload, nothing in experimental So each package that got a bit of the previous content (and ships it at the same location) should have Breaks: boinc-dev ( 7.0.39+dfsg) Replaces: boinc-dev ( 7.0.39+dfsg) (in addition to other B+R it might already have). ok, this seems reasonable, but we moved the libraries many times between versions, that boinc-dev, the libboinc introduction, the split between client and server libraries, the server-maker package introduction... Boinc has grown a lot since the old package, this is why I'm having this kind of troubles in thinking in a clean way for upgrade, the same can happen I think even in ubuntu, with different versions and so different files overridden. I don't like to fix just this bug and have a transition failure between somebody with backports enabled or other different repository. I hope to have explained my (maybe wrong, I'm here to learn :p) point thanks for your support and bug report so far! Cheers, Gianfranco (this review is based solely on your reply and the commitdiff you linked, I haven't looked at the boinc package in more detail, but I might take a further look at the weekend) Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739999: (no subject)
Oh... this has been reproduce on trusty machine, I asked for a sync request of tomcat7, and the buildd failed to build from source https://launchpadlibrarian.net/167631874/buildlog_ubuntu-trusty-i386.tomcat7_7.0.52-1_FAILEDTOBUILD.txt.gz I don't know the rationale of this problem, because I cannot reproduce in my local pbuilder environment Gianfranco
Bug#735502: (no subject)
Since nobody fixed this bug so far I took the patch from Octavio (with a great thanks), tweaked it a little bit (I cannot sign with your key, so I changed the signature but gave your name in changelog and added this bug reference that you forgot), and uploaded on mentors https://mentors.debian.net/package/cppcheck it should be ready for review. thanks, Gianfranco
Bug#754982: Another RC bug needs fixing
Hi Thomas, would you mind to cherry-pick the patch in #718624 to fix the other RC bug in the package? Would be nice to fix all the RC bugs in a row! have many thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#757120: The package doesn't build the debian file
Package: googleearth-package Version: 1.1.0 Severity: serious Justification: makes the program almost useless tags:patch the fix is fairly trivial, taken from the ubuntu bug report https://bugs.launchpad.net/ubuntu/+source/googleearth-package/+bug/1335021 === modified file 'debian/changelog' --- debian/changelog 2013-09-28 15:48:01 + +++ debian/changelog 2014-08-05 08:10:30 + @@ -1,3 +1,9 @@ +googleearth-package (1.1.0ubuntu1) utopic; urgency=low + + * make-googleearth-package: Now finishes without error (LP: #1335021) + + -- Filip Sohajek filip.soha...@gmail.com Tue, 05 Aug 2014 09:57:50 +0200 + googleearth-package (1.1.0) unstable; urgency=low * Removed dependency on ia32-libs package by isolating the === modified file 'make-googleearth-package' --- make-googleearth-package 2013-09-28 15:48:01 + +++ make-googleearth-package 2014-08-05 08:10:30 + @@ -459,7 +459,7 @@ cd .. find $instdir -type d -print0 | xargs -0 chmod 755 - if ( fakeroot dpkg-deb -b $instdir . 2 ; ) ; then + if ( fakeroot -- dpkg-deb -b $instdir . 2 ; ) ; then rm -rf $instdir $tmpdir return 0 else -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756782: (no subject)
fixed 756782 4.6.0-1 thanks Seems that the new 4.6.0 has been built successfully, hence I'm closing this bug report now. Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758184: boinc: FTBFS due to dependency errors in Makefile
Hi Sebastian, Source: boinc Version: 7.4.14+dfsg-1 Severity: serious Justification: fails to build from source (but built successfully in the past) boinc failed to build on the buildds with the following error: | /bin/bash ../libtool --tag=CXX --mode=link /usr/bin/g++ -Wall -Wextra -Wshadow -Wredundant-decls -Wdisabled-optimization -Wpointer-arith -Wstrict-aliasing -Wcast-align -fPIC -DPIC -pthread -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -O3 -funroll-loops -fforce-addr -ffast-math -Wall -L/usr/lib -rpath /usr/lib -version-number 7:4:14 -Wl,-z,relro -flto -Wl,--no-add-needed -o libboinc.la -rpath /usr/lib libboinc_la-app_ipc.lo libboinc_la-base64.lo libboinc_la-cc_config.lo libboinc_la-cert_sig.lo libboinc_la-coproc.lo libboinc_la-diagnostics.lo libboinc_la-filesys.lo libboinc_la-gui_rpc_client.lo libboinc_la-gui_rpc_client_ops.lo libboinc_la-gui_rpc_client_print.lo libboinc_la-hostinfo.lo libboinc_la-md5.lo libboinc_la-md5_file.lo libboinc_la-mem_usage.lo libboinc_la-mfile.lo libboinc_la-miofile.lo libboinc_la-msg_log.lo libboinc_la-network.lo libboinc_la-notice.lo libboinc_la-opencl_boinc.lo libboinc_la-parse.lo libboinc_la-prefs.lo libboinc_la-procinfo.lo libboinc_la-proc_control.lo libboinc_la-proxy_info.lo libboinc_la-shmem.lo libboinc_la-str_util.lo libboinc_la-url.lo libboinc_la-util.lo libboinc_la-procinfo_unix.lo libboinc_la-synch.lo libboinc_la-unix_util.lo | libtool: link: /usr/bin/g++ -fPIC -DPIC -shared -nostdlib /usr/lib/gcc/x86_64-linux-gnu/4.9/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/4.9/crtbeginS.o .libs/libboinc_la-app_ipc.o .libs/libboinc_la-base64.o .libs/libboinc_la-cc_config.o .libs/libboinc_la-cert_sig.o .libs/libboinc_la-coproc.o .libs/libboinc_la-diagnostics.o .libs/libboinc_la-filesys.o .libs/libboinc_la-gui_rpc_client.o .libs/libboinc_la-gui_rpc_client_ops.o .libs/libboinc_la-gui_rpc_client_print.o .libs/libboinc_la-hostinfo.o .libs/libboinc_la-md5.o .libs/libboinc_la-md5_file.o .libs/libboinc_la-mem_usage.o .libs/libboinc_la-mfile.o .libs/libboinc_la-miofile.o .libs/libboinc_la-msg_log.o .libs/libboinc_la-network.o .libs/libboinc_la-notice.o .libs/libboinc_la-opencl_boinc.o .libs/libboinc_la-parse.o .libs/libboinc_la-prefs.o .libs/libboinc_la-procinfo.o .libs/libboinc_la-proc_control.o .libs/libboinc_la-proxy_info.o .libs/libboinc_la-shmem.o .libs/libboinc_la-str_util.o .libs/libboinc_la-url.o .libs/libboinc_la-util.o .libs/libboinc_la-procinfo_unix.o .libs/libboinc_la-synch.o .libs/libboinc_la-unix_util.o -L/usr/lib -L/usr/lib/gcc/x86_64-linux-gnu/4.9 -L/usr/lib/gcc/x86_64-linux-gnu/4.9/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/4.9/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/4.9/../../.. -lstdc++ -lm -lc -lgcc_s /usr/lib/gcc/x86_64-linux-gnu/4.9/crtfastmath.o /usr/lib/gcc/x86_64-linux-gnu/4.9/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/4.9/../../../x86_64-linux-gnu/crtn.o -pthread -O2 -O3 -Wl,-z -Wl,relro -flto -Wl,--no-add-needed -pthread -Wl,-soname -Wl,libboinc.so.7 -o .libs/libboinc.so.7.4.14 | g++: error: .libs/libboinc_la-gui_rpc_client_ops.o: No such file or directory | make[4]: *** [libboinc.la] Error 1 | make[4]: *** Waiting for unfinished jobs | Makefile:927: recipe for target 'libboinc.la' failed The missing file gets built directly after the failure: | libtool: compile: /usr/bin/g++ -DHAVE_CONFIG_H -I. -I.. -I.. -I../api -I../db -I../lib -I../lib/mac -I../sched -I../tools -I../vda -pthread -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wshadow -Wredundant-decls -Wdisabled-optimization -Wpointer-arith -Wstrict-aliasing -Wcast-align -fPIC -DPIC -pthread -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -O3 -funroll-loops -fforce-addr -ffast-math -Wall -c gui_rpc_client_ops.cpp -o libboinc_la-gui_rpc_client_ops.o /dev/null 21 | /bin/bash ../libtool --tag=CXX --mode=link /usr/bin/g++ -Wall -Wextra -Wshadow -Wredundant-decls -Wdisabled-optimization -Wpointer-arith -Wstrict-aliasing -Wcast-align -fPIC -DPIC -pthread -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -O3 -funroll-loops -fforce-addr -ffast-math -Wall -L/usr/lib -rpath /usr/lib -version-number 7:4:14 -Wl,-z,relro -flto -Wl,--no-add-needed -o libboinc.la -rpath /usr/lib libboinc_la-app_ipc.lo libboinc_la-base64.lo libboinc_la-cc_config.lo libboinc_la-cert_sig.lo libboinc_la-coproc.lo libboinc_la-diagnostics.lo libboinc_la-filesys.lo libboinc_la-gui_rpc_client.lo libboinc_la-gui_rpc_client_ops.lo libboinc_la-gui_rpc_client_print.lo libboinc_la-hostinfo.lo libboinc_la-md5.lo libboinc_la-md5_file.lo libboinc_la-mem_usage.lo libboinc_la-mfile.lo libboinc_la-miofile.lo libboinc_la-msg_log.lo libboinc_la-network.lo libboinc_la-notice.lo libboinc_la-opencl_boinc.lo libboinc_la-parse.lo libboinc_la-prefs.lo libboinc_la-procinfo.lo
Bug#757120: #757120: The package doesn't build the debian file
Hi Vincent Il Martedì 19 Agosto 2014 10:20, Vincent Cheng vch...@debian.org ha scritto: On Tue, 5 Aug 2014 14:45:13 +0100 Gianfranco Costamagna costamagnagianfra...@yahoo.it wrote: Package: googleearth-package Version: 1.1.0 Severity: serious Justification: makes the program almost useless tags:patch the fix is fairly trivial, taken from the ubuntu bug report https://bugs.launchpad.net/ubuntu/+source/googleearth-package/+bug/1335021 Assuming that the problem is not being able to produce a binary package with make-googleearth-package, I can't reproduce this at all: $ make-googleearth-package --2014-08-19 01:15:09-- http://dl.google.com/earth/client/current/GoogleEarthLinux.bin [...] dpkg-deb: building package `googleearth' in `./googleearth_6.0.3.2197+1.1.0-1_amd64.deb'. - Success! You can now install the package with e.g: sudo dpkg -i googleearth_6.0.3.2197+1.1.0-1_amd64.deb - Should this still be a RC bug? the problem should be if I understand correctly the code, when $instdir contains some special chars such as -, in that case the build fails. looking at the code instdir starts from the current directory, so maybe it really depend from where are you calling the make command... local instdir=`pwd`/googleearth-deb local tmpdir=`pwd`/googleearth-tmp cheers, Gianfranco Regards, Vincent -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758184: boinc: FTBFS due to dependency errors in Makefile
(please excuse my top posting) Hi Guo and Steffen, sorry if it is taking too long, but you don't know the kind of problems I spotted in this deep code review! the makefiles are now consistent, or at least they should be. The problem was that we (I, because the gcc-4.9 patch was from me) patched boinc always in the wrong way, we had problems, differences between static and dynamic builds and we solved by removing flags. this isn't the right way, this should be handled automatically by libtool. In fact now with the fixed makefiles and no debian patches I have able to parallel build it (make -j 8). I spotted three bad debian patches, and one bad upstream file. md5.c is not getting exported correctly (this is why probably we disabled fcgi, it wasn't able to find md5_init and so on). for some reason g++ when compiling a file .c behaves differently as it does when compiling the same cpp file. This lead to important functions not build, or not linked against boinc code, and hidden by our dynamic builds. I'm providing a patch for upstream today (as soon as I reach a computer to test if really renaming a file makes g++ stop exporting __cplusplus define in md5.h) After this I think my review should be done, I don't want to push anything on unstable because it will require a seti rebuild, so please wait some days more :-) We already have something in testing, so I don't think we should hurry up (freeze is approaching I know) So in the next few hours/days I'll send something to you and hopefully upload :-) stay tuned! Gianfranco Sent from Yahoo Mail on Android
Bug#756104: binary removal mrpt
Hi Jose, In order to get them removed you have to open a bug against ftp.debian.org Feel free to copy the significant bit from this bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764859 cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768831: ettercap-common, ettercap-graphical: shipping the same file: usr/share/ettercap/ettercap.png
Hi Andreas, The ettercap-graphical package has the following relationships with ettercap-common: Conflicts: N/A Breaks:N/A Replaces: ettercap, ettercap-common, ettercap-gtk, ettercap-text-only I don't see what you want to achieve with these Replaces, so I cannot suggest a better solution. Please read the policy (and explain your intentions if you need help). Have packages been split? (version?) Have files moved between the packages? (version?) Should packages not be installable at the same time? there is one common package with the library, the common files, and everything shared. There are two packages (not coinstallable) that both depends on the common one. So you can have ettercap-graphical with ettercap-common and you can have ettercap-text-only with ettercap-common. They both provide ettercap, and they both depend on the common package. packages were also renamed, and some packages disappeared in the meanwhile (ettercap-plugins, ettercap-gtk) this new package split is from 0.7.3, how do you suggest to fix? I'm proposing this debdiff, I didn't notice any upgrade path issues, and I moved the files in the graphic package diff -Nru ettercap-0.8.1/debian/changelog ettercap-0.8.1/debian/changelog --- ettercap-0.8.1/debian/changelog 2014-10-18 11:17:12.0 +0200 +++ ettercap-0.8.1/debian/changelog 2014-11-10 14:16:59.0 +0100 @@ -1,3 +1,14 @@ +ettercap (1:0.8.1-2) unstable; urgency=medium + + * Remove byacc | byacc-j | btyacc, not compatible after +the cmake switch. + * Add flex-old as b-d, used with bison++. + * Fix conflicting files in both common and graphical package +(Closes: #768831). + * Remove the gksu dependency, not needed anymore. + + -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Tue, 21 Oct 2014 13:19:19 +0200 + ettercap (1:0.8.1-1) unstable; urgency=medium * New upstream release. diff -Nru ettercap-0.8.1/debian/control ettercap-0.8.1/debian/control --- ettercap-0.8.1/debian/control 2014-10-18 11:17:12.0 +0200 +++ ettercap-0.8.1/debian/control 2014-11-10 14:16:08.0 +0100 @@ -4,12 +4,12 @@ Maintainer: Barak A. Pearlmutter b...@debian.org Uploaders: Murat Demirten mu...@debian.org, Gianfranco Costamagna costamagnagianfra...@yahoo.it -Build-Depends: bison | bison++ | byacc | byacc-j | btyacc, +Build-Depends: bison | bison++, check, chrpath, cmake, debhelper (= 9), - flex, + flex | flex-old, ghostscript, libbsd-dev, libcurl4-openssl-dev, @@ -88,7 +88,6 @@ Replaces: ettercap, ettercap-common, ettercap-gtk, ettercap-text-only Conflicts: ettercap (= 1:0.7.3), ettercap-gtk, ettercap-text-only Provides: ettercap -Recommends: gksu Description: Ettercap GUI-enabled executable Ettercap supports active and passive dissection of many protocols (even encrypted ones) and includes many feature for network and host diff -Nru ettercap-0.8.1/debian/ettercap-common.install ettercap-0.8.1/debian/ettercap-common.install --- ettercap-0.8.1/debian/ettercap-common.install 2014-10-18 11:17:12.0 +0200 +++ ettercap-0.8.1/debian/ettercap-common.install 2014-11-10 12:45:08.0 +0100 @@ -2,9 +2,10 @@ /usr/bin/etterfilter /usr/bin/etterlog /usr/lib/ -/usr/share/ettercap -# The next line accidentally gets +# The next lines accidentally gets # /usr/share/man/ettercap-pkexec* +# and /usr/share/ettercap/ettercap.png # which belongs in ettercap-graphical. # This is worked around in debian/rules. +/usr/share/ettercap /usr/share/man diff -Nru ettercap-0.8.1/debian/ettercap-graphical.install ettercap-0.8.1/debian/ettercap-graphical.install --- ettercap-0.8.1/debian/ettercap-graphical.install2014-10-18 11:17:12.0 +0200 +++ ettercap-0.8.1/debian/ettercap-graphical.install2014-11-10 12:45:11.0 +0100 @@ -2,7 +2,8 @@ /usr/bin/ettercap-pkexec /usr/share/appdata /usr/share/applications -/usr/share/ettercap/ettercap.png +/usr/share/ettercap/*.png +/usr/share/ettercap/*.svg /usr/share/man/man*/ettercap-pkexec* /usr/share/pixmaps /usr/share/polkit-1 diff -Nru ettercap-0.8.1/debian/rules ettercap-0.8.1/debian/rules --- ettercap-0.8.1/debian/rules 2014-10-18 11:17:12.0 +0200 +++ ettercap-0.8.1/debian/rules 2014-11-10 12:45:11.0 +0100 @@ -56,6 +56,8 @@ dh_install --list-missing @echo The ettercap-pkexec man page belongs in ettercap-graphical -rm --verbose debian/ettercap-common/usr/share/man/man*/ettercap-pkexec* + -rm --verbose debian/ettercap-common/usr/share/ettercap/*.png + -rm --verbose debian/ettercap-common/usr/share/ettercap/*.svg @echo Upstream does not set RPATH, but the file is not handled by cmake install (dh_auto_install target) chrpath --list debian/ettercap-text-only/usr/bin/ettercap chrpath --delete debian/ettercap-text-only/usr/bin/ettercap is it ok for you? (sorry for the flex noise) thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject
Bug#769967: virtualbox-guest-utils: Starting VirtualBox Additions No suitable module for running kernel found ... failed!
Hi Tomas, did you upgrade your virtualbox extension pack? did virtualbox run the vboxdrv setup? did you change your kernel? I see in your log a no suitable kernel module found cheers, Gianfanco Sent from Yahoo Mail on Android, please escuse brevity, typos and top-posting.
Bug#773416: fixed in ettercap 1:0.8.1-3
Hi dear Raphael,
fortunately oldstable is almost unaffected by this kind of CVEs, because almost
all of them
refers to code written after the squeeze release, anyway here we go, this
should be the only
patch useful for squeeze folks
--- ettercap-0.7.3.orig/src/dissectors/ec_cvs.c
+++ ettercap-0.7.3/src/dissectors/ec_cvs.c
@@ -70,7 +70,7 @@
{
DECLARE_DISP_PTR_END(ptr, end);
char tmp[MAX_ASCII_ADDR_LEN];
- char *p;
+ u_char *p;
size_t i;
/* don't complain about unused var */
@@ -92,6 +92,8 @@
/* move over the cvsroot path */
ptr += strlen(CVS_LOGIN) + 1;
+ if (ptr = end)
+ return NULL;
/* go until \n */
while(*ptr != '\n' ptr != end) ptr++;
cheers,
Gianfranco
Il Lunedì 22 Dicembre 2014 10:45, Raphael Hertzog hert...@debian.org ha
scritto:
Hello Barak,
On Thu, 18 Dec 2014, Barak A. Pearlmutter wrote:
ettercap (1:0.8.1-3) unstable; urgency=high
.
* Patch a bunch of security vulnerabilities (closes: #773416)
Thanks for the prompt reaction. ettercap is also in Squeeze
and thus covered by our LTS initiative.
Do you feel like providing a fixed package for Squeeze?
If yes, please have a look at http://wiki.debian.org/LTS/Development
but note that if you provide the fixed package and send a mail
to debian-...@lists.debian.org, someone will gladly do the administrative
part of the work for you.
Thanks!
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
Hi Raphael,
Thanks for the info! So the only remaining CVE would be
https://security-tracker.debian.org/tracker/CVE-2014-9380 and
https://security-tracker.debian.org/tracker/CVE-2014-9381 for the CVS
dissector.
yes, I think yes.
BTW, https://security-tracker.debian.org/tracker/CVE-2014-9376 mentions
also ec_dhcp.c which is present in the squeeze version. Do you confirm
that it is also unaffected?
I don't see the
(opt = get_dhcp_option(DHCP_OPT_FQDN, options, end)) != NULL)
in the 0.7.3, so I presume the code wasn't yet implemented
(0.7.3 doesn't look for option 81 in dhcp answer)
https://github.com/Ettercap/ettercap/commit/8cda3a8cf00b9d40c50c8b3408782b43d3bea062
(introduced support on 0.7.6, may 2013)
And also https://security-tracker.debian.org/tracker/CVE-2014-9378
mentions ec_imap.c which is present in the squeeze version. Do you also
confirm that it is unaffected?
it shouldn't be, since the
if (!strcmp(s-data, PLAIN)) {
method seems to be not implemented yet in 0.7.3
https://github.com/Ettercap/ettercap/commit/35289f8789e6c31644954cbdfbe1bdda101e97b3introduced
around 29 Sep 2011
and v0.7.5
introduced around
29 Sep 2011
HTH
cheers,
Gianfranco
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
Hi Barak and Raphael, the patch is already above, I didn't tweak the changelog because I don't even know the best target series, and I don't know where to patch/prepare the upload. Is that debdiff sufficient or not? I can create a squeeze chroot and prepare a build, if it is enough the above let me know. I don't even know if mentors allows squeeze as target series. cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: fixed in ettercap 1:0.8.1-3
Hi Raphael, The target serie is squeeze-lts. You can upload the .dsc to mentors if you want (or just send the debdiff as attachment here). It was copy/pasted in email and lost spaces so it's best if you can resend it as proper attachment. Don't worry about this, if you have source package ready it's good enough, someone else can do the test build and upload. No problem, I corrected the diff, did the build and uploaded on mentors. Debdiff is also attached, for your best convenience. cheers, G. debdiff-cve Description: Binary data
Bug#773416: fixed in ettercap 1:0.8.1-3
Mentor rejected it Hello, Unfortunately your package ettercap was rejected because of the following reason: You are not uploading to one of those Debian distributions: experimental jessie jessie-backports jessie-backports-sloppy jessie-security jessie-updates oldstable oldstable-backports oldstable-backports-sloppy oldstable-proposed-updates oldstable-security sid squeeze squeeze-backports squeeze-backports-sloppy squeeze-security squeeze-updates stable stable-backports stable-proposed-updates stable-security testing-proposed-updates testing-security unreleased unstable wheezy wheezy-backports wheezy-backports-sloppy wheezy-security wheezy-updates Please try to fix it and re-upload. Thanks, So I hope you are ok with the above debdiff :) cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: [DEBIAN-LTS] ettercap package
Hi *,
nope, you seems to be modifying other patches rather than the strict necessary
to fix this bug.
Moreover the patch is lacking of a CVE description (actually the patch is
fixing two CVEs, and the
description mentions only one)
(there is also no need to mention me, I'm not the author of the patch, neither
of the debdiff :) )
also the patch subject might be not really needed, I leave Raphael to review
the rest :)
I propose something like this instead.
(note the patch might not apply at all, I manually changed it)
diff -u ettercap-0.7.3/debian/changelog ettercap-0.7.3/debian/changelog
--- ettercap-0.7.3/debian/changelog
+++ ettercap-0.7.3/debian/changelog
@@ -1,3 +1,16 @@
+ettercap (1:0.7.3-2.1+squeeze2) squeeze-lts; urgency=medium
+
+ * Non-maintainer upload.
+ * Patch a bunch of security vulnerabilities (closes: #773416)
+ - CVE-2014-9380 (Buffer over-read)
+ - CVE-2014-9381 (Signedness error)
+ See:
+
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
+ Patches taken from upstream
+ - 6b196e011fa456499ed4650a360961a2f1323818 pull/608
+ - 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609
+ Thanks to Nick Sampanis n.sampa...@obrela.com who is responsible for
+ both finding and repairing these issues.
+
+ -- Nguyen Cong cong.nguyen...@toshiba-tsdv.com Tue, 23 Dec 2014 09:44:32
+0700
+
ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high
* Quilt patch for CVE-2013-0722, a stack-based buffer overflow when
diff -u ettercap-0.7.3/debian/patches/series
ettercap-0.7.3/debian/patches/series
--- ettercap-0.7.3/debian/patches/series
+++ ettercap-0.7.3/debian/patches/series
@@ -3,0 +4 @@
+04_CVE-2014-9380-9381.patch
--- ettercap-0.7.3.orig/debian/patches/04_CVE-2014-9380-9381.patch
+++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch
@@ -0,0 +1,35 @@
+From: Nick Sampanis n.sampa...@obrela.com
+Subject: Re: Bug#773416: fixed in ettercap 1:0.8.1-3
+Date: Mon, 22 Dec 2014 10:22:56 + (UTC)
+
+The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1
+allows remote attackers to cause a denial of service (out-of-bounds
+read) via a packet containing only a CVS_LOGIN signature.
+
+Integer signedness error in the dissector_cvs function in
+dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause
+a denial of service (crash) via a crafted password, which triggers
+a large memory allocation.
+See Debian Bug #773416#20
+
+--- a/src/dissectors/ec_cvs.c
b/src/dissectors/ec_cvs.c
+@@ -70,7 +70,7 @@ FUNC_DECODER(dissector_cvs)
+ {
+DECLARE_DISP_PTR_END(ptr, end);
+char tmp[MAX_ASCII_ADDR_LEN];
+- char *p;
++ u_char *p;
+size_t i;
+
+/* don't complain about unused var */
+@@ -92,6 +92,8 @@ FUNC_DECODER(dissector_cvs)
+
+/* move over the cvsroot path */
+ptr += strlen(CVS_LOGIN) + 1;
++ if (ptr = end)
++ return NULL;
+
+/* go until \n */
+while(*ptr != '\n' ptr != end) ptr++;
cheers,
and Merry XMas,
Gianfranco
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773416: [DEBIAN-LTS] ettercap package
Hi Nguyen,
for me (note: I don't have any upload power, so my opinion counts less than 0
here) :)
--- ettercap-0.7.3/debian/changelog
+++ ettercap-0.7.3/debian/changelog
[snip]
fine for me, do not need to mention me at all :)
--- ettercap-0.7.3/debian/patches/series
+++ ettercap-0.7.3/debian/patches/series
[snip]
fine
only in patch2:
unchanged:
I would remove the two lines above, don't know why there are here, but they
seems to be not useful at all
--- ettercap-0.7.3.orig/debian/patches/04_CVE-2014-9380-9381.patch
+++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch
should be fine even if usually newly created files should be something like
--- /dev/null
+++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch
[snip]
+Subject: Twelve vulnerabilities exist on ettercap-ng which
I would say two here, because the other vulnerabilities are not available here
the other looks good to me :)
cheers,
G.
(sorry for top posting)
Il Giovedì 25 Dicembre 2014 11:26, Nguyen Cong
cong.nguyen...@toshiba-tsdv.com ha scritto:
Hello Gianfranco Costamagna and Raphael Hertzog,
Many thanks for your comments, especially Raphael :).
I propose something like this instead.
(note the patch might not apply at all, I manually changed it)
Yes. Sorry for my mistake, I changed it. Please tell me if
I had to set the name in changelog to you, Gianfranco Costamagna.
I have re-built it with care. But not sure it's good enough
since I have troubled with DEP3. I ended up with upstream patch style.
--- ettercap-0.7.3/debian/patches/series
+++ ettercap-0.7.3/debian/patches/series
@@ -3,0 +4 @@
+04_CVE-2014-9380-9381.patch
Why is there no context shown here?
And this one also. I don't really get it.
Could you please review it and give me some comments.
Many thanks and Merry Christmas :)
Cong
On 25/12/2014 16:34, Gianfranco Costamagna wrote:
Hi *,
nope, you seems to be modifying other patches rather than the strict
necessary to fix this bug.
Moreover the patch is lacking of a CVE description (actually the patch is
fixing two CVEs, and the
description mentions only one)
(there is also no need to mention me, I'm not the author of the patch,
neither of the debdiff :) )
also the patch subject might be not really needed, I leave Raphael to
review the rest :)
I propose something like this instead.
(note the patch might not apply at all, I manually changed it)
diff -u ettercap-0.7.3/debian/changelog ettercap-0.7.3/debian/changelog
--- ettercap-0.7.3/debian/changelog
+++ ettercap-0.7.3/debian/changelog
@@ -1,3 +1,16 @@
+ettercap (1:0.7.3-2.1+squeeze2) squeeze-lts; urgency=medium
+
+ * Non-maintainer upload.
+ * Patch a bunch of security vulnerabilities (closes: #773416)
+ - CVE-2014-9380 (Buffer over-read)
+ - CVE-2014-9381 (Signedness error)
+ See:
+
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
+ Patches taken from upstream
+ - 6b196e011fa456499ed4650a360961a2f1323818 pull/608
+ - 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609
+ Thanks to Nick Sampanis n.sampa...@obrela.com who is responsible for
+ both finding and repairing these issues.
+
+ -- Nguyen Cong cong.nguyen...@toshiba-tsdv.com Tue, 23 Dec 2014 09:44:32
+0700
+
ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high
* Quilt patch for CVE-2013-0722, a stack-based buffer overflow when
diff -u ettercap-0.7.3/debian/patches/series
ettercap-0.7.3/debian/patches/series
--- ettercap-0.7.3/debian/patches/series
+++ ettercap-0.7.3/debian/patches/series
@@ -3,0 +4 @@
+04_CVE-2014-9380-9381.patch
--- ettercap-0.7.3.orig/debian/patches/04_CVE-2014-9380-9381.patch
+++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch
@@ -0,0 +1,35 @@
+From: Nick Sampanis n.sampa...@obrela.com
+Subject: Re: Bug#773416: fixed in ettercap 1:0.8.1-3
+Date: Mon, 22 Dec 2014 10:22:56 + (UTC)
+
+The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1
+allows remote attackers to cause a denial of service (out-of-bounds
+read) via a packet containing only a CVS_LOGIN signature.
+
+Integer signedness error in the dissector_cvs function in
+dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause
+a denial of service (crash) via a crafted password, which triggers
+a large memory allocation.
+See Debian Bug #773416#20
+
+--- a/src/dissectors/ec_cvs.c
b/src/dissectors/ec_cvs.c
+@@ -70,7 +70,7 @@ FUNC_DECODER(dissector_cvs)
+ {
+DECLARE_DISP_PTR_END(ptr, end);
+char tmp[MAX_ASCII_ADDR_LEN];
+- char *p;
++ u_char *p;
+size_t i;
+
+/* don't complain about unused var */
+@@ -92,6 +92,8 @@ FUNC_DECODER(dissector_cvs)
+
+/* move over the cvsroot path */
+ptr += strlen(CVS_LOGIN) + 1;
++if (ptr = end)
++return NULL;
+
+/* go until \n */
+while(*ptr != '\n' ptr != end) ptr++;
cheers,
and Merry XMas,
Gianfranco
Bug#773416: [DEBIAN-LTS] ettercap package
Hi dear Nguyen, for me if it applies to ettercap/squeeze cleanly it is fine :) Let's wait for Raphael, I don't have any more issues! Cheers, G. Il Sabato 27 Dicembre 2014 5:04, Nguyen Cong cong.nguyen...@toshiba-tsdv.com ha scritto: Dear Gianfranco Costamagna, Many thanks for your comments. I would say two here, because the other vulnerabilities are not available here Yes. My bad, stupid mistake :(. It has been corrected. only in patch2: unchanged: I would remove the two lines above, don't know why there are here, but they seems to be not useful at all I don't understand also. Could anyone please give me idea for fixing this problem. I attached newest debdiff file. Hope this nearly good enough. Thanks and best regards Cong On 26/12/2014 14:29, Gianfranco Costamagna wrote: Hi Nguyen, for me (note: I don't have any upload power, so my opinion counts less than 0 here) :) --- ettercap-0.7.3/debian/changelog +++ ettercap-0.7.3/debian/changelog [snip] fine for me, do not need to mention me at all :) --- ettercap-0.7.3/debian/patches/series +++ ettercap-0.7.3/debian/patches/series [snip] fine only in patch2: unchanged: I would remove the two lines above, don't know why there are here, but they seems to be not useful at all --- ettercap-0.7.3.orig/debian/patches/04_CVE-2014-9380-9381.patch +++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch should be fine even if usually newly created files should be something like --- /dev/null +++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch [snip] +Subject: Twelve vulnerabilities exist on ettercap-ng which I would say two here, because the other vulnerabilities are not available here the other looks good to me :) cheers, G. (sorry for top posting) Il Giovedì 25 Dicembre 2014 11:26, Nguyen Cong cong.nguyen...@toshiba-tsdv.com ha scritto: Hello Gianfranco Costamagna and Raphael Hertzog, Many thanks for your comments, especially Raphael :). I propose something like this instead. (note the patch might not apply at all, I manually changed it) Yes. Sorry for my mistake, I changed it. Please tell me if I had to set the name in changelog to you, Gianfranco Costamagna. I have re-built it with care. But not sure it's good enough since I have troubled with DEP3. I ended up with upstream patch style. --- ettercap-0.7.3/debian/patches/series +++ ettercap-0.7.3/debian/patches/series @@ -3,0 +4 @@ +04_CVE-2014-9380-9381.patch Why is there no context shown here? And this one also. I don't really get it. Could you please review it and give me some comments. Many thanks and Merry Christmas :) Cong On 25/12/2014 16:34, Gianfranco Costamagna wrote: Hi *, nope, you seems to be modifying other patches rather than the strict necessary to fix this bug. Moreover the patch is lacking of a CVE description (actually the patch is fixing two CVEs, and the description mentions only one) (there is also no need to mention me, I'm not the author of the patch, neither of the debdiff :) ) also the patch subject might be not really needed, I leave Raphael to review the rest :) I propose something like this instead. (note the patch might not apply at all, I manually changed it) diff -u ettercap-0.7.3/debian/changelog ettercap-0.7.3/debian/changelog --- ettercap-0.7.3/debian/changelog +++ ettercap-0.7.3/debian/changelog @@ -1,3 +1,16 @@ +ettercap (1:0.7.3-2.1+squeeze2) squeeze-lts; urgency=medium + + * Non-maintainer upload. + * Patch a bunch of security vulnerabilities (closes: #773416) + - CVE-2014-9380 (Buffer over-read) + - CVE-2014-9381 (Signedness error) + See: + https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ + Patches taken from upstream + - 6b196e011fa456499ed4650a360961a2f1323818 pull/608 + - 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609 + Thanks to Nick Sampanis n.sampa...@obrela.com who is responsible for + both finding and repairing these issues. + + -- Nguyen Cong cong.nguyen...@toshiba-tsdv.com Tue, 23 Dec 2014 09:44:32 +0700 + ettercap (1:0.7.3-2.1+squeeze1) stable; urgency=high * Quilt patch for CVE-2013-0722, a stack-based buffer overflow when diff -u ettercap-0.7.3/debian/patches/series ettercap-0.7.3/debian/patches/series --- ettercap-0.7.3/debian/patches/series +++ ettercap-0.7.3/debian/patches/series @@ -3,0 +4 @@ +04_CVE-2014-9380-9381.patch --- ettercap-0.7.3.orig/debian/patches/04_CVE-2014-9380-9381.patch +++ ettercap-0.7.3/debian/patches/04_CVE-2014-9380-9381.patch @@ -0,0 +1,35 @@ +From: Nick Sampanis n.sampa...@obrela.com +Subject: Re: Bug#773416: fixed in ettercap 1:0.8.1-3 +Date: Mon, 22 Dec 2014 10:22:56 + (UTC) + +The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 +allows remote attackers to cause a denial of service (out-of-bounds +read) via a packet containing only a CVS_LOGIN signature. + +Integer
Bug#775888: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi all, so to sum everything up: experimental: NOT AFFECTED. jessie: fixed all of them by disabling the code (attached jessie-debdiff) wheezy: fixed CVE-2015-0377, CVE-2015-0418 wheezy-bpo: I propose to backport the new 4.3.18 into bpo when it reaches testing. squeeze: no virtualbox there squeeze-bpo: I propose to backport kbuild and then virtualbox 4.1 or 4.3 from wheezy-jessie. Attached the debdiffs thanks again Frank for your help! cheers, Gianfranco wheezy-debdiff Description: Binary data jessie-debdiff Description: Binary data
Bug#775888: Re: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi Frank, that code does only exist in VBox 4.3.x, older branches are not affected. wonderful Attached. wonderful These patches are against the latest code in the respective branches but I hope they apply to these old versions. Sorry but it's not possible to support such old versions, we only support the latest versions of a specific branch. Of course, there is absolutely no problem in adapting them :) Correct, already contains fixes for all these problems. wonderful have many thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi Frank the most CVEs from that CPU are related to the experimental VMSVGA implementation. This code is not documented and not announced and regular users will not use it. Therefore I suggest you to just disable that code by setting VBOX_WITH_VMSVGA= VBOX_WITH_VMSVGA3D= This will automatically omit CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, CVE-2014-6588 and CVE-2015-0427. The actual patch to fix this code is a bit lengthy, therefore disabling this code is IMO the best solution. I presume starting from version 4.0 everything needs to be patched by disabling it? CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older) CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older) do you have any patch for = 4.2.x then? we have in the archive (debian and ubuntu) 4.0.10 4.1.12 4.1.18 4.3.10 4.3.14 4.3.18 4.3.20 (not affected at all I presume) Frank-- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi Aron, can you please also followup on squeeze-bpo? (might need a kbuild backport to make it build) cheers, (thanks) G. Il Martedì 27 Gennaio 2015 13:57, Aron Xu happyaron...@gmail.com ha scritto: I'll follow-up in wheezy-backports this weekend, at that time it should land in jessie already. Best, Aron On Tue, Jan 27, 2015 at 6:21 PM, Moritz Mühlenhoff j...@inutil.org wrote: On Mon, Jan 26, 2015 at 09:14:55PM +0530, Ritesh Raj Sarraf wrote: On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote: On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote: In the past someone from upstream posted the upstream commits to the bug log, maybe you can contact them for more information so that we can merge the isolated fixes into the jessie version? Cheers, Moritz Moritz, For unstable, I've pushed the upload an d asked for an exception. For Wheezy, it is building right now. Once the build is complete, I'll push it to s-p-u. And send you the debdiff. Please find attached the debdiff. Please give me an ACK, and then I'll do the upload. Looks good to me. Please upload to security-master, I'll take care of the update. Cheers, Moritz -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427
Hi Moritz, please read carefully this thread :) Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418? jessie is not affected, and wheezy has already the patch on this thread the two CVEs are for VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28 so 4.3 not affected. Since jessie is already pending fixed, I propose to go for wheezy with the above one. cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768476: openssl: Removes symbol without SONAME bump
What is the rationale for this? I see in the changelog: * Temporary enable SSLv3 methods again, but they will go away. so if the changelog is correct, sid is *not* affected. cheers, G Il Lunedì 4 Maggio 2015 0:48, Christoph Anton Mitterer cales...@scientia.net ha scritto: Control: tags -1 + sid Apparently the version with the missing soname bump is now in sid as well, therefore adding the tag. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784245:
Hi All, As Joachim said in a mail where I requested the same thing: [1] (if correct) lists the compatibility matrix of ghc and llvm so 7.10 llvm 3.5 7.11 llvm 3.6 [1] http://smart-cactus.org/~ben/posts/2014-11-28-state-of-llvm-backend.html cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#783686:
Attached a debdiff to fix this bug. You can also grab directly the build on DebOMatic if you want. http://debomatic-i386.debian.net/distribution#unstable/llvm-toolchain-3.4/3.4.2-14/buildlog or here http://debomatic-amd64.debian.net/distribution#unstable/llvm-toolchain-3.4/3.4.2-14 cheers, Gianfranco debdiff Description: Binary data
Bug#784443: Cmake FindSSL module doesn't work anymore
Package: cmake Version: 3.0.2-1 Severity: Serious I Cmake maintainers, I honestly don't know where the bug belongs to, but I'm reporting against cmake. In my opinion this bug is becoming serious, since something in unstable changed and broke the builds the problem seems to be actually in the FindSSL.cmake module: = if (UNIX) find_package(PkgConfig QUIET) pkg_check_modules(_OPENSSL QUIET openssl) endif () this means that pkg-config should be available on the system, otherwise it will fail with something like: CMake Error at /usr/share/cmake-3.0/Modules/FindOpenSSL.cmake:293 (list): list GET given empty list Call Stack (most recent call first): CMakeLists.txt:86 (find_package) CMake Error at /usr/share/cmake-3.0/Modules/FindOpenSSL.cmake:294 (list): list GET given empty list Call Stack (most recent call first): CMakeLists.txt:86 (find_package) CMake Error at /usr/share/cmake-3.0/Modules/FindOpenSSL.cmake:296 (list): list GET given empty list Call Stack (most recent call first): CMakeLists.txt:86 (find_package) CMake Error at /usr/share/cmake-3.0/Modules/FindOpenSSL.cmake:298 (list): list GET given empty list Call Stack (most recent call first): CMakeLists.txt:86 (find_package) CMake Error at /usr/share/cmake-3.0/Modules/FindPackageHandleStandardArgs.cmake:136 (message): Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR: Found unsuitable version .0.0`, but required is at least 1.0.0 (found /usr/lib/x86_64-linux-gnu/libssl.so;/usr/lib/x86_64-linux-gnu/libcrypto.so) Call Stack (most recent call first): /usr/share/cmake-3.0/Modules/FindPackageHandleStandardArgs.cmake:341 (_FPHSA_FAILURE_MESSAGE) /usr/share/cmake-3.0/Modules/FindOpenSSL.cmake:318 (find_package_handle_standard_args) CMakeLists.txt:86 (find_package) I guess with the old openssl some fallback code was in place, leading to the find of the version. Now with openssl 1.0.2a-1 in unstable/testing rebuild of the packages using it has become impossible. I'm adding manually pkg-config as B-D of casablanca package, but I think this should be a runtime dependency of cmake. (please forgive me and downgrade the bug if my analysis is actually wrong) cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784655: can't rebuild casablanca with newer libstdc++6 (sid)
Package: gcc-5
Version: 5.1.1-4
Severity: Serious
Justification: Package rebuild trigger a test failure.
As said, casablanca doesn't pass the testsuite anymore with libstdc++6 library.
I triggered a successful build from Stretch, and upgraded packages until I
upgraded libstdc++6
Preparing to unpack .../libstdc++6_5.1.1-4_amd64.deb ...
Unpacking libstdc++6:amd64 (5.1.1-4) over (4.9.2-10) ...
Now I have the testsuite giving some failures:
/casablanca/Release/tests/functional/http/client/connections_and_errors.cpp:94:
error: Failure in server_doesnt_exist:
CHECK_EQUAL(static_castint(std::errc::host_unreachable), _condFound.value())
where static_castint(std::errc::host_unreachable)=113 and _condFound.value()=0
FAILED
Test case connections_and_errors:server_doesnt_exist FAILED
[...]
and
/casablanca/Release/tests/functional/streams/fstreambuf_tests.cpp:148: error:
Failure in OpenForReadDoesntCreateFile1:
CHECK_EQUAL(static_castint(std::errc::no_such_file_or_directory),
_condFound.value()) where
static_castint(std::errc::no_such_file_or_directory)=2 and
_condFound.value()=0
FAILED
Test case file_buffer_tests:OpenForReadDoesntCreateFile1 FAILED
(code following from
http://anonscm.debian.org/cgit/collab-maint/casablanca.git/tree/Release/tests/functional/streams/fstreambuf_tests.cpp)
TEST(OpenForReadDoesntCreateFile1)
{
utility::string_t fname = U(OpenForReadDoesntCreateFile1.txt);
VERIFY_THROWS_SYSTEM_ERROR(OPEN_Rchar(fname).get(),
std::errc::no_such_file_or_directory);
std::ifstream is;
VERIFY_IS_NULL(is.rdbuf()-open(fname.c_str(), std::ios::in));
}
any idea for the regression?
thanks,
Gianfranco
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784655: can't rebuild casablanca with newer libstdc++6 (sid)
Hi Matthias, thanks for the quick reply are you running sid, or stretch? in plain sid the package doesn't build at all, in order to trim down the differences I started from a Stretch clean pbuilder environment, and upgraded stuff until I got the problem. is the testsuite rebuilt after the new libstdc++ installed? if yes, is the libstdc++-5-dev package upgraded as well? yes, of course the testsuite has been rebuilt, if that matters, I'm compiling with -std=c++11 flag so, to resume starting from stretch, enabling sid repository apt-get install libstdc++6 libstdc++-5-dev The following extra packages will be installed: gcc-5-base libasan2 libatomic1 libcilkrts5 libgcc-5-dev libgcc1 libgomp1 libitm1 liblsan0 libmpx0 libquadmath0 libtsan0 libubsan0 fetch casablanca and try to build. /casablanca/Release/tests/functional/streams/fstreambuf_tests.cpp:158: error: Failure in OpenForReadDoesntCreateFile2: CHECK_EQUAL(static_castint(std::errc::no_such_file_or_directory), _condFound.value()) where static_castint(std::errc::no_such_file_or_directory)=2 and _condFound.value()=0 please can you distill down a test case? the test case seems pretty generic utility::string_t fname = U(OpenForReadDoesntCreateFile2.txt); VERIFY_THROWS_SYSTEM_ERROR(OPENchar(fname, std::ios_base::in | std::ios_base::binary ).get(), std::errc::no_such_file_or_directory); std::ifstream is; VERIFY_IS_NULL(is.rdbuf()-open(fname.c_str(), std::ios::in | std::ios_base::binary)); isn't this something generic? (sorry I don't undestand too much g++ code, moreover I'm using an embedded UnitTestpp because the Debian one is too outdated) cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784655: closed by Matthias Klose d...@debian.org (Bug#784655: fixed in gcc-5 5.1.1-5)
Hi Doko, does this mean that I need to b-d on g++-5 and export CXX=g++-5? It seems to be failing to build when mixing g++-4.9 and new libstdc++... thanks a lot for the fix! Now with gcc-5 I can build it correctly! cheers, Gianfranco Il Sabato 9 Maggio 2015 18:45, Debian Bug Tracking System ow...@bugs.debian.org ha scritto: This is an automatic notification regarding your Bug report which was filed against the gcc-5 package: #784655: can't rebuild casablanca with newer libstdc++6 (sid) It has been closed by Matthias Klose d...@debian.org. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Matthias Klose d...@debian.org by replying to this email. -- 784655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problemsSource: gcc-5 Source-Version: 5.1.1-5 We believe that the bug you reported is fixed in the latest version of gcc-5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 784...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose d...@debian.org (supplier of updated gcc-5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 08 May 2015 18:48:49 +0200 Source: gcc-5 Binary: gcc-5-base libgcc1 libgcc1-dbg libgcc2 libgcc2-dbg libgcc-5-dev libgcc4 libgcc4-dbg lib64gcc1 lib64gcc1-dbg lib64gcc-5-dev lib32gcc1 lib32gcc1-dbg lib32gcc-5-dev libn32gcc1 libn32gcc1-dbg libn32gcc-5-dev libx32gcc1 libx32gcc1-dbg libx32gcc-5-dev gcc-5 gcc-5-multilib gcc-5-plugin-dev gcc-5-hppa64 cpp-5 gcc-5-locales g++-5 g++-5-multilib libgomp1 libgomp1-dbg lib32gomp1 lib32gomp1-dbg lib64gomp1 lib64gomp1-dbg libn32gomp1 libn32gomp1-dbg libx32gomp1 libx32gomp1-dbg libitm1 libitm1-dbg lib32itm1 lib32itm1-dbg lib64itm1 lib64itm1-dbg libx32itm1 libx32itm1-dbg libatomic1 libatomic1-dbg lib32atomic1 lib32atomic1-dbg lib64atomic1 lib64atomic1-dbg libn32atomic1 libn32atomic1-dbg libx32atomic1 libx32atomic1-dbg libasan2 libasan2-dbg lib32asan2 lib32asan2-dbg lib64asan2 lib64asan2-dbg libx32asan2 libx32asan2-dbg libubsan0 libubsan0-dbg lib32ubsan0 lib32ubsan0-dbg lib64ubsan0 lib64ubsan0-dbg libx32ubsan0 libx32ubsan0-dbg libcc1-0 libgccjit0 libgccjit-5-dev libgccjit-5-dbg libgccjit-5-doc gobjc++-5 gobjc++-5-multilib gobjc-5 gobjc-5-multilib libobjc-5-dev lib64objc-5-dev lib32objc-5-dev libn32objc-5-dev libx32objc-5-dev libobjc4 libobjc4-dbg lib64objc4 lib64objc4-dbg lib32objc4 lib32objc4-dbg libn32objc4 libn32objc4-dbg libx32objc4 libx32objc4-dbg gfortran-5 gfortran-5-multilib libgfortran-5-dev lib64gfortran-5-dev lib32gfortran-5-dev libn32gfortran-5-dev libx32gfortran-5-dev libgfortran3 libgfortran3-dbg lib64gfortran3 lib64gfortran3-dbg lib32gfortran3 lib32gfortran3-dbg libn32gfortran3 libn32gfortran3-dbg libx32gfortran3 libx32gfortran3-dbg gccgo-5 gccgo-5-multilib libgo7 libgo7-dbg lib64go7 lib64go7-dbg lib32go7 lib32go7-dbg libn32go7 libn32go7-dbg libx32go7 libx32go7-dbg gcj-5 gcj-5-jdk gcj-5-jre-headless gcj-5-jre libgcj16 gcj-5-jre-lib libgcj16-awt libgcj16-dev libgcj16-dbg gcj-5-source libgcj-doc libstdc++6 lib32stdc++6 lib64stdc++6 libn32stdc++6 libx32stdc++6 libstdc++-5-dev libstdc++-5-pic libstdc++6-5-dbg lib32stdc++-5-dev lib32stdc++6-5-dbg lib64stdc++-5-dev lib64stdc++6-5-dbg libn32stdc++-5-dev libn32stdc++6-5-dbg libx32stdc++-5-dev libx32stdc++6-5-dbg libstdc++-5-doc gnat-5 libgnat-5 libgnat-5-dbg libgnatvsn5-dev libgnatvsn5 libgnatvsn5-dbg libgnatprj5-dev libgnatprj5 libgnatprj5-dbg gdc-5 gdc-5-multilib fixincludes gcc-5-source Architecture: source all ppc64el Version: 5.1.1-5 Distribution: unstable Urgency: medium Maintainer: Debian GCC Maintainers debian-...@lists.debian.org Changed-By: Matthias Klose d...@debian.org Description: cpp-5 - GNU C preprocessor fixincludes - Fix non-ANSI header files g++-5 - GNU C++ compiler g++-5-multilib - GNU C++ compiler (multilib files) gcc-5 - GNU C compiler gcc-5-base - GCC, the GNU Compiler Collection (base package) gcc-5-hppa64 - GNU C compiler (cross compiler for hppa64) gcc-5-locales - GCC, the GNU compiler collection (native language support files) gcc-5-multilib - GNU C compiler (multilib files) gcc-5-plugin-dev - Files for GNU GCC plugin development. gcc-5-source - Source of the GNU Compiler Collection gccgo-5- GNU Go compiler gccgo-5-multilib - GNU Go compiler (multilib files) gcj-5 - GCJ byte code and native
Bug#784655: closed by Matthias Klose d...@debian.org (Bug#784655: fixed in gcc-5 5.1.1-5)
Hi Doko, yes, I had to force g++5 to make them run successfully thanks, (sorry for top posting) Gianfranco Sent from Yahoo Mail on Android From:Matthias Klose d...@debian.org Date:Mon, 11 May, 2015 at 22:34 Subject:Re: Bug#784655: closed by Matthias Klose (Bug#784655: fixed in gcc-5 5.1.1-5) On 05/11/2015 10:36 AM, Gianfranco Costamagna wrote: does this mean that I need to b-d on g++-5 and export CXX=g++-5? It seems to be failing to build when mixing g++-4.9 and new libstdc++... thanks a lot for the fix! Now with gcc-5 I can build it correctly! no, please continue to build with the default gcc-4.9 for the near future. Are these tests still failing when you rebuild with 5.1.1-5? Matthias
Bug#784655: closed by Matthias Klose d...@debian.org (Bug#784655: fixed in gcc-5 5.1.1-5)
Hi again Doko, is it acceptable to use g++-5 or should I reopen this RC? I don't know if there is another hidden bug here or not thanks Gianfranco Il Lunedì 11 Maggio 2015 23:28, Gianfranco Costamagna costamagnagianfra...@yahoo.it ha scritto: Hi Doko, yes, I had to force g++5 to make them run successfully thanks, (sorry for top posting) Gianfranco Sent from Yahoo Mail on Android From:Matthias Klose d...@debian.org Date:Mon, 11 May, 2015 at 22:34 Subject:Re: Bug#784655: closed by Matthias Klose (Bug#784655: fixed in gcc-5 5.1.1-5) On 05/11/2015 10:36 AM, Gianfranco Costamagna wrote: does this mean that I need to b-d on g++-5 and export CXX=g++-5? It seems to be failing to build when mixing g++-4.9 and new libstdc++... thanks a lot for the fix! Now with gcc-5 I can build it correctly! no, please continue to build with the default gcc-4.9 for the near future. Are these tests still failing when you rebuild with 5.1.1-5? Matthias -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution
Hi sid/testing: - 4.3.28 is not affected (upload pending) -jessie: 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessieid=990f846aec31871952b839ed93f7963f16bceb0c -wheezy: 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little changed to remove fuzz and to find the file in the right location) upstream patch http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheezyid=3426d960fc44c86b31d8755717499c83fc127194 I'm rebuilding right now them, sorry for the looong delay in fixing them, upstream only ack'd the patch today, and I was also on VAC for two days. cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785689: I: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution
Package: virtualbox Severity: Serious Version: 4.3.18-dfsg-3 Tags: patch Virtualbox crashes after 10 minutes of run Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert frank.mehn...@oracle.com ha scritto: Hi Gianfranco, could you also have a look here? https://www.virtualbox.org/ticket/14128#comment:1 This is regarding the 4.3.18 Jessie package. Thanks, Frank -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution
Hi Frank, is 4.1.18 affected? cheers, Gianfranco Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert frank.mehn...@oracle.com ha scritto: Hi Gianfranco, could you also have a look here? https://www.virtualbox.org/ticket/14128#comment:1 This is regarding the 4.3.18 Jessie package. Thanks, Frank On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote: Hi sid/testing: - 4.3.28 is not affected (upload pending) -jessie: 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jessi eid=990f846aec31871952b839ed93f7963f16bceb0c -wheezy: 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little changed to remove fuzz and to find the file in the right location) upstream patch http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=wheez yid=3426d960fc44c86b31d8755717499c83fc127194 I'm rebuilding right now them, sorry for the looong delay in fixing them, upstream only ack'd the patch today, and I was also on VAC for two days. cheers, Gianfranco ___ Pkg-virtualbox-devel mailing list pkg-virtualbox-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-devel -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE Deutschland B.V. Co. KG Hauptverwaltung: Riesstraße 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785424: [vbox-dev] CVE-2015-3456 aka VENOM
Hi Frank, are you sure the bug is really fixed? the qemu patch seems to be different from the virtualbox one, and seems that the affected code is not fixed http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e6c3185f5 e.g. https://security-tracker.debian.org/tracker/CVE-2015-3456 http://xenbits.xen.org/xsa/advisory-133.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785424: Re: Bug#785424: [Pkg-virtualbox-devel] Bug#785424: virtualbox: CVE-2015-3456: floppy driver host code execution
Hi Frank, yes I know, I wasn't sure if an update was needeed for wheezy too. I know the bug isn't related to the CVE, in fact I opened 785689 to track it down :) Unfortunately we will need to make another upload for it. cheers, Gianfranco Il Martedì 19 Maggio 2015 10:27, Frank Mehnert frank.mehn...@oracle.com ha scritto: Hi Gianfranco, ticket https://www.virtualbox.org/ticket/14128 is only about VBox version 4.3.18. No other version is affected by this bug. Note that this has nothing to do with CVE-2015-3456. Kind regards, Frank On Tuesday 19 May 2015 08:20:07 Gianfranco Costamagna wrote: Hi Frank, is 4.1.18 affected? cheers, Gianfranco Il Lunedì 18 Maggio 2015 20:36, Frank Mehnert frank.mehn...@oracle.com ha scritto: Hi Gianfranco, could you also have a look here? https://www.virtualbox.org/ticket/14128#comment:1 This is regarding the 4.3.18 Jessie package. Thanks, Frank On Monday 18 May 2015 16:48:13 Gianfranco Costamagna wrote: Hi sid/testing: - 4.3.28 is not affected (upload pending) -jessie: 4.3.18-dfsg-3+deb8u2 is fixed in git branch jessie, with the upstream patch http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=jes si eid=990f846aec31871952b839ed93f7963f16bceb0c -wheezy: 4.1.18-dfsg-2+deb7u5 should be fixed in git branch wheezy with the (little changed to remove fuzz and to find the file in the right location) upstream patch http://anonscm.debian.org/cgit/pkg-virtualbox/virtualbox.git/commit/?h=whe ez yid=3426d960fc44c86b31d8755717499c83fc127194 I'm rebuilding right now them, sorry for the looong delay in fixing them, upstream only ack'd the patch today, and I was also on VAC for two days. cheers, Gianfranco ___ Pkg-virtualbox-devel mailing list pkg-virtualbox-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-virtualbox-dev el -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE Deutschland B.V. Co. KG Hauptverwaltung: Riesstraße 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785424: Re: [vbox-dev] CVE-2015-3456 aka VENOM
Hi Debian security team, can we please followup with the two uploads then? I'm attaching the two debdiffs, chers, Gianfranco Il Martedì 19 Maggio 2015 11:27, Frank Mehnert frank.mehn...@oracle.com ha scritto: Hi Gianfranco, On Tuesday 19 May 2015 09:17:13 Gianfranco Costamagna wrote: Hi Frank, are you sure the bug is really fixed? the qemu patch seems to be different from the virtualbox one, and seems that the affected code is not fixed http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42 d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e 907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e 6c3185f5 e.g. https://security-tracker.debian.org/tracker/CVE-2015-3456 http://xenbits.xen.org/xsa/advisory-133.html the VirtualBox code is inherited from Qemu but the code is not the same. Yes, we are sure the bug is fixed in VBox 4.3.28. Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany ORACLE Deutschland B.V. Co. KG Hauptverwaltung: Riesstraße 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher jessie-debdiff Description: Binary data wheezy-debdiff Description: Binary data
Bug#783032: fixed in mentors?
Hi, the bug above should be fixed in mentors. I did some additional work, packaging the new release, bumping std-version, removing cdbs, wrap-and-sort, move watch file to github, export QT_SELECT, and something more. The package can be found here http://mentors.debian.net/package/minitube (note, I'm having a timeout on api, but seems to be related to my computer/google account, because I get the same issue when I try to use the api from webbrowser) cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#787761: missing licenses in debian/copyright
Control: tags 787761 pending Hi Thorsten, first thanks for the review! I committed the changes on git [1] branch experimental. I hope we can followup with an upload of 3.7.1 and this fix on unstable soon. this bug seems affetting each gambas release since oldstable [1] http://anonscm.debian.org/cgit/pkg-gambas/gambas3.git/commit/?h=experimentalid=fdbdeaba81fd5f4783669b9c8b6fb1c8ed847f1a [2] http://anonscm.debian.org/cgit/pkg-gambas/gambas3.git/commit/?h=experimentalid=151d6158c2c23f0e8750aaccf10cdda826f2f862 cheers, Gianfranco Il Giovedì 4 Giugno 2015 21:03, Thorsten Alteholz alteh...@debian.org ha scritto: Package: gambas3 Version: 3.6.2-1 Severity: serious User: alteh...@debian.org Usertags: ftp X-Debbugs-CC: ftpmas...@ftp-master.debian.org thanks Dear Maintainer, some files (especially *.svg) are licensed under CC licenses. Please add them to your debian/copyright. Thanks! Thorsten -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#787921: gambas3-gb-desktop-x11: fails to upgrade from 'sid' - trying to overwrite /usr/lib/gambas3/gb.desktop.gambas
control: tags -1 pending Hi Andreas, I pushed the changes on git branch experimental, and on DebOMatic http://debomatic-amd64.debian.net/distribution#unstable/gambas3/3.7.1-1/buildlog http://anonscm.debian.org/cgit/pkg-gambas/gambas3.git/commit/?h=experimental Unfortunately piuparts there fails because of a broken symlink, don't know why, maybe ttf-fonts is not installed there, but I removed that symlink in the new release... Please let me know if you encounter other piuparts failures, thanks, Gianfranco Il Sabato 6 Giugno 2015 13:37, Andreas Beckmann a...@debian.org ha scritto: Package: gambas3-gb-desktop-x11 Version: 3.6.2-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package fails to upgrade from 'sid' to 'experimental'. It installed fine in 'sid', then the upgrade to 'experimental' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at https://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces From the attached log (scroll to the bottom...): Selecting previously unselected package gambas3-gb-desktop-x11. Preparing to unpack .../gambas3-gb-desktop-x11_3.6.2-1_amd64.deb ... Unpacking gambas3-gb-desktop-x11 (3.6.2-1) ... dpkg: error processing archive /var/cache/apt/archives/gambas3-gb-desktop-x11_3.6.2-1_amd64.deb (--unpack): trying to overwrite '/usr/lib/gambas3/gb.desktop.gambas', which is also in package gambas3-gb-desktop 3.5.4-2+b1 cheers, Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781767:
Control: severity -1 important thanks Based on the last few comments I'm setting the severity back to important. cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#788945: libjsoncpp.so.0: cannot open shared object file: No such file or directory
On Wed, 17 Jun 2015 10:31:49 +0200 Peter Spiess-Knafl d...@spiessknafl.at wrote: Hi! I just did an upload including a fix for this bug. Please remember that all packages built against the broken version need a binNMU to get the new dependency right. However I cannot do binNMUs because I am only a DM with limited upload privileges. Can a DD take care of this? Hi Peter, thanks for the upload. I opened bug 789032 to track this thanks, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#783543: Fixed in 3.6.1
Control: fixed -1 1:3.6.1-1 thanks Hi, looking at the sources and the llvm branch commits mail list [1] seems that this bug is fixed in 3.6.1 [1] https://www.mail-archive.com/llvm-branch-commits@cs.uiuc.edu/msg01056.html cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781767: Makes it unusable for my buckets too
Hi all, I opened a jessie-p-u request here [1] I tried to explain (sum this conversation) in the best way I could, please read and correct if I wrote anything wrong there. Maybe something about this can be fixed with a python upload? (just wondering how bad might be reverting the check in a python jessie-pu) Matt do you know the python release introducing the problem? [1] https://bugs.debian.org/788607 thanks in advance, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786819: Can anybody please followup with this?
Hi Vince and Sebastian, unfortunately a package I comaintain (Virtualbox) is stuck in testing migration due to the libvnc transition, and the transition is blocked by netsurf (AFAIK). Is it possible to ack or NMU the package in the near future? I wouldn't bother, but Virtualbox/unstable is carrying a fix for CVE-2015-3456, so I would really appreciate an upload with an high urgency, in order to avoid asking to hint the migration without netsurf. Sorry again, unfortunately the transition started with a bad timing :) (note, I have no upload privileges, so I can't do an NMU by myself) cheers, Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777912: patch
Hi Steve, I saw you fixed insighttoolkit4, do you plan to fix also this one? the patch is really the same... However I'm wondering if we should let it disappear from testing, and try to focus on enabling itk4 on all architectures... cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777912: patch
Hi Steve, yes, I remember I tried it and I succeeded. I can retry if needed, but I'm mostly sure it was obviously due to the changes in cxx11 ABI. IIRC I tried with both the old and new gcc api (unstable and experimental) let me know if I have to try again, it was one month ago, I forget too quickly :) cheers, G. Sent from Yahoo Mail on Android From:Steve M. Robbins st...@sumost.ca Date:Sat, 4 Jul, 2015 at 23:00 Subject:Bug#777912: patch Hi Gianfranco, On July 4, 2015 11:51:19 AM Steve Robbins wrote: Hey. I was just planning to let v3 just die. But if the fix is just using the same patch it could be useful to apply it. Still has several dependancies. So now that I'm home, I see on this bug report your message of 7 May 2015: Hi, I applied the upstream patch to itk [1], and now it seems to build correctly, but failing to link with gdcm ../../bin/libITKIO.so.3.20.1: undefined reference to `gdcm::SerieHelper::SetDirectory(std::__cxx11::basic_stringchar, ... [...] probably gdcm needs to be rebuilt against gcc-5 Did you verify that rebuilding gdcm does fix the problem? Thanks, -Steve
Bug#777868:
reassign 777868 gccxml thanks actually the problem on this bug is on gccxml, so I guess reassigning is the right thing to do. I did some tweak to the gdcm build (by copying gccxml missing files to the gcc build directory) and I succeeded in the build. I guess switching to gccxml successor will solve this issue once for all, so I reassign this one to the correct package :) cheers, G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777868: your mail
Hi Steve, So I reassign back. Create a new issue for gccxml and block this by it. yes, I did just this... I forgot about that! sorry G. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#785689: patch
following the patch
diff --git a/debian/changelog b/debian/changelog
index 0e5d537..a9c3059 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+virtualbox (4.3.18-dfsg-3+deb8u3) jessie; urgency=medium
+
+ * d/p/39-crash-raw-mode.patch fix crash in raw mode.
+(Closes: #785689) from upstream changeset 53083
+thanks Frank for the hint!
+
+ -- Gianfranco Costamagna costamagnagianfra...@yahoo.it Tue, 19 May 2015
10:22:10 +0200
+
virtualbox (4.3.18-dfsg-3+deb8u2) jessie-security; urgency=high
* d/p/CVE-2015-3456.patch fix for CVE-2015-3456 a.k.a. VENOM
diff --git a/debian/patches/39-crash-raw-mode.patch
b/debian/patches/39-crash-raw-mode.patch
new file mode 100644
index 000..3a5a561
--- /dev/null
+++ b/debian/patches/39-crash-raw-mode.patch
@@ -0,0 +1,10 @@
+Index: trunk/src/VBox/Devices/PC/DevACPI.cpp
+===
+--- a/src/VBox/Devices/PC/DevACPI.cpp
b/src/VBox/Devices/PC/DevACPI.cpp
+@@ -2936,4 +2936,5 @@
+ {
+ ACPIState *pThis = PDMINS_2_DATA(pDevIns, ACPIState *);
++pThis-pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
+ pThis-pPmTimerRC = TMTimerRCPtr(pThis-pPmTimerR3);
+ NOREF(offDelta);
diff --git a/debian/patches/series b/debian/patches/series
index de801a7..6fe9974 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,3 +16,4 @@
36-fix-vnc-version-string.patch
37-disable-smap.patch
CVE-2015-3456.patch
+39-crash-raw-mode.patch
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#779620: closed by Gianfranco Costamagna costamagnagianfra...@yahoo.it (Fixed in last unstable release)
Can you please open a new issue for this? thanks, Gianfranco Il Giovedì 13 Agosto 2015 15:13, Philipp Marek philipp.ma...@linbit.com ha scritto: Hi, according to the source code this seems to be fixed already in the last two Debian uploads. Please confirm the code is working. Sorry, it's broken in another way. # lldb-3.7 /bin/ls wait a few seconds... !? (lldb) target create /bin/ls Current executable set to '/bin/ls' (x86_64). (lldb) r error: process launch failed: unable to locate lldb-server (lldb) c error: Process must be launched. (lldb) q # ls -la /usr/bin/lldb-* lrwxrwxrwx 1 root root 24 Aug 3 02:38 /usr/bin/lldb-3.7 - ../lib/llvm-3.7/bin/lldb lrwxrwxrwx 1 root root 27 Aug 3 02:38 /usr/bin/lldb-mi-3.7 - ../lib/llvm-3.7/bin/lldb-mi lrwxrwxrwx 1 root root 31 Aug 3 02:38 /usr/bin/lldb-server-3.7 - ../lib/llvm-3.7/bin/lldb-server I guess registering lldb via alternatives might help, but that's only a workaround...
Bug#795531: FTBFS on i386
Hi dear Daniel, Thanks for the feedback, however this is not needed, because I already get the FTBFS mail from buildds, and even before the bug report I had discussed the build failure with upstream, a failure that will be discussed on monday too with vbox-dev folks, to see if we can narrow down a fix. If you have a patch please go ahead! :) cheers, Gianfranco Il Sabato 15 Agosto 2015 7:21, Daniel Baumann daniel.baum...@progress-technologies.net ha scritto: Package: virtualbox Version: 5.0.2-dfsg-1 Severity: serious Hi, your package failed to build from source on i386: https://buildd.debian.org/status/fetch.php?pkg=virtualboxarch=i386ver=5.0.2-dfsg-1stamp=1439581763 Regards, Daniel -- Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern Email: daniel.baum...@progress-technologies.net Internet: http://people.progress-technologies.net/~daniel.baumann/
Bug#779620: closed (Fixed in last unstable release)
Hi Philipp, can you please try the latest llvm-toolchain-snapshots 3.8 on unstable? the libstdc++ rebuilds should make it installable with not so many troubles hopefully (at least in a pbuilder-environment) cheers, G. Il Venerdì 14 Agosto 2015 7:18, Philipp Marek philipp.ma...@linbit.com ha scritto: Can you please open a new issue for this? Yes, of course I can (though I'm not sure whether I should bother). But not now, because I can't upgrade to the latest version, because that would break quite a bit of my installation (libstdc++6 dependencies...)
Bug#791310: Fixed in unstable and experimental
Hi, since nobody took care of this issue, I took the liberty to fix this bug and upload directly on unstable, due to policy allowing to put on 0 day queue packages with more than 7 days old RC bugs and no intention to fix. I did upload as NMU, even if I'm in the Debian Science team, because I would like to avoid maintaining this package, and switch ASAP to vtk6. This is unfortunately still needed to make the netcdf transition finish, and I guess I'll try to move to vtk-5.10 in the near future, at least to avoid loosing all the work I did for the vtk-5.10 version. BTW In order to avoid a new transition for tcl/tk 8.5 removal, I took the liberty to cherry-pick the ubuntu 8.6 patch, specially because we are already transitioning due to the v5 soname change. I hope it is ok, I don't think tcl-tk 8.5 will be still there for Stretch (and I hope also vtk won't be there) cheers, Gianfranco
Bug#790655: python3-pygithub, remove the package?
Control: forwarded -1 https://github.com/PyGithub/PyGithub/issues/331 Hi Dmitry, I guess the package is really not python3 ready, in my opinion we should at least let the python2 version migrate to testing, because I need it as dependency of the new w3af. How do you feel about doing that? I can NMU it if needed, or sponsor an upload for you :) thanks! Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#794466: Virtualbox might not be suitable for Stretch
Source: virtualbox Version: 4.3.30-dfsg-1 Severity: critical X-Debbugs-CC: j...@inutil.org X-Debbugs-CC: r...@debian.org X-Debbugs-CC: frank.mehn...@oracle.com X-Debbugs-CC: klaus.espenl...@oracle.com (please cc people if needed As Said in many different threads [1 bottom of the mail], Upstream doesn't play in a really fair mode wrt CVEs in the package (it used to, but not for the current CVE list). This basically makes the package unsuitable for Stable Releases, since Upgrade to a newer release is not the correct answer, and cherry-picking patches without upstream support is just impossible/not easily feasible for such a huge codebase. I quote a mail from some Vbox upstream developers and Debian folks. Personal Maintainer opinion: I do not have anything against Virtualbox neither against Upstream, made by people competent who helped us a lot, and did a great work in merging patches (also my patches) and providing such a good tool for us, I love the package and I would like to see it in Debian, but since people working for Oracle might risk to get punished for not following the Oracle policy, I think we are not sure we can continue giving a CVE free package for Stable Releases. So, while Oracle employees tries to find out an Open Source friendly way to cooperate with us, I'm opening this bug, to let the community be aware of the status quo of the package. On Tuesday 28 July 2015 14:00:31 Ritesh Raj Sarraf wrote: I am writing to you seeking clarification on what the project's stance is for Security Vulnerabilities. As you know, for Debian, we package VirtualBox. Given the breadth of the Debian project (oldstable, stable, testing, LTS, derivatives), it is important for us to have access to security fixes in an easy format. https://security-tracker.debian.org/tracker/CVE-2015-2594 For example, for the above CVE, afaik all we have is a consolidated report. http://www.oracle.com/technetwork/topics/security/cpujul2015 -2367936.html With no broken down fixes in an easy format, it makes it difficult to backport those fixes to older versions. I'm aware of the problem. Unfortunately there is an Oracle policy which forbids us to provide relevant information about security bugs, see here: http://www.oracle.com/us/support/assurance/vulnerability-remediation/disclosure/index.html We are currently trying to find out what's possible to help you but this will take some more time. thanks folks for the help, I still hope we can solve it in a good way, to avoid disappear of Virtualbox there :) cheers! Gianfranco -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
