Bug#306839: patch for FTBFS
On Fri, Apr 29, 2005 at 03:07:09AM +0200, Frank Lichtenheld wrote: On Thu, Apr 28, 2005 at 06:34:15PM -0400, Justin Pryzby wrote: Attached is a patch to fix FTBFS: missing build-depends on xlibs-dev. Confirmed on sid/i386 pbuilder. It would be preferable to exactly detemine which of the xlibs the package depends on and then only build-depend on those. Okay, I'll work on it. Ideas why the dependencies are presently versioned? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#306839: blackbox FTBFS
blackbox FTBFS may be fixed by an additional build-depends on libxt-dev. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#303656: ifupdown: can't write /etc/network/run/ifstate no space left on device
On Thu, Apr 07, 2005 at 11:35:36PM +, mike at dst wrote: Package: ifupdown Version: 0.6.6 Severity: critical Justification: breaks the whole system (Reading database ... 23841 files and directories currently installed.) Preparing to replace ifupdown 0.6.6 (using ifupdown_0.6.6_i386.deb) ... Unpacking replacement ifupdown ... Setting up ifupdown (0.6.6) ... Moving /etc/network/ifstate to /etc/network/run/ifstate mv: writing `/etc/network/run/ifstate': No space left on device dpkg: error processing ifupdown (--install): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: ifupdown Isn't that precisely what should happen? Under the majority of circumstances, maintainer scripts should not fail. But it seems to me that running out of disk space warrents stopping the install and letting the admin fix the problem. Indeed, that is precisely what I'd want. You said breaks the whole system. What broke? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299770: confirm
On Sun, Apr 03, 2005 at 05:03:37PM +0200, Jean-Michel Kelbert wrote: Le 17/03/05 à 02:08 Justin Pryzby ([EMAIL PROTECTED]) écrivait : I can confirm that this problem exists with a fresh install. Justin Could you tell me it it's allready present in the new package ? The new package (1.0-1) installs fine. Note that I'm not the original bug submitter. Justin
Bug#298475: (no subject)
diff -ur origi/webcalendar-0.9.45/debian/changelog
webcalendar-0.9.45/debian/changelog
--- origi/webcalendar-0.9.45/debian/changelog 2005-04-04 00:46:06.405458528
-0400
+++ webcalendar-0.9.45/debian/changelog 2005-04-04 00:54:30.071889592 -0400
@@ -1,3 +1,15 @@
+webcalendar (0.9.45-4) unstable; urgency=high
+
+ * Escape values in postinst. Closes: #296935
+ * Change database password to Debconf type 'password'. Closes: #298475.
+ * Remove settings.php on purge. Closes: #298476.
+- Also move settings.php.tpl from /etc/ to /usr/share/webcalendar/install.
+ * Purge debconf data when the package is purged. Closes: #302625.
+- Also clear the password from Debconf immediately after writing
+ it to a file.
+
+ -- Justin Pryzby [EMAIL PROTECTED] Sun, 3 Apr 2005 23:49:50 -0400
+
webcalendar (0.9.45-3) unstable; urgency=low
* removed mysql-server or postgres requirements (closes: #291590)
diff -ur origi/webcalendar-0.9.45/debian/install
webcalendar-0.9.45/debian/install
--- origi/webcalendar-0.9.45/debian/install 2005-04-04 00:46:06.403458832
-0400
+++ webcalendar-0.9.45/debian/install 2005-04-04 00:53:31.295824912 -0400
@@ -5,7 +5,7 @@
includes/print_styles.css etc/webcalendar
includes/site_extras.php etc/webcalendar
includes/styles.php etc/webcalendar
-settings.php.tpl etc/webcalendar
+settings.php.tpl usr/share/webcalendar/install
*.php usr/share/webcalendar
*.gif usr/share/webcalendar
*.sql var/lib/webcalendar/sql
diff -ur origi/webcalendar-0.9.45/debian/webcalendar.postinst
webcalendar-0.9.45/debian/webcalendar.postinst
--- origi/webcalendar-0.9.45/debian/webcalendar.postinst2005-04-04
00:46:06.407458224 -0400
+++ webcalendar-0.9.45/debian/webcalendar.postinst 2005-04-04
00:53:51.342777312 -0400
@@ -31,7 +31,7 @@
configure () {
CONF_FILE=/etc/webcalendar/settings.php
-CF_TEMPLATE=/etc/webcalendar/settings.php.tpl
+CF_TEMPLATE=/usr/share/webcalendar/install/settings.php.tpl
db_get webcalendar/status/debconf_managed
if [ $RET = false ]; then
@@ -42,6 +42,7 @@
db_get webcalendar/conf/db_host; DB_HOST=$RET;
db_get webcalendar/conf/db_login; DB_LOGIN=$RET;
db_get webcalendar/conf/db_password; DB_PASSWORD=$RET;
+db_set webcalendar/conf/db_password '';
db_get webcalendar/conf/db_database; DB_DATABASE=$RET;
db_get webcalendar/conf/db_persistent; DB_PERSISTENT=$RET;
db_get webcalendar/conf/use_http_auth; USE_HTTP_AUTH=$RET;
@@ -61,24 +62,32 @@
SINGLE_USER_MODE=N
fi
+DB_TYPE=$(echo $DB_TYPE |sed -e s/[\'\]/1/g);
+DB_HOST=$(echo $DB_HOST |sed -e s/[\'\]/1/g);
+DB_LOGIN=$(echo $DB_LOGIN |sed -e s/[\'\]/1/g);
+DB_PASSWORD=$(echo $DB_PASSWORD |sed -e s/[\'\]/1/g);
+DB_DATABASE=$(echo $DB_DATABASE |sed -e s/[\'\]/1/g);
+DB_PERSISTENT=$(echo $DB_PERSISTENT |sed -e s/[\'\]/1/g);
+USE_HTTP_AUTH=$(echo $USE_HTTP_AUTH |sed -e s/[\'\]/1/g);
+SINGLE_USER_MODE=$(echo $SINGLE_USER_MODE |sed -e s/[\'\]/1/g);
+SINGLE_USER_LOGIN=$(echo $SINGLE_USER_LOGIN |sed -e s/[\'\]/1/g);
+
cat $CF_TEMPLATE | perl -e \
my %CF_REPLACE = ( \
-'DB_TYPE' = $DB_TYPE, \
-'DB_HOST' = $DB_HOST, \
-'DB_TYPE' = $DB_TYPE, \
-'DB_HOST' = $DB_HOST, \
-'DB_LOGIN' = $DB_LOGIN, \
-'DB_PASSWORD' = $DB_PASSWORD, \
-'DB_DATABASE' = $DB_DATABASE, \
-'DB_PERSISTENT' = $DB_PERSISTENT, \
-'USE_HTTP_AUTH' = $USE_HTTP_AUTH, \
-'SINGLE_USER_MODE' = $SINGLE_USER_MODE, \
-'SINGLE_USER_LOGIN' = $SINGLE_USER_LOGIN \
+'DB_TYPE' = '$DB_TYPE', \
+'DB_HOST' = '$DB_HOST', \
+'DB_LOGIN' = '$DB_LOGIN', \
+'DB_PASSWORD' = '$DB_PASSWORD', \
+'DB_DATABASE' = '$DB_DATABASE', \
+'DB_PERSISTENT' = '$DB_PERSISTENT', \
+'USE_HTTP_AUTH' = '$USE_HTTP_AUTH', \
+'SINGLE_USER_MODE' = '$SINGLE_USER_MODE', \
+'SINGLE_USER_LOGIN' = '$SINGLE_USER_LOGIN' \
); \
while (my \$line = STDIN) { \
foreach my \$search (keys %CF_REPLACE) { \
my \$replace = \$CF_REPLACE{\$search}; \
-\$line =~ s/DEBCONF::\$search/\$replace/g; \
+\$line =~ s/DEBCONF::\$search/\$replace/; \
} \
print \$line;
} \
diff -ur origi/webcalendar-0.9.45/debian/webcalendar.templates
webcalendar-0.9.45/debian/webcalendar.templates
--- origi/webcalendar-0.9.45/debian/webcalendar.templates 2005-04-04
00:46:06.407458224 -0400
+++ webcalendar-0.9.45/debian/webcalendar.templates 2005-04-03
23:56:13.0 -0400
@@ -17,7 +17,7 @@
This is the username used to connect to your SQL server.
Template
Bug#302685: After removing gdm 'startx' wont start X
On Sat, Apr 02, 2005 at 01:01:38PM +0200, Leszek Koltunski wrote: Subject: After removing gdm 'startx' wont start X Package: gdm Version: 2.6.0.6-1 Severity: grave I decided to 'dpkg -P gdm' yesterday and 'startx' wont start X any more when issued by normal user 'leszek'. ( root can start it ) X server starts, ( I added a 'echo Got here! ~/startx' to ~/.xinitrc and I get to see the log, also, there are no errors in /etc/X11/XFConfig-4.log ) but things go wrong later. I think this is not an issue of a crashing WM ( WindowMaker ) because I've tried copying all WindowMaker's -working- init settings of root to leszek's home dir, to no avail. I suspect this may have something to do with the fact that I had 'gdm' to auto-login 'leszek' before. 'apt-get install gdm' solved the issue for me. With gdm purged, are you able to run XFree86 as a normal user? What if you add a completely new user; does startx work for that user? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#302680: Inadequate copyright information
On Sat, Apr 02, 2005 at 12:40:27PM +0200, Thomas Hood wrote: Package: zeroconf Version: 0.2-1 Severity: serious The copyright file says: It was downloaded from http://www.progsoc.org/~wildfire/zeroconf/ That URL reports Your browser requested a page that could not be found: Copyright: This line must be of the form: Copyright (C) date copyright-holder (The (C) is optional, I think, but it is safer to put it in.) Indeed. I'm hoping that someone can shed some light on this. I recall hearing something like the countries of the world have agreed to uphold each others' copyright laws, but you are only guaranteed to be protected if you use the 'c in a circle' mark. In which case we need non-ascii characters, since (C) is probably not good enough. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#302716: dpkg screws up GRUB's menu.lst
reassign 302716 kernel severity 302716 important thanks On Sat, Apr 02, 2005 at 04:49:37PM +0200, Leszek Koltunski wrote: Subject: dpkg screws up GRUB's menu.lst Package: dpkg Version: 1.10.27 Severity: grave Some time ago I moved my root partition from hda3 to hda5. All online tutorials advise to simply 1) boot into single user 2) copy the files around 3) chroot install-grub in the new partition and that's what I did. Everything works, except when I install a new customized kernel with dpkg -i : So, did grubs input file (menu.lst?) get updated? utumno:/home/leszek/deb# dpkg -i kernel-image-2.6.12-rc1-mm4_5_i386.deb Selecting previously deselected package kernel-image-2.6.12-rc1-mm4. (Reading database ... 77450 files and directories currently installed.) Unpacking kernel-image-2.6.12-rc1-mm4 (from kernel-image-2.6.12-rc1-mm4_5_i386.deb) ... Setting up kernel-image-2.6.12-rc1-mm4 (5) ... Searching for GRUB installation directory ... found: /boot/grub . Testing for an existing GRUB menu.list file... found: /boot/grub/menu.lst . Searching for splash image... none found, skipping... Found kernel: /boot/vmlinuz-2.6.11wireless Found kernel: /boot/vmlinuz-2.6.12-rc1-mm4 Found kernel: /boot/vmlinuz-2.6.11 Updating /boot/grub/menu.lst ... done utumno:/home/leszek/deb# vim /boot/grub/menu.lst (...) title Debian GNU/Linux, kernel 2.6.12-rc1-mm4 root(hd0,4) kernel /boot/vmlinuz-2.6.12-rc1-mm4 root=/dev/hda3 ro savedefault boot All other kernels I have installed also get 'root=/dev/hda3' passed. Where did you get this kernel, anyway? That kernel doesn't seem to be provided by Debian. I'm reassinging to the kernel package until more is known. Did you create the .deb yourself with `cd $linux; make deb-pkg`? In that case maybe the upstream kernel people have a problem. Did you even get the kernel source from the debian archive? I dont know if it is a bug in dpkg, grub or it is something I failed to do whilst moving the root partition. However, as I couldn't find any info on how to inform dpkg about this change in Debian's manuals, I am filing this bug. It is definitely not a dpkg bug; all dpkg does is put the files where the .deb tells it to, and then call some shell scripts provided by the .deb. I expect that the shell scripts (maintainer scripts) don't do what you want. They are probably parsing the grub file and rewriting it to add the new kernel image. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#302685: After removing gdm 'startx' wont start X
On Sat, Apr 02, 2005 at 05:08:22PM +0200, Leszek Koltunski wrote: I once again purged gdm, tried to 'startx' as a normal user 'leszek' - no success. For a brief moment I get to see this gray screen with the hourglass, but after some ~1/2 a second X server exits. I added another normal user and 'startx' - no problems. Can you also confirm that XFree86 always works, independent of whether gdm is installed or not, and independent of what user runs it? Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#302685: After removing gdm 'startx' wont start X
On Sat, Apr 02, 2005 at 06:51:37PM +0200, Leszek Koltunski wrote: Can you also confirm that XFree86 always works, independent of whether gdm is installed or not, and independent of what user runs it? ok, I've got 3 users here: 'root' , 'leszek' and 'blah' ( which is just a dummy user created to test startx and XFree86 ) I purged gdm again, killed the X server, and tried 'startx-ing' with the three users. root and blah could do it, leszek - no. I then tried to issue 'XFree86'. root could do it, both blah and leszek failed with Fatal server error: Cannot move old log file /var/log/XFree86.0.log.old No wonder, since [EMAIL PROTECTED]:~$ ls -l /var/log | grep XFree -rw-r--r-- 1 rootroot 40196 Apr 3 00:44 XFree86.0.log -rw-r--r-- 1 rootroot 40078 Apr 3 00:43 XFree86.0.log.old However, as I said above, 'blah' still can issue 'startx' with no apparent problems at all! Well, this is interesting, though probably not related to the original problem. X should be SUID root -rwsr-sr-x 1 root root 7860 2005-02-23 04:07 /usr/bin/X11/X which is I guess how its supposed to be relocating the log files. Can you confirm that your permissions match: drwxr-xr-x 14 root root 4096 2005-04-02 11:42 /var/log Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: clone for debconf bug
clone 296935 -1 retitle -1 severity -1 important owner 298475 ! owner 298476 ! owner -1 ! thanks All of the debconf stuff needs to be db_purged in postrm if [[ $1 == purge ]]. See http://www.fifi.org/doc/debconf-doc/tutorial.html. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#301531: xscreensaver: Hyperball causes system crash
On Sat, Mar 26, 2005 at 04:42:50PM +0100, Dimitri Chausson wrote: Package: xscreensaver Version: 4.16-1 Severity: critical Justification: breaks the whole system Until now, I could reproduce this bug on kernel 2.6.8 and 2.6.11. It seems independant from the desktop/window manager (tried under Gnome, XFce) Step 1: Start xscreensaver-demo Step 2: choose Hyperball, click on preview After a while, the system crashes (not only X). It always happens, in demo mode or real mode. I can provide more information if necessary. Define crashes; could you check if the machine is network-accessible? Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299939: gkdial
#299939 and #218014 likely have the same cause. Someone might
consider downgrading #299939 and/or merging them.
It seems that both are caused by a user-trigged disconnect event while
in a state when disconnect should be disallowed. A proper solution
probably requires glib synchronization, but I'll bet that the problems
can be visibly solved by something like:
/*
* runs the command the user defined to disconnect
*/
void
gk_disconnect (GtkWidget * button, gpointer data)
{
GkDial *gkdial = (GkDial *) data;
gchar *disconnect_cmd = DOWNCMD;
+
+ if (!disconnect_valid) return;
+ disconnect_valid=0;
/*
* this shows that gkdial was the responsible for the connection
* being
* closed
*/
gkdial-was_gkdial = FALSE;
gkdial_exec (gkdial, disconnect_cmd, DISCONNECTING);
}
where disconnect_valid is a global variable, set to TRUE at the
appropriate time, and set to FALSE above, and while redialing.
I'm having trouble testing this since I don't have a linmodem..
Justin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#301038: imagefs crash
tag 301038 patch
thanks
It appears that the imagefs crash can be avoided by pre-creating the
file. It will crash if the file doesn't exist, but seems to succeed
if you /usr/bin/touch the file beforehand.
There's something wrong with the constructor CImage::CImage. When you
try to create a file, its boolean create parameters is true; but the
code is wrong somehow, and strace has:
open(z, O_RDWR) = -1 ENOENT (No such file or
directory)
instead of creat(z). So, someone that actually knows something
about c++ needs to look at the code an either create the file
beforehand, or add a flag similar to O_CREAT.
There are other problems, too, but they seem to be caused only by lack
of input checking:
$ imagefs d a
Read directory from image file [a].
Fatal: could not open file a.
Directory listing:
Segmentation fault (core dumped)
$ imagefs r a c
Remove files from image file [a].
Fatal: could not open file a.
Segmentation fault (core dumped)
That's pretty simple to solve:
catch (...)
{
cout Fatal: could not open file pcImageFile . endl;
+ return 1;
}
There are several instances of these. Probably there should be a
wrapper function which outputs Fatal: %s to stderr, and exit(1) (or
whatever the c++ification of exit is).
Justin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#301204: libpam-ssh: pam-ssh incorrectly re-uses values returned by getpwnam()
On Thu, Mar 24, 2005 at 03:55:06PM +0300, Michael Tokarev wrote:
Package: libpam-ssh
Version: 1.91.0-5
Severity: critical
A long time ago (circa 1998 or so) I looked at pam-ssh project and
noticied several problems with it. And since it's now in Debian,
the same problems applies to Debian too.
Here's one.
in pam_sm_authenticate() routine, pam_ssh saves struct passwd as
a pam variable, this way (error checking removed for simplicitly):
Are any other getpwnam()-type functions actually called, allowing the
buffers to be overwritten?
Documentation is not clear about how the fields of the struct are
allocated; a minimal test indicates that they are malloc()ated for the
first call only, but that implementation could change; I don't know if
there are relevant standards, and it may be that it is intentionally
opaque.
It does seem like best-practice would be to copy the entire contents
of the structure, and not just the pointers.
Luckly, most (depending on the other modules in the PAM stack) getpw*
calls will be the same as this module does, and hence the problem
will not occur.
I think you are implying that every libpam module shares memory space
with every other libpam module, which AIUI is incorrect. libpam are
ELF shared objects, and every process that links with such an object
(at runtime) will get its own private copy of the data section, but
the text section will be shared (mmaped, really, it is backed by
disk).
Does your claim still stand? Does *that* module call getpwnam()-type
functions multiple times, without memcpy the pointers, and then reuse
the top-level pointer?
I pointed this problem out to the author the same time I looked at
the module, but instead of an ACK he replied with something like
If you don't like my program write your own. Later on, he changed
logic a bit -- previously he where saving the pwent pointer, now
he saves the whole structure (as pwent_keep), but the same problem
is still here.
Right; it is a static buffer, and multiple calls to getpwnam() return
the same pointer, *and* the pointer structure fields always point to
the same place.
It seems that your request can be easily satisfied by using the
reentrant versions of these functions, like getpwnam_r. I'm including
a test file I've been playing with, which indicates that a patch, if
necessary, would be unintrusive.
Justin
#include unistd.h
#include pwd.h
#include sys/types.h
int main()
{
struct passwd p,q;
char *buf,*buf2;
int buflen=sysconf(_SC_GETPW_R_SIZE_MAX);
buf=(char *)malloc(buflen);
buf2=(char *)malloc(buflen);
struct passwd *v=malloc(sizeof (void *));
//struct passwd *p=getpwnam(pryzbyj);
getpwnam_r(pryzbyj, p, buf, buflen, (struct passwd **)v);
//struct passwd *q=getpwnam(root);
getpwnam_r(root, q, buf2, buflen, (struct passwd **)v);
printf(%s\n, p.pw_name);
printf(%s\n, q.pw_name);
return 0;
}
Bug#300787: impossible to upgrade makedev
On Thu, Mar 24, 2005 at 08:00:46PM +0100, Alessandro Pagnin wrote: Ok, I've uninstalled makedev and reinstalled with udev. The installation proceeds bat with this error: /var/lib/dpkg/info/makedev.postinst: line 27: /sbin/MAKEDEV: no such file or directory That shouldn't be possible.. You were reinstalling this version? ii makedev2.3.1-77 creates device files in /dev It contains /sbin/MAKEDEV. I don't know if you are the correct one to tell this, but I've thougth was usefull. Please Cc: the bug in your replies, so they go to the bug log and the maintainer. Please run, as root: rm /var/cache/apt/archives/makedev* apt-get --reinstall install makedev Your original report said it reboots immediately. Did you mean that the computer reboots, and reloads the linux kernel and all? Bdale: makedev.postinst has set +e; is that what you intend? I would have expected set -e. Justin Alle 22:37, lunedì 21 marzo 2005, hai scritto: On Mon, Mar 21, 2005 at 10:13:05PM +0100, Alessandro Pagnin wrote: Package: makedev Version: 2.3.1-77 Severity: critical Justification: breaks the whole system Trying to upgrade to this version of makedev, when system go to configure the package it reboots immediately This didn't happen for me. I'm running udev; are you?
Bug#301127: kaboodle dies with sigsev or so when trying to play an mpeg
On Wed, Mar 23, 2005 at 10:39:16PM +0100, Dirk Salva wrote: Package: kaboodle Version: 4:3.3.1-2 Severity: grave Justification: renders package unusable When I start trying to view an mpeg or something else (like from leech.dk), kaboodle only starts, but does not play. When I push play-button, it breaks with a sigsev (KDE-crash-notifier) or so. Under 32bit sarge the same video-file works fine. Asus A8V Deluxe, NVidia 6600GT, 1GB RAM. Can you run it under GDB and see if the backtrace is usable? $ gdb kaboodle run bt Can someone test this on a 64 bit architecture other than amd64? This is sarge-ignore if the other 64 bit archs work. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299223: downgrade?
I recommend that this report be downgraded+tag unreproducible, if someone can report success setting up masquerading via webmin-firewall and iptables 1.2.11-8. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#300306: patch
I think that comments in the wine BTS indicate that this patch will be
no longer necessary after the 20050310 release, but it is a bit
ambiguous.
In the meantime,
http://bugs.winehq.com/attachment.cgi?id=765action=view
is the included patch.
Justin
--- wine-20050211/misc/registry.c Mon Feb 14 14:06:36 2005
+++ wine-20050214/misc/registry.c Mon Feb 14 13:36:42 2005
@@ -1227,7 +1227,7 @@
ret = _xmalloc(50);
for (count = 0;;) {
sprintf(ret,/tmp/reg%lx%04x.tmp,(long)getpid(),count++);
-if ((tmp_fd = open(ret,O_CREAT | O_EXCL | O_WRONLY,0666)) != -1) break;
+if ((tmp_fd = open(ret,O_CREAT | O_EXCL | O_WRONLY,0600)) != -1) break;
if (errno != EEXIST) {
ERR(Unexpected error while open() call: %s\n,strerror(errno));
free(ret);
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Okay. Do I correctly understand that kernel patch + downgrade solves your problem? And, if you have *just* the kernel patch, /usr/sbin/pppd hangs, but doesn't crash the system? Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298173: RC bugs for sylpheed
Hi, It seems that #294604 can be closed, and #298173 can be tag = sarge,woody,security. Correct? BTW: I noticed a strange version numbering in the experimental packages. Is this intentional? It seems to me that people who had installed the experimental versions would have to actively force the downgrade to the current unstable version. Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#273826: also a kernel security problem?
clone 273826 -1 retitle -1 New upstream release v1.7 severity -1 wishlist thanks Did you say that this freezes the whole system? If so, it is a security problem with the kernel. Let us know so we can clone the bug against the kernel. Thanks, Justin On Fri, Mar 18, 2005 at 10:39:10PM +0100, Bluefuture wrote: With the latest kernel 2.6.10 and the latest alsa drive this bugs seems closed. Horgand works again. Can you also package the last released version (1.7)? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#300314: kernel bug
submitter 300314 Bluefuture [EMAIL PROTECTED] thanks Are you using a Dell laptop? The Linux 2.6.8 Changelog mentions a fix for ALSA with a Dell. (But, you said it crashed under 2.6.8; thought I'd ask anyway.) Knowing your machine type and sound card might help; the kernel changelogs mention a number of quirks updates. And, sorry, I have to ask again: Can you confirm the whole system really froze? Like, even a remote ssh session would be disconnected, and it didn't respond to ping, etc.? Would you be able to test 2.6.9? I'm curious when the problem was fixed. 2.6.9 seems to have a massive ALSA update, so it may well be fixed there. This will help find where the fix is (since Sarge will ship with 2.6.8, a fix needs to be applied before release). You referred to the latest alsa driver. Do you mean a userspace alsa driver? As best I know, all of the alsa drivers are in the kernel, but you referred to 2.6.10 AND latest alsa. Thanks, Justin References [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=300314 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#300314: kernel bug
close 300314 thanks On Sat, Mar 19, 2005 at 02:20:27AM +0100, Bluefuture wrote: Il giorno ven, 18-03-2005 alle 18:43 -0500, Justin Pryzby ha scritto: On Sat, Mar 19, 2005 at 01:18:07AM +0100, Bluefuture wrote: 2.6.10 and the latest user space alsa (alsa-base). Okay. alsa-base is just configuration files. Did you have alsa compiled into the kernel bzImage, or did you use modules? I had the default kernel installed. I had tried also to start horgand with the latest 2.6.8 kernel and it doesn't freeze the system anymore. In 2.6.10 i had switched horgand configuration for output to jack so when i rebooted in 2.6.8 it was still setted on jack output (default after horgand installation was alsa). I need to reboot again with alsa setted in horgand or is it improbably? I'm not sure; I don't know anything about these programs, and I was just following up on the bug because of a potential kernel security problem. In the period from bugs reporting to today, when i had tried to sucessfull start horgand i had also upgrade my motherboard firmware. There are many factors to try to exactly reproduce this bugs. If at report time it was identified as a kernel bugs i could did more test, but actually is very hard to reproduce it. Indeed; I just noticed that the bug report is kind of old. It would be good if you could try to reproduce it. I'll close the kernel bug for now, and reopen it if you find that you can reproduce the crash. Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299811: checksecurity bug
I was able to upgrade then purge, then reinstall sid's new checksecurity. So, I think it would be useful if you could make the postinst set -x and reconfigure it to point out where the problem is. Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#265045: conflict
Couldn't you just use Replaces: unrar-nonfree? I'm not sure I understand this bug report though; are there two packages with the same name? Is there meant to be a seamless upgrade from unrar (nonfree) to unrar (free)? In that case, why can't one of the just be renamed? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299770: confirm
I can confirm that this problem exists with a fresh install. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298600: Patch to fix this problem
Surely this is not the entire patch? Justin On Thu, Mar 17, 2005 at 12:01:29AM -0600, Micah Anderson wrote: tag 298600 + patch The attached patch fixes this problem and is the contents of the NMU that I will be doing shortly. --- bzflag-2.0.0.20050118/debian/changelog2005-01-17 21:50:09.0 -0600 +++ /tmp/changelog2005-03-16 23:46:19.503772768 -0600 @@ -1,3 +1,11 @@ +bzflag (2.0.0.20050118.1) unstable; urgency=medium + + * Non-maintainer upload + * Changed debian/copyright to refer to the proper revision of + the LGPL (Closes: #298600) + + -- Micah Anderson [EMAIL PROTECTED] Wed, 16 Mar 2005 23:45:44 -0600 + bzflag (2.0.0.20050118) unstable; urgency=medium * missing fonts -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
I assume that you have seen this: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.4 If not .. tag patch:) In less than 100 lines, even! Justin On Thu, Mar 17, 2005 at 02:54:56AM +0100, Christian wrote: Package: ppp Version: 2.4.2+20040428-6 Severity: critical Justification: breaks the whole system hello pppeople, i've encountered serious problems with pppd and days of monitoring the issues lead me to the assumption that pppd is to blame. feel free to tell me otherwise and i'll happily forward the problem to the right people - because i am not guru enough to fix it. the problem in short: i am using pppd with pppoe (ADSL dialup) i get disconnected by my ISP once a day and pppd receives LCP terminated by peer then. normally pppd will reconnect and the box would be online again. this does not happen anymore, instead 30min after disconnect all RAM is chewed up by *something* (still don't know by what, please read on) and OOM killer kicks in, killing almost every application. i have reported the issue to the linux-kernel mailinglist first, because i thought it was a kernel issue: http://lkml.org/lkml/2005/3/8/173 http://lkml.org/lkml/2005/3/10/109 maybe the replies are noteworthy too. yesterday i hit the issue again, with more (hopefully helpful) details: http://www.ussg.iu.edu/hypermail/linux/kernel/0503.2/0316.html again, the time between LCP terminated by peer to the first OOM messages are (alsmost exactly) 30min. when this happens, i am usually not around, so when i get to the machine, OOM has already happened. i can recover the machine (no reboot, but SYSRQ-E) and i have to kill -9 pppd, anything else does not work: http://nerdbynature.de/bits/sheep/2.6.11/oom/pppd.log (Terminating on signal 15 does not work, +++ killed by SIGKILL +++ is the only choice.) i first noticed this behaviour with a new kernel, namely 2.6.11, but downgrading to a former (stable for me) kernel (2.6.11-rc5-bk2) did not help. instead, i downgraded from pppd-2.4.3-20041231+2 to ppp-2.4.2+20040428-6 and got rid of the problem! 2.4.3 was uploaded on 26.02.2005, and a couple of days later i switched to a new kernel and did a apt-get upgrade. that could be the cause, i suspected kernel issues first. have a look at http://nerdbynature.de/bits/sheep/2.6.11/oom/ for further details, feel free to ask. i still did not manage to reproduce the problem by hand, e.g. by setting up a pppoe server on the same machine, connecting with pppd call... and killing the pppoe server (in the hope that it might send LCP terminated by peer to the pppd). thank you for your time, Christian. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11.3 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ppp depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g0.76-22 Pluggable Authentication Modules l ii libpcap0.7 0.7.2-7 System interface for user-level pa ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii makedev 2.3.1-76 creates device files in /dev ii netbase 4.20 Basic TCP/IP networking system ii procps 1:3.2.5-1/proc file system utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin Pryzby whois jgalt References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Including a patch from kernel.org. Given the size of the patch, you may not trust it, but that's what I got .. http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%2Fpatch-2.6.11.4.bz2;z=15 If I understand the situation correctly, this needs to be reassigned and cloned to a couple kernels, but I'll that that up to someone else to confirm. Justin On Thu, Mar 17, 2005 at 02:09:19AM -0500, pryzbyj wrote: I assume that you have seen this: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.4 If not .. tag patch:) In less than 100 lines, even! Justin On Thu, Mar 17, 2005 at 02:54:56AM +0100, Christian wrote: Package: ppp Version: 2.4.2+20040428-6 Severity: critical Justification: breaks the whole system hello pppeople, i've encountered serious problems with pppd and days of monitoring the issues lead me to the assumption that pppd is to blame. feel free to tell me otherwise and i'll happily forward the problem to the right people - because i am not guru enough to fix it. the problem in short: i am using pppd with pppoe (ADSL dialup) i get disconnected by my ISP once a day and pppd receives LCP terminated by peer then. normally pppd will reconnect and the box would be online again. this does not happen anymore, instead 30min after disconnect all RAM is chewed up by *something* (still don't know by what, please read on) and OOM killer kicks in, killing almost every application. i have reported the issue to the linux-kernel mailinglist first, because i thought it was a kernel issue: http://lkml.org/lkml/2005/3/8/173 http://lkml.org/lkml/2005/3/10/109 maybe the replies are noteworthy too. yesterday i hit the issue again, with more (hopefully helpful) details: http://www.ussg.iu.edu/hypermail/linux/kernel/0503.2/0316.html again, the time between LCP terminated by peer to the first OOM messages are (alsmost exactly) 30min. when this happens, i am usually not around, so when i get to the machine, OOM has already happened. i can recover the machine (no reboot, but SYSRQ-E) and i have to kill -9 pppd, anything else does not work: http://nerdbynature.de/bits/sheep/2.6.11/oom/pppd.log (Terminating on signal 15 does not work, +++ killed by SIGKILL +++ is the only choice.) i first noticed this behaviour with a new kernel, namely 2.6.11, but downgrading to a former (stable for me) kernel (2.6.11-rc5-bk2) did not help. instead, i downgraded from pppd-2.4.3-20041231+2 to ppp-2.4.2+20040428-6 and got rid of the problem! 2.4.3 was uploaded on 26.02.2005, and a couple of days later i switched to a new kernel and did a apt-get upgrade. that could be the cause, i suspected kernel issues first. have a look at http://nerdbynature.de/bits/sheep/2.6.11/oom/ for further details, feel free to ask. i still did not manage to reproduce the problem by hand, e.g. by setting up a pppoe server on the same machine, connecting with pppd call... and killing the pppoe server (in the hope that it might send LCP terminated by peer to the pppd). thank you for your time, Christian. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11.3 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ppp depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g0.76-22 Pluggable Authentication Modules l ii libpcap0.7 0.7.2-7 System interface for user-level pa ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii makedev 2.3.1-76 creates device files in /dev ii netbase 4.20 Basic TCP/IP networking system ii procps 1:3.2.5-1/proc file system utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin Pryzby whois jgalt References [0] -- Justin Pryzby whois jgalt References [0] !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN html head title/pub/linux/kernel/v2.6/patch-2.6.11.4.bz2/title meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 link href=/diff/diff.css rel=stylesheet type=text/css /head body !-- $Id: diffview.cgi,v 1.53 2005/02/26 02:18:44 hpa Exp $ -- !-- /pub/linux/kernel/v2.6/patch-2.6.11.4.bz2 15 -- h1a href=/pub/linux/kernel/v2.6/patch-2.6.11.4.bz2 class=lsrc/pub/linux/kernel/v2.6/patch-2.6.11.4.bz2/a/h1 pre div class=subha name=15--- a/drivers/net/ppp_async.c 2005-03-15 16:09:56 -08:00
Bug#299223: better idea
On Tue, Mar 15, 2005 at 01:47:17PM +0100, Thilo Pfennig wrote: Am Montag, den 14.03.2005, 18:19 -0500 schrieb Justin Pryzby: On Mon, Mar 14, 2005 at 06:08:39PM -0500, pryzbyj wrote: On second thought, I'm not sure where you are seeing the reported error (in a logfile?). In Webmin. I see; it just displays the output of the shell commands. mkfifo /tmp/fifo; tee -a /tmp/iptables.out 0/tmp/fifo echo -en \n$(date)\n$0 $@ /tmp/fifo; exec 1/tmp/fifo 21 Where to put? init_d load? I originally thought that it should go in /etc/init.d/iptables. Now, I think you should use a wrapper script around /sbin/iptables-save or iptables-restore. Also, what steps are you taking in webmin to cause the error? I don't know what specific caused the output of the error any more. I will, though mail the specifics if I meet the error again. That would be very useful, if you could come up with a minimal sequence of actions to reproduce the problem. Then, its easy to make a wrapper script to help diagnose the source of that problem. Also, if you can reproduce it, please try installing an updated iptables [0] which may fix the problem: Changes: iptables (1.2.11-9) unstable; urgency=medium . [...] * Bug#283721, Policy match save code puts in line feed that makes iptables-restore error, reported and fixed by Matthew Grant. Thanks. I mailed the iptables maintainer just to see if they thought that it was likely the same thing. Thanks, Justin References [0] ftp://ftp.debian.org/debian/pool/main/i/iptables/iptables-dev_1.2.11-10_i386.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299486: Mozilla-firefox: firefox crashes
On Mon, Mar 14, 2005 at 01:27:21PM +0100, Vlad Lazar wrote: Package: Mozilla-firefox Version: 1.0.1-2 Severity: grave Justification: renders package unusable Whenever I try to write anything in the address bar or google search bar the Firefox chases (I uninstalled all extensions and wiped out all configuration files) Could you try to reproduce this under GDB, and see if a backtrace would be usable? gdb mozilla-firefox run ... bt (after the crash) Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299223: better idea
On second thought, I'm not sure where you are seeing the reported error (in a logfile?). It might help to use the following lines in /etc/init.d/iptables: mkfifo /tmp/fifo; tee -a /tmp/iptables.out 0/tmp/fifo echo -en \n$(date)\n$0 @$ /tmp/fifo; exec 1/tmp/fifo 21 And if someone knows a better way of doing this, I'm all ears .. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299223: better idea
On Mon, Mar 14, 2005 at 06:08:39PM -0500, pryzbyj wrote: On second thought, I'm not sure where you are seeing the reported error (in a logfile?). It might help to use the following lines in /etc/init.d/iptables: It should be $@, not @$: mkfifo /tmp/fifo; tee -a /tmp/iptables.out 0/tmp/fifo echo -en \n$(date)\n$0 $@ /tmp/fifo; exec 1/tmp/fifo 21 Also, what steps are you taking in webmin to cause the error? Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#297771: patch
Attaching a patch which is the result of the two upstream svn commits,
applied cleanly to Debian's clilist.c, and reran diff.
Justin
--- clilist.c 2005-03-13 09:29:52.541928856 -0500
+++ old/clilist.c 2005-03-13 09:30:02.151467984 -0500
@@ -185,7 +185,7 @@
setup = TRANSACT2_FINDFIRST;
SSVAL(param,0,attribute); /* attribute */
SSVAL(param,2,max_matches); /* max count */
-
SSVAL(param,4,(FLAG_TRANS2_FIND_REQUIRE_RESUME|FLAG_TRANS2_FIND_CLOSE_IF_END));
/* resume required + close on end */
+ SSVAL(param,4,4+2); /* resume required + close on
end */
SSVAL(param,6,info_level);
SIVAL(param,8,0);
p = param+12;
@@ -197,9 +197,7 @@
SSVAL(param,2,max_matches); /* max count */
SSVAL(param,4,info_level);
SIVAL(param,6,0); /* ff_resume_key */
- /* NB. *DON'T* use continue here. If you do it seems
that W2K and bretheren
- can miss filenames. Use last filename continue
instead. JRA */
-
SSVAL(param,4,(FLAG_TRANS2_FIND_REQUIRE_RESUME|FLAG_TRANS2_FIND_CLOSE_IF_END));
/* resume required + close on end */
+ SSVAL(param,10,8+4+2); /* continue + resume required +
close on end */
p = param+12;
p += clistr_push(cli, param+12, mask, sizeof(param)-12,
STR_TERMINATE);
@@ -264,6 +262,24 @@
p = rdata;
/* we might need the lastname for continuations */
+ if (ff_lastname 0) {
+ switch(info_level) {
+ case 260:
+ clistr_pull(cli, mask, p+ff_lastname,
+ sizeof(mask),
+ data_len-ff_lastname,
+ STR_TERMINATE);
+ break;
+ case 1:
+ clistr_pull(cli, mask, p+ff_lastname+1,
+ sizeof(mask),
+ -1,
+ STR_TERMINATE);
+ break;
+ }
+ } else {
+ pstrcpy(mask,);
+ }
/* and add them to the dirlist pool */
tdl = SMB_REALLOC(dirlist,dirlist_len + data_len);
@@ -277,18 +293,10 @@
/* put in a length for the last entry, to ensure we can chain
entries
into the next packet */
- for (p2=p,i=0;i(ff_searchcount-1);i++) {
- p2 += interpret_long_filename(cli,info_level,p2,finfo);
- }
+ for (p2=p,i=0;i(ff_searchcount-1);i++)
+ p2 += interpret_long_filename(cli,info_level,p2,NULL);
SSVAL(p2,0,data_len - PTR_DIFF(p2,p));
- /* we might need the lastname for continuations */
- if (ff_lastname 0) {
- pstrcpy(mask, finfo.name);
- } else {
- pstrcpy(mask,);
- }
-
/* grab the data for later use */
memcpy(dirlist+dirlist_len,p,data_len);
dirlist_len += data_len;
Bug#299223: webmin-firewall bug
Hi, You recently reported a bug [0] against Debian's pacakge of webmin-firewall. Could you report which version of iptables you have installed? Thanks, Justin References [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278916 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299223: webmin-firewall bug
reassign 299223 iptables thanks On Sun, Mar 13, 2005 at 05:43:11PM +0100, Thilo Pfennig wrote: Am Sonntag, den 13.03.2005, 11:01 -0500 schrieb Justin Pryzby: Hi, You recently reported a bug [0] against Debian's pacakge of webmin-firewall. Could you report which version of iptables you have installed? I am using version 1.2.11-8 (Debian sarge system) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299233: conffile
It should not be a conffile, since it is created/modified by postinst. But also, I don't really follow what the postinst is doing. # This writes to $CONFIG if [ ! -e $CONFIG ]; then echo templatedir= $CONFIG fi # But this later overwrites it, unconditionally, so I don't see the # point of the conditional above. mv -f $CONFIG.tmp $CONFIG Also, I don't see the need to provide an example file since it is so simple (and written by debconf). On that note, I think that the output file should be marked Created by debconf. Use dpkg-reconfigure cgiemail to reconfigure. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299223: webmin-firewall bug
On Sun, Mar 13, 2005 at 06:55:30PM +0100, Frank Lichtenheld wrote: On Sun, Mar 13, 2005 at 11:51:48AM -0500, Justin Pryzby wrote: reassign 299223 iptables why? Because I originally thought it looked like the grave iptables bug (tagged woody), but when I reread it with the reporter's iptables version included, I realized that it was improbable (though it still may be an iptables problem). I've already reassigned it back. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296433: umbrello bug news
Hi, Is there any news on this bug [0]? Its not clear from the bug log that its even present in a version distributed by Debian. (Most importantly: is it present in testing?) Ben, were you using a debian version of the package when you experienced the bug, or one from CVS? Thanks, Justin References [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296433 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298942: luola-data: contains non-free font
On Fri, Mar 11, 2005 at 12:40:03PM +0100, Christian T. Steigies wrote: On Thu, Mar 10, 2005 at 08:06:16PM +0100, Peter De Wachter wrote: Package: luola-data Severity: serious Justification: Policy 2.2.1 This package contains the font bluebold.ttf, which is one of Ray Larabie's fonts and non-free. This font should be removed. To get a replacement, you can depend on ttf-bitstream-vera, ttf-freefont, or one of the other free fonts packaged in Debian. Thanks for your report. As it turns out, the font is not needed at all, it just looks nicer than the standard font. I found one in ttf-bitstream-vera which looks ok to me, but I am waiting for feedback from the author. So it is no problem to remove bluebold.ttf from the package, but I guess I will also have to remove it from the source package? I hope upstream will remove it, if not, I wil have to recreate the source package with the font removed. Is there any procedure for that? http://www.nl.debian.org/doc/developers-reference/ch-best-pkging-practices.en.html#s-bpp-origtargz Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298688: CAN-2005-0683: Disclosure of installation path
On Thu, Mar 10, 2005 at 09:33:19AM +0100, Alban browaeys wrote: For the record: ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = On So it does, what is your personal view about this ? I accept that someone else has made the decision to set display_errors = On by default. I imagine that this has been discussed, but I'm not sure where (there's no php list that I can see). As a php developper i would say that default should not be the debug mode, would you reassign it to php ? Presumably, over the course of developing a PHP application on Debian, a developer would get at least one error, which would alert them to the fact that this is set as such. I think it is fair to assume that php developers and webserver admins should both be aware of the existence of this option. However, one could argue that J. User is neither of the above, and may well install one of Debian's php applications (say, phpbb2) without being aware of it. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298688: CAN-2005-0683: Disclosure of installation path
On Wed, Mar 09, 2005 at 11:55:01PM +0100, Stefan Fritsch wrote: ! On a production system error logs on the browser output have to be disabled ! It is lije keeping development backdoors on a production release ... If debian php does it by default , please reassign the bug to it but i don't remenber it doing it , can you check ? No, unfortunately I don't have a php-installation where I can check it. I just went through the new CANs. Anyway, I don't know what I was thinking when I filed the report. Disclosure of the installation path is of course not an issue in Debian. For the record: ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = On -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#279483: Fix and NMU
On Tue, Mar 08, 2005 at 10:22:54AM +0100, Javier Fernández-Sanguino Peña wrote: tags 279483 patch pending thanks The attached patch should fix this, I'm making a NMU upload as this RC bug has been over 4 months unanswered. Same as #279484 (susv2). Are you planning on NMU that too? BTW; I talked to the maintainer Jan 13, 2005, and he indicated that he hoped to upload shortly (but appears to have been bitten by Real Life). Justin References [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279484
Bug#298469: php4-gd2: uninstalled when upgrading php4 from 4.3.10-2 to -8, not able to reinstall
On Mon, Mar 07, 2005 at 07:10:56PM +0100, Stefan Sontheimer wrote: Package: php4-gd2 Severity: grave Justification: renders package unusable I upgraded php4 from 4.3.10-2 to 4.3.10-8 last week. Unfortunately this removed php4-gd2 from my system. Today I realized I need this package for an application we're running. Trying to reinstall it fails, so does php4-gd2/unstable because it's not available?!? php4-gd ist not an option because we need version 2. In the interest of making your setup work again, php4-gd2 is still available in stable: http://packages.debian.org/cgi-bin/search_packages.pl?searchon=namesversion=allexact=1keywords=php4-gd2 Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#279484: Bug#279483: Fix and NMU
On Tue, Mar 08, 2005 at 04:25:09PM +0100, Javier Fernández-Sanguino Peña wrote: On Tue, Mar 08, 2005 at 09:00:34AM -0500, Justin Pryzby wrote: On Tue, Mar 08, 2005 at 10:22:54AM +0100, Javier Fernández-Sanguino Peña wrote: tags 279483 patch pending thanks The attached patch should fix this, I'm making a NMU upload as this RC bug has been over 4 months unanswered. Same as #279484 (susv2). Are you planning on NMU that too? BTW; I talked to the maintainer Jan 13, 2005, and he indicated that he hoped to upload shortly (but appears to have been bitten by Real Life). I was not aware of it, but now that I see it I will fix with the attached patch. Okay. FYI it appears that dh_clean was not called, as your patch includes things I would not expect (and which were not present in the other patch), such as DEBIAN/ and debian/files. I'm not familiar with cdbs, so I'm not going to try to debug it. Justin
Bug#297798: valgrind test case
Have you tried to construct a minimal test case?
I tried to reproduce the problem with a trivial program, included.
Let me know if I'm missing something already known.
Thanks,
Justin
References
[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=297798
#include dlfcn.h
#include stdio.h
print(char *s)
{
fprintf(stderr, %s\n, s);
}
int main()
{
void *v=dlopen(/, RTLD_LAZY);
print(dlerror());
//void *dlsym(void *handle, const char *symbol);
//int dlclose(void *handle);
return 0;
}
Bug#298296: sysfsutils bug
Hi, You recently reported a bug [0] in Debian's sysfsutils package. I tested the init script, and it appears to work as intended. I added this line to /etc/sysfs.conf: devices/system/cpu/cpu0/cpufreq/scaling_governor = ondemand and added two lines to /etc/init.d/sysfsutils: while read key val; do + echo setting $key = $val; + continue; if [ $key -a $val ]; then Now, running /etc/init.d/sysfsutils start yields: $ sudo /etc/init.d/sysfsutils start Setting sysfs variables...setting devices/system/cpu/cpu0/cpufreq/scaling_governor = ondemand done. So, it may not be functioning as desired, but it is not failing for the reason you gave. The variables are visible within the while loop (but not outside it, I guess). (Well, this is true for me, at least:) Can you confirm that there is a newline at the end of /etc/sysfs.conf? The final line will not be `read` if there is none. Justin References [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298296 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: RC webcalendar bug
Hi Tim, Are you available to do a quick upload of webcalendar? There is presently grave bug #296935 which prevents configuration when the user's password is nonalphanumeric. Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#297798: valgrind error
Hi, Could you expand on the Debian bug #297798 which you reported against libc6? It seems like you mean that applications using dlerror() break when invoked by valgrind, because valgrind dlsym() frees its return pointer. Is that a correct interpretation? Thanks, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#295853: reportbug includes sensitive information in report
Its closed; Chris's message on Feb 19 was to: [EMAIL PROTECTED], which caused it to be marked as Done. See also the done tag, up top. Justin On Wed, Mar 02, 2005 at 05:38:48PM +0900, Horms wrote: Should this bug be closed. The log against the bug suggests it should be, but it seems to still be open. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: Setting up of webcalendar fails
On Sun, Feb 27, 2005 at 10:41:05AM +0100, Filippo Rusconi wrote: Hellow Justin, The problem may be that the DB_PASSWORD line is unable to handle an @ sign (though I cannot reproduce it). Can you try running dpkg-reconfigure webcalendar, and entering a purely alphanumeric password? I cannot run dpkg-reconfigure webcalendar : /usr/sbin/dpkg-reconfigure: webcalendar is broken or not fully installed I know, I had the same problem. I don't know if that's right, or if there's a second problem. You can work around it by editting the appropriate line in /var/cache/debconf/config.dat. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: Setting up of webcalendar fails
On Sun, Feb 27, 2005 at 06:39:52PM +0100, Filippo Rusconi wrote: I don't know if that's right, or if there's a second problem. You can work around it by editting the appropriate line in /var/cache/debconf/config.dat. Yes, it helped. However, the install of webcalendar along with a number of other packages seamed very much complicated to me. I could not even understand how to point my web browser to webcalendar... nothing was put in /var/www, which as I understand it, the standard location for Apache-served files... I believe that that's intentional. The webcalendar files are in /usr/share because they are sharable, and apache.conf (or its counterpart) is updated with a web alias: /webcalendar = /usr/share/webcalendar. Besides keeping them in share/, this allows an easy way to disable web apps without removing them; just edit apache.conf. When I tried to load a /usr/share/webcalendar/index.php file in mozilla-firefox it asked me if I wanted to store it on disk, not recognizing that this was php script ! That's a php problem, though, not a webcalendar one. If you haven't already found the solution, check /etc/apache*/conf.d/*php*, and possibly uncomment some lines to enable php preprocessing. Maybe dpkg-reconfigure php4 will do that for you, actually. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#273871: getting libsilc to Testing
On Sat, Feb 26, 2005 at 02:00:59PM +0200, Toni Willberg wrote: Hi. I'm not a Debian developer, so I don't know (nor really care) about the policy. What should be done, and by who, to get libsilc package to Testing? There are more than one SILC client packages (GAIM's SILC plugin and Silky) on hold because of this. As indicated here: http://packages.qa.debian.org/s/silc-toolkit.html this bug needs to be closed: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=273871 before libsilc can enter testing. The libsilc maintainer will have to resolve the reported bug by making the included shared libraries comply with policy. He seems to have indicated that he is not actively working on it, but will accept volunteers. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: Setting up of webcalendar fails
On Fri, Feb 25, 2005 at 09:36:52PM -0800, Steve Langasek wrote: The problem may be that the DB_PASSWORD line is unable to handle an @ sign (though I cannot reproduce it). I'm not sure why you can't reproduce this: 1) You seem to have replaced ')' with '}'. (Just for the record). 'SINGLE_USER_LOGIN' = }; ^^^ 2) The DB password should be of debconf type password, not string, such that the value is not echoed to the screen (and I think debconf also discards the value ASAP). 3) I can reproduce the problem now; I had to purge webcalendar and then reinstall it. I don't understand why. dpkg-reconfigure webcalendar /usr/sbin/dpkg-reconfigure: webcalendar is broken or not fully installed Shouldn't purging erase the debconf values so I can install it again? It doesn't. 4) /etc/webcalendar/settings.php is not removed on purge, which causes an unsightly message /etc/webcalendar not empty so not removed. That file should be manually rm in prerm:purge (but not in prerm:remove). Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: Setting up of webcalendar fails
On Fri, Feb 25, 2005 at 09:42:43PM +0100, Filippo Rusconi wrote: Package: webcalendar Version: 0.9.45-3 Severity: grave Justification: renders package unusable The Setting up of webcalendar fails with following output: Setting up webcalendar (0.9.45-3) ... Search pattern not terminated at -e line 1. Could you edit /var/lib/dpkg/info/webcalendar.postinst and add the following as line #2: set -x. Then try to complete the webcalendar configuration. Send the output to me, and Cc: the bug. FWIW, this works for me on a new installation. I suspect that the perl script is causing problems, but can't see how (and I'd like to confirm this first of all). Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296935: Setting up of webcalendar fails
On Fri, Feb 25, 2005 at 10:53:48PM +0100, Filippo Rusconi wrote:
Hello,
thanks for answering the bug report.
I did as you requested, and then tried an install of the package. This
is the output:
Okay, it is as I suspected; perl is somehow causing the problem.
+ [EMAIL PROTECTED]
If that wasn't a temporary password before, then it should be now.
I'm including this below for reference of the maintainer.
+ cat /etc/webcalendar/settings.php.tpl
+ perl -e '
my %CF_REPLACE = ('
\''DB_TYPE'\''= mysql,
'\''DB_HOST'\'' = localhost,
'\''DB_TYPE'\'' = mysql,
'\''DB_HOST'\'' = localhost,
'\''DB_LOGIN'\'' = webcalsqlusername,
'\''DB_PASSWORD'\'' = [EMAIL PROTECTED],
'\''DB_DATABASE'\'' = webcalname,
'\''DB_PERSISTENT'\'' = true,
'\''USE_HTTP_AUTH'\'' = false,
'\''SINGLE_USER_MODE'\'' = N,
'\''SINGLE_USER_LOGIN'\'' = );
while (my $line = STDIN) {
foreach my $search (keys %CF_REPLACE) {
my $replace = $CF_REPLACE{$search};
$line =~ s/DEBCONF::$search/$replace/g;
}
print $line;
}
'
The problem may be that the DB_PASSWORD line is unable to handle an @
sign (though I cannot reproduce it). Can you try running
dpkg-reconfigure webcalendar, and entering a purely alphanumeric
password?
It may also be that it is unable to deal with SINGLE_USER_LOGIN being
null (though I suspect that this is okay, since that how my install
should look).
Other comments for the maintainer: the s/DEBCONF::// should be
anchored, and doesn't seem to need the /g modifier:
$line =~ s/^.*?: DEBCONF/;
Also, the .tpl (template?) file should be installed into
/usr/share/webcalendar, and not into /etc/, since it is not a
configuration file.
Justin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296274: kernel-image-2.6.8-2-32: forward bug - segmentation fault : kernel cause
Hi again, I got your message, but deleted it, assuming it was also in the BTS. Could you resend it, and also Cc: [EMAIL PROTECTED] Thanks, Justin References [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296274 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#296274: kernel-image-2.6.8-2-32: forward bug - segmentation fault : kernel cause ?
On Mon, Feb 21, 2005 at 02:34:24PM +0100, Roel Teuwen wrote: Package: kernel-image-2.6.8-2-32 Version: 2.6.8-6 Severity: grave Justification: renders package unusable After filing bugreport #294167 (apt-listbugs: segmentation fault on hppa), it was closed by the developer, stating the cause is the kernel because of kernel messages in dmesg. It was my understanding that these messages were informational and indicative of a programming flaw in the application, but complying with the request anyway. Ouch, yes it definitely seems to be kernel flaw. Userspace programs should not (be able to) cause the kernel's page fault algorithm to break, or cause a register dump. Is this reproducible? Does it happen every time? Justin dmesg kernel messages were : do_page_fault() pid=1556 command='apt-listbugs' type=7 address=0x4027d3af vm_start = 0x4022a000, vm_end = 0x40312000 YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI PSW: 0100 Not tainted r00-03 f000 4027d3a3 4033b458 r04-07 40325e58 4033b538 40321d8c 410b6590 r08-11 40338e24 00989680 0001 0015430c r12-15 00154308 403246da 0611 r16-19 407e9bf0 40325e58 r20-23 410b6000 0001 r24-27 0001 410b6590 00020b9c r28-31 0168 410b6600 407d7edb sr0-3 0028 sr4-7 0028 0028 0028 0028 IASQ: 0028 0028 IAOQ: 4027d3af 4027d3b3 IIR: 0cca1280ISR: 0028 IOR: 40321d8c CPU:0 CR30: 144ec000 CR31: 103d ORIG_R28: IAOQ[0]: 0x4027d3af IAOQ[1]: 0x4027d3b3 RP(r2): 0x4027d3a3 apt-listbugs (pid 1556): Protection id trap (code 27) YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI PSW: 0100 Not tainted r00-03 1043c010 10113c00 160a16c4 r04-07 410b6600 1645f320 410b6624 1645f51c r08-11 160a16c4 000b r12-15 00154308 403246da 0611 r16-19 1645f320 000b r20-23 0001 00030001 410b6624 144ec088 r24-27 144ec088 144ec088 410b6624 10347010 r28-31 000b 144ec340 101f764c sr0-3 0028 sr4-7 IASQ: IAOQ: 101364d4 101364d8 IIR: 0f53d280ISR: 0028 IOR: 410b6624 CPU:0 CR30: 144ec000 CR31: 103d ORIG_R28: 103d IAOQ[0]: copy_siginfo_to_user+0x468/0x490 IAOQ[1]: copy_siginfo_to_user+0x46c/0x490 RP(r2): setup_rt_frame+0x98/0x42c -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#294746: libantlr-dev is empty
Development packages should contain a shared library (.a), header files, and a linker symlink (libfoo.so = libfoo.so.0). Justin On Mon, Feb 21, 2005 at 11:30:33PM +0100, Arnaud Vandyck wrote: Fri, 11 Feb 2005 13:53:32 +0100, Max Kellermann [EMAIL PROTECTED] wrote: Package: libantlr-dev Version: 2.7.5-1 file list from the package: drwxr-xr-x root/root 0 2005-02-02 19:30:13 ./ drwxr-xr-x root/root 0 2005-02-02 19:30:10 ./usr/ drwxr-xr-x root/root 0 2005-02-02 19:30:10 ./usr/share/ drwxr-xr-x root/root 0 2005-02-02 19:30:10 ./usr/share/doc/ drwxr-xr-x root/root 0 2005-02-02 19:30:13 ./usr/share/doc/libantlr-dev/ -rw-r--r-- root/root 1202 2005-02-02 19:29:58 ./usr/share/doc/libantlr-dev/copyright -rw-r--r-- root/root 2033 2005-02-02 19:29:58 ./usr/share/doc/libantlr-dev/changelog.Debian.gz Excuse my stupid question but which files should be there? -- .''`. : :' :rnaud `. `' `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin Pryzby whois jgalt References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#295904: gaim ppc bug
On Sun, Feb 20, 2005 at 08:44:51PM +0200, Martin-Éric Racine wrote: On Sun, 20 Feb 2005, Justin Pryzby wrote: Could you try running MALLOC_CHECK_=1 gaim? See if that reports anything. Or, if MALLOC_CHECK_ is already set, unset it (indeed, that itself could cause the abort). LD_LIBRARY_PATH=/usr/lib/debug MALLOC_CHECK_=1 gdb gaim Did this have using debugging hooks messages? I don't know if that's meant to be combined with GDB:) Could you retry it without gdb? Thanks, Justin [...] Previous frame inner to this frame (corrupt stack?) Interesting; its a stack smash, but its somehow managing to call abort()..
Bug#295877: gauche-gtk: FTBFS: /bin/sh: m: command not found
On Fri, Feb 18, 2005 at 08:08:22PM +0100, Kurt Roeckx wrote: Package: gauche-gtk Version: 0.4.1-1 Severity: serious Hi, Your package is failing to build on all arches. Here is an extract from the build log: cd src; /usr/bin/make install make[2]: Entering directory `/build/buildd/gauche-gtk-0.4.1/src' m 444 -T /build/buildd/gauche-gtk-0.4.1/debian/gauche-gtk`/usr/bin/gauche-config --sysincdir` /bin/sh: m: command not found This makes me think that an environment variable isn't set. -- Justin Pryzby whois jgalt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#295193: scanssh: dumps core all the time
This is probably the already known-and-fixed bug 294399: needs rebuild aganst libevent. Please retest against version 2.0-4 so this bug can be closed and testing migration can happen. Justin On Mon, Feb 14, 2005 at 01:14:01PM +0300, Peter Novodvorsky wrote: Package: scanssh Version: 2.0-3 Severity: grave Justification: renders package unusable I'm using alpha architecture. I've tried to use scanssh and got two coredumps trying to run it with different parameters: 13:11 pts/4 [EMAIL PROTECTED]:~ 2001 sudo scanssh 158.250.16.0/24 scanssh: event.c:547: event_add: Assertion `!(ev-ev_flags ~(0xf000 | 0x9f))' failed. zsh: abort (core dumped) sudo scanssh 158.250.16.0/24 13:13 pts/4 [EMAIL PROTECTED]:~ 2004 sudo scanssh 158.250.16.15 zsh: segmentation fault (core dumped) sudo scanssh 158.250.16.15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293207: bogofilter: last two versions caused db errors
On Thu, Feb 10, 2005 at 11:55:49PM -0600, Micah Anderson wrote: A report on my findings thus far: I set up a pristine test environment to try and replicate the problem that Karl has been having. I have been able to setup a system running exim with the same configuration that Karl has, plugged into delivering mail through bogofilter, using the same bogofilter configuration as Karl. To setup the bogofilter databases, I fed approximately 2,000 ham messages and approximately 6,000 spam messages into bogofilter, creating database files in /etc/bogofilter with the same permissions as Exim. I then proceeded to send test mails. In the beginning bogofilter failed after about 20 messages due to database corruption. This was because the /etc/bogofilter directory was not set to have the correct ownership and permissions as was needed. After confirming with Karl how he had his setup, I changed it in the test scenario and restarted the tests. I ran tests that simulated mail delivery of approximately 1200 messages an hour (approximately 20/minute) for over 24 hours with no failures, I delivered approximately 35,000 messages with no problems at all. This is with exim 4.34-10 and bogofilter 0.93.5-1. It certainly seems that with a fresh installation of these versions everything works as expected. I am now going to try the same suite of tests with version 0.93.3 and then attempt to upgrade to 0.93.5-1 as this is where Karl seemed to have a problem, moving from 0.93.3 to 0.93.5. I need to somehow track down an older version of the .deb. Well, normally there is http://www.backports.org/debian/dists/woody/bogofilter/binary-i386/ but, it doesn't have any other versions. I also tried Google: http://www.google.com/search?hl=enlr=q=inurl%3Abogofilter_0.93.3btnG=Search but without success. :-/ Justin On Thu, 10 Feb 2005, Clint Adams wrote: Can you provide the configuration you use with exim to plug bogofilter in? I am particularly interested because version 4.34-10 of exim depends on libdb3 and exim 4.44-2 depends on libdb4.2 so I am curious to know if exim uses libdb to interface with bogofilter in any way. micah I can use libdb - but I'm not using any db lists. That's an interesting question; maybe you should try the exim in project/experimental, which is linked against libdb4.2. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin Pryzby Now seeking qualified employers References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#294575: udev: fails to install (install due to gnome-volume-manager)
Hi Michael, I'm not the udev maintainer, but I can try to help. Can you add set -x as the second line of /var/lib/dpkg/info/udev.postinst, and retry configuration of that package, and send us the output? Thanks, Justin On Thu, Feb 10, 2005 at 03:36:13PM +0100, Michael Schmitt wrote: Package: udev Version: 0.050-6 Severity: grave Justification: renders package unusable -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293924: ifp-line: ifp does not work when not root
On Sun, Feb 06, 2005 at 09:59:33PM +0100, tahiti_bob wrote: Package: ifp-line Version: 0.2.4.5-1 Severity: grave Justification: renders package unusable ifp ls gives the following message when not root Device is busy. (I was unable to claim its interface.) It works perfectly as root. I have installed pmp-common and add my user to plugdev - no result Can you send me a strace of the processes? If it is relevant: my pmp is iriver 180T, it works perfectly as root on my Sarge installation and as non root user on my Suse 9.2 installation using the make install method above. And the Debian version works perfectly as root also? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293452: /usr/bin/eric3: eric is looking for python in /usr/local/bin
On Thu, Feb 03, 2005 at 04:47:24PM +0100, Torsten Marek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Maier schrieb: | Package: eric | Version: 3.6.1-2 | Severity: grave | File: /usr/bin/eric3 | Tags: patch | Justification: renders package unusable | | I assume it is only a glitch, but it renders the package unusable. eric | tries to look for python in /usr/local/bin and not it /usr/bin. | Hello Andrew, I honestly have no explanation how this error got there. When I build the package on my own machine, it works out fine, if I download the sources from Debian and build them, it works fine, only the package inside of Debian contains the wrong path in the wrappers. Was the package autobuilt by Debian, or uploaded as binary for that archictecture by your sponsor or a porter or someone else? I need to ask my sponsor to upload the new revision of this package. I recommend changing PATH maybe in the makefile such that /usr/local/bin/ is either not present, or present after /usr/bin/. I anticipate that your sponsor has a locally installed copy /u/l/b/python. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293403: abort
Right; potion abort every time for me on two different machines. I can't make it segfault. Sometimes it shows a couple packets immediately before aborting; sometimes it waits a second, shows no packets, and then aborts. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293146: [MAILER-DAEMON@ms-smtp-03.nyroc.rr.com: Returned mail: see transcript for details]
- Forwarded message from Mail Delivery Subsystem [EMAIL PROTECTED] - X-Original-To: [EMAIL PROTECTED] From: Mail Delivery Subsystem [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) X-Spam-Score: -1.3 (-) X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on webmin.steelfarms.net X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.63 The original message was received at Tue, 1 Feb 2005 09:12:07 -0500 (EST) from syr-24-59-54-124.twcny.rr.com [24.59.54.124] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 5.1.1 [EMAIL PROTECTED]... User unknown) - Transcript of session follows - ... while talking to pluto.net.: RCPT To:[EMAIL PROTECTED] 550 5.1.1 [EMAIL PROTECTED]... User unknown 550 5.1.1 [EMAIL PROTECTED]... User unknown Reporting-MTA: dns; ms-smtp-03.nyroc.rr.com Received-From-MTA: DNS; syr-24-59-54-124.twcny.rr.com Arrival-Date: Tue, 1 Feb 2005 09:12:07 -0500 (EST) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: DNS; pluto.net Diagnostic-Code: SMTP; 550 5.1.1 [EMAIL PROTECTED]... User unknown Last-Attempt-Date: Tue, 1 Feb 2005 09:12:10 -0500 (EST) Received: from andromeda (syr-24-59-54-124.twcny.rr.com [24.59.54.124]) by ms-smtp-03.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id j11EC7P4024224; Tue, 1 Feb 2005 09:12:07 -0500 (EST) Received: from pryzbyj by andromeda with local (Exim 3.36 #1 (Debian)) id 1CvylC-0003sP-00; Tue, 01 Feb 2005 09:12:06 -0500 Date: Tue, 1 Feb 2005 09:12:05 -0500 To: psycheye [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Bug#293146: samba: total crash os Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.6+20040907i From: Justin Pryzby [EMAIL PROTECTED] X-Virus-Scanned: Symantec AntiVirus Scan Engine - End forwarded message - -- Justin aptitude install task-iraf saods9 eclipse sextractor x11iraf wcstools http://www.justinpryzby.com/debian/ References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293118: sarg: hangs up using 99% processor time
On Tue, Feb 01, 2005 at 09:40:46AM +0100, EndelWar wrote: Package: sarg Version: 2.0.2-1 Severity: grave Justification: renders package unusable Running sarg on 2 different server cause it to hang up and uses nearly all cpu time. The command line used is sarg -l /var/log/squid/access.log, the log file come from squid 2.5.7-5 using squidguard 1.2.0-5 as redirector. Could you send me or the bug the logfile as an attachment? If that's not possible, maybe you can trim the log with a binary search to try to narrow down the problem lines as much as possible. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293146: samba: total crash os
On Tue, Feb 01, 2005 at 02:00:18PM +0100, psycheye wrote: Hi, if I transfer a files from windows os (several windows machine) to my debian with samba later 5/10 minutes the linux system total crash(!!!). I press the reset button! If you run top from a console (virtual terminal, outside of X), what happens? Does top keep updating? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293110: kvim: Occupies 90-100% CPU as it auto resizes horozontally in KDE 3.3.2
tags 293110 -security thanks Its not a security hole unless the package maintainer is supposedly trojaning the package such as to waste CPU. This sounds like its potentially a window manager problem. What WM are you using? I can't reproduce it here under blackbox; could you also try another WM? Justin On Tue, Feb 01, 2005 at 02:18:25AM -0500, [EMAIL PROTECTED] wrote: Package: kvim Version: 1:6.3-058+1 Severity: grave Tags: security Justification: renders package unusable Everytime kvim is started, it automatically begins resizing itself in the horozontal direction. The package is therefore unusable by any user. CPU usage jumps to near 100% when kvim is opened, thus posing a possible security risk for the user. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages kvim depends on: ii kdelibs4 4:3.3.2-1 KDE core libraries ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-6 GCC support library ii libgpmg1 1.19.6-19 General Purpose Mouse - shared lib ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libncurses5 5.4-4 Shared libraries for terminal hand ii libqt3c102-mt3:3.3.3-7 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics ii vim 1:6.3-058+1 Vi IMproved - enhanced vi editor ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#292749: qiv keeps crashing
On Sat, Jan 29, 2005 at 02:21:26PM +0100, Cedric Blancher wrote: Package: qiv Version: 2.0-3 Severity: grave Justification: renders package unusable qiv keeps crashing on image loading : Does it crash, or just not recognize the format? [EMAIL PROTECTED]:~$ qiv beer.png Gdk-ERROR **: BadMatch (invalid parameter attributes) serial 115 error_code 8 request_code 2 minor_code 0 Error occurs on every format I could test for now. I can't reproduce this here. ii gdk-imlib1 1.9.14-16.2 imaging library for use with gtk ( ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libglib1.2 1.2.10-9 The GLib library of C routines ii libgtk1.2 1.2.10-17The GIMP Toolkit set of widgets fo All of these versions are the same for me. ii libx11-66.8.1-0.4X Window System protocol client li ii libxext66.8.1-0.4X Window System miscellaneous exte ii libxi6 6.8.1-0.4X Window System Input extension li ii xlibs 6.8.1-0.4X Window System client libraries m But how do you have xlibs v6.8? I'd check p.d.o, except I think that host is in CO where the power is disconnected for the next 12 hours.. But AFAIK X is still v4.3. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#292777: Here is a patch
On Sat, Jan 29, 2005 at 03:36:37PM -0500, Anthony DeRobertis wrote: Package: imms Version: 2.0.1-3 Followup-For: Bug #292777 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Attached. I have only briefly tested this, so beware. This patch works by getting rid of the call to popen (and thus the shell). It replaces it with pipe, fork, exec, etc. Quoting is also possible with $''; all one needs to do is loop around the given string and protect \ and ': $s=~s/([\\\'])/\\\1/g; Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#292285: migrate devfs to udev: no terminal, no cdrom, no sound
udev bind mounts /dev/ to /.dev/. Check your /dev/; I bet there's little if anything there. Didn't udev say you should restart your computer at the earliest possible convenience, and shouldn't expect stuff to work if you enable udev without doing so? It used to do that. Maybe it is a problem with wajig? debconf is capable of showing messages in a variety of ways, including both gtk and text messages and menus. If it can't use any interactive display (for example if I ssh cyberia sudo aptitude upgrade), then it will send an email to root (IIRC). Did you get an email? Does rebooting fix the problem? Justin On Tue, Jan 25, 2005 at 09:49:59PM -0800, solo turn wrote: Subject: migrate devfs to udev: no terminal, no cdrom, no sound Package: udev Version: 0.050-5 Severity: critical Justification: breaks unrelated software *** Please type your report below this line *** i did wajig purge devfs and then wajig install -t unstable udev. after that there is: * no kde, or gnome terminal (there was an error creating a child process for this terminal) * no cdrom (which should be something lide hdc) * no sound -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290733: torsmo bug
On Mon, Jan 24, 2005 at 10:14:39AM +0100, Goswin von Brederlow wrote: Hi, I wanted to track this bug but can't reproduce it on amd64: Right. I've been working with the submitter without much success. I asked for a shell account but that wasn't a possibility. Coredumps all indicate a stack smash. And the strace indicates some problem during initialization, before the call to init_X11. I've given the submitter debugging instructions, involving a gdb trap on SIGFPE (though it will probably just show stack damage), and also the old stick-a-printf-after-reading-everything-in. Maybe there are uninitialized variables, or something.. I was looking for 2.4isms (like /proc/meminfo), but there appear to be 2.6isms instead.. Note that this is a sid-only bug. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#281655: info2www: Cross-site scripting vulnerability
On Sun, Jan 23, 2005 at 05:12:15PM +0100, Uwe Hermann wrote: Hi, sorry, the mail about this bug somehow got lost in my inbox... (CC to debian-devel, any help with this issue is welcome) On Wed, Nov 17, 2004 at 03:45:55AM +0100, Nicolas Gregoire wrote: Package: info2www Version: 1.2.2.9-22 Severity: normal Tags: security There's a XSS vulnerabilty in the info2www CGI. The following URL will display the document location using Javascript : /cgi-bin/info2www?(coreutils)scriptalert(document.location)script I anticipate that its supposed to be /script I'm not sure I understand the problem, though; what's wrong with displaying the document location (though its a bug and should be fixed, I don't see why its a security issue. Isn't the document location the thing that's already going to be in the address bar?) Every user-supplied parameter should be sanitized before use. ACK, I'll try to check the code, but it won't be easy I guess. The code is from 1996, unmaintained and quite surely contains lots more security issues. Any help and/or patches are really welcome! I can try to help, but I guess I have to undertand the problem first:) Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#288550: eroaster patch
tag 288550 patch thanks On Sun, Jan 23, 2005 at 07:19:29PM +0100, Chrissie wrote: On Sat, Jan 22, 2005 at 07:17:18PM -0500, Justin Pryzby wrote: Hi, You recently submitted a bug on eroaster, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288550. I'm unable to reproduce this; could you add debugging statements to show what are the value of version[1], len(version[1]), and range(len(version[1]))? Well, version[1] does not exist, i get the message: index out of range. I did the following: versionLine = output[0] splitted = split(versionLine, ) version = split(splitted[1], . print debugging output by chrissie print %s % versionLine print %s % splitted print %s % version And i get the following output: debugging output by chrissie cdrecord: Warning: Running on Linux-2.6.10-ac7 ['cdrecord:', 'Warning:', 'Running', 'on', 'Linux-2.6.10-ac7'] ['Warning:'] Oh. So, cdrecord is outputting to stdout and to stderr, and the first line that python sees is stderr (because its unbuffered): Warning: Running on Linux-2.6 I can recommend the following workaround: - output = cmdoutput(%s -version 21 % self.__cdrecord_command, strip = TRUE) + output = cmdoutput(%s -version 21 |grep -i Copyright % self.__cdrecord_command, strip = TRUE) That's untested, but will store the right line. One could also use + output = cmdoutput(%s -version 2/dev/null % self.__cdrecord_command, strip = TRUE) But I'd have to recommend checking the return value. (The first method should make sure that grep returns 0 (Match found without error). I also did the following on the command line: [EMAIL PROTECTED]:~$ cdrecord -version Cdrecord-Clone 2.01.01a01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 Jörg Schilling NOTE: this version of cdrecord is an inofficial (modified) release of cdrecord and thus may have bugs that are not present in the original version. Please send bug reports and support requests to [EMAIL PROTECTED]. The original author should not be bothered with problems of this version. cdrecord: Warning: Running on Linux-2.6.10-ac7 cdrecord: There are unsettled issues with Linux-2.5 and newer. cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris Seems do be a problem on parsing the output of cdrecord -version in my case... Yep, for sure. Thanks for following up. Justin
Bug#281655: info2www: Cross-site scripting vulnerability
tags 281655 patch
thanks
I've included a 2-line patch which implements some output
sanitization. I can't find any other instance where this is a
problem, but don't take my word for it; I haven't followed the code
*that* closely.
Since info filenames/titles can be named anything (which is a Good
Thing), the way to handle this is to escape '' (and '' while we're
at it). This prevents anyone from sticking any html anywhere.
I would also like to see this code use perl -T (for testing, as well
as for installation, I think). I will probably play with this later
tonight.
I've never used perl -T before and it may very well break this program
horribly.
Justin
On Sun, Jan 23, 2005 at 11:56:50AM -0500, pryzbyj wrote:
On Sun, Jan 23, 2005 at 05:12:15PM +0100, Uwe Hermann wrote:
Hi,
sorry, the mail about this bug somehow got lost in my inbox...
(CC to debian-devel, any help with this issue is welcome)
On Wed, Nov 17, 2004 at 03:45:55AM +0100, Nicolas Gregoire wrote:
Package: info2www
Version: 1.2.2.9-22
Severity: normal
Tags: security
There's a XSS vulnerabilty in the info2www CGI.
The following URL will display the document location using Javascript :
/cgi-bin/info2www?(coreutils)scriptalert(document.location)script
Hm, seems like I can't reproduce this. If I enter the above URL in a
browser (I tried Galeon and Firefox) I get:
If I change it to /script then I can reproduce the alleged problem. I
guess I don't understand XSS vulnerabilities... The whole point is
that mallicious Mallory can post a link to nonmallicious site
nice.com/cgi-bin/info2wwwscriptalert(Boo!)/script? That still
seems like a nonissue, because Mallory could just as easily have put
an alert() on his own page (okay, maybe if mallory's page is in a
mallicious list, and nice.com is in a trusted list it makes
sense).
Every user-supplied parameter should be sanitized before use.
ACK, I'll try to check the code, but it won't be easy I guess. The code
is from 1996, unmaintained and quite surely contains lots more security
issues.
This shouldn't be difficult, really. The only user input comes from
the URL, and it should probably be restricted to certain character
ranges [a-z0-9-] or something.
--- info2www2005-01-23 17:38:28.0 -0500
+++ /tmp/info2www.patch 2005-01-23 17:39:52.0 -0500
@@ -1138,8 +1138,6 @@
# Print an HTML error message
sub Error {
local($reason) = @_;
-$reason=~s//lt;/gs;
-$reason=~s//gt;/gs;
print STRONGSorry! - $reason/STRONG\nP\n;
return(0);
}
Bug#281655: info2www: Cross-site scripting vulnerability
On Sun, Jan 23, 2005 at 05:42:04PM -0500, pryzbyj wrote:
tags 281655 patch
thanks
I've included a 2-line patch which implements some output
sanitization. I can't find any other instance where this is a
problem, but don't take my word for it; I haven't followed the code
*that* closely.
Since info filenames/titles can be named anything (which is a Good
Thing), the way to handle this is to escape '' (and '' while we're
at it). This prevents anyone from sticking any html anywhere.
I would also like to see this code use perl -T (for testing, as well
as for installation, I think). I will probably play with this later
tonight.
I've never used perl -T before and it may very well break this program
horribly.
It broke it, but not horribly. The only complain (check apache's
error log) is about $ENV{'PATH'}. The Debian fix is to just set
$ENV{'PATH'}=/bin:/usr/bin (or even just leave it untouched, maybe).
So, in addition to the previous patch, I suggest that the script runs
with #!/usr/bin/perl -T, and that the ENV variable is either set
absolutely, or not changed at all.
Justin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#288550: eroaster patch
Hi, You recently submitted a bug on eroaster, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288550. I'm unable to reproduce this; could you add debugging statements to show what are the value of version[1], len(version[1]), and range(len(version[1]))? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#286756: udev tmpfs test
Couldn't we just use a dummy mount? Bind mount /bin/ as /tmp/`mktemp -d`/, then test retval=diropen(/tmp/`mktemp`)? (Or fopen(/tmp/`mktemp`/ls) or sth similar). (I didn't say it was clean ... :) But this test is probably better than nothing, as it prevents /dev/ from being unusable. Just abstract the test to some bashscript or a few lines of C, stick it in /usr/lib/udev/ until some point when the kernel tells the truth. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#267040: security
Showing a warning before running each applet is a good idea. Using debconf to display a warning is a bad idea, because only the administrator will see it (debconf is/was never mean for such things). Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291619: systraq: FTBFS: Tries to download sources outside the debian archive.
On Fri, Jan 21, 2005 at 10:54:21PM +0100, Kurt Roeckx wrote: Package: systraq Version: 0.0.20041118-2 Severity: serious Hi, Your package is failing to build because it's trying to connect to the internet. A package should be completly build from the source and should not need anything outside the archive to build. An extraction from the log: /usr/bin/openjade -t sgml -D ../doc -d ./html.dsl /usr/share/sgml/declaration/xml.dcl manual.dbx /usr/bin/openjade:manual.dbx:6:0:E: error connecting to www.oasis-open.org (Connection timed out) /usr/bin/openjade:manual.dbx:6:0:E: DTD did not contain element declaration for document type name [...] Its good to provide a makefile rule that downloads the sources, but nothing should ever depend on that rule. It should only be called manually. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291209: csmash window black !
tag 291209 confirmed thanks On my laptop, the window is not black, but mostly white. The top of the window looks distorted. Sound seems to be okay. Justin On Wed, Jan 19, 2005 at 01:54:16PM +0100, vu-ngoc.san wrote: Package: csmash Version: 0.6.6-5 Severity: grave Justification: renders package unusable since update 0.6.6-5 the playing window is totally black ! otherwise the game seems to be running ok :-) this holds with or without fullscreen and on both of my machines (a desktop PC with linux 2.6.7 and a laptop with 2.4.27) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.7-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages csmash depends on: ii csmash-data 0.6.6-5 data files for the CannonSmash gam ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-6GCC support library ii libglib2.0- 2.4.8-1 The GLib library of C routines ii libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libpango1.0 1.6.0-3 Layout and rendering of internatio ii libsdl-imag 1.2.3-6 image loading library for Simple D ii libsdl-mixe 1.2.5-9 mixer library for Simple DirectMed ii libsdl1.2de 1.2.7+1.2.8cvs20041007-3.0.1 Simple DirectMedia Layer ii libstdc++5 1:3.3.5-5The GNU Standard C++ Library v3 ii libx11-64.3.0.dfsg.1-10 X Window System protocol client li ii libxext64.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxi6 4.3.0.dfsg.1-10 X Window System Input extension li ii libxmu6 4.3.0.dfsg.1-10 X Window System miscellaneous util ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics ii xlibmesa-gl 4.3.0.dfsg.1-10 Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin aptitude install task-iraf saods9 eclipse sextractor x11iraf wcstools http://www.justinpryzby.com/debian/ References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#279154: Processed: some swami files are in /debian
tag 279154 confirmed thanks swami.glade is the only non-directory file which is installed to /debian/. Justin On Wed, Jan 19, 2005 at 09:03:06PM -0800, Debian Bug Tracking System wrote: Processing commands for [EMAIL PROTECTED]: package swami Ignoring bugs not assigned to: swami severity 279154 serious Bug#279154: swami files are in /debian/ Severity set to `serious'. quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin aptitude install task-iraf saods9 eclipse sextractor x11iraf wcstools http://www.justinpryzby.com/debian/ References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290733: torsmo: Floating point exception
On Sun, Jan 16, 2005 at 11:19:52AM +0100, fellow wrote: Package: torsmo Version: 0.18-1 Severity: grave Justification: renders package unusable Hi! The 0.17 version was good, but the new won't run. It's simply write to the stdout: Floating point exception The full strace is here: http://fellow.linuxforum.hu/egyeb/torsmo_starce Dp you need any other information? (I have a custom kernel: 2.6.10-ck4 + 2.6.10-as1.) It looks like it might be failing because of the /proc/cpuinfo differences between 2.4 and 2.6. Can you try with 2.4? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290733: torsmo bug
Hi, Did torsmo used to work for you? I just tested the testing version and the sid version both on 2.6.10, and didn't get an FPE. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#275875: gmemusage bug
Hi, I'm following up on a gmemusage bug you reported. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275875 This program reads /proc/memusage, the format of which changed in the 2.6 series kernels. I have a patch, and I was hoping you could test it. I can provide binaries, too, if you use an x86 architecture (or amd64). Current patch is here: http://rtfo.org/~justin/gmemusage-patch2.6 Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290803: login: /var/log/btmp is created with insecure permissions
On Sun, Jan 16, 2005 at 09:51:44PM +0200, Stefanos Harhalakis wrote: Package: login Version: 1:4.0.3-30.7 Severity: critical Tags: security Justification: root security hole It seems that /var/log/btmp is created as a world readable file. This is insecure (and it is reported by 'tiger') because this file contains failed logins , including unknown usernames. Aren't the usernames alwyas visible in /etc/password? It is possible for a user to see the root password (and others too) by running /usr/bin/lastb. lastb isn't show me any passwords; just valid usernames as seen in passwd and dates. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290803: login: /var/log/btmp is created with insecure permissions
On Sun, Jan 16, 2005 at 10:36:46PM +0200, Stefanos Harhalakis wrote: On Sunday 16 January 2005 22:24, Justin Pryzby wrote: On Sun, Jan 16, 2005 at 09:51:44PM +0200, Stefanos Harhalakis wrote: Package: login Version: 1:4.0.3-30.7 Severity: critical Tags: security Justification: root security hole It seems that /var/log/btmp is created as a world readable file. This is insecure (and it is reported by 'tiger') because this file contains failed logins , including unknown usernames. Aren't the usernames alwyas visible in /etc/password? It is possible for a user to see the root password (and others too) by running /usr/bin/lastb. lastb isn't show me any passwords; just valid usernames as seen in passwd and dates. It also contains unknown usernames. Really? $ strings /var/log/btmp UNKNOWN pryzbyj root UNKNOWN $ lastb UNKNOWNSun Jan 16 15:40 - 15:40 (00:00) root Sun Jan 16 15:21 - 15:21 (00:00) pryzbyjWed Jan 12 13:25 - 13:25 (00:00) UNKNOWNWed Jan 5 11:22 - 11:22 (00:00) btmp begins Wed Jan 5 11:22:54 2005 Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290803: [v13@it.teithe.gr: Re: Bug#290803: login: /var/log/btmp is created with insecure permissions]
- Forwarded message from Stefanos Harhalakis [EMAIL PROTECTED] - X-Original-To: [EMAIL PROTECTED] From: Stefanos Harhalakis [EMAIL PROTECTED] To: Justin Pryzby [EMAIL PROTECTED] Subject: Re: Bug#290803: login: /var/log/btmp is created with insecure permissions Cc: [EMAIL PROTECTED] X-Spam-Score: 0.5 (/) X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on steelfarms.net X-Spam-Level: X-Spam-Status: No, hits=0.9 required=5.0 tests=FROM_ENDS_IN_NUMS autolearn=no version=2.63 On Sunday 16 January 2005 22:24, Justin Pryzby wrote: On Sun, Jan 16, 2005 at 09:51:44PM +0200, Stefanos Harhalakis wrote: Package: login Version: 1:4.0.3-30.7 Severity: critical Tags: security Justification: root security hole It seems that /var/log/btmp is created as a world readable file. This is insecure (and it is reported by 'tiger') because this file contains failed logins , including unknown usernames. Aren't the usernames alwyas visible in /etc/password? It is possible for a user to see the root password (and others too) by running /usr/bin/lastb. lastb isn't show me any passwords; just valid usernames as seen in passwd and dates. It also contains unknown usernames. This includes any logins that you've entered the password (or something else) as the username. If you enter test123 as the username then the btmp will contain the word 'test123' which can be your root or user password. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#278191: patch
--- xtrlock.c 2002-09-01 00:46:29.0 -0400
+++ xtrlock.c.new 2005-01-16 19:58:30.0 -0500
@@ -197,9 +197,11 @@
break;
default:
if (clen != 1) break;
-if (rlen (sizeof(rbuf) - 1)) rbuf[rlen]= cbuf[0];
/* allow space for the trailing \0 */
-rlen++;
+if (rlen (sizeof(rbuf) - 1)) {
+ rbuf[rlen]= cbuf[0];
+ rlen++;
+ }
break;
}
break;
Bug#275875: patch
severity 275875 important
severity 255111 important
merge 276990 255111 275875
thanks
Patch allowing use on 2.6 kernels, and correcting a bug in the
reported size of the kernel (was 10). This patch should be used
instead of the one on rtfo.org (which is not presently accessible, so
I cannot update it).
Justin
--- proc.c.old 2005-01-16 11:49:25.0 -0500
+++ proc.c 2005-01-16 20:31:34.0 -0500
@@ -23,6 +23,9 @@
/*
* Set values for various memory usages
*/
+#define MemTotalLine MemTotal:
+#defineMemFreeLine MemFree:
+#defineBuffersLine Buffers:
static void
SetMemInfo ( void )
{
@@ -63,12 +66,28 @@
{
if ( !strncmp ( buf , MemLine , MemLineLen ) )
{
+/* Linux 2.4 (and earlier?) */
/* Mem: total used free shared buffers cached */
sscanf ( buf , %*s %d %*d %d %*d %d , totalmem , freemem ,
buffermem ) ;
break ;
+
+ /* Linux 2.6 (and later?) */
+ } else if (!strncmp(buf, MemTotalLine, strlen(MemTotalLine))) {
+ sscanf(buf, %*s %d, totalmem);
+ } else if (!strncmp(buf, MemFreeLine, strlen(MemFreeLine))) {
+ sscanf(buf, %*s %d, freemem);
+ } else if (!strncmp(buf, BuffersLine, strlen(BuffersLine))) {
+ sscanf(buf, %*s %d, buffermem);
}
}
+
+ if (!totalmem) {
+ fprintf(stderr, Fatal error reading /proc/meminfo\n);
+ exit(1);
+ }
+
+ sysmem /= 1024 ;
sysmem /= 1024 ;
totalmem /= 1024 ;
freemem /= 1024 ;
Bug#284117: gentoo's patch
Gentoo has a patch at: http://bugs.gentoo.org/attachment.cgi?id=43329 I think only the last section is relevent; other parts are controlled only by the local user. Upstream is aware of the problem as of last week and is apparently working with gentoo on an update: http://prozilla.genesys.ro/ Free BSD links to a new version, though it may not be official: http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2005-January/049000.html Here's someone who say's that they're waiting for upstream permission to release a new version, and who says he's working on a version 2 rewrite: http://www.advogato.org/person/richdawe/ And that takes me to google hit#50, at which point I quit. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284117: buffer overflow exploit
tags patch thanks It appears that the remote buffer overflow vulnerability can be averted with a simple change to main.c:922. Use vsnprintf to cap the size to (sizeof p). Note that the original report mentions format string vulnerabilities as well. Indeed, this same function, message(), is vulnerable, since a remote server may control the string argument. This problem could be solved by escaping escape sequences (especially % ones). At least the following are remotely controllable by mallicious entities: remote file name ftp directories hostnames Others such as the username should also be escaped for correctness. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290547: libarts1: Troubled system-sound with KDE 3.3.1 on testing
On Fri, Jan 14, 2005 at 07:15:25PM +0100, Dirk Salva wrote: Package: libarts1 Version: 1.3.2-1 Severity: grave Justification: renders package unusable [...] And, another one: with the new KDE system hangs completely about 3 times! It hangs so awesome that there was no remote-login via ssh possible. Steps to reproduce? What were you doing at the time? Can you confirm that ssh worked immediately before KDE hung the system? Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290322: no manual page
Care to write one? This program only takes two arguments: -v be verbose - show current configuration at start up. -s do _not_ start the daemon - just show parsed config file. You might also mention the configuration file. Other than that .. just an introduction copied from the source file or the readme. I will if you don't. Justin On Thu, Jan 13, 2005 at 04:35:54PM +0100, Nico Golde wrote: Package: scandetd Version: 1.2.0-1 Severity: serious Hi, your package has no manual page, which is a policy violation. regards nico -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) (ignored: LC_ALL set to [EMAIL PROTECTED]) Versions of packages scandetd depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an -- no debconf information -- Nico Golde - [EMAIL PROTECTED] | GPG: 1024D/73647CFF ,'`. [EMAIL PROTECTED] | http://www.ngolde.de ( grml.org VIM has two modes - the one in which it beeps`._,' and the one in which it doesn't -- encrypted mail preferred -- Justin aptitude install task-iraf saods9 eclipse sextractor x11iraf wcstools http://www.justinpryzby.com/debian/ References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284117: comments
In addition to previously documented flaws, it appears that ftp_passv() might overflow addr with a mallicious numerical response of more than 3 digits. Further auditing should look closely at locking with mutexes: is this even a theoretical problem, for a remote attacker? popcon indicates that this is not an unpopular package, though there are alternatives. The code, overall, isn't bad. Upstream seems to be unresponsive, however (or in denial). I also note that sometimes 1 too many bytes are allocated with alloca() (see http.c:589, http-retr.c:185,347). I'm looking at patching the http-redirect exploitable problem now. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#284117: alternatives
Alternatives (not Debian ones) include aget and axel. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
