Bug#349718: parted: last partition in EFI GPT overlaps alternate table
Package: parted Version: 1.6.25.1-1 Severity: grave I overwrote a USB disk with shred, created an EFI GPT disk label and two partitions with parted, used the partitions, shredded the second of them again, made a new file system there, and copied data to it. The next time I reconnected the disk, I was surprised by this warning from Linux: Jan 24 20:13:49 [kernel] SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB) - Last output repeated twice - Jan 24 20:13:50 [kernel] Alternate GPT is invalid, using primary GPT. Jan 24 20:13:50 [kernel] p1 p2 I then renamed the second partition with parted, in order to make it rewrite the disk label and partition tables. This got rid of the warning, but when I looked at the end of /dev/sda2, I saw that the end of the partition had become overwritten with the partition table. Because I was using ReiserFS with a 4096-byte blocksize, the overwritten part was fortunately not part of the file system. However, if this had been an MD or LVM partition, important metadata could have been overwritten. Next, I studied linux-2.6/fs/partitions/efi.h and examined the on-disk structures with dd | hd | less. In the following listing, the numbers at the left margin are LBA:byterange in hexadecimal; all other numbers are in C syntax. 0001:000-007 __le64 signature = EFI PART; 0001:008-00B __le32 revision = 0x0001; 0001:00C-00F __le32 header_size = 0x005c; 0001:010-013 __le32 header_crc32 = 0x97529bc4; 0001:014-017 __le32 reserved1 = 0; 0001:018-01F __le64 my_lba = 1; 0001:020-027 __le64 alternate_lba = 0x12a19eaf; 0001:028-02F __le64 first_usable_lba = 0x0022; 0001:030-037 __le64 last_usable_lba = 0x12a19e8e; 0001:038-047 efi_guid_t disk_guid; 0001:048-04F __le64 partition_entry_lba = 2; 0001:050-053 __le32 num_partition_entries = 0x0080; 0001:054-057 __le32 sizeof_partition_entry = 0x0080; 0001:058-05B __le32 partition_entry_array_crc32 = 0x85c3221e; 0002:000-00F efi_guid_t partition_type_guid = PARTITION_BASIC_DATA_GUID; 0002:010-01F efi_guid_t unique_partition_guid; 0002:020-027 __le64 starting_lba = 0x0022; 0002:028-02F __le64 ending_lba = 0x0003d090; 0002:030-037 gpt_entry_attributes attributes = 0; 0002:038-07F efi_char16_t[36] partition_name = LUSB~2 clear; 0002:080-08F efi_guid_t partition_type_guid = PARTITION_BASIC_DATA_GUID; 0002:090-09F efi_guid_t unique_partition_guid; 0002:0A0-0A7 __le64 starting_lba = 0x0003d091; 0002:0A8-0AF __le64 ending_lba = 0x12a19e8e; 0002:0B0-0B7 gpt_entry_attributes attributes = 0; 0002:0B8-0FF efi_char16_t[] partition_name = LUSB~2 cipher; 12a19e8e:000-00F efi_guid_t partition_type_guid = PARTITION_BASIC_DATA_GUID; 12a19e8e:010-01F efi_guid_t unique_partition_guid; 12a19e8e:020-027 __le64 starting_lba = 0x0022; 12a19e8e:028-02F __le64 ending_lba = 0x0003d090; 12a19e8e:030-037 gpt_entry_attributes attributes = 0; 12a19e8e:038-07F efi_char16_t[36] partition_name = LUSB~2 clear; 12a19e8e:080-08F efi_guid_t partition_type_guid = PARTITION_BASIC_DATA_GUID; 12a19e8e:090-09F efi_guid_t unique_partition_guid; 12a19e8e:0A0-0A7 __le64 starting_lba = 0x0003d091; 12a19e8e:0A8-0AF __le64 ending_lba = 0x12a19e8e; 12a19e8e:0B0-0B7 gpt_entry_attributes attributes = 0; 12a19e8e:0B8-0FF efi_char16_t[36] partition_name = LUSB~2 cipher; 12a19e8e:100-1FF = 0; 12a19e8f:000-12a19ead:1FF = 0; 12a19eae:000-1FF = garbage; 12a19eaf:000 __le64 signature = EFI PART; 12a19eaf:008 __le32 revision = 0x0001; 12a19eaf:00C __le32 header_size = 0x005c; 12a19eaf:010 __le32 header_crc32 = 0x6de2756c; 12a19eaf:014 __le32 reserved1 = 0; 12a19eaf:018 __le64 my_lba = 0x12a19eaf; 12a19eaf:020 __le64 alternate_lba = 1; 12a19eaf:028 __le64 first_usable_lba = 0x0022; 12a19eaf:030 __le64 last_usable_lba = 0x12a19e8e; 12a19eaf:038 efi_guid_t disk_guid; 12a19eaf:048 __le64 partition_entry_lba = 0x12a19e8e; 12a19eaf:050 __le32 num_partition_entries = 0x0080; 12a19eaf:054 __le32 sizeof_partition_entry = 0x0080; 12a19eaf:058 __le32 partition_entry_array_crc32 = 0x85c3221e; Note that: * last_usable_lba = 0x12a19e8e in both the primary and alternate gpt_header structures. * ending_lba = 0x12a19e8e for the second partition in both the primary and alternate partition table. * partition_entry_lba = 0x12a19e8e in the alternate gpt_header structure. * LBA 0x12a19e8e actually contains the beginning of the alternate partition table. The table is 0x80*0x80 = 0x4000 bytes long, so it needs 0x20 blocks (each 0x200 bytes). * LBA 0x12a19eae between the alternative partition table and the alternative gpt_header is random garbage, presumably from the whole-disk shred run. I think this means parted should have placed the alternative partition table at the LBA range 0x12a19e8f-0x12a19eae, rather
Bug#349718: parted: last partition in EFI GPT overlaps alternate table
Here is a recipe for reproducing the bug. [EMAIL PROTECTED]:/var/tmp/kalle$ yes | dd bs=1k count=1k of=part 1024+0 records in 1024+0 records out 1048576 bytes (1,0 MB) copied, 0,094344 seconds, 11,1 MB/s [EMAIL PROTECTED]:/var/tmp/kalle$ /sbin/parted part GNU Parted 1.6.25.1 Copyright (C) 1998 - 2005 Free Software Foundation, Inc. This program is free software, covered by the GNU General Public License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Using /var/tmp/kalle/part (parted) mklabel gpt (parted) quit [EMAIL PROTECTED]:/var/tmp/kalle$ hd part 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 01c0 01 00 ee fe ff ff 01 00 00 00 ff 07 00 00 00 00 || 01d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 01f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..U.| 0200 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART\...| 0210 80 b4 dc 55 00 00 00 00 01 00 00 00 00 00 00 00 |...U| 0220 ff 07 00 00 00 00 00 00 22 00 00 00 00 00 00 00 |...| 0230 de 07 00 00 00 00 00 00 5e 93 93 d8 11 48 8f 44 |^H.D| 0240 87 60 aa 06 dd f4 3b b9 02 00 00 00 00 00 00 00 |.`;.| 0250 80 00 00 00 80 00 00 00 86 d2 54 ab 00 00 00 00 |..T.| 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 4400 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a |y.y.y.y.y.y.y.y.| * 000fbc00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 000ffc00 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a |y.y.y.y.y.y.y.y.| * 000ffe00 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART\...| 000ffe10 cd a1 c9 83 00 00 00 00 ff 07 00 00 00 00 00 00 || 000ffe20 01 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 |...| 000ffe30 de 07 00 00 00 00 00 00 5e 93 93 d8 11 48 8f 44 |^H.D| 000ffe40 87 60 aa 06 dd f4 3b b9 de 07 00 00 00 00 00 00 |.`;.| 000ffe50 80 00 00 00 80 00 00 00 86 d2 54 ab 00 00 00 00 |..T.| 000ffe60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 0010 [EMAIL PROTECTED]:/var/tmp/kalle$ The last_usable_lba value stored at 0x230 (LBA 0x1, offset 0x30) and 0xffe30 (LBA 0x7ff, offset 0x30) is 0x7de. However, the alternate partition_entry_lba value stored at 0xffe48 (LBA 0x7ff, offset 0x48) is also 0x7de. The usable area thus overlaps the alternative partition table. This dump also shows that parted did not initialize the block 0xffc00..0xffdff (LBA 0x7fe) between the alternative partition table (LBA 0x7de-0x7fd) and the alternative GPT header (LBA 0x7ff). pgpoVpUepSDmo.pgp Description: PGP signature
Bug#318508: db2: FTBFS: Label at end of compound statement
tags 318508 + patch quit Daniel Schepler [EMAIL PROTECTED] writes: From my build log (reproduced using pbuilder in an i386 chroot): Also reproduced on AMD Duron running Debian i386. Unfortunately, since this is in build-tree/db2 instead of build-tree/db-2.7.7, I can't figure out how to get dbs to patch this file. Anyway, the patch to that file is attached. I think the least disruptive way is to put .. in the file name; patch 2.5.9-2 allows that. Also, I'd prefer keeping the comment above the break, thus part of the case. With the following patch placed in debian/patches/, db2 2.7.7.0-9 now builds OK. diff -urp db2/os/os_oflags.c db2.new/os/os_oflags.c --- dummy/../db2/os/os_oflags.c 1999-06-07 18:09:37.0 + +++ dummy/../db2/os/os_oflags.c 2005-07-15 22:01:53.0 + @@ -45,6 +45,7 @@ __db_oflags(oflags) break; default: /* Bogus flags value from user. */ /* XXX no way to return error from here */ + break; } if (oflags O_CREAT) dbflags |= DB_CREATE; pgpkXC6XUtfec.pgp Description: PGP signature
Bug#399188: CVE-2006-5925: ELinks smb Protocol File Upload/Download Vulnerability
package elinks forwarded 399188 http://bugzilla.elinks.cz/show_bug.cgi?id=841 quit Stefan Fritsch [EMAIL PROTECTED] writes: A vulnerability has been found in elinks: Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. I have fixed this upstream by forcing --disable-smb in configure.in. So far, the change is only in Git and not in any released version. pgpcr5UaUG0CL.pgp Description: PGP signature
Bug#349718: parted: last partition in EFI GPT overlaps alternate table
package parted found 349718 1.7.0-1 found 349718 1.7.1-1.1 quit Otavio Salvador [EMAIL PROTECTED] writes: Please, can you try to reproduce the bug in last version? The GPT disklabels generated by 1.7.0-1 and 1.7.1-1.1 are identical to what 1.6.25.1-1 incorrectly produced, except the random disk GUID and CRC-32s are of course different. pgpw9XlOBlruU.pgp Description: PGP signature
Bug#349718: parted: last partition in EFI GPT overlaps alternate table
Steinar H. Gunderson [EMAIL PROTECTED] writes: The attached patch moves the backup partition table one sector further out; based on your analysis I'm fairly sure this is the right thing to do, but I have zero experience with both parted code and GPT partitions, so I'd appreciate if somebody could review it. I am not qualified to review it. Anyway, I'd prefer having some assertions in place to make sure that nothing overlaps in a fresh GPT disklabel. (However, I wouldn't dare add such assertions to places where *existing* disklabels are processed, unless I first checked the EFI specification.) pgpE9coCE5fdE.pgp Description: PGP signature
Bug#464384: elinks_0.12~20080127-1(experimental/amd64/xenophanes): -Werror, warning: cast from pointer to integer of different size
Marc 'HE' Brockschmidt [EMAIL PROTECTED] quotes: | cc1: warnings being treated as errors | /build/buildd/elinks-0.12~20080127/src/intl/gettext/dcigettext.c: In function '_nl_find_msg': | /build/buildd/elinks-0.12~20080127/src/intl/gettext/dcigettext.c:745: warning: cast from pointer to integer of different size | /build/buildd/elinks-0.12~20080127/src/intl/gettext/dcigettext.c:746: warning: cast from pointer to integer of different size I see amd64 has given these warnings already in ELinks 0.11.3, but there they didn't break the build, because configure was not run with --enable-debug and so it did not add -Werror to $CFLAGS. Please try the appended patch. There has been a similar warning in src/network/ssl/socket.c, at the gnutls_transport_set_ptr call. That could also be silenced with an extra cast, but this would in principle also require changing the code that converts the pointer back to an integer, and I can't find where that happens, so I'm not changing it now. Perhaps there is no such code and the call could just be removed. Debian bug 464384: fix cast warning in alignof --- commit 3b93dcc4726d4363215233a780df34772d76ee09 tree 3b3b3712e96c7115d44f180758b71ee95aa43b59 parent a2c7af990b11e1772b9f3e26c372213aa0fb8b03 author Kalle Olavi Niemitalo [EMAIL PROTECTED] Sat, 09 Feb 2008 00:24:45 +0200 committer Kalle Olavi Niemitalo [EMAIL PROTECTED] Sat, 09 Feb 2008 00:24:45 +0200 NEWS|1 + src/osdep/generic.h |2 +- 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/NEWS b/NEWS index 06215f0..ac4c337 100644 --- a/NEWS +++ b/NEWS @@ -131,6 +131,7 @@ Miscellaneous: Build system and compile-time errors (ignore if you don't build ELinks): +* serious Debian bug 464384: fix cast warning in alignof * bug 725: fix version checking for Ruby in 'configure' * enhancement: if make -k was used and a sub-Make fails, build the rest before propagating diff --git a/src/osdep/generic.h b/src/osdep/generic.h index 9223cd5..357b602 100644 --- a/src/osdep/generic.h +++ b/src/osdep/generic.h @@ -102,7 +102,7 @@ safe_write(int fd, const void *buf, size_t count) { /* Alignment of types. */ #define alignof(TYPE) \ -((int) ((struct { unsigned char dummy1; TYPE dummy2; } *) 0)-dummy2) +offsetof(struct { unsigned char dummy1; TYPE dummy2; }, dummy2) /* Using this macro to copy structs is both faster and safer than * memcpy(destination, source, sizeof(source)). Please, use this macro instead pgpofbjN5hgWE.pgp Description: PGP signature
Bug#464384: elinks_0.12~20080127-1(experimental/amd64/xenophanes): -Werror, warning: cast from pointer to integer of different size
Kalle Olavi Niemitalo [EMAIL PROTECTED] writes: There has been a similar warning in src/network/ssl/socket.c, at the gnutls_transport_set_ptr call. That could also be silenced with an extra cast, but this would in principle also require changing the code that converts the pointer back to an integer, and I can't find where that happens, so I'm not changing it now. Perhaps there is no such code and the call could just be removed. The opposite cast is in GnuTLS itself. I have pushed the alignof patch to elinks-0.12, as well as the following. Debian bug 464384: fix cast warning in ssl_connect There are warnings about casts in the Debian amd64 build logs: http://buildd.debian.org/fetch.cgi?pkg=elinksver=0.11.3-2arch=amd64stamp=1200348983file=log [CC] src/intl/gettext/dcigettext.o /build/buildd/elinks-0.11.3/src/intl/gettext/dcigettext.c: In function '_nl_find_msg': /build/buildd/elinks-0.11.3/src/intl/gettext/dcigettext.c:745: warning: cast from pointer to integer of different size /build/buildd/elinks-0.11.3/src/intl/gettext/dcigettext.c:746: warning: cast from pointer to integer of different size ... [CC] src/network/ssl/socket.o /build/buildd/elinks-0.11.3/src/network/ssl/socket.c: In function 'ssl_connect': /build/buildd/elinks-0.11.3/src/network/ssl/socket.c:219: warning: cast to pointer from integer of different size The warnings in _nl_find_msg were caused by alignof, which I already fixed. This commit ought to fix the gnutls_transport_set_ptr call in ssl_connect. This warning did not yet happen in bug 464384 because the others broke the build before it got that far. --- commit 6555359f8e56b6e08bd1a8f40fd363506a0e3ff5 tree 39257ecb47bd8a12e6bcf1eaa2c7ecf563cd6ef4 parent d529a1f24da6f85ac2ce67f4f4c1f7084485f538 author Kalle Olavi Niemitalo [EMAIL PROTECTED] Sat, 09 Feb 2008 15:07:04 +0200 committer Kalle Olavi Niemitalo [EMAIL PROTECTED] Sat, 09 Feb 2008 15:19:20 +0200 NEWS |2 +- src/network/ssl/socket.c |9 - 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index c8cbfd3..6ff7805 100644 --- a/NEWS +++ b/NEWS @@ -129,7 +129,7 @@ Miscellaneous: Build system and compile-time errors (ignore if you don't build ELinks): -* serious Debian bug 464384: fix cast warning in alignof +* serious Debian bug 464384: fix cast warnings in alignof and ssl_connect * bug 725: fix version checking for Ruby in 'configure' * enhancement: if make -k was used and a sub-Make fails, build the rest before propagating diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c index 19b8941..eabd8a3 100644 --- a/src/network/ssl/socket.c +++ b/src/network/ssl/socket.c @@ -154,8 +154,15 @@ ssl_connect(struct socket *socket) } #elif defined(CONFIG_GNUTLS) + /* GnuTLS uses function pointers for network I/O. The default +* functions take a file descriptor, but it must be passed in +* as a pointer. GnuTLS uses the GNUTLS_INT_TO_POINTER and +* GNUTLS_POINTER_TO_INT macros for these conversions, but +* those are unfortunately not in any public header. So +* ELinks must just cast the pointer the best it can and hope +* that the conversions match. */ gnutls_transport_set_ptr(*((ssl_t *) socket-ssl), -(gnutls_transport_ptr) socket-fd); +(gnutls_transport_ptr) (longptr_T) socket-fd); /* TODO: Some certificates fuss. --pasky */ #endif pgpvLtGvxVvQM.pgp Description: PGP signature
Bug#464384: elinks_0.12~20080127-1(experimental/amd64/xenophanes): -Werror, warning: cast from pointer to integer of different size
Y Giridhar Appaji Nag [EMAIL PROTECTED] quotes: make[4]: Entering directory `/tmp/buildd/elinks-0.12~20080127/build-main/src/protocol/smb' [CC] src/protocol/smb/smb2.o cc1: warnings being treated as errors /tmp/buildd/elinks-0.12~20080127/src/protocol/smb/smb2.c: In function 'do_smb': /tmp/buildd/elinks-0.12~20080127/src/protocol/smb/smb2.c:352: warning: format '%lld' expects type 'long long int', but argument 3 has type '__off_t' make[4]: *** [smb2.o] Error 1 Thank you. I pushed the following patch, which should fix these. Debian bug 464384: fix OFF_T_FORMAT mismatches on amd64 On AMD64 apparently, off_t is long but ELinks detected SIZEOF_OFF_T == 8 and defined OFF_T_FORMAT as lld, which expects long long and so causes GCC to warn about a mismatching format specifier. Because --enable-debug adds -Werror to $CFLAGS, this warning breaks the build. When both SIZEOF_LONG and SIZEOF_LONG_LONG are 8, ELinks cannot know which type it should use. To fix this, do not attempt to find a format specifier for off_t itself. Instead cast all printed off_t values to a new typedef off_print_T that is large enough, and replace OFF_T_FORMAT with OFF_PRINT_FORMAT which is suitable for off_print_T altough not necessarily for off_t. ELinks already had a similar scheme with time_print_T and TIME_PRINT_FORMAT. --- commit 61019c31304f89141248b0381974d1e3886cf160 tree a3343d1895bfd6892bbc6cf275930c513a508bec parent 6555359f8e56b6e08bd1a8f40fd363506a0e3ff5 author Kalle Olavi Niemitalo [EMAIL PROTECTED] Sun, 10 Feb 2008 11:20:33 +0200 committer Kalle Olavi Niemitalo [EMAIL PROTECTED] Sun, 10 Feb 2008 11:30:27 +0200 src/cache/cache.c |8 +--- src/cache/dialogs.c |8 src/dialogs/document.c |5 +++-- src/osdep/types.h | 22 +- src/protocol/fsp/fsp.c |3 ++- src/protocol/ftp/ftp.c |3 ++- src/protocol/smb/smb2.c |3 ++- 7 files changed, 35 insertions(+), 17 deletions(-) diff --git a/src/cache/cache.c b/src/cache/cache.c index db9efe1..8b05080 100644 --- a/src/cache/cache.c +++ b/src/cache/cache.c @@ -40,9 +40,11 @@ static void truncate_entry(struct cache_entry *cached, off_t offset, int final); #define dump_frag(frag, count) \ do { \ - DBG( [%d] f=%p offset=% OFF_T_FORMAT length=% OFF_T_FORMAT \ -real_length=% OFF_T_FORMAT, \ - count, frag, frag-offset, frag-length, frag-real_length); \ + DBG( [%d] f=%p offset=% OFF_PRINT_FORMAT \ +length=% OFF_PRINT_FORMAT \ +real_length=% OFF_PRINT_FORMAT, \ + count, frag, (off_print_T) frag-offset, \ + (off_print_T) frag-length, (off_print_T) frag-real_length); \ } while (0) #define dump_frags(entry, comment) \ diff --git a/src/cache/dialogs.c b/src/cache/dialogs.c index b0a33b3..29a9446 100644 --- a/src/cache/dialogs.c +++ b/src/cache/dialogs.c @@ -82,10 +82,10 @@ get_cache_entry_info(struct listbox_item *item, struct terminal *term) } } - add_format_to_string(msg, \n%s: % OFF_T_FORMAT, _(Size, term), -cached-length); - add_format_to_string(msg, \n%s: % OFF_T_FORMAT, _(Loaded size, term), - cached-data_size); + add_format_to_string(msg, \n%s: % OFF_PRINT_FORMAT, _(Size, term), +(off_print_T) cached-length); + add_format_to_string(msg, \n%s: % OFF_PRINT_FORMAT, _(Loaded size, term), +(off_print_T) cached-data_size); if (cached-content_type) { add_format_to_string(msg, \n%s: %s, _(Content type, term), cached-content_type); diff --git a/src/dialogs/document.c b/src/dialogs/document.c index ba55ea2..458e839 100644 --- a/src/dialogs/document.c +++ b/src/dialogs/document.c @@ -152,8 +152,9 @@ document_info_dialog(struct session *ses) if (cached) { unsigned char *a; - add_format_to_string(msg, \n%s: % OFF_T_FORMAT, -_(Size, term), cached-length); + add_format_to_string(msg, \n%s: % OFF_PRINT_FORMAT, +_(Size, term), +(off_print_T) cached-length); if (cached-incomplete) { add_format_to_string(msg, (%s), _(incomplete, term)); diff --git a/src/osdep/types.h b/src/osdep/types.h index 2404ac0..f1c42f8 100644 --- a/src/osdep/types.h +++ b/src/osdep/types.h @@ -146,12 +146,24 @@ typedef unsigned long long uint32_t; */ typedef long longptr_T; -/* Define internal off_t format macro for printing variables. */ -#if HAVE_OFF_T == 1 SIZEOF_OFF_T == 8 -#define OFF_T_FORMAT lld +/* To print off_t offset, ELinks does: + * + * printf(% OFF_PRINT_FORMAT, (off_print_T) offset); + * + * The cast is necessary because it is not possible to guess + * a printf format for off_t itself
Bug#478156: elinks_0.12~20080127-3(sparc/experimental): FTBFS: error: assuming signed overflow does not occur when assuming that (X + c) X is always false
Frank Lichtenheld [EMAIL PROTECTED] writes: | [CC] src/main/event.o | cc1: warnings being treated as errors | /build/buildd/elinks-0.12~20080127/src/main/event.c: In function 'unregister_event_hook': | /build/buildd/elinks-0.12~20080127/src/util/math.h:36: error: assuming signed overflow does not occur when assuming that (X + c) X is always false The code in unregister_event_hook() is: | for (i = 0; i event-count; i++) { | if (event-handlers[i].callback != callback) | continue; | | move_event_handler(event, i, i + 1); which calls: | static inline void | move_event_handler(struct event *event, int to, int from) | { | int d = int_max(to, from); which is defined in src/util/math.h as: | static inline int | int_max(register int x, register int y) | { | if (x y) return x; | return y; | } So GCC warns about the i i + 1 comparison. I think the i + 1 is very unlikely to overflow in practice, although it is possible because event-count is unsigned int and i is signed int. Also, the overflow would need a 64-bit machine because otherwise register_event_hook() would run out of memory first. However, there are other places in ELinks where signed overflows are possible and are expected to wrap around. The one such place I know about is parse_bencoding_integer(). You should therefore compile ELinks with -fno-strict-overflow or -fwrapv. I will add one of those to the configure script when I have time. pgpofBDxOye4F.pgp Description: PGP signature
Bug#417789: fixed in elinks 0.11.1-1.4
Julien Cristau [EMAIL PROTECTED] writes: elinks (0.11.1-1.4) unstable; urgency=high . * Non-maintainer security upload. * Don't look for gettext message catalogs in ../po/ (closes: #417789). Thanks, Arnaud Giersch! Reference: CVE-2007-2027. A less paranoid fix has been checked in to elinks-0.11 and elinks-0.12 in Git. If you want to review it, now is the time. http://pasky.or.cz/gitweb.cgi?p=elinks.git;a=commit;h=928f364ba2803f98d71775dc03b694d6403c0754 http://pasky.or.cz/gitweb.cgi?p=elinks.git;a=commit;h=110c564af3c12f40743b7e1adcfd3a034d73b601 pgpbYyZXLB179.pgp Description: PGP signature
Bug#417789: fixed in elinks 0.11.1-1.4
Arnaud Giersch [EMAIL PROTECTED] writes: I don't believe that this patch really solves the security issue. An user may still be vulnerable if he wants to run his freshly compiled (but not installed now) elinks. This user would typically run it as /path/to/elinks/src/elinks. If his cwd is not in the elinks sources, a wrong gettext catalog may be opened. Thank you for your concern. The patched ELinks 0.12.GIT (d1fa336f7f390d9b51456498fac5dda8f54c18a4) appears to open the correct gettext catalog in this case, regardless of what the current working directory is. Please see the GDB session below. $ gdb --args ~/build/i686-pc-linux-gnu/elinks-0.12/src/elinks -no-connect GNU gdb 6.5-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i486-linux-gnu...Using host libthread_db library /lib/tls/libthread_db.so.1. (gdb) list /home/Kalle/src/elinks-0.12/src/intl/gettext/loadmsgcat.c:207,229 207 /* This is hacked for ELinks - we want to look up for the translations at the 208 * correct place even if we are being ran from the source/build tree. */ 209 static struct string * 210 add_filename_to_string(struct string *str, struct loaded_l10nfile *domain_file) 211 { 212 unsigned char *slash = strrchr(program.path, '/'); 213 size_t dirnamelen = (slash ? slash - program.path + 1 : 0); 214 215 /* Check if elinks is being run from the source tree. */ 216 if (dirnamelen 4 217 || strncmp(program.path + dirnamelen - 4, src, 3)) 218 return NULL; 219 220 if ((dirnamelen !add_bytes_to_string(str, program.path, dirnamelen)) 221 || !add_to_string(str, ../po/) 222 || !add_bytes_to_string(str, 223 (unsigned char *) domain_file-langdirname, 224 domain_file-langdirnamelen) 225 || !add_to_string(str, .gmo)) 226 return NULL; 227 228 return str; 229 } (gdb) break add_filename_to_string Breakpoint 1 at 0x80c5453: file /home/Kalle/src/elinks-0.12/src/intl/gettext/loadmsgcat.c, line 212. (gdb) run Starting program: /home/Kalle/build/i686-pc-linux-gnu/elinks-0.12/src/elinks -no-connect [Thread debugging using libthread_db enabled] [New Thread -1216120064 (LWP 8749)] [Switching to Thread -1216120064 (LWP 8749)] Breakpoint 1, add_filename_to_string (str=0xbfbc844c, domain_file=0x819b820) at /home/Kalle/src/elinks-0.12/src/intl/gettext/loadmsgcat.c:212 212 unsigned char *slash = strrchr(program.path, '/'); (gdb) print program.path $1 = (unsigned char *) 0xbfbc942e /home/Kalle/build/i686-pc-linux-gnu/elinks-0.12/src/elinks (gdb) next 213 size_t dirnamelen = (slash ? slash - program.path + 1 : 0); (gdb) print slash $2 = (unsigned char *) 0xbfbc9461 /elinks (gdb) next 216 if (dirnamelen 4 (gdb) print dirnamelen $3 = 52 (gdb) print program.path + dirnamelen - 4 $4 = (unsigned char *) 0xbfbc945e src/elinks (gdb) next 220 if ((dirnamelen !add_bytes_to_string(str, program.path, dirnamelen)) (gdb) print *str $5 = {magic = 7, source = 0x81c3550 , length = 0} (gdb) print domain_file-[EMAIL PROTECTED]langdirnamelen $6 = fi_FI.UTF-8 (gdb) next 228 return str; (gdb) print *str $7 = {magic = 7, source = 0x81c3550 /home/Kalle/build/i686-pc-linux-gnu/elinks-0.12/src/../po/fi_FI.UTF-8.gmo, length = 73} (gdb) pgpDXgH1hGtaG.pgp Description: PGP signature
Bug#551238: FTBFS: spidermonkey.c:(.text+0x52858): undefined reference to `JS_SetBranchCallback'
http://repo.or.cz/w/elinks/miciah.git?a=shortlog;h=refs/heads/miciah/heartbeat has a patch for this, using SIGVTALRM instead of SIGALRM (which is not how the ecmascript.max_exec_time is documented but should catch runaway scripts all the same). I haven't tested it. pgpHSHmaskgxp.pgp Description: PGP signature
Bug#554322: FTBFS with binutils-gold
Peter Fritzsche peter.fritzs...@gmx.de writes: [LINK] src/elinks /usr/bin/ld: lib.o: in function setup_safeguard:spidermonkey.c(.text+0x52858): error: undefined reference to 'JS_SetBranchCallback' This looks like a duplicate of Debian bug 551238, where the same error occurred without gold. pgpGQZc7omozL.pgp Description: PGP signature
Bug#554594: elinks_0.12~pre5-1+b2(ia64/unstable): FTBFS: undefined reference to `JS_SetBranchCallback'
lam...@debian.org writes: There was an error while trying to autobuild your package: [...] lib.o: In function `setup_safeguard': spidermonkey.c:(.text+0xca082): undefined reference to `JS_SetBranchCallback' This too looks like a duplicate of #551238. pgpaYfoRMvvJp.pgp Description: PGP signature
Bug#564966: kq-data: contains unlicensed music
Package: kq-data Version: 0.99.cvs20070319-1.1 Severity: serious According to these posts to the kqlives-main mailing list in 2002-2004 http://sourceforge.net/mailarchive/message.php?msg_name=000901c2d8ac%2483171de0%248692fea9%40computer (Re: [Kqlives-main] TT -- TroyD merge) http://sourceforge.net/mailarchive/message.php?msg_id=000b01c3ada0%2431e09400%24144ca8c0%40ControlCenter (Re: [Kqlives-main] Musak?) http://sourceforge.net/mailarchive/message.php?msg_id=20040721164728.TIOB4492.mx-mtaout01.mts.net%40mx-mtaout (Re: Re: [Kqlives-main] RE: Kqlives-main digest, Vol 1 #290 - 8 msgs) the following music files included in KQ are unlicensed: aa_arofl.xm comeback.mod dag_4.xm enfero.xm eransp.mod infanita.mod into61.s3m land.mod oxford.s3m rain.s3m toroia.s3m town.mod waterw.xm In upstream CVS, the music/ directory has not been modified after the initial import in September 2002. Thus, the files cannot have been replaced with free ones after the mails. Even if the demoscene musicians who made these files are happy to let people copy them, it still does not mean modifying them is allowed, as Debian would require for packages in main. There was a similar bug in the meritous package: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465532 ExtraTracks.zip in the SourceForge download area for KQ contains music tracks whose authors permit them to be used in KQ: http://sourceforge.net/projects/kqlives/files/ExtraTracks/ http://sourceforge.net/mailarchive/message.php?msg_id=001201c365ac%24c1afa580%24030a%40win.mshome.net http://sourceforge.net/mailarchive/message.php?msg_id=20040723180707.EEVZ4492.mx-mtaout01.mts.net%40mx-mtaout http://sourceforge.net/mailarchive/message.php?msg_id=4102235E.605%40ntlworld.com http://sourceforge.net/mailarchive/message.php?msg_id=001d01c471b9%245700dfa0%246205010a%40ControlCenter so the unlicensed tracks could possibly be replaced with these, if the licence grants are clear and permissive enough...? -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (900, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- no debconf information pgpp2nZRez6C1.pgp Description: PGP signature
Bug#564966: kq-data: contains unlicensed music
Kalle Olavi Niemitalo k...@iki.fi writes: Even if the demoscene musicians who made these files are happy to let people copy them, it still does not mean modifying them is allowed, as Debian would require for packages in main. Apparently, at least some of them can be distributed unmodified, although perhaps not as part of a game: http://modarchive.org/index.php?terms-upload http://modarchive.org/index.php?faq-licensing aa_arofl.xm md5sum d4d31cc9bd75d6ec24cc36aeb5b7ada2 in KQ and at The Mod Archive md5sum bff61a1508c83d004e9f799cd32846c5 at the composer's site Archons of Light by Nils Ingvarsson (aka ArchAngel) http://modarchive.org/module.php?32610 http://www.archangel-music.se/portfolio/music/ comeback.mod md5sum ab92587defb8fefc78118860be618892 Come Back To Me by Ole Skåra (aka Zany/Iris) 5th place in Gathering '95 4chmus competition http://modarchive.org/module.php?122874 enfero.xm md5sum f671ebb39bcc222ea9d219327b4d57ac Theme from Enfero by AwEmAn/LIS (aka Neo) http://modarchive.org/module.php?42125 eranasp.mod md5sum 2b857a0717e5438ae3154b78a53e0a44 erana-j.kyd by Jesper Kyd http://modarchive.org/module.php?42353 http://amp.dascene.net/downmod.php?index=36860 infanita.mod md5sum ca178016ffaa310a7ff170ae007d8000 in KQ and at The Mod Archive md5sum b842dd41473f8c5a06053dae798da060 at Amiga Music Preservation infanita by Bjorn Lynne (aka Dr. Awesome) http://modarchive.org/module.php?45620 http://amp.dascene.net/downmod.php?index=19440 http://www.shockwave-sound.com/xt_cart_add.php?vid=8119 into61.s3m md5sum df8b70766102fd45acca5e5d133e41da .61 by Yoav Pasovsky (aka Paso/Esteem) http://modarchive.org/module.php?164773 land.mod md5sum 4ce7387cf12b44ab01c23ef32274eb85 in KQ and at The Mod Archive md5sum 13d67a0e9e23a93917eab5b6aabe2c33 at Amiga Music Preservation sahara by Bjorn Lynne (aka Dr. Awesome) http://modarchive.org/module.php?54239 http://amp.dascene.net/downmod.php?index=19524 oxford.s3m md5sum 8c0e75d5ca111475934a221539b4088a in KQ md5sum d340254df0d54d5f73a039424d62f7d1 at The Mod Archive Oxford-Suite by NEMO/4$orcerers mentions being based on ED ALLEYNE's E-Voiline Virtuosity http://modarchive.org/module.php?51585 town.mod md5sum 304a7e3800f1ff47585883f3ba8c014c in KQ md5sum 599dbd0dd8a49687ee264ff74ab4f19b at The Mod Archive md5sum 47c31ac6f729ca09ad53a1ad31471858 at Amiga Music Preservation old england by Bjorn Lynne (aka Dr. Awesome) http://modarchive.org/module.php?89342 http://amp.dascene.net/downmod.php?index=19567 Still, even if the Mod Archive license is valid, these could go in non-free at best. No license found for: dag_4.xm md5sum 480b0d0203756c2a24f5a4fcf17e07a1 Daggerfall 4 rain.s3m md5sum f729b301e9152b9b09096a64a72b314b Rain... toroia.s3m md5sum ec48fe61e03a73b366ed6f0e89ce332c FF2: Toroia Castle mentions Original by Nobuo Uematsu waterw.xm md5sum 86d79241eeea5736e74c92d57b62182f WaterWorld by TRAFO/Extreme Mods Club pgpJ1W1JCojhS.pgp Description: PGP signature
Bug#526349: fixed in upstream ELinks 0.12pre4
package elinks tags 529821 + fixed-upstream quit These bugs have been fixed in today's upstream ELinks 0.12pre4. * Debian build bug 529821: Use ``pkg-config gnutls'' instead of ``libgnutls-config'', which is not included in GNUTLS 2.7.x. You can no longer specify the location of GNUTLS using ``configure --with-gnutls=DIR''. * Debian bug 528661: If using GNUTLS 2.1.7 or later, disable various TLS extensions (including CERT and SERVERNAME) to help handshaking with the SSLv3-only bugzilla.novell.com. * Debian build bug 526349: Include asciidoc.py from AsciiDoc 7.1.2, to remove all dependencies on the installed version. FYI, there's also one change thought useful for Debian's elinks-lite. * build enhancement: Recognize ``configure --without-tre''. pgp2n5KSyEGJK.pgp Description: PGP signature
Bug#551238: FTBFS: spidermonkey.c:(.text+0x52858): undefined reference to `JS_SetBranchCallback'
We discussed this in IRC on 2009-07-18. I think the plan was something like: * Don't add threads. * Use SIGALRM for both JS_TriggerOperationCallback and the select() race, with the same signal handler function. * Add a global variable that lists the scripts being evaluated. Each element of the list contains a JSContext * and a time_t. The list should normally have just 0 or 1 element so we don't need any fancy priority queue. * Add ecmascript_check_alarms(), which walks this list and calls JS_TriggerOperationCallback for each context whose timeout has expired. It then returns the number that should be passed to the next alarm() call. * Before each call to JS_EvaluateScript, construct a list element as an auto variable, add it to the list, and call alarm(ecmascript_check_alarms()). * After each call to JS_EvaluateScript, remove the element from the list, and call alarm(ecmascript_check_alarms()). * If e.g. Win32 doesn't support alarm(), don't implement the ECMAScript timeout there. * The old SIGALRM code (critical_section, pending_alarm, alarm_handler, check_for_select_race, uninstall_alarm) seems intended to handle the case where a signal occurs immediately before select() and ELinks would instead like it to interrupt the select(). (The race condition could be entirely prevented, by blocking the signals almost all the time and letting pselect() unblock them. That would however be less portable.) Because select_loop() is not called recursively, this should never get run during ECMAScript evaluation. Add some assertions for that. * There are some sleep() calls in error handlers. Replace those with a wrapper that calls alarm(ecmascript_check_alarms()) at the end, in case sleep() interfered with alarm(). pgpKsS6C1CmhM.pgp Description: PGP signature
Bug#526349: elinks: FTBFS on i386 auto build
Gustavo Noronha Silva k...@debian.org writes: While trying to build elinks on an i386 chroot (building also Arch: all binaries) I got the following error: make[1]: Entering directory `/build/buildd-elinks_0.12~pre3-2-i386-to3MRQ/elinks-0.12~pre3/build-main/doc' [CONF2DOC] doc/features.txt [KEYS2DOC] doc/keymap-actions.txt [KEYS2DOC] doc/keymap-defaults.txt [HELP2XML] doc/option-command.frag.xml [ASCIIDOC] doc/elinks.1.xml FAILED: [listdef-bulleted] missing section: [listtags-None] make[1]: *** [elinks.1.xml] Error 1 I can reproduce this with upstream ELinks 0.12pre3.GIT sources and AsciiDoc 8.4.4-1 from Debian. We have AsciiDoc 7.1.2 configuration files in the ELinks source tree in order to lock the input syntax against AsciiDoc upgrades (Debian bug 491820) or user modifications of /etc/asciidoc. The AsciiDoc User Guide recommends bundling the asciidoc script too (under Shipping stand-alone AsciiDoc source) but I had previously assumed I could rely on the script remaining compatible with old config files. So I'll now add the script there, and Debian can then replace the asciidoc build-dependency with some version of python. This change will go in the elinks-0.12 and master branches. Do you need it in elinks-0.11 as well? pgpa1BLSg3qUD.pgp Description: PGP signature
Bug#564966: kq-data: contains unlicensed music
The kq and kq-data packages were removed from Debian because of the unlicensed music: http://bugs.debian.org/575739 Meanwhile, the upstream KQ developers are tracking the music licenses in their wiki. So far, the composer of aa_arofl.xm has granted permission to distribute that file but not to modify it. It seems likely that the game will not be able to reenter Debian until all the music is replaced or made optional. http://sourceforge.net/apps/mediawiki/kqlives/index.php?title=Music_Licences pgpk7Q86VpdeI.pgp Description: PGP signature
Bug#699892: [Pan-devel] Seeking advice on Pan license issue with optional TLS component
Dominique Dumont domi.dum...@free.fr writes: I'll put back SSL support for Pan in Debian unstable once the problematic code is relicensed or re-written. It looks like the license of GNUTLS 3.1.x may eventually be changed from LGPLv3+ back to LGPLv2.1+. If that succeeds, I believe it would solve the incompatibility with Pan. http://lists.gnutls.org/pipermail/gnutls-devel/2013-February/006086.html Alternatively, the SSL support could be rewritten to use the NSS library from Mozilla; that one remains GPLv2-compatible. I don't know yet how different its API is. pgpyvdE98r_xN.pgp Description: PGP signature
Bug#699892: [Pan-devel] Seeking advice on Pan license issue with optional TLS component
Dominique Dumont d...@debian.org writes: Le jeudi 21 février 2013 23:12:28, vous avez écrit : It looks like the license of GNUTLS 3.1.x may eventually be changed from LGPLv3+ back to LGPLv2.1+. If that succeeds, I believe it would solve the incompatibility with Pan. http://lists.gnutls.org/pipermail/gnutls-devel/2013-February/006086.html Thanks for the info. I'll forward this upstream. Gnutls 3.1.10 now has LGPLv2.1+ again. http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006202.html pgpVQbfNsTbg_.pgp Description: PGP signature
Bug#797043: Bug#797079: wheezy-pu: package mozilla-noscript/2.6.8.19-1~deb7u2
David Prévot taf...@debian.org writes: + [ Kalle Olavi Niemitalo ] + * Temporarily allow scripts with recent iceweasel +(Closes: #797043) Those functions in noscriptService.js are used not only for setting up the menu (from which the user could temporarily whitelist sites), but also for deciding which tabs to reload after the whitelist has been changed. I would thus prefer this kind of changelog entry: * Fix enumeration of scripts on iceweasel = 35. Backported from upstream 2.6.8.42rc1. (Closes: #797043) I'm not sure how to format the backport in DEP-3 though, because upstream doesn't seem to have a public version-control system. Can it be done like this? Origin: backport, http://anonscm.debian.org/cgit/pkg-mozext/noscript.git/diff/components/noscriptService.js?h=upstream/2.6.8.42id=2218a38a22e43834ce09c75fd5c3c5dc75bc7cf6 I searched the *.js files of xul-ext-noscript 2.6.8.19-1~deb7u1 with a regexp and didn't find any other places where a let statement uses the variable being defined. The regexp did not cover statements that define multiple variables, though.
Bug#797043: Bug#797079: wheezy-pu: package mozilla-noscript/2.6.8.19-1~deb7u2
David Prévotwrites in Bug#797079: > Uploaded (with the improved changelog and metadata suggested by Kalle), > thanks. I installed xul-ext-noscript 2.6.8.19-1~deb7u2 from wheezy-proposed-updates, and it works OK. However, I see the patch now has the following line: Origin: backport, http://anonscm.debian.org/cgit/pkg-mozext/noscript.git/diff/components/noscriptService.js?h=upstream/2.6.8.42=upstream/2.6.8.42_rc1 That URL is a bit misleading because the diff is neither from upstream/2.6.8.42 to upstream/2.6.8.42_rc1 nor vice versa; it's instead from the parent commit (upstream/2.6.8.41) to upstream/2.6.8.42_rc1. When the query string of the URL contains multiple "h" fields, cgit uses only the last one: http://git.zx2c4.com/cgit/tree/cgit.c?h=v0.11.2#n300 A shorter URL would thus work just as well: Origin: backport, http://anonscm.debian.org/cgit/pkg-mozext/noscript.git/diff/components/noscriptService.js?h=upstream/2.6.8.42_rc1 Or if you wanted to specify the older version explicitly, you'd use "id2": Origin: backport, http://anonscm.debian.org/cgit/pkg-mozext/noscript.git/diff/components/noscriptService.js?h=upstream/2.6.8.42_rc1=upstream/2.6.8.41 It's totally not worth making a new upload but I wanted to mention it in case more backports are needed later.
Bug#792622: missing licenses in debian/copyright
This message applies to gnumach 2:1.7+git20160809-2. The following files are not used by "dpkg-buildpackage -uc -b -nc", i.e. their atimes do not change during this binary-arch build, and the build succeeds even if they are removed. ./ChangeLog.0 ./ChangeLog.00 ./DEVELOPMENT ./ddb/db_mp.h ./ddb/tr.h ./debian/watch ./device/dev_master.h ./doc/fdl.texi ./doc/gpl.texi ./doc/stamp-vti ./i386/i386/ast_types.h ./i386/i386/cpu.h ./i386/i386/kttd_machdep.h ./i386/i386/lock.h ./i386/i386/sched_param.h ./i386/include/mach/i386/cthreads.h ./kern/act.h ./kern/refcount.h ./kern/shuttle.h ./linux/dev/README ./linux/dev/drivers/net/Space.c ./linux/dev/drivers/net/auto_irq.c ./linux/dev/drivers/net/net_init.c ./linux/dev/drivers/net/wavelan.p.h ./linux/dev/drivers/scsi/eata_dma.c ./linux/dev/drivers/scsi/g_NCR5380.c ./linux/dev/glue/net.c ./linux/dev/include/asm-i386/smp.h ./linux/dev/include/asm-i386/uaccess.h ./linux/dev/include/linux/etherdevice.h ./linux/dev/include/linux/if.h ./linux/dev/include/linux/modversions.h ./linux/dev/include/linux/netdevice.h ./linux/dev/include/linux/notifier.h ./linux/dev/include/linux/pm.h ./linux/dev/include/linux/skbuff.h ./linux/dev/include/linux/threads.h ./linux/dev/net/core/dev.c ./linux/pcmcia-cs/clients/3c574_cs.c ./linux/pcmcia-cs/clients/3c589_cs.c ./linux/pcmcia-cs/clients/ax8390.h ./linux/pcmcia-cs/clients/axnet_cs.c ./linux/pcmcia-cs/clients/fmvj18x_cs.c ./linux/pcmcia-cs/clients/nmclan_cs.c ./linux/pcmcia-cs/clients/ositech.h ./linux/pcmcia-cs/clients/pcnet_cs.c ./linux/pcmcia-cs/clients/smc91c92_cs.c ./linux/pcmcia-cs/clients/xirc2ps_cs.c ./linux/pcmcia-cs/glue/ds.c ./linux/pcmcia-cs/glue/pcmcia.c ./linux/pcmcia-cs/glue/pcmcia_glue.h ./linux/pcmcia-cs/glue/wireless_glue.h ./linux/pcmcia-cs/include/linux/crc32.h ./linux/pcmcia-cs/include/linux/slab.h ./linux/pcmcia-cs/include/pcmcia/bulkmem.h ./linux/pcmcia-cs/include/pcmcia/bus_ops.h ./linux/pcmcia-cs/include/pcmcia/ciscode.h ./linux/pcmcia-cs/include/pcmcia/cisreg.h ./linux/pcmcia-cs/include/pcmcia/cistpl.h ./linux/pcmcia-cs/include/pcmcia/cs.h ./linux/pcmcia-cs/include/pcmcia/cs_types.h ./linux/pcmcia-cs/include/pcmcia/driver_ops.h ./linux/pcmcia-cs/include/pcmcia/ds.h ./linux/pcmcia-cs/include/pcmcia/mem_op.h ./linux/pcmcia-cs/include/pcmcia/ss.h ./linux/pcmcia-cs/include/pcmcia/version.h ./linux/pcmcia-cs/modules/bulkmem.c ./linux/pcmcia-cs/modules/cirrus.h ./linux/pcmcia-cs/modules/cistpl.c ./linux/pcmcia-cs/modules/cs.c ./linux/pcmcia-cs/modules/cs_internal.h ./linux/pcmcia-cs/modules/ds.c ./linux/pcmcia-cs/modules/ene.h ./linux/pcmcia-cs/modules/i82365.c ./linux/pcmcia-cs/modules/i82365.h ./linux/pcmcia-cs/modules/o2micro.h ./linux/pcmcia-cs/modules/pci_fixup.c ./linux/pcmcia-cs/modules/ricoh.h ./linux/pcmcia-cs/modules/rsrc_mgr.c ./linux/pcmcia-cs/modules/smc34c90.h ./linux/pcmcia-cs/modules/ti113x.h ./linux/pcmcia-cs/modules/topic.h ./linux/pcmcia-cs/modules/vg468.h ./linux/pcmcia-cs/modules/yenta.h ./linux/pcmcia-cs/wireless/hermes.c ./linux/pcmcia-cs/wireless/hermes.h ./linux/pcmcia-cs/wireless/hermes_rid.h ./linux/pcmcia-cs/wireless/ieee802_11.h ./linux/pcmcia-cs/wireless/orinoco.c ./linux/pcmcia-cs/wireless/orinoco.h ./linux/pcmcia-cs/wireless/orinoco_cs.c ./linux/src/COPYING ./linux/src/drivers/net/3c501.c ./linux/src/drivers/net/3c503.c ./linux/src/drivers/net/3c503.h ./linux/src/drivers/net/3c505.c ./linux/src/drivers/net/3c505.h ./linux/src/drivers/net/3c507.c ./linux/src/drivers/net/3c509.c ./linux/src/drivers/net/3c515.c ./linux/src/drivers/net/3c59x.c ./linux/src/drivers/net/8390.c ./linux/src/drivers/net/8390.h ./linux/src/drivers/net/ac3200.c ./linux/src/drivers/net/apricot.c ./linux/src/drivers/net/at1700.c ./linux/src/drivers/net/atp.c ./linux/src/drivers/net/atp.h ./linux/src/drivers/net/de4x5.c ./linux/src/drivers/net/de4x5.h ./linux/src/drivers/net/de600.c ./linux/src/drivers/net/de620.c ./linux/src/drivers/net/de620.h ./linux/src/drivers/net/depca.c ./linux/src/drivers/net/depca.h ./linux/src/drivers/net/e2100.c ./linux/src/drivers/net/eepro.c ./linux/src/drivers/net/eepro100.c ./linux/src/drivers/net/eexpress.c ./linux/src/drivers/net/epic100.c ./linux/src/drivers/net/eth16i.c ./linux/src/drivers/net/eth82586.h ./linux/src/drivers/net/ewrk3.c ./linux/src/drivers/net/ewrk3.h ./linux/src/drivers/net/fmv18x.c ./linux/src/drivers/net/hamachi.c ./linux/src/drivers/net/hp-plus.c ./linux/src/drivers/net/hp.c ./linux/src/drivers/net/hp100.c ./linux/src/drivers/net/hp100.h ./linux/src/drivers/net/i82586.h ./linux/src/drivers/net/intel-gige.c ./linux/src/drivers/net/kern_compat.h ./linux/src/drivers/net/lance.c ./linux/src/drivers/net/myson803.c ./linux/src/drivers/net/natsemi.c ./linux/src/drivers/net/ne.c ./linux/src/drivers/net/ne2k-pci.c ./linux/src/drivers/net/ni52.c ./linux/src/drivers/net/ni52.h ./linux/src/drivers/net/ni65.c ./linux/src/drivers/net/ni65.h ./linux/src/drivers/net/ns820.c ./linux/src/drivers/net/pci-scan.c ./linux/src/drivers/net/pci-scan.h ./linux/src/drivers/net/pcnet32.c
Bug#792622: missing licenses in debian/copyright
Samuel Thibaultwrites: > It is really non-technical work, a matter of using the check-copyright > script to check that the various licences are referenced in > debian/copyright (there is no hard need to reference files exactly, > the only minimal need is knowing which licences end up in the gnumach > binary). What check-copyright script do you mean? https://packages.debian.org/search?searchon=contents=check-copyright=filename=unstable=any shows only these: * /usr/share/gnulib/check-copyright in gnulib 20140202+stable-2. It only checks the licenses of gnulib modules, which gnumach does not use. The latest version is online at http://git.savannah.gnu.org/cgit/gnulib.git/plain/check-copyright and has no functional differences. * /usr/share/gocode/src/github.com/syncthing/syncthing/script/check-copyright.go in golang-github-syncthing-syncthing-dev 0.14.4+dfsg1-1. It ignores licenses and only checks for missing copyright notices.
Bug#838244: hurd: license incompatibility between ext2fs (GPLv2-only) and libparted (GPLv3-or-later)
Samuel Thibaultwrites: > But storeio can be used as an intermediate between the two. "storeio --store-type=part 1:device:hd0" apparently supports file_get_storage_info and reports the partition boundaries there, so the I/O would not have to go through the storeio translator. libstore/encode.c (too_big) has a comment saying "The RPC protocol uses 32-bit off_t's" but that is false since 2002.
Bug#792622: missing licenses in debian/copyright
My inventory of the licenses in gnumach 2:1.7+git20160809-2 is not yet complete. I'm seeing two kinds of license violations so far. University of Utah advertising clause vs. GNU GPL - Several files have a license notice like this: > Copyright (c) 1994 The University of Utah and > the Computer Systems Laboratory at the University of Utah (CSL). > All rights reserved. > > Permission to use, copy, modify and distribute this software is hereby > granted provided that (1) source code retains these copyright, permission, > and disclaimer notices, and (2) redistributions including binaries > reproduce the notices in supporting documentation, and (3) all advertising > materials mentioning features or use of this software display the following > acknowledgement: ``This product includes software developed by the > Computer Systems Laboratory at the University of Utah.'' > > THE UNIVERSITY OF UTAH AND CSL ALLOW FREE USE OF THIS SOFTWARE IN ITS "AS > IS" CONDITION. THE UNIVERSITY OF UTAH AND CSL DISCLAIM ANY LIABILITY OF > ANY KIND FOR ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. > > CSL requests users of this software to return to csl-d...@cs.utah.edu any > improvements that they make and grant CSL redistribution rights. This includes an advertising clause, which AFAIK is incompatible with GPLv1, GPLv2, and GPLv3. In June 2007, one of the original Hurd developers was going to ask the University of Utah to rescind the advertising clause, but the results were never posted to bug-hurd. https://lists.gnu.org/archive/html/bug-hurd/2007-06/msg00068.html https://lists.gnu.org/archive/html/bug-hurd/2007-06/msg00069.html https://lists.gnu.org/archive/html/bug-hurd/2007-06/msg00075.html https://www.gnu.org/licenses/license-list.html#OriginalBSD GPLv3-or-later vs. GPLv2-only - The following files are copyrighted by the FSF, licensed under GPLv3-or-later, and built into the gnumach binary: i386/grub/acpi.h i386/grub/compiler.h i386/grub/cpu/io.h i386/grub/cpu/time.h i386/grub/cpu/types.h i386/grub/err.h i386/grub/misc.h i386/grub/mm.h i386/grub/symbol.h i386/grub/time.h i386/grub/types.h i386/i386at/acpi.c i386/i386at/acpihalt.c kern/gsync.c kern/gsync.h Many files copied from Linux are licensed under GPLv2-only, and they too are built into the gnumach binary. Here is one that carries its own license notice, so the license is easy to verify: linux/src/drivers/scsi/BusLogic.c "nm gnumach" shows both grub_acpi_halt and BusLogic_HardwareResetHostAdapter, i.e. the binary contains both GPLv3-or-later and GPLv2-only code, which is an unlicensed combination according to the FSF. https://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility https://savannah.gnu.org/bugs/?49024 Mozilla Public License v1.1 not a problem - Many files under linux/pcmcia-cs/ have license notices that refer to MPLv1.1. However, that does not cause a license incompatibility, because all of those files are dual licensed under GPLv2-only, and none of them is actually built.
Bug#838244: hurd: license incompatibility between ext2fs (GPLv2-only) and libparted (GPLv3-or-later)
Package: hurd Version: 1:0.8.git20160826-1 Severity: serious File: /hurd/ext2fs.static The ext2fs translator contains GPLv2-only code copied from Linux, but it is linked (through libstore) with libparted, which is GPLv3-or-later since 2007. This combination violates at least one of the licenses. The problem is clearest in ext2fs.static but FSF doctrine is it applies to dynamic linking as well. One of the Hurd developers acknowledged in August 2007 that ext2fs in the Hurd contains GPLv2-only code: https://lists.gnu.org/archive/html/bug-hurd/2007-08/msg00073.html The "BSD-licensed liblabel" was suggested as a replacement of libparted, on the #hurd IRC channel on 2016-09-15. Until that is implemented, the partition-table support in libstore could be disabled altogether, because GNU Mach currently provides a named device for each partition. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: hurd-i386 (i686-AT386) Kernel: GNU-Mach 1.7+git20160809-486-dbg/Hurd-0.8 Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages hurd depends on: ii hurd-libs0.3 1:0.8.git20160826-1 ii libblkid1 2.28.1-1 ii libbz2-1.01.0.6-8 ii libc0.3 2.23-5 ii libdaemon00.14-6 ii libncursesw5 6.0+20160625-1+b1 ii libtinfo5 6.0+20160625-1+b1 ii libx11-6 2:1.6.3-1+b1 ii netdde0.0.20150828-3 ii sysv-rc 2.88dsf-59.8 ii xkb-data 2.17-1 ii zlib1g1:1.2.8.dfsg-2 Versions of packages hurd recommends: pn bf-utf-source Versions of packages hurd suggests: pn hurd-doc -- Configuration Files: /etc/default/hurd-console changed: ENABLE='false' DISPLAY='-d vga' KBD='-d pc_kbd' if [ -f /etc/default/keyboard ] then . /etc/default/keyboard fi [ -z "$XKBLAYOUT" ] || KBD="$KBD --keymap $XKBLAYOUT" KBD_REPEAT='--repeat=kbd' MOUSE='-d pc_mouse --protocol=ps/2' MOUSE_REPEAT='--repeat=mouse' -- no debconf information
Bug#840610: UnicodeEncodeError: 'ascii' codec can't encode character
Robert Luberdawrites: > According to GNU gettext documentation[1]: "The variable LANGUAGE is > ignored if the locale is set to ‘C’." That exception was added on 2001-01-03, for glibc 2.2.1. In glibc 2.2, LANGUAGE used to override LC_ALL=C. In Python 2.0 (released on 2000-10-16), 2.7, and 3.5.0, gettext.py checks LANGUAGE first, like glibc 2.2. The loop that checks the environment variables is exactly the same in these three versions. I searched for "gettext" at bugs.python.org but it didn't find a bug report for the priority of LANGUAGE vs. LC_ALL=C in gettext. http://bugs.python.org/issue1166948 says 'LANGUAGE is honoured even if the default locale is "C"' but I think that refers to locale.getdefaultencoding, not to gettext.