Bug#1008781: nemiver: Intent to remove from Debian

[Luca BRUNO]

eremy Bicha  wrote:

> I intend to file a removal bug for nemiver soon. It has failed to
> build for more than a year. It wasn't autoremoved sooner because it
> was included in one of the metapackages in meta-gnome3.

I agree, it's time to let it go.
If you are already in the process of asking for its removal, please
feel free to proceed.

Ciao, Luca

Bug#902972: libargon2-0 install a symlink pointin to libargon2.so.1

[Luca BRUNO]

On Wednesday, 4 July 2018 07:31:30 UTC you wrote:
 
> The libargon2-0 package is pulling the libargon2-1 package and contains
> a symlink pointing to libargon2.so.1.
> 
> This is not a good idea and a proper transition should be done.

Is there a specific issue this is causing?

While odd, the rationale for such setup is described here:
https://salsa.debian.org/debian/argon2/merge_requests/3#note_28753

Ciao, Luca

-- 
"If you build a wall, think of what you leave outside it" - Italo Calvino


signature.asc
Description: This is a digitally signed message part.

Bug#891434: grub-efi: System fails to boot after "No space left on device" on EFI variable storage

[Luca BRUNO]

Hi,
I experienced the same today after a grub update to '2.02+dfsg1-1' on testing.
Looking back at logs, grub-install reported an error but the upgrade process
as a whole didn't fail, so I missed it at first:
```
Could not prepare Boot variable: No space left on device
grub-install: error: efibootmgr failed to register the boot entry: Input/output 
error.
Failed: grub-install --target=x86_64-efi  
WARNING: Bootloader is not properly installed, system may not be bootable
```

However, after manually recovering via efibootmgr, the ESP doesn't seem
to be full nor close to:
```
# df -h
Filesystem  Size  Used Avail Use% Mounted on
/dev/sda4   3.7G  238M  3.2G   7% /boot
/dev/sda1   256M   24M  233M  10% /boot/efi
```

My pstore has ~150 entries, all quite small (~1Kb), and none of them are recent.
So I'm not sure why this specific upgrade got stuck on ENOSPC.

Ciao, Luca

-- 
"If you build a wall, think of what you leave outside it" - Italo Calvino


signature.asc
Description: This is a digitally signed message part.

Bug#842634: [Pkg-rust-maintainers] Bug#842634: rustc: FTBFS (sys_common::net::tests::no_lookup_host_duplicates fails)

[Luca BRUNO]

severity 842634 minor
thanks

On Sunday, 30 October 2016 23:09:35 UTC Santiago Vila wrote:


> I wonder what exactly this test "no_lookup_host_duplicates" does.
> My autobuilder do not have a FQDN, it has just this in /etc/hosts:
> 
> public-ip skywalker1
> 
> Is this a bug in my autobuilder? I hope not.
> 
> In either case, I would just forward this upstream and disable the
> test which fails.

I'm just lowering the severity here to unblock the migration, but I honestly 
believe your autobuilder is misconfigured. The "no_lookup_host_duplicates" 
tries to resolve localhost and verify that there aren't ipv4/ipv6 duplicates, 
however your host is missing an /etc/hosts line for localhost and the test 
panics.
I don't have any reference at hand, but I'd consider the environment broken.

Ciao, Luca

signature.asc
Description: This is a digitally signed message part.

Bug#835360: rkt: FTBFS on several architectures

[Luca BRUNO]

On Thursday, 13 October 2016 13:59:27 UTC Andreas Henriksson wrote:
 
> Fwiw, there's a chain of {build-,}dependencies that would need to be
> removed on ppc64el

Ah, when I wrote my previous answer I didn't realize that.
Upon further inspection, it looks like it may be just enough to cherry-pick
this fix on top of gopsutil:
https://github.com/shirou/gopsutil/pull/261
 
Ciao, Luca

-- 
«Доверяй, но проверяй»


signature.asc
Description: This is a digitally signed message part.

Bug#835360: rkt: FTBFS on several architectures

[Luca BRUNO]

On Thursday, 13 October 2016 21:18:07 UTC Dmitry Smirnov wrote:
> Rkt 1.16.0 FTBFS on ppc64el and s390x:
> 
> https://buildd.debian.org/status/package.php?p=rkt
> 
> Any ideas what we can do about it?

s390(x) is not supported upstream for the moment, but this shouldn't be a 
blocker as it has never been built there before anyway.

Regarding ppc64el, it looks like you hit again
https://github.com/shirou/gopsutil/issues/230
Given that upstream is not planning to fix it anytime soon, I'd recommend to
ask for a removal for rkt (1.9.1+dfsg-1) on ppc64el for now, so that it can 
transition to stretch without being blocked by that arch until some porters
get to it.

Cheers, Luca

-- 
«Доверяй, но проверяй»


signature.asc
Description: This is a digitally signed message part.

Bug#835360: rkt: FTBFS on several architectures

[Luca BRUNO]

1.13.0+dfsg-1 has been built without issues on i386:
https://buildd.debian.org/status/fetch.php?pkg=rkt=i386=1.13.0%2Bdfsg-1=1472188080

ppc64 and s390x are in progress upstream and should hopefully
be back in the next releases.

Ciao, Luca

-- 
«Доверяй, но проверяй»


signature.asc
Description: This is a digitally signed message part.

Bug#828931: llvm-toolchain-3.7: FTBFS on i386 with gcc-6 and glibc 2.23

[Luca BRUNO]

severity 828931 important
thanks

Hi,
are you also pulling something else from experimental (eg. gdb) or building in 
some slow/virtual environment?
It looks like you are just hitting a timeout while pexpect-ing, so I fear that 
it is more easily related to your specific environment than the newer gcc/
glibc:

> line 1414, in expect_loop
> raise TIMEOUT (str(e) + '\n' + str(self))
> TIMEOUT: Timeout exceeded in read_nonblocking().

I'm also bringing this back to its original severity, as a test timeout in 
lldb-mi with mixed-in experimental stuff doesn't fit as "serious".

Ciao, Luca

-- 
«Доверяй, но проверяй»


signature.asc
Description: This is a digitally signed message part.

Bug#822325: rustc: FTBFS in testing: test fail

[Luca BRUNO]

severity 822325 minor
tags 822325 + moreinfo
thanks

On Sat, 23 Apr 2016 14:33:48 +0200 (CEST) Santiago Vila  
wrote:

> This package currently fails to build from source in stretch.
> 
> --
> executing x86_64-unknown-linux-gnu/test/run-pass/tcp-stress.stage2-x86_64-
> unknown-linux-gnu 
> --stdout--
> 
> --stderr--
> thread '' panicked at 'called `Result::unwrap()` on an `Err` value: 
> RecvError', src/libcore/result.rs:746
> 
> --
> 
> The build was made on two different QEMU virtual machines with 4GB RAM
> and 4GB swap, running stretch, using sbuild.

This looks like an artifact due to your build environment, as I just tried 
building on a physical stretch amd64 machine and all tests pass:
"""
summary of 50 test runs: 10108 passed; 0 failed; 88 ignored; 0 measured 
"""

A couple of ideas regarding this test:
 * it is heavily threaded, it may trigger some data races in qemu
 * it may be slow to run and thus timing out. Can you try increasing the
   timeout at the top of src/test/run-pass/tcp-stress.rs?
 * It may be dropping the sender to early. Can you try moving the `drop(tx)`
   just before `process::exit(0)`?

Anyway, this looks like just some test instability on an emulated environment, 
and not a real regression. Thus I'm downgrading it.

Can you please try the small changes I suggested above? If so, it may be worth
reporting it directly to upstream.

Ciao, Luca

Bug#819831: [Pkg-rust-maintainers] Bug#819831: Bug#819831: cargo: FTBFS: unable to satisfy build-depends

[Luca BRUNO]

On Monday, April 04, 2016 11:14:00 PM Luca BRUNO wrote:

> I think we may align cargo on that and just build with libcurl4-gnutls-dev
> instead. Upstream prefers building with libcurl+openssl,
> but I guess switching to gnutls shouldn't cause any issue here.

I've just uploaded 0.8.0-2 with this change, with a low urgency
(just to be sure it didn't break anything).

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#819831: [Pkg-rust-maintainers] Bug#819831: cargo: FTBFS: unable to satisfy build-depends

[Luca BRUNO]

On Saturday, April 02, 2016 11:05:05 PM Santiago Vila wrote:

> and in fact this may not be solved by hand, because:
> 
> * Installing libgit2-dev removes libcurl4-openssl-dev.
> * Installing libcurl4-openssl-dev removes libgit2-dev.

This seems to be due to libgit2-dev moving to gnutls, see 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798421

> Sorry not to have a fix, but certainly this is RC for stretch, as
> packages in testing should be buildable in testing.

I think we may align cargo on that and just build with libcurl4-gnutls-dev 
instead. Upstream prefers building with libcurl+openssl,
but I guess switching to gnutls shouldn't cause any issue here.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#815364: OpenSLP 1.2 should not be part of stretch

[Luca BRUNO]

severity 815364 important
tags + 815364 pending
thanks

On Thu, 13 Aug 2015 23:55:59 +0200 Moritz Muehlenhoff <j...@debian.org> wrote:

> The last maintainer upload of openslp happened in 2007
> and it's orphaned for 5.5 years now. The 1.2 branch is
> completely abandoned upstream.

Thanks for the report.
We already discussed dropping OpenSLP support from OpenLDAP and it is a 
planned change:
http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/2016-January/006598.html

Our git trunk is currently entangled in a larger new upstream change, so we'll
queue this for later.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#816739: rsyslog-gnutls: imtcp/TLS hangs on dropped packages

[Luca BRUNO]

On Wednesday, March 09, 2016 09:09:42 PM you wrote:

> I don't have the setup to test this. So if you want to see this fixed in
> stable, it would be great if you can apply the upstream fix on top of
> 8.4.2 and test whether it actually fixes the issue.

I have this running live in a log aggregation center, but unfortunately 
reproducing this is somehow non-deterministic (it randomly happens from time 
to time, after several weeks that it is running under moderate load, without 
simple triggers).

I have now applied this patch on top of 8.4.2-1+deb8u2, and I'll let it run 
for some time in the environment above to check if it still deadlocks (however 
I can't exclude false negatives if the bug doesn't trigger).

Ciao, Luca
-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#816739: rsyslog-gnutls: imtcp/TLS hangs on dropped packages

[Luca Bruno]

Package: rsyslog-gnutls
Version: 8.4.2-1+deb8u2
Severity: grave
Tags: patch upstream
Justification: causes non-serious data loss

I have a log-aggregating server using rsyslog to receive multiple
streams (both UDP and TCP), including some remote logs via TLS.

I'm experiencing a lock of the TLS receiver under normal usage,
and consequently the TLS-receiving thread of rsyslog using 100% CPU.

After some initial debugging, this seems to be the same upstream bug
as reported here: https://github.com/rsyslog/rsyslog/issues/318

This has been fixed in the latest upstream version:
https://github.com/rsyslog/rsyslog/pull/494

I think this basically affects all setups where rsyslog is used
as a TLS receiver, and results in losing logs on the receiving side
(and increased buffer pressure on senders).
Thus I'm reporting this at severity grave.
It would be great if this could be fixed for current stable version,
as rsyslog-gnutls is too buggy for production usage at the moment.

-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rsyslog-gnutls depends on:
ii  libc6  2.19-18+deb8u3
ii  libgnutls-deb0-28  3.3.8-6+deb8u3
ii  libjson-c2 0.11-4
ii  rsyslog8.4.2-1+deb8u2

rsyslog-gnutls recommends no packages.

Versions of packages rsyslog-gnutls suggests:
ii  gnutls-bin  3.3.8-6+deb8u3

-- no debconf information

Bug#797623: opensaml2: transition needed for g++-5 ABIs

[Luca BRUNO]

> On Tue, 01 Sep 2015 10:48:28 +0200 Ferenc Wagner <wf...@niif.hu> wrote:

> > I'll package new upstream versions of the whole Shibboleth stack to
> > fix the outstanding OpenSAML security bug in unstable.
> > This will change the SO version of xml-security-c and
> > probably all other library packages in the stack.  Does this change the
> > big picture somehow?  I don't understand the interdependencies of this
> > transition.

I had a quick look at this, and I think that libsaml is not getting any
soname bump in latest upstream version:
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commitdiff;h=390147dc17687e900bf6a50f3577ccc611a0a7cd;hp=ec145bf31d59d23bbf63cdc39ffeb172ed29d67d

As such, I think we can just proceed with a NMU introducing libsaml8v5.
This will also remove the last blocker for libshibsp.

Cheers, Luca 

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#809283: libuv: FTBFS: dh_install: cp: cannot stat 'debian/tmp/debian/tmp/dh-exec.AUyQ2PO5/usr/lib/x86_64-linux-gnu/libuv.so.0.10': No such file or directory

[Luca BRUNO]

On Mon, 28 Dec 2015 23:14:03 + Chris Lamb <la...@debian.org> wrote:

> Source: libuv
> Version: 0.10.36-3
> Usertags: ftbfs
 
> libuv fails to build from source in unstable/amd64:

The same package builds fine on jessie, and has been built fine in sid in July 
2015, so this seems to be a regression somewhere else in the toolchain (or a 
previous misuse on my side).

>   [..]
>  dh_install
>   cp: cannot stat 'debian/tmp/debian/tmp/dh-exec.AUyQ2PO5/usr/lib/x86_64-
linux-gnu/libuv.so.0.10': No such file or directory
>   dh_install: cp --reflink=auto -a debian/tmp/debian/tmp/dh-
exec.AUyQ2PO5/usr/lib/x86_64-linux-gnu/libuv.so.0.10 
debian/libuv0.10/usr/lib/x86_64-linux-gnu// returned exit code 1
>   [..]

The double "debian/tmp/" looks a bit fishy there.
I guess either debhelper or dh-exec are over-substituting ${DESTDIR}, or 
started prepending one time too much.

Ciao, Luca 

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#786836: [Pkg-rust-maintainers] Bug#786836: packaging not yet ready for mass/stable usage

[Luca Bruno]

On Thursday 10 December 2015 10:58:28 Sylvestre Ledru wrote:

> >> Even though Rust recently reached the 1.0 milestone, compiler and
> >> ecosystem packaging still has to reach a "ready for the masses"
> >> status.
> > 
> > What needs to happen to resolve this bug?
> 
> Myself, I am happy to let rust migrate to testing. Using the Debian rust
> packages to build Firefox is a proof that it is ready for production.

We had an informal discussion on IRC a bunch of days ago, and we now feel 
confident enough to let rustc+cargo into testing.
rustc 1.5.0 has been tagged today, and together with cargo 0.6.0 we plan to 
let them migrate to testing.

On the other hand, we are still a bit unsure on the rest of the ecosystem (for 
which we'll probably need a dh helper), so we still plan to keep on hold 
third-party libraries and apps packaging.

I'll take care of closing this bug in a few days, assuming rustc+cargo are 
fine.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#805817: Should instanbul be removed?

[Luca Bruno]

On Sunday 22 November 2015 20:30:14 Moritz Muehlenhoff wrote:

> should instanbul be removed?

Yes, I think so.
I'll proceed asking for its removal.

> - Alternatives exist

For documentation purposes:
Last time I tried, both byzanz and recordmydesktop worked fine as alternatives 
in GTK world. Gnome now should also come with integrated screen recording, but 
I never tried it.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#805669: ksplice: FTBFS: x86_64-linux-gnu-gcc: error: /usr/lib/libbfd.a: No such file or directory

[Luca Bruno]

On Friday 20 November 2015 20:31:03 Chris West wrote:

> The package fails to build:

Even though this build failure could probably be adjusted by patching search 
paths, it is now clear that (the open part of) ksplice has been abandoned and 
the effort is shifting toward kpatch/kgraft.

As such, I will proceed asking for the removal of ksplice.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#777601: systemd: Loosing LXC memory cgroups after service install

[Luca Bruno]

On Tue, 25 Aug 2015 19:10:50 +0200 Michael Biebl <bi...@debian.org> wrote:
> Am 25.08.2015 um 18:41 schrieb Luca Bruno:
>
> > I've tried this patch and looks like adding another bug to me. Please
> > confirm what I'm experiencing. It's true, it does not remove cgroups
> > created by systemd, but then it doesn't cleanup cgroups that systemd
> > created either.
> >
> > Example:
> >
> > 1) set MemoryLimit to a service, the memory limit will appear in the
cgroups
> > 2) unset MemoryLimit to the same service, reload daemon, restart,
> > disable, re-enable, whatever... but the memory limit will NOT disappear
> > from the cgroups
> >
> > Seems wrong and possibly worse to me.
>
> Please raise your issue upstream

The issue I've mentioned is caused by the patch applied in the debian
package. It fixes an issue, and introduces another one. It's not an
upstream issue.

Bug#777601: systemd: Loosing LXC memory cgroups after service install

[Luca Bruno]

On Tue, 25 Aug 2015 18:41:59 +0200 Luca Bruno lethalma...@gmail.com wrote:
 I've tried this patch and looks like adding another bug to me. Please
 confirm what I'm experiencing. It's true, it does not remove cgroups
 created by systemd, but then it doesn't cleanup cgroups that systemd
 created either.

Correction, sorry for the confusing wording:

It's true, it does not remove cgroups *not* created by systemd, but
then it doesn't cleanup cgroups that systemd created either.

Bug#777601: systemd: Loosing LXC memory cgroups after service install

[Luca Bruno]

Control: unarchive -1

On Thu, 12 Feb 2015 15:43:30 +0100 Martin Pitt mp...@debian.org wrote:
 Hello again,

 so the patch that got proposed at


http://lists.freedesktop.org/archives/systemd-devel/2014-September/023276.html

 actually makes a lot of sense: This makes systemd only clean up
 cgroups that it created by itself, and thus won't clean up empty ones
 in other controllers that LXC created. I tested this and committed
 this for the experimental branch for now:


http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=experimentalid=286ef78fd

 I'd like to see this out in the wild for some time before applying it
 to jessie, though. I'm also still interested in what the actual impact
 of that is -- critical seems rather inflated? Losing empty cgroups
 doesn't sound that dangerous after all, aside from the LXC warnings
 when shutting down a container?

 Thanks,

I've tried this patch and looks like adding another bug to me. Please
confirm what I'm experiencing. It's true, it does not remove cgroups
created by systemd, but then it doesn't cleanup cgroups that systemd
created either.

Example:

1) set MemoryLimit to a service, the memory limit will appear in the cgroups
2) unset MemoryLimit to the same service, reload daemon, restart,
disable, re-enable, whatever... but the memory limit will NOT disappear
from the cgroups

Seems wrong and possibly worse to me.

Best regards,

Bug#793855: DoS, Shibboleth SP software crashes on well-formed but invalid XML (CVE-2015-0851)

[Luca Bruno]

Source: xmltooling
Version: 1.3.3-2
Severity: serious
Tags: security patch upstream

Shibboleth Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.

Updated versions of OpenSAML-C (V2.5.5) and XMLTooling-C (V1.5.5)
are available that correct this bug.

This vulnerability has been assigned CVE-2015-0851.
Please mention the CVE ID in changelog when fixing this issue.

References:
 * Bulletin
   http://shibboleth.net/community/advisories/secadv_20150721.txt
 * Fixing commit (xmltooling)
   
https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900

Cheers, Luca


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#793855: DoS, Shibboleth SP software crashes on well-formed but invalid XML (CVE-2015-0851)

[Luca Bruno]

On Tuesday 28 July 2015 12:15:43 Ferenc Wagner wrote:
 We're already working on this with the Security Team.  I wonder if I
 should prepare new packages (for {wheezy,jessie}-security) with the
 changelogs closing this bug.  Or should it be closed by the unstable
 upload of 1.5.5?  The proposed security uploads can be found at
 http://apt.niif.hu/CVE-2015-0851/.

Ok, just follow up with the Security Team then, they'll point you through the 
correct path.

I just filed this bug today as I realized the issue has been initially labeled 
with a wrong CVE and seemed to be untracked.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#793465: DoS and privilege escalation by local users (CVE-2015-3245 and CVE-2015-3246)

[Luca Bruno]

Source: libuser
Version: 1:0.56.9.dfsg.1-1.2
Severity: grave
Tags: security upstream patch

During a code audit by Qualys, multiple libuser-related vulnerabilities 
were discovered that can allow local users to perform denial-of-service and
privilege-escalation attacks:

- Race condition in password file update (CVE-2015-3246, Important)

A flaw was found in the way the libuser library handled the /etc/passwd file.
Even though traditional programs like passwd, chfn, and chsh work on a
temporary copy of /etc/passwd and eventually use the rename() function to
rename the temporary copy, libuser modified /etc/passwd directly.
Unfortunately, if anything went wrong during these modifications,
libuser may have left/etc/passwd in an inconsistent state.

This behavior could result in a local denial-of-service attack; in addition,
when combined with a second vulnerability (CVE-2015-3245, described below),
it could result in the escalation of privileges to the root user.

- Lack of validation of GECOS field contents (CVE-2015-3245, Moderate)

It was found that the chfn function of the userhelper utility did not properly
filter out newline characters. The chfn function implemented by the userhelper
utility verified that the fields it was given on the command line were valid
(that is, contain no forbidden characters).
Unfortunately, these forbidden characters (:,=) did not include the \n character
and allowed local attackers to inject newline characters into the /etc/passwd
file and alter this file in unexpected ways.
A local attacker could use this flaw to corrupt the /etc/passwd file,
which could result in a denial-of-service attack on the system.



Both issues have been fixed upstream, and shipped in relase 0.62.
Please mention the CVE numbers in the changelog when fixing the issue.

References:
 * RedHat security bulletin
   https://access.redhat.com/articles/1537873
 * PoC
   http://www.openwall.com/lists/oss-security/2015/07/23/16
 * libuser 0.62 changelog
   https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.62
 * Fixing commit
   
https://fedorahosted.org/libuser/changeset/d73aa2a5a9ce5bdd349dff46e3e4885f2b194a95/


Cheers, Luca


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#793397: Remote execution of untrusted code, DoS (CVE-2015-3253)

[Luca Bruno]

Package: groovy
Version: 1.8.6-1
Severity: grave
Tags: security upstream

cpnrodzc7, working with HP's Zero Day Initiative, discovered that
Java applications using standard Java serialization mechanisms to
decode untrusted data, and that have Groovy on their classpath, can
be passed a serialized object that will cause the application to
execute arbitrary code.

This is issue has been marked as fixed in Groovy 2.4.4 and a standalone
security patch has been made available.

CVE-2015-3253 has been assigned to this issue. 
Please mention it in the changelog when fixing the issue.

References:
 * Bulletin
   http://seclists.org/bugtraq/2015/Jul/78
 * Security update
   http://groovy-lang.org/security.html
 * Fixing commit (on 2.4.x branch)
   
https://github.com/apache/incubator-groovy/commit/09e9778e8a33052d8c27105aee5310649637233d


-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#793398: Remote execution of untrusted code, DoS (CVE-2015-3253)

[Luca Bruno]

Package: groovy2
Version: 2.2.2+dfsg-3
Severity: grave
Tags: security upstream

cpnrodzc7, working with HP's Zero Day Initiative, discovered that
Java applications using standard Java serialization mechanisms to
decode untrusted data, and that have Groovy on their classpath, can
be passed a serialized object that will cause the application to
execute arbitrary code.

This is issue has been marked as fixed in Groovy 2.4.4 and a standalone
security patch has been made available.

CVE-2015-3253 has been assigned to this issue. 
Please mention it in the changelog when fixing the issue.

References:
 * Bulletin
   http://seclists.org/bugtraq/2015/Jul/78
 * Security update
   http://groovy-lang.org/security.html
 * Fixing commit
   
https://github.com/apache/incubator-groovy/commit/09e9778e8a33052d8c27105aee5310649637233d

Cheers, Luca

-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#791751: [Pkg-openldap-devel] Bug#791751: openldap: Fails to build on mipsel

[Luca Bruno]

On Wednesday 08 July 2015 07:45:07 Gustavo Prado Alkmim wrote:

 Package is failing to build on buildd. 

 Build Log tail:

 slapd-bind PID=1105: ldap_sasl_bind_s: Invalid credentials (49)
 make: *** wait: No child processes.  Stop.
 make[3]: *** Waiting for unfinished jobs
 make[3]: *** wait: No child processes.  Stop.
 make[2]: *** [test] Error 2
 Makefile:282: recipe for target 'test' failed
 Build killed with signal TERM after 150 minutes of inactivity

 I'm working on a fix and I will attach it as soon as possible.

I think something glitched on the build machine.
While it isn't nice, it happened once already (but on a different builder) and 
just giving back the package solved it. I suspect the same will apply here.

Cheers, Luca 

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#791751: Please give back openldap (2.4.40+dfsg-2) on mipsel

[Luca Bruno]

Dear wb-team,
latest openldap upload (2.4.40+dfsg-2) saw a spurious failure in its testsuite 
on mipsel.
As diff with previous version is quite limited and failure unrelated, we 
suspect this was a momentary glitch somewhere.

Can we please give it a second try there?

gb openldap_2.4.40+dfsg-2 . mipsel

Ciao, Luca


-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG: 0xBB1A3A854F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#788795: [Pkg-javascript-devel] Bug#788795: libuv: FTBFS on mipsel. Tests failed.

[Luca Bruno]

On Monday 15 June 2015 09:16:13 Arturo Borrero Gonzalez wrote:
 
 As you can see on buildd [0], libuv FTBFS on mipsel due to some failed
 tests. There seem to be a patch upstream to address the issue [1].

Thanks for re-sending back my own patch :)
Unfortunately, as you can read in [0], [1] and [2], upstream rejected the 
patch and is working on something more general.
As this is now taking a bit too much time, I'm inclined to add it to the 
debian package, as it fixes that specific regression without other failures.

[0] https://github.com/libuv/libuv/issues/335
[1] https://github.com/libuv/libuv/pull/351
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787751

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 0x4F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#787751: libuv1: FTBFS - tests fail (mainly pipe_set_non_blocking)

[Luca Bruno]

retitle 787751 uv_loop_configure testsuite failure on mips/mipsel
tags 787751 + pending upstream sid
forwarded 787751 https://github.com/libuv/libuv/issues/335
severity 787751 important
thanks

On Friday 05 June 2015 10:53:51 Luca Bruno wrote:

 Just to summarize, all build failures are known upstream and fixed except
 for the mips one. Next upload should make the buildd matrix mostly green.

1.6.1-1 builds fine everywhere else, so I'm retitling this bug to track the 
upstream mips issue.
I'm also downgrading severity, as all the other arch are green and libuv1 has 
never been built on mips anyway.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 0x4F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#787751: [Pkg-javascript-devel] Bug#787751: libuv1: FTBFS - tests fail (mainly pipe_set_non_blocking)

[Luca Bruno]

On Friday 05 June 2015 10:43:19 Luca Bruno wrote:
 
  For some reason, pipe_set_non_blocking failed everywhere:
`pipe_set_non_blocking` failed: exit code 6
Output from process `pipe_set_non_blocking`:
Assertion failed in test/test-pipe-set-non-blocking.c on line 51: n == 0
 
 This is new to me, instead. It was not failing on my pbuilder one month ago,
 but I will retry now. We are now also lagging a couple of versions behind,
 so it may have been fixed/reported in the meanwhile.
 
 I'll try to dig a bit in the history and see if 1.5.0/1.6.0 fail too.
 
Confirmed, this is upstream #248 and has been fixed in 1.50:
https://github.com/libuv/libuv/issues/248

Just to summarize, all build failures are known upstream and fixed except for 
the mips one. Next upload should make the buildd matrix mostly green.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 0x4F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#787751: [Pkg-javascript-devel] Bug#787751: libuv1: FTBFS - tests fail (mainly pipe_set_non_blocking)

[Luca Bruno]

On Thursday 04 June 2015 13:25:49 Aaron M. Ucko wrote:
 
 The automated builds of libuv1 all failed with test suite errors.

Thanks for the detailed report.

 In addition, loop_configure failed with no explanation on mips and mipsel:
 
   `loop_configure` failed: exit code 6
   Output from process `loop_configure`: (no output)

This is upstream #335, I tracked down the origin of this (bad parameter to 
epoll_pwait) and had a minimal patch, but upstream prefers to go for full 
fix/rewrite, so we are still waiting for the final commit:
https://github.com/libuv/libuv/issues/335

 Worse yet, most tests failed on arm64, in many cases reporting
 timeouts:

This is upstream #334, patched in github for both v0.10 and v1:
https://github.com/libuv/libuv/issues/334

 For some reason, pipe_set_non_blocking failed everywhere:
 
   `pipe_set_non_blocking` failed: exit code 6
   Output from process `pipe_set_non_blocking`:
   Assertion failed in test/test-pipe-set-non-blocking.c on line 51: n == 0

This is new to me, instead. It was not failing on my pbuilder one month ago, 
but I will retry now. We are now also lagging a couple of versions behind, so 
it may have been fixed/reported in the meanwhile.

I'll try to dig a bit in the history and see if 1.5.0/1.6.0 fail too.

Regards, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 0x4F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: This is a digitally signed message part.

Bug#786836: packaging not yet ready for mass/stable usage

[Luca Bruno]

Source: rustc
Version: 1.0.0+dfsg1-1
Severity: serious

Even though Rust recently reached the 1.0 milestone,
compiler and ecosystem packaging still has to reach a
ready for the masses status.

As some bits are still missing (cargo, external libs) and 
other still under discussion (dynlibs, lang-extensions), 
this bug is left open in order to avoid a premature migration
to testing.

-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#758600: shibboleth-sp2-utils: postinst fails on initial installation

[Luca Bruno]

On Monday 10 November 2014 09:06:34 Russ wrote:

 I'll try to take a look, but I no longer use Shibboleth and handed the
 package maintenance off.  Copying the general mailing list.

Sorry then, I CC'd you explicitly as you did the backport, with additional 
changes over the plain jessie package, and are still listed as an Uploader. 

On Monday 10 November 2014 13:38:35 Sam Hartman wrote:
 I'd like to better understand the severity issue.
 Are you saying that there's no order I can install shibboleth and apache
 in wheezy that will work?
 I.E. even if I manually install the module first?

No, I suspect there clearly are ways to express the dependency and some 
install-order to satisfy it.

I've raised the severity because this package's postinst fails due to a non-
declared dependency. Additionally, this package is not providing the apache 
module and the daemon should not require apache2 to be installed at all.
So IMHO the missing/hypothetical dependency is also incorrect. 

While I see the benefit of autoloading the apache module, I think that this 
package SHOULD NOT gain a hard-dependency on apache2+mod_shib2, but opt 
instead for a conditional a2enmod in postinst.
As I said, I'm exploring a nginx+shibboleth path, which I expect to be 
supported by the split-packaging setup currently in backport.  

Just my 2c, though, as I'm still new to the shibboleth world. 

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 0x4F3BBEBF
  `- http://www.debian.org  | Debian GNU/Linux Developer


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754678: openocd: FTBFS on kfreebsd-*: configure: error: libusb-1.x is required for the MPSSE mode of FTDI based devices

[Luca Bruno]

On Mon, 20 Oct 2014 07:26:20 +0400 Paul Fertser fercer...@gmail.com wrote:

 On Sun, Oct 19, 2014 at 10:45:17PM +0100, Steven Chamberlain wrote:
  If you want something equivalent to Linux libusb 1.0 API, I think you
  need to Build-Depend on libusb2-dev [kfreebsd-any] rather than libusb-dev.
 
 Right, libusb-0.1 API is still needed for some older drivers, but it
 is provided by libusb2-dev on kfreebsd, libusb-dev shouldn't be used
 there.

My fault, I got really confused in all this libusb* mess.
I will apply your patch as-is and upload a -4.
 
  Dropping libftdi-dev from Build-Depends on kfreebsd-amd64, I actually
  get a successful build;  how does that work?  Does MPSSE mode not need
  ftdi.h any more?  If so, libftdi-dev can be dropped from Build-Depends
  on linux, too.  But I have no way of testing openocd.
 
 MPSSE mode depends only on libusb-1, however, there're three other
 drivers (USB Blaster, ASIX Presto, OpenJTAG; USB Blaster being really
 important here) plus legacy ft2232 implementation that need
 libftdi-dev.

If I'm not wrong:
 * usb-blaster support is autodetected
 * presto and openjtag should be explicitely enabled (currently aren't)
 * we don't currently explicitly enable any legacy ft2232

So the above patch should be ok.
I'm just slightly confused about usb-blaster on kfreebsd, which seems to have 
been autoenabled even though libftdi-dev was missing.

Cheers, Luca

signature.asc
Description: This is a digitally signed message part.

Bug#754678: openocd: FTBFS on kfreebsd-*: configure: error: libusb-1.x is required for the MPSSE mode of FTDI based devices

[Luca Bruno]

On Monday 20 October 2014 17:31:48 Paul Fertser wrote:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=22;filename=openocd.log.
  gz;att=1;bug=754678 
  | Altera USB-Blaster II Compatibleyes (auto)
 
 I see the source of the confusion now. There're two versions of USB
 Blaster, the first one is still widely available (and requires
 libftdi), the second (depends onl libusb) is slowly gaining popularity
 (clk frequency control is yet to be implemented, currently it might be
 too high for many targets).

I see. So in the end, let's keep:
 * libusb autodetection for kfreebsd
 * --enable-usb_blaster_libftdi for linux

Cheers, Luca

signature.asc
Description: This is a digitally signed message part.

Bug#762300: [Pkg-javascript-devel] Bug#762300: libuv: Versioned provides not supported during upgrades

[Luca BRUNO]

Niels Thykier ni...@thykier.net ha scritto:

 Your package (libuv0.10-dev) uses versioned provides.  Unfortunately,
 this feature is not supported by tools in stable.  Accordingly, it is
 not guaranteed to work during upgrades from Wheezy to Jessie.

As libuv has never been part of a stable release, I quickly concluded
that there wouldn't be any problems related to upgrades (as there
shouldn't exist an upgrade path!).

After some input by the release team, I just realized that in fact the
apt-get in stable is not capable of parsing versioned provides, so the
upgrade process would break as soon as receiving the new package list.

I will revert ASAP back to unversioned provide, I'd just like to see the
result from arm64 autobuilder (if it doesn't take too long).

Sorry for causing havoc, and thanks for catching it quickly before
migration.

Ciao, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#754678: openocd: FTBFS on kfreebsd-*: configure: error: libusb-1.x is required for the MPSSE mode of FTDI based devices

[Luca Bruno]

Package: openocd
Version: 0.8-1
Followup-For: Bug #754678

This is because openocd needs libusb-1.0 = 1.0.9, while the one 
provided by libusb2-dev on kfreebsd-* reports itself as 1.0.6 in 
pkg-config.
I've filled a bug asking kfreebsd porters to sync lib version 
with upstream.

Cheers, Luca

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754756: libuv: FTBFS on kfreebsd-amd64: test suite issues

[Luca Bruno]

Source: libuv
Followup-For: Bug #754756

It looks like there are transient failures in the testsuite,
which unfortunately aren't deterministic and I'm unable to 
reproduce on my VMs and porter-boxes.
Checking build-history, the same package fails-then-builds on 
different machines without clear patterns.

As kfreebsd support doesn't seem too mature and these are keeping 
behind also linux packages, I think we should either:
 * drop the kfreebsd packages and remove them from testing
 * ignore testsuite failures (only on kfreebsd?)

Any comments?

Cheers, Luca

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#757735: gtk-gnutella: Segfault at start

[Luca Bruno]

Package: gtk-gnutella
Version: 1.1.0-1
Followup-For: Bug #757735

Oddly enough, the same (optimized) package works fine when built with 
clang (3.4.2-6). According to autobuilders log, the faulty gcc in use 
was 4.9.1-1.

As a workaround, I can either:
 * Force building with gcc-4.8 (haven't tried yet)
 * Force building with clang
 * Drop optimization level for xmalloc.c

I would be still great to pinpoint the gcc bug, if somebody has time for
bin-diffing the two executable and reduce the test-case.

Cheers, Luca

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gtk-gnutella depends on:
ii  binutils 2.24.51.20140727-1
ii  libatk1.0-0  2.12.0-1
ii  libc62.19-7
ii  libcairo21.12.16-2
ii  libdbus-1-3  1.8.6-1
ii  libfontconfig1   2.11.0-5
ii  libfreetype6 2.5.2-1.1
ii  libgdk-pixbuf2.0-0   2.30.7-1
ii  libglib2.0-0 2.40.0-4
ii  libgnutls26  2.12.23-17
ii  libgtk2.0-0  2.24.24-1
ii  libpango-1.0-0   1.36.3-1
ii  libpangocairo-1.0-0  1.36.3-1
ii  libpangoft2-1.0-01.36.3-1
ii  zlib1g   1:1.2.8.dfsg-1

gtk-gnutella recommends no packages.

gtk-gnutella suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754756: [Pkg-javascript-devel] Bug#754756: libuv: FTBFS on kfreebsd-amd64: test suite issues

[Luca BRUNO]

Jérémy Lal kapo...@melix.org ha scritto:

 I suspect the problem isn't with libuv per se, rather with the tests
 themselves. 

Either that, or something more complex in the libc/kernel path.

 Can you identify a list of the tests that occasionally
 fail on kfreebsd ?

Some culprits in the past have been:
 * poll_duplex
 * poll_unidirectional
 * hrtime
 * fs_event_watch_file_current_dir
 * ipc_listen_before_write
 * threadpool_cancel_work

However it is difficult to see a pattern, as even between minor
debian revisions the results are different. 

 Some libuv/nodejs tests fail when the environment is slow/under high
 load...

I would expect to see timeouts in those cases (as opposed to hard
failures), but it could as well be the case.
Also some quirkiness in the host-side of the builders, which are still
running kernel 9.0.

In all these cases, it may make sense to avoid failing on test-suite
failure on !linux. Are you ok with that?

Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#720618: non-free license statement in /usr/share/inkscape/icons/inkscape.svg

[Luca BRUNO]

Ivo De Decker ivo.dedec...@ugent.be wrote:

  According to recent discussions, there should be a 0.48.5 pending.
  We may also want to wait for it (IIRC that was the original plan).
 
 OK. Will the license change be backported to 0.48? That would avoid
 repackaging the tarball.

I've been told so:
http://sourceforge.net/p/inkscape/mailman/message/32434309/

Ciao, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#750301: [Pkg-javascript-devel] Bug#750301: libuv: FTBFS: Tests failures

[Luca BRUNO]

David Suárez david.sephi...@gmail.com wrote:

 Hi,
 
 During a rebuild of all packages in sid, your package failed to build
 on amd64.

 [%  72|+ 140|-   0|T   0|S   2]: spawn_closed_process_io
  `spawn_closed_process_io` failed: exit code 6
  Output from process `spawn_closed_process_io`:
  Assertion failed in test/test-spawn.c on line 129: status == 0
  =
  make[1]: *** [test] Error 1
 
 About the archive rebuild: The rebuild was done on EC2 VM instances
 from Amazon Web Services, using a clean, minimal and up-to-date
 chroot. Every failed build was retried once to eliminate random
 failures.

I just tried again on a local amd64 pbuilder and didn't see any test
failure.
However, it looks like a similar test failure has been seen by
upstream jenkins:
http://jenkins.nodejs.org/job/libuv-v0.10/179/label=linux/artifact/test.tap/*view*/

I think this may be a race-style regression related to
https://github.com/joyent/libuv/issues/1211

Can you please check if 0.10.25-1 succeeds in the same environment
where 0.10.27-1 fails?

Thanks, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#720618: non-free license statement in /usr/share/inkscape/icons/inkscape.svg

[Luca BRUNO]

Ivo De Decker ivo.dedec...@ugent.be wrote:

 The inkscape upload in experimental contains the newer version, which
 contains the new license, and thus fixes this bug. I don't know if
 this version is expected to go to unstable soon, but if not, it might
 be nice to have this fix backported. 

No, it is not intended to be uploaded to unstable soon.
It was mostly an attempt to see if everything was ok.

 Matteo, are you planning to repacking the orig tarball in for 0.48 in
 unstable, or do you prefer an NMU for this?

According to recent discussions, there should be a 0.48.5 pending.
We may also want to wait for it (IIRC that was the original plan).

 BTW I notice the CC licenses aren't mentioned in the copyright file.
 This probably also is a serious issue.

It looks like.
If you directly want to address it, inkscape packaging is under git
collab-maint.

Ciao, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#722283: [Pkg-javascript-devel] Bug#722283: libuv: FTBFS with test suite errors

[Luca BRUNO]

On Mon, 09 Sep 2013 15:47:40 -0400
Aaron M. Ucko u...@debian.org wrote:

 Source: libuv
 Version: 0.10.8-0~exp2
 Severity: serious
 Justification: fails to build from source
 
 Automated builds of libuv on Linux failed with test suite errors.
 (Builds for other platforms didn't even compile; I'll report that
 separately.)  To wit:

Thanks for the reports, both issues are already addressed in git (but I
didn't know script(1), so I'll try to use it to pass test-tty).
What I didn't notice is that I mistakenly uploaded ~exp2 to unstable,
while it was intended for experimental.

Libuv packaging is not yet mature and !linux still have to be tested,
I'm going to fill the removal from unstable soon.

Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#720618: non-free license statement in /usr/share/inkscape/icons/inkscape.svg

[Luca BRUNO]

 Perhaps you can clarify this with the Inkscape authors ?  Maybe they
 intended GPL-2 anyway...

I don't think so. The logo was contributed by jimmac and originally
under CC. See https://bugs.launchpad.net/inkscape/+bug/345778

 Severity: serious

 that the Inkscape icon contains a statement suggesting that its
 license is CC-BY-SA 2.0.  This is unfortunate, as Debian's FTP team
 does not consider it Free.

I'm unsure about this. I remember an old thread on -project where it
was found that clause 4b of CC-BY-SA 2.0 allows upgrading to later
version, and several packages already fit in that case.
I think we are in the same case.

Moreover, I can still get in touch with jimmac and ask for a license
change, or just apply clause 4b upstream.

Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#706482: Upload of new package

[Luca BRUNO]

Adam D. Barratt wrote:

 gcc-msp430 | 4.6.3~mspgcc-20120406-3+deb7u1 | testing | source,
 amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips,
 mipsel, powerpc, s390, s390x, sparc
 
 It's sorted. :-) There was some discussion about that on IRC, maybe
 we should have made sure a summary ended up in the bug log.

Allright,
we basically agreed on a -4 with only the description change for
wheezy. Unfortunately the libmpfr4 in sid turned out to be
incompatible, so -3+deb7u1 was later uploaded to t-p-u.
I sent an unblock request yesterday after that, but looks like it got
lost in the bit bucket. Adam had already accepted it, though.

The bug is still there, though, so this report is kept open and the
patch will go to s-p-u (-3+deb7u2 ?) once wheezy is out (monday?). 

For Adam: yes, one of the kfreebsd-amd64 autobuilder is picky and it has
been re-tried several time before. I don't remember to have
bin-uploaded -3, even though I did once before (-1 or -2) while
debugging locally. I see that fano has built it, now.

Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#706482: gcc-msp430: generated interrupt table for MSP430FR5xxx parts will blow security fuse

[Luca BRUNO]

John Paul Adrian Glaubitz wrote:

 Is it possible to upload a properly fixed package into Wheezy as soon
 as upstream provides a proper patch with minimal to no delay?

As stated above, patched package is ready and will be uploaded once
wheezy is tagged, as we are a bit too late in release process to do it
now.

 This should be kept open and tagged as critical after Wheezy has been 
 released, so everyone is kept aware of the issue.

The bug will be closed with the next s-u upload. 
 
Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#706482: gcc-msp430: generated interrupt table for MSP430FR5xxx parts will blow security fuse

[Luca BRUNO]

Attila Kinali wrote:

  Unfortunately I think it's now too late to fix this before the
  release.
 
 Yeah. I felt bad about opening a critical bug this short before the
 release. But breaking devices is something that shouldnt happen.

Attila, I hope not have bricked any of your msp430 kits. I didn't spot
the importance of this patch out of the upstream bundle that happened
during the freeze, my bad.
 
  I'd be happy to accept the patch in a point release, but would
  appreciate some input from the maintainer here - should we ship the
  package as-is and fix the problem in the first point release, or
  remove the package (and msp430-libc) from wheezy? The removal would
  not be a regression, as neither package is in squeeze.
 
 I would not remove the packages from wheezy, that would be
 unwarranted. Maybe an intermediate solution would be to change the
 description of the packages to contain a warning for the FRAM based
 devices. And then fix it in the point realease in 2 or 3 months.

Just for a bit of context for the RT, this just affects a minority of
the msp430 chips (the FR series, recently launched and based on FRAM).
I expect most of the user to come for the Launchpad or other zigbee
related boards, which doesn't carry those FR chips.
Nonetheless there are some recent devkits (called fraunchpad), which are
affected. I don't own any of those and I'm unsure how popular they are,
given the price.

Following Attila suggestion, I'd keep the package in and
document this RC in the meanwhile (in the release notes? I fear we are
too late also for a -4 with a NEWS.Debian.gz or a description change).
I'll then upload the fix next week to s-p-u.

Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#706482: gcc-msp430: generated interrupt table for MSP430FR5xxx parts will blow security fuse

[Luca BRUNO]

Adam D. Barratt wrote:

 If the change were made today and it was purely the text change, we 
 might just squeeze it in. NEWS.Debian will only be displayed to
 people upgrading from earlier versions, so of those two options the
 description would probably be more useful.

Ok, I'm currently building a package with the following description
change.
A couple of questions for the RT:
* gcc-msp430 is at the same version on sid and testing, can I target this -4 to
  unstable and let it migrate from there? Or should I build a -3+wheezy1 in a
  wheezy chroot and target t-p-u?
* Should I also provide a small paragraph for the release notes remarking the 
  issue and saying that it will be fixed really soon?

Debdiff inline below, please ACK:

diff -Nru gcc-msp430-4.6.3~mspgcc-20120406/debian/changelog 
gcc-msp430-4.6.3~mspgcc-20120406/debian/changelog
--- gcc-msp430-4.6.3~mspgcc-20120406/debian/changelog   2012-05-20 
13:53:45.0 +0200
+++ gcc-msp430-4.6.3~mspgcc-20120406/debian/changelog   2013-05-02 
10:13:41.0 +0200
@@ -1,3 +1,12 @@
+gcc-msp430 (4.6.3~mspgcc-20120406-4) unstable; urgency=high
+
+  * Change package description to mention the incompatibility
+with MSP430FR5xxx chips (eg. Fraunchpad board).
+This package DOES NOT work on that chips series, and will
+brick it.
+
+ -- Luca Bruno lu...@debian.org  Thu, 02 May 2013 10:10:38 +0200
+
 gcc-msp430 (4.6.3~mspgcc-20120406-3) unstable; urgency=low
 
   * Disable features not relevant to msp430
diff -Nru gcc-msp430-4.6.3~mspgcc-20120406/debian/control 
gcc-msp430-4.6.3~mspgcc-20120406/debian/control
--- gcc-msp430-4.6.3~mspgcc-20120406/debian/control 2012-05-17 
09:06:33.0 +0200
+++ gcc-msp430-4.6.3~mspgcc-20120406/debian/control 2013-05-02 
10:10:13.0 +0200
@@ -20,3 +20,8 @@
  This is the GNU C compiler, a fairly portable optimizing compiler for C
  for TI's MSP430 architecture.  This package is primarily for MSP430 
  developers and cross-compilers and is not needed by normal users.
+ .
+ BEWARE: due to a bug in the memory layout reference of FRAM-based chips, 
+ this package DOES NOT WORK with MSP430FR5xxx chips (eg. FraunchPad devkit).
+ DO NOT use gcc-msp430 on that chip series, as you will lose access to
+ JTAG and BSL, and permanently BRICK your chip!

Cheers, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#689077: Header path not matching llvm-config include-dir

[Luca BRUNO]

Sylvestre Ledru scrisse:

 -usr/include/llvm-c-3.1/ usr/lib/llvm-3.1/include/llvm-c
 -usr/include/llvm-3.1/ usr/lib/llvm-3.1/include/llvm
 +usr/include/llvm-c-3.1/llvm-c usr/lib/llvm-3.1/include/
 +usr/include/llvm-3.1/llvm usr/lib/llvm-3.1/include/
 
 With your patch, I am getting:
 dh_link: link destination
 debian/llvm-3.1-dev/usr/lib/llvm-3.1/include/ is a directory

Ouch, really sorry for this, I used the same syntax as `ln -s` and
didn't try a package build due to limited horse-power here. 

Ciao, Luca

-- 
  .''`.  |   ~[ Luca BRUNO ~ (kaeso) ]~
 : :'  : | Email: lucab (AT) debian.org ~ Debian Developer
 `. `'`  | GPG Key ID: 0x3BFB9FB3   ~ Free Software supporter
   `-| HAM-radio callsign: IZ1WGT   ~ Networking sorcerer


signature.asc
Description: PGP signature

Bug#689077: Header path not matching llvm-config include-dir

[Luca Bruno]

Package: llvm-3.1-dev
Version: 3.1-3~exp4
Severity: grave
Tags: patch

Hi,
I got into some troubles with experimental llvm-3.1...

Current header files are installed in:
/usr/lib/llvm-3.1/include/llvm/llvm
/usr/lib/llvm-3.1/include/llvm-c/llvm-c

while `llvm-config --includedir` reports
/usr/lib/llvm-3.1/include
(ie. a directory up)

I suspect that header links in llvm-3.1-dev should be diverted as in the
following patch:

--- debian/llvm-3.1-dev.links~  2012-09-14 19:47:31.0 +0200
+++ debian/llvm-3.1-dev.links   2012-09-29 00:30:50.086131015 +0200
@@ -1,3 +1,3 @@
 usr/lib/x86_64-linux-gnu/libLLVM-3.1.so.1  usr/lib/x86_64-linux-
gnu/libLLVM-3.1.so
-usr/include/llvm-c-3.1/ usr/lib/llvm-3.1/include/llvm-c
-usr/include/llvm-3.1/ usr/lib/llvm-3.1/include/llvm
+usr/include/llvm-c-3.1/llvm-c usr/lib/llvm-3.1/include/
+usr/include/llvm-3.1/llvm usr/lib/llvm-3.1/include/

I raised the severity as it is currently breaking everything which uses `llvm-
config --includedir`.

Ciao, Luca



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages llvm-3.1-dev depends on:
ii  libc6   2.13-35
ii  libffi-dev  3.0.10-3
ii  libffi5 3.0.10-3
ii  libgcc1 1:4.7.1-8
ii  libstdc++6  4.7.1-8
ii  llvm-3.13.1-3~exp4

llvm-3.1-dev recommends no packages.

llvm-3.1-dev suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683597: python-whois: Wrong json import

[Luca Bruno]

Package: python-whois
Version: 0.6.4-1
Severity: grave
Tags: upstream
Justification: renders package unusable

Hi,
it looks like this package won't work on a default Wheezy install 
(ie. with python-2.7).

In whois/_1_query.py it tries to import simplejson, which by default 
is not installed:


if PYTHON_VERSION = 3:
import json
else:
import simplejson as json


You should add an explicit dependency on simplejson and (better) try 
to import json and then fallback on simplesjson.

Cheers, Luca

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-whois depends on:
ii  python  2.7.3~rc2-1
ii  whois   5.0.17

python-whois recommends no packages.

python-whois suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#659379: uzbl: world-readable (and writable!) cookie jar

[Luca BRUNO]

forwarded 659379 
http://www.uzbl.org/bugs/index.php?do=detailstask_id=291project=1
thanks

Henri Salo scrisse:

  This allows local users to steal cookies (and tamper with them).
  
  Does this security-issue have CVE-identifier? I can request one
  from oss-security mailing list if ID hasn't been assigned.
  
  It's been already requested, but not assigned yet AFAICS:
  http://seclists.org/oss-sec/2012/q1/406
 
 Ok. Thank you for fast reply. Please contact me if you need testing
 or other help.

Forwarded to upstream bugtracker and noticed on IRC, I'm waiting for
comments on that side. Here's the report:
http://www.uzbl.org/bugs/index.php?do=detailstask_id=291project=1

While waiting for the proper CVE-id, attached here is a tentative patch
for the cookie plugin. Just umask setting and chmod on existing jar if any.
Reviews appreciated as I'm not a great pythonista...

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
commit 53d8dfbb6e4fc29be026672f4d3d43a17b3cfe5d
Author: Luca Bruno lu...@debian.org
Date:   Sat Feb 11 15:23:14 2012 +0100

Restrict third-party access to cookie jar

Make sure new cookie jar is created with no permission for others,
and remove excessive rights on existing jar if any.

Signed-off-by: Luca Bruno lu...@debian.org

diff --git a/examples/data/plugins/cookies.py b/examples/data/plugins/cookies.py
index e29ee36..3d81ebe 100644
--- a/examples/data/plugins/cookies.py
+++ b/examples/data/plugins/cookies.py
@@ -2,7 +2,7 @@
 forwards cookies to all other instances connected to the event manager
 
 from collections import defaultdict
-import os, re
+import os, re, stat
 
 # these are symbolic names for the components of the cookie tuple
 symbolic = {'domain': 0, 'path':1, 'name':2, 'value':3, 'scheme':4, 'expires':5}
@@ -32,6 +32,13 @@ class ListStore(list):
 class TextStore(object):
 def __init__(self, filename):
 self.filename = filename
+try:
+  # make sure the cookie jar is not world-open
+  perm_mode = os.stat(self.filename).st_mode
+  if (perm_mode  (stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH))  0:
+  os.chmod(self.filename, (stat.S_IMODE(perm_mode)  3)  3)
+except OSError:
+pass
 
 def as_event(self, cookie):
 Convert cookie.txt row to uzbls cookie event format
@@ -76,6 +83,11 @@ class TextStore(object):
 # delete equal cookies (ignoring expire time, value and secure flag)
 self.delete_cookie(None, cookie[:-3])
 
+# restrict umask before creating the cookie jar
+curmask=os.umask(0)
+print (curmask|(stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH))
+os.umask(curmask|(stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH))
+
 first = not os.path.exists(self.filename)
 with open(self.filename, 'a') as f:
 if first:
@@ -86,6 +98,11 @@ class TextStore(object):
 if not os.path.exists(self.filename):
 return
 
+# restrict umask before creating the cookie jar
+curmask=os.umask(0)
+print (curmask|(stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH))
+os.umask(curmask|(stat.S_IROTH | stat.S_IWOTH | stat.S_IXOTH))
+
 # read all cookies
 with open(self.filename, 'r') as f:
 cookies = f.readlines()


signature.asc
Description: PGP signature

Bug#652082: gcc-msp430: FTBFS on sparc, mips, mipsel

[Luca BRUNO]

 Source: gcc-msp430
 Justification: fails to build from source

 Full build log:
 https://buildd.debian.org/status/fetch.php?pkg=gcc-msp430arch=sparcver=4.5.3%7Emspgcc-20110716-3stamp=1323293228
 
 I tried to reproduce the failure on smetana.d.o, but it failed 
 differently there:

It is also failing on mips and mipsel.
Work is in progress on this bug, upstream is getting a guest access on
{mips,mipsel,sparc} porterbox in order to better track this down.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#644653: Needs to be updated for ghex 3.0

[Luca BRUNO]

Jeremy Bicha scrisse:

 Luca, I had been working on the ghex and nemiver updates some a few
 weeks ago before realizing that gtksourceviewmm needed updating in
 Debian first. Well, that's happened now and I hope you don't mind that
 I've pushed my nemiver work to your git repository.

Wonderful :)
I can see the upstream-related changes in git but nothing in the
debian-specific branch, maybe you forgot to push it?

Moreover, would you like to upload new nemiver as NMU o may I proceed
checking, integrating and pushing it?

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#637275: gtk-gnutella: FTBFS: str.c:1176:2: error: invalid operands to binary != (have 'va_list' and 'void *')

[Luca BRUNO]

tag 637275 + fixed-upstream
thanks

Nobuhiro Iwamatsu scrisse:

 cc -c -I../.. -I.. -pthread -I/usr/include/glib-2.0
 -I/usr/lib/glib-2.0/include   -I/usr/include/dbus-1.0
 -I/usr/lib/arm-linux-gnueabi/dbus-1.0/include   -DCURDIR=src/lib -O2
 -g -pipe -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
 -D_FILE_OFFSET_BITS=64 -W -Wall -Wformat=2 -Wshadow  str.c
 str.c: In function 'str_vncatf':
 str.c:1176:2: error: invalid operands to binary != (have 'va_list'
 and 'void *') str.c:1204:7: error: used struct type value where

This has just been fixed upstream:
http://gtk-gnutella.svn.sourceforge.net/viewvc/gtk-gnutella?view=revisionrevision=19409

Thanks Raphael for the super-quick commit, I was just starting looking
at it :)
Would you prefer going for a 0.97.1 soon, or can I go with a
distro-specific patch?

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#606282: Needs to link statically with libbfd

[Luca Bruno]

tag 606282 + confirmed
tag 606282 + pending
thanks

brian m. carlson scrisse:

 ksplice-objmanip needs to link statically with libbfd.  According to
 the binutils-dev package description:

Brian is completely right on this, and I've just done that.
Anyway, I'm waiting for feedback from Timo, who has submitted a patch
to upstream to ensure compatibility with oue 2.6.32 stock kernel.

Once he got comments from upstream about it, I'll upload and request an
unblock. Please do not NMU in the meanwhile.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#601818: gparted crashes at start: glibmm-ERROR **

[Luca Bruno]

notfound 601818 0.6.2-1
thanks

This bug shouldn't be affecting Squeeze, as reading the original
launchpad bug shows that the crash has been caused by an ubuntu
additional patch.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#601817: gparted crashes applying move to right of more than one logical partition

[Luca Bruno]

tag 601817 + patch
thanks

Upstream bug-report shows that this bug was fixed by a
single git commit, that could be cherry-picked for squeeze:
http://git.gnome.org/browse/gparted/commit/?id=7c0e3fa7789f413e8408e89ff7470e8ff86e7e72

As I think the Release Team wouldn't be happy too happy with a new
upstream at this point, would you mind including it in a 0.6.2-2 for
Squeeze?

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#596986: FTBFS: tests fail on armhf (and sh4)

[Luca Bruno]

Hi,
after some research, I think that this bug is buildd-specific
rather than package-specific. See the pattern for 1.2.2-1:

* amd64
brahms - failed (three in a row)
braber - built (twice)
* sparc
schroeder - failed (twice)
spontini - built
* kfreebsd-am64
fano - failed (twice)
fasch -built

However, the pattern seems not to be consistent between 1.2.1-2,
1.2.1-3, 1.2.2-1 in some cases, like s390 and hppa builders (rotating
successes and failures).

I briefly compared the toolchains and the configure stages logged on
kfreebsd and amd64 builders, but I didn't notice interesting
differences.

Moreover, I tried to reproduce this both locally (amd64) and on sumotsu,
but it never failed (trying with both bash and dash).

I'm out of clues now. 
I think that yes and no are currently leaked
answer to something, which are incorrectly tried to be sourced
somewhere (pure speculation here, I didn't find the actual origin).

I also noticed a strange constant warning among build logs
./configure.lineno: 5784: ${SHELL}: not found
which I wasn't able to reproduce locally, nor to track down to the
source.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#597932: openocd FTBFS on armel and hurd

[Luca Bruno]

forwarded 597932 
https://lists.berlios.de/pipermail/openocd-development/2010-September/016570.html
thanks

Tormod Volden scrisse:

 I can not talk for the maintainer, but I will encourage you to submit
 the patch on the upstream ML
 http://openocd.git.sourceforge.net/git/gitweb.cgi?p=openocd/openocd;a=summary
 but refreshed against their latest git (your register-command.diff
 does not apply cleanly). Having the upstream ack will also make it
 easier to push your patch through Debian.

You're probably right. While waiting for Uwe, I took the time to
refresh the patch and forward it upstream, so they can comment on it.
Bug status updated accordingly.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


signature.asc
Description: PGP signature

Bug#597932: openocd FTBFS on armel and hurd

[Luca Bruno]

tag 597932 + patch
thanks

Hi,
attached a complete patch to fix compilation on both armel and hurd.
I have a NMU ready, tell me if I should proceed with it or if you prefer
to handle this.

Moreover, the patch for armel should really be sent upstream.
Would you take care of this (if you are in touch with authors) or should
I do it?

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
diffstat for openocd_0.4.0-1 openocd_0.4.0-1.1

 debian/patches/register-command.diff |   91 +++
 openocd-0.4.0/debian/changelog   |9 +++
 openocd-0.4.0/debian/rules   |   19 +--
 3 files changed, 114 insertions(+), 5 deletions(-)

diff -u openocd-0.4.0/debian/changelog openocd-0.4.0/debian/changelog
--- openocd-0.4.0/debian/changelog
+++ openocd-0.4.0/debian/changelog
@@ -1,3 +1,12 @@
+openocd (0.4.0-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add patch to build ep93xx and at91rm9200 on armel (Closes: #597932).
+  * Disable parport, gw16012 and amtjtagaccel drivers on GNU/HURD,
+rules snippet by Pino Toscano. 
+
+ -- Luca Bruno lu...@debian.org  Sat, 25 Sep 2010 20:26:48 +0200
+
 openocd (0.4.0-1) unstable; urgency=low
 
   * New upstream release (Closes: #564842).
diff -u openocd-0.4.0/debian/rules openocd-0.4.0/debian/rules
--- openocd-0.4.0/debian/rules
+++ openocd-0.4.0/debian/rules
@@ -20,8 +20,6 @@
 DEB_CONFIGURE_EXTRA_FLAGS := \
 	--enable-maintainer-mode \
 	--disable-werror \
-	--enable-parport \
-	--enable-parport_ppdev \
 	--enable-ft2232_libftdi \
 	--enable-ep93xx \
 	--enable-at91rm9200 \
@@ -33,11 +31,22 @@
 	--enable-arm-jtag-ew \
 	--enable-dummy
 
-# Don't add --enable-gw16012 and --enable-amtjtagaccel on Debian GNU/kFreeBSD
-# as they're currently not supported there.
-ifneq (GNU/kFreeBSD, $(shell uname -s))
+configure_flags_parport := \
+	--enable-parport \
+	--enable-parport_ppdev
+
+ifeq ($(DEB_HOST_ARCH_OS),linux)
+# Parport drivers only work on Linux and kFreeBSD, conditionally add them here
+DEB_CONFIGURE_EXTRA_FLAGS += $(configure_flags_parport)
+# Add --enable-gw16012 and --enable-amtjtagaccel only for Linux,
+# as they're currently supported there only.
 DEB_CONFIGURE_EXTRA_FLAGS += --enable-gw16012 --enable-amtjtagaccel
 endif
+   
+ifeq ($(DEB_HOST_ARCH_OS),kfreebsd)
+# Parport drivers only work on Linux and kFreeBSD, conditionally add them here
+DEB_CONFIGURE_EXTRA_FLAGS += $(configure_flags_parport)
+endif
 
 ### # We must first call ./bootstrap to generate the autotools stuff.
 ### post-patches:: debian/stamp-autothings-update
only in patch2:
unchanged:
--- openocd-0.4.0.orig/debian/patches/register-command.diff
+++ openocd-0.4.0/debian/patches/register-command.diff
@@ -0,0 +1,91 @@
+diff -Nur -x '*.orig' -x '*~' openocd-0.4.0//src/jtag/drivers/at91rm9200.c openocd-0.4.0.new//src/jtag/drivers/at91rm9200.c
+--- openocd-0.4.0//src/jtag/drivers/at91rm9200.c	2010-02-21 21:17:07.0 +0100
 openocd-0.4.0.new//src/jtag/drivers/at91rm9200.c	2010-09-26 17:28:06.975575833 +0200
+@@ -118,22 +118,9 @@
+ static void at91rm9200_reset(int trst, int srst);
+ 
+ static int at91rm9200_speed(int speed);
+-static int at91rm9200_register_commands(struct command_context *cmd_ctx);
+ static int at91rm9200_init(void);
+ static int at91rm9200_quit(void);
+ 
+-struct jtag_interface at91rm9200_interface =
+-{
+-	.name = at91rm9200,
+-
+-	.execute_queue = bitbang_execute_queue,
+-
+-	.speed = at91rm9200_speed,
+-	.register_commands = at91rm9200_register_commands,
+-	.init = at91rm9200_init,
+-	.quit = at91rm9200_quit,
+-};
+-
+ static struct bitbang_interface at91rm9200_bitbang =
+ {
+ 	.read = at91rm9200_read,
+@@ -185,7 +172,7 @@
+ 	return ERROR_OK;
+ }
+ 
+-static int at91rm9200_handle_device_command(struct command_context *cmd_ctx, char *cmd, char **CMD_ARGV, int argc)
++COMMAND_HANDLER(at91rm9200_handle_device_command)
+ {
+ 	if (CMD_ARGC == 0)
+ 		return ERROR_OK;
+@@ -207,12 +194,20 @@
+ 		.mode = COMMAND_CONFIG,
+ 		.help = query armjtagew info,
+ 	},
++	COMMAND_REGISTRATION_DONE
+ };
+ 
+-static int at91rm9200_register_commands(struct command_context *cmd_ctx)
++struct jtag_interface at91rm9200_interface =
+ {
+-	return register_commands(cmd_ctx, NULL, at91rm9200_command_handlers);
+-}
++	.name = at91rm9200,
++
++	.execute_queue = bitbang_execute_queue,
++
++	.speed = at91rm9200_speed,
++	.commands = at91rm9200_command_handlers,
++	.init = at91rm9200_init,
++	.quit = at91rm9200_quit,
++};
+ 
+ static int at91rm9200_init(void)
+ {
+diff -Nur -x '*.orig' -x '*~' openocd-0.4.0//src/jtag/drivers/ep93xx.c openocd-0.4.0.new//src/jtag/drivers/ep93xx.c
+--- openocd-0.4.0//src/jtag/drivers/ep93xx.c	2010-02-21 21:17:07.0 +0100
 openocd-0.4.0.new//src/jtag/drivers/ep93xx.c	2010-09-26 15:17:21.520076954 +0200
+@@ -47,7 +47,6 @@
+ static void

Bug#597932: openocd FTBFS on armel and hurd

[Luca Bruno]

Package: openocd
Version: 0.4.0-1
Severity: serious

openocd currently fails to build on hurd and armel, and this fact prevented
0.4.0 from entering squeeze till now. See
https://buildd.debian.org/fetch.cgi?pkg=openocd;ver=0.4.0-1;arch=hurd-i386;stamp=1269698459
and
https://buildd.debian.org/fetch.cgi?pkg=openocd;ver=0.4.0-1;arch=armel;stamp=1283718718

As armel is a release architecture, you may consider temporarily removing
ep93xx and at91rm9200 until a proper patch is out, hoping that release team
would let it in and nothing else is broken.

Cheers, Luca



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openocd depends on:
ii  dpkg  1.15.8.5   Debian package management system
ii  install-info  4.13a.dfsg.1-5 Manage installed documentation in 
ii  libc6 2.11.2-6   Embedded GNU C Library: Shared lib
ii  libftdi1  0.18-1 Library to control and program the
ii  libusb-0.1-4  2:0.1.12-16userspace USB programming library

openocd recommends no packages.

openocd suggests no packages.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#548099: broken on kfreebsd

[Luca Bruno]

It is instead working fine on my kfreebsd-amd64, up-to-date sid:

r...@europa:~# uname -sr
GNU/kFreeBSD 8.1-1-amd64

r...@europa:~# dpkg -l | grep molly-guard
ii  molly-guard 0.4.4-2

r...@europa:~# halt
W: molly-guard: SSH session detected!
Please type in hostname of the machine to halt: ^C
Good thing I asked; I won't halt europa ...

I think this works just because SSH_CONNECTION is properly set:
r...@europa:~# env | grep -i ssh
SSH_CLIENT=10.23.1.1 46891 22
SSH_TTY=/dev/ttyp0
SSH_CONNECTION=10.23.1.1 46891 10.23.1.2 22

Otherwise, I'm not sure how to identify a terminal spawned by 
sshd, as process grepping seems to behave differently and not 
to report the pseudo-terminal:
root   703   /usr/sbin/sshd
root  1012\_ /usr/sbin/sshd -R
lucab 1016\_ /usr/sbin/sshd -R
lucab 1017\_ -bash
root  1043\_ su
root  1050\_ bash

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpvAXdZ8qUry.pgp
Description: PGP signature

Bug#591515: ssmtp: CVE-2008-7258 buffer overflow

[Luca Bruno]

tag 591515 + unreproducible
thanks

Hi,
Ubuntu bug-report was filed against 2.62 and contains a PoC/testcase.
Current squeeze and sid contain latest 2.64, and the aforementioned
testcase doesn't fail.

Moreover, as it seems to be an off-by-one error, I think it was fixed
in later versions, as ssmtp.c now accounts for it:

1385 if(vsnprintf(buf, (BUF_SZ - 1), format, ap) == -1) {
1386 die(smtp_write() -- vsnprintf() failed);
1387 }

I'm tagging as unreproducible, as Anibal would certainly have more
knowledge about this than me to close it.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpDvf5LzxWSV.pgp
Description: PGP signature

Bug#593400: fbi: broken kfreebsd-* and hurd-* binaries

[Luca Bruno]

According to buildd logs[0], fbi FTBFS on any non-linux arch. This seems
quite expected, as fbi heavily rely on linux/fb.h.

It also looks like some issues are due to a spurious patch
(debian-changes-2.07-3 [1]) which was auto-generated with latest
upload. It hard-codes configuration values (which are correct only on
linux-any) and let the config phase being skipped.

IMHO, fbi binary should be declared arch: linux-any, aforementioned
patch should be dropped and Make.config removed by clean target.
Also, removal should be asked for previous fbi binaries in squeeze on
kfreebsd and hurd.

Moritz, can you please take care of this?

Cheers, Luca

[0] https://buildd.debian.org/pkg.cgi?pkg=fbi
[1] 
http://patch-tracker.debian.org/patch/series/view/fbi/2.07-3/debian-changes-2.07-3

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpjnk7ykLefG.pgp
Description: PGP signature

Bug#592310: arpon: Arpon daemon won't start

[Luca Bruno]

tag 592310 + patch
thanks

It looks like a simple default configuration mistake.
The attached patch should fix the shipped default.

Skibbi, you may want to amend your /etc/default/arpon as follow:
DAEMON_OPTS=-q -f /var/log/arpon/arpon.log -g -d

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
--- debian/arpon.default~	2010-08-18 12:39:17.873711619 +0200
+++ debian/arpon.default	2010-08-18 12:40:32.013462171 +0200
@@ -7,10 +7,10 @@
 # dynamic ARP inspection (DARPI)
 #
 # For SARPI uncomment the following line
-# DAEMON_OPTS=-d -f /var/log/arpon/arpon.log -g -s
+# DAEMON_OPTS=-q -f /var/log/arpon/arpon.log -g -s
 
 # For DARPI uncomment the following line
-# DAEMON_OPTS=-d -f /var/log/arpon/arpon.log -g -y
+# DAEMON_OPTS=-q -f /var/log/arpon/arpon.log -g -d
 
 # Modify to RUN=yes when you are ready
 RUN=no


pgpjbu6KHcGRr.pgp
Description: PGP signature

Bug#582024: eh

[Luca Bruno]

Adam D. Barratt scrisse:

 This has been tagged pending for a few weeks; are you planning on
 uploading the fix in the near future?

I marked this as pending, as I was ready to NMU.
Original maintainer said he would have taken care of this, so I didn't
proceed on this. Pierre, can you please upload it?
Otherwise I'll proceed with a delayed NMU soon.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpD8EzPyxMBa.pgp
Description: PGP signature

Bug#589851: #589551 - aspell-bg: Broken after upgrade from lenny or after reinstalling the package

[Luca Bruno]

Hi,
I'm fine to test and sponsor your patches for #589551.
As it is a QA RC-fixing upload, I prefer it to contain just minimal
changes to fix this bug (eg. the current patch) and have it sorted out
soon, leaving minor cosmetic ones for later.
Also, given that this is a orphaned package, would you mind talking
with Damyan (Hi :) to take this over?

It looks like a git repository is already available on collab-maint,
and I'll be glad to sponsor this package.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgp5h06ShiGBY.pgp
Description: PGP signature

Bug#582024: #582024 inguma: scapext.py doesn't work with Python2.6

[Luca Bruno]

Hi,
attached a patch for this. If Pierre doesn't step up in the meantime,
I'll do a deferred NMU in a couple of days.

No high priority, as the internal copy of scapy shouldn't be currently
in use.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


04_python26_with_keyword
Description: Binary data


pgpnRdl3o1JLq.pgp
Description: PGP signature

Bug#572254: anjuta-extras: To few copyright information in debian/copyright file

[Luca Bruno]

forwarded 572254 http://bugzilla.gnome.org/show_bug.cgi?id=610738
thanks

Hi,
this is being blocked by upstream not shipping with the license of the
scintilla plugin: http://bugzilla.gnome.org/show_bug.cgi?id=610738.

Thanks for your report.

-- 
http://www.debian.org - The Universal Operating System


signature.asc
Description: Digital signature

Bug#559427: libglib2.0-0: GTK open dialog crash if folder contain bash script file

[Luca Bruno]

tag 559427 unreproducible
thanks

Are you able to reproduce it if you put badmime.cache under
~/.local/share/mime/mime.cache? I'm not able to reproduce it with glib
2.22.3-2.

-- 
http://www.debian.org - The Universal Operating System


signature.asc
Description: Digital signature

Bug#558384: uzbl: requires existence of files in /usr/share/doc/uzbl

[Luca Bruno]

ilf scrisse:

 On Thu, 03 Dec 2009 11:23:19 +, Luca Bruno lu...@debian.org
 wrote:
  We believe that the bug you reported is fixed in the latest version
  of uzbl, which is due to be installed in the Debian FTP archive:
 
 Unfortunately now /usr/share/doc/uzbl/examples is an empty directory
 instead of a Symlink to /usr/share/uzbl/examples/.

Somehow the preinst section for this was left out of the package
(perhaps a a wrong rebase or a forgotten commit in git). I'm really
sorry, as I didn't notice it (only happens on upgrade)... will be fixed
soon.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpu0jQo5JMnr.pgp
Description: PGP signature

Bug#558384: uzbl: requires existence of files in /usr/share/doc/uzbl

[Luca Bruno]

tag 558384 + confirmed
tag 558384 + pending
thanks

Justin B Rye scrisse:

 Package: uzbl
 Version: 0.0.0~git.20091107-1
 Justification: Policy 12.3
 Severity: serious
 
 When starting up for the first time, uzbl attempts to copy files
 from /usr/share/doc/uzbl to $XDG_CONFIG_HOME, and fails if it can't:
 
  $ sudo mv /usr/share/doc/uzbl /usr/share/doc/unuzbl
  $ uzbl || echo $?
  cp: cannot stat `/usr/share/doc/uzbl/examples/config/uzbl/config':
 No such file or directory Could not copy default config
 to /home/jbr/etc/uzbl/config 3
 
 This violates a must in Debian Policy 12.3 (paragraph 4):

That's true, and even if it's quite a corner case, we regret for it.
I'll go for now with /usr/share/uzbl/examples and a symlink for doc,
while we're already discussing with upstream for a better file location.

I've been told that a new tag of master branch is due soon, so I'm
temporarily deferring this RC-fix along with a new upstream release.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpxOAiztz99B.pgp
Description: PGP signature

Bug#503205: twitux: Will not connect to twitter.

[Luca Bruno]

I can't connect too. Network manager is active, and connected through wire.
Twitux hangs on connect. So even nm works, twitux can't connect.

-- 
http://www.debian.org - The Universal Operating System


signature.asc
Description: Digital signature

Bug#539433: btrfs-tools: FTBFS on alpha and ia64, printk cast warning

[Luca Bruno]

Package:  btrfs-tools
Version:  0.19-2
Severity: serious
Tags: patch

Some warnings of the form:
format '%llu' expects type 'long long unsigned int' but argument has
type 'u64'
in conjunction with -Werror are causing build failures on ia64 and
alpha. Patch attached to properly cast them, avoiding compiler
warnings.
This is becoming boring to fix at each release :)

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
Index: btrfs-tools-0.19/disk-io.c
===
--- btrfs-tools-0.19.orig/disk-io.c	2009-07-31 13:14:50.0 -0600
+++ btrfs-tools-0.19/disk-io.c	2009-07-31 13:14:51.0 -0600
@@ -678,7 +678,8 @@
 		   ~BTRFS_FEATURE_INCOMPAT_SUPP;
 	if (features) {
 		printk(couldn't open because of unsupported 
-		   option features (%Lx).\n, features);
+		   option features (%Lx).\n, 
+			(unsigned long long)features);
 		BUG_ON(1);
 	}
 
@@ -692,7 +693,8 @@
 		~BTRFS_FEATURE_COMPAT_RO_SUPP;
 	if (writes  features) {
 		printk(couldn't open RDWR because of unsupported 
-		   option features (%Lx).\n, features);
+		   option features (%Lx).\n, 
+			(unsigned long long) features);
 		BUG_ON(1);
 	}
 
Index: btrfs-tools-0.19/extent-tree.c
===
--- btrfs-tools-0.19.orig/extent-tree.c	2009-07-31 13:14:50.0 -0600
+++ btrfs-tools-0.19/extent-tree.c	2009-07-31 13:14:51.0 -0600
@@ -1448,7 +1448,8 @@
 		goto out;
 	if (ret != 0) {
 		btrfs_print_leaf(root, path-nodes[0]);
-		printk(failed to find block number %Lu\n, bytenr);
+		printk(failed to find block number %Lu\n, 
+		(unsigned long long) bytenr);
 		BUG();
 	}
 
Index: btrfs-tools-0.19/print-tree.c
===
--- btrfs-tools-0.19.orig/print-tree.c	2009-07-31 13:14:50.0 -0600
+++ btrfs-tools-0.19/print-tree.c	2009-07-31 13:14:51.0 -0600
@@ -494,7 +494,7 @@
 		case BTRFS_DIR_LOG_ITEM_KEY:
 			dlog = btrfs_item_ptr(l, i, struct btrfs_dir_log_item);
 			printf(\t\tdir log end %Lu\n,
-			   btrfs_dir_log_end(l, dlog));
+			   (unsigned long long) btrfs_dir_log_end(l, dlog));
 		   break;
 		case BTRFS_ORPHAN_ITEM_KEY:
 			printf(\t\torphan item\n);
Index: btrfs-tools-0.19/convert.c
===
--- btrfs-tools-0.19.orig/convert.c	2009-07-31 13:15:38.0 -0600
+++ btrfs-tools-0.19/convert.c	2009-07-31 13:15:48.0 -0600
@@ -2579,7 +2579,7 @@
 	ext2_root = btrfs_read_fs_root(root-fs_info, key);
 	if (!ext2_root || IS_ERR(ext2_root)) {
 		fprintf(stderr, unable to open subvol %llu\n,
-			key.objectid);
+			(unsigned long long) key.objectid);
 		goto fail;
 	}
 


pgp4qEpiAKcXO.pgp
Description: PGP signature

Bug#531898: mutt: Escaping commands doesn't work

[Luca Bruno]

Package: mutt
Version: 1.5.19-4
Severity: grave
Justification: renders package unusable

Hello,
the new version of mutt makes escaping of commands impossible. For every 
erroneous command
I always used to Control+C and say No to the question. Currently hitting 
Control+C makes
mutt completely unusable.


-- Package-specific info:
Mutt 1.5.19 (2009-01-05)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 2.6.29-2-amd64 (x86_64)
ncurses: ncurses 5.7.20090523 (compiled with 5.7)
libidn: 1.14 (compiled with 1.14)
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Aug 27 2008 08:41:43)
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  +USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  
-USE_SSL_OPENSSL  +USE_SSL_GNUTLS  +USE_SASL  +USE_GSS  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  +CRYPT_BACKEND_GPGME  
-EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +COMPRESSED  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET 
 +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
-ISPELL
SENDMAIL=/usr/sbin/sendmail
MAILPATH=/var/mail
PKGDATADIR=/usr/share/mutt
SYSCONFDIR=/etc
EXECSHELL=/bin/sh
MIXMASTER=mixmaster
To contact the developers, please mail to mutt-...@mutt.org.
To report a bug, please visit http://bugs.mutt.org/.

patch-1.5.13.cd.ifdef.2
patch-1.5.18.rr.compressed.1

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mutt depends on:
ii  libc62.9-13  GNU C Library: Shared libraries
ii  libcomerr2   1.41.6-1common error description library
ii  libgdbm3 1.8.3-4 GNU dbm database routines (runtime
ii  libgnutls26  2.6.6-1 the GNU TLS library - runtime libr
ii  libgpg-error01.6-1   library for common error values an
ii  libgpgme11   1.1.8-2 GPGME - GnuPG Made Easy
ii  libgssapi-krb5-2 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k
ii  libidn11 1.14-3  GNU Libidn library, implementation
ii  libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C
ii  libkrb5-31.7dfsg~beta3-1 MIT Kerberos runtime libraries
ii  libncursesw5 5.7+20090523-1  shared libraries for terminal hand
ii  libsasl2-2   2.1.23.dfsg1-1  Cyrus SASL - authentication abstra

Versions of packages mutt recommends:
ii  esmtp-run [mail-transport 0.6.0-1User configurable relay-only MTA
ii  libsasl2-modules  2.1.23.dfsg1-1 Cyrus SASL - pluggable authenticat
ii  locales   2.9-13 GNU C Library: National Language (
ii  mime-support  3.44-1 MIME files 'mime.types'  'mailcap

Versions of packages mutt suggests:
ii  aspell  0.60.6-1 GNU Aspell spell-checker
ii  ca-certificates 20081127 Common CA certificates
ii  gnupg   1.4.9-4  GNU privacy guard - a free PGP rep
ii  ispell  3.1.20.0-4.5 International Ispell (an interacti
pn  mixmaster   none   (no description available)
ii  openssl 0.9.8k-1 Secure Socket Layer (SSL) binary a
ii  urlview 0.9-18   Extracts URLs from text

Versions of packages mutt is related to:
ii  mutt  1.5.19-4   text-based mailreader supporting M
pn  mutt-dbg  none (no description available)
pn  mutt-patched  none (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#524975: Source package contains non-free IETF RFC/I-D

[Luca Bruno]

Simon Josefsson scrisse:

 Hi!  This old bug is back again:
 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393373
 
 I guess you'll have to remove these files:
 
   gtk-gnutella-0.96.6/doc/gnutella/draft-nielsen-dime-02.txt
   gtk-gnutella-0.96.6/doc/other/rfc3548.txt
 
 In the old report, it said that upstream had fixed this, so that the
 rfc's wouldn't be shipped in future *.tar.gz's.  Maybe that didn't
 work?

Pardon, it looks like one of upstreams inadvertently re-added them
thinking of a mistake. I didn't take care enough to check it again, as
I thought it was definitively gone.

Anyway, Christian already spotted your report and fixed it:
http://gtk-gnutella.svn.sourceforge.net/viewvc/gtk-gnutella?view=revrevision=16557

Thanks both for the work, I'll proceed with a new upload now...

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpRUOnjMGCwG.pgp
Description: PGP signature

Bug#519913: btrfs-tools: FTBFS on alpha and ia64, printk cast warning

[Luca Bruno]

Package:  btrfs-tools
Version:  0.18-1
Severity: serious
Tags: patch

Some warnings of the form:
format '%llu' expects type 'long long unsigned int' but argument has
type 'u64'
in conjunction with -Werror are causing build failures on ia64 and
alpha. Patch attached to properly cast them, avoiding compiler
warnings.
This issue should be the last one stopping the migration to
testing...

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
commit f1147b7796a2127d426ba976ebd319831d4cdea9
Author: Luca Bruno lu...@debian.org
Date:   Sun Mar 15 18:26:35 2009 +0100

btrfs-progs: Fix printf format casting errors

There are still some warnings of the form:

format '%llu' expects type 'long long unsigned int' but argument has type 'u64'

In conjunction with -Werror, this is causing some build failures.
Now they're properly casted, avoiding compiler warnings.

Signed-off-by: Luca Bruno lu...@debian.org

diff --git a/btrfsck.c b/btrfsck.c
index 5834ca3..dd546c8 100644
--- a/btrfsck.c
+++ b/btrfsck.c
@@ -1134,12 +1134,14 @@ static int check_inode_recs(struct btrfs_root *root,
 		ret = check_root_dir(rec);
 		if (ret) {
 			fprintf(stderr, root %llu root dir %llu error\n,
-root-root_key.objectid, root_dirid);
+(unsigned long long) root-root_key.objectid, 
+(unsigned long long) root_dirid);
 			error++;
 		}
 	} else {
 		fprintf(stderr, root %llu root dir %llu not found\n,
-			root-root_key.objectid, root_dirid);
+			(unsigned long long) root-root_key.objectid, 
+			(unsigned long long) root_dirid);
 	}
 
 	while (1) {
@@ -1160,7 +1162,8 @@ static int check_inode_recs(struct btrfs_root *root,
 		if (!rec-found_inode_item)
 			rec-errors |= I_ERR_NO_INODE_ITEM;
 		fprintf(stderr, root %llu inode %llu errors %x\n,
-			root-root_key.objectid, rec-ino, rec-errors);
+			(unsigned long long) root-root_key.objectid, 
+			(unsigned long long) rec-ino, rec-errors);
 		list_for_each_entry(backref, rec-backrefs, list) {
 			if (!backref-found_dir_item)
 backref-errors |= REF_ERR_NO_DIR_ITEM;
@@ -1170,7 +1173,8 @@ static int check_inode_recs(struct btrfs_root *root,
 backref-errors |= REF_ERR_NO_INODE_REF;
 			fprintf(stderr, \tunresolved ref dir %llu index %llu
  namelen %u name %s filetype %d error %x\n,
-backref-dir, backref-index,
+(unsigned long long) backref-dir, 
+(unsigned long long) backref-index,
 backref-namelen, backref-name,
 backref-filetype, backref-errors);
 		}
diff --git a/extent-tree.c b/extent-tree.c
index cc8d1d7..94ddb0c 100644
--- a/extent-tree.c
+++ b/extent-tree.c
@@ -823,7 +823,7 @@ int btrfs_lookup_extent_ref(struct btrfs_trans_handle *trans,
 		goto out;
 	if (ret != 0) {
 		btrfs_print_leaf(root, path-nodes[0]);
-		printk(failed to find block number %Lu\n, bytenr);
+		printk(failed to find block number %Lu\n, (unsigned long long) bytenr);
 		BUG();
 	}
 	l = path-nodes[0];
diff --git a/mkfs.c b/mkfs.c
index af7d12c..1533754 100644
--- a/mkfs.c
+++ b/mkfs.c
@@ -388,7 +388,7 @@ int main(int ac, char **av)
 	fprintf(stderr, File system size 
 		%llu bytes is too small, 
 		256M is required at least\n,
-		block_count);
+		(unsigned long long) block_count);
 	exit(1);
 }
 zero_end = 0;
diff --git a/print-tree.c b/print-tree.c
index 52ef7c7..8ff763f 100644
--- a/print-tree.c
+++ b/print-tree.c
@@ -70,7 +70,7 @@ static int print_inode_ref_item(struct extent_buffer *eb, struct btrfs_item *ite
 		len = (name_len = sizeof(namebuf))? name_len: sizeof(namebuf);
 		read_extent_buffer(eb, namebuf, (unsigned long)(ref + 1), len);
 		printf(\t\tinode ref index %llu namelen %u name: %.*s\n,
-		   index, name_len, len, namebuf);
+		   (unsigned long long) index, name_len, len, namebuf);
 		len = sizeof(*ref) + name_len;
 		ref = (struct btrfs_inode_ref *)((char *)ref + len);
 		cur += len;


pgp9cow4IiDKJ.pgp
Description: PGP signature

Bug#511779: freespeak: Installation error in 0.3 (0.2 worked fine)

[Luca Bruno]

tag 511779 pending
thanks

On Wed, Jan 14, 2009 at 01:46:43PM +0100, Richard Scherping wrote:
 Compiling /usr/lib/python2.4/site-packages/freespeak/translation.py ...
   File /usr/lib/python2.4/site-packages/freespeak/translation.py, line 117
 yield
  ^
 SyntaxError: invalid syntax
 
 pycentral: pycentral pkginstall: error byte-compiling files (29)
 pycentral pkginstall: error byte-compiling files (29)

The yield syntax without any argument is not supported in Python 2.4. Next
debian release will bump the dependency to 2.5.
Thanks for your report.

-- 
http://syx.googlecode.com - Smalltalk YX
http://lethalman.blogspot.com - Thoughts about computer technologies
http://www.debian.org - The Universal Operating System


signature.asc
Description: Digital signature

Bug#500418: istanbul Please also re-enable hppa

[Luca Bruno]

Thiemo Seufer scrisse:

 I can do a NMU if they are short on time. (And iff the bugs remains
 flagged as RC, as Developer's Reference 5.10.2.2 recommends.)

Sorry for not replying early on this. My intention was to wait after
lenny to fix both #500418 and 485301 at once.

While the architecture drop was just a (ugly) workaround of mine to fix
the symptoms of a toolchain bigger problem, I don't feel like an urgent
upload at this point of lenny release cycle would be justified by
the sole need of istanbul on mips* and hppa (ie. not stricly desktop
oriented arch) given the stability of the current version in lenny.

Please note that I'm not throwing mud at not-so-widespread arches (and
I'm with you supporting all of them) and that I'll restore them for
squeeze asap fixing the acknowledged regression; that said I wouldn't
classify this bug as RC.

I'm anyway just a man with my partial opinions, so if the release team
really sees this as an issue needing an immediate fix, I won't object to
the choice (and if Thiemo is already there I won't be against a quick
NMU targeting only #500418, as I'll probably be busy in the next few
days).

Otherwise, if nobody speak up before 24h, I'll downgrade severity.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpNd3D9UVz7z.pgp
Description: PGP signature

Bug#497789: security bug on iceweasel

[Luca Bruno]

Firstly, a rough translation of the previous mail for non-Italian
readers: 
She doesn't like the fact that the report was closed as
not-a-bug, stating that there are enough elements to prove it.
The first point here is that she says that new fake windows/frames
hijacked the workspace, interpreting that as a window spoofing attack
[1]. She adds that it isn't related to single rogue site, but it
happens on all sites with frames (citing gmail, yahoo, and various
other webmail).
The second issue she reports (maybe related) is that the flash
call fscommand() could be not safe, letting a malicious app the ability
to invoke program on the target host (in the first mail she report part
of the log of a network sniffer, during a SMB domain enum).
She suggest to fix the bug and implement an ip-based filter to avoid
the attack (here descibed as a mix of Man-in-the-middle and
tcp-connection injecting by a third party host).

Then my comments:
Firstly, the SMB enum is completely unrelated to this report, and I
think the reporter just mixed what is an internal SMB traffic with
which is usually called resource enumeration on an attacked host.
Then, the part regarding the ip-source check could be ignored, as she's
probably missing some fundamentals on the protocol (ie. here there
isn't any injection at tcp-level).

Coming back to browser issue, this is clearly a mixture of flash/swfdec
behavior and iceweasel own rendering. Judging from the screenshot, she's
using swfdec; looking at the source, both swfdec and gnash doesn't
fully support fscommand(), but only a minor and safe subset (ie. quit
and such). So actually this shouldn't pose a security problem (it
could be relevant with the proprietary plugin, though I can't really
say if fscommand() works without limits on linux, and what we could do
for that). Secondly, I won't say she's experiencing a window spoofing
attack. The only thing I can desume from the screenshot is a probably
strange rendering and disposition of some iframed sites, which could
be due to the embedded flash object, plus two unnamed windows which
should be something external (swf object players or such). I really
doubt that an intelligent user could be tricked this way by a
specifically crafted website (or, anyway, we can't do much more to
technically fix a human problem).

Many details of the report are anyway obscure, so I had to add some own
assumptions and interpretations to reach those conclusion. More details
and specific info are welcome, if I've missed some points.

I would agree with Cristoph closing this report as it isn't a bug in
iceweasel, nor in any free flash player.

In the end, I would agree with Luca, as I've already meet her on many
mailing (eg. debian-italian, cc-italian, debian-user both under her
real name and the nickname heba) and she has already proven to a be a
mixture of uncollaborative troll and an egocentric security paranoid
person, who is laking deep knowledge on certain fields and tends to
correlate unlinked events to describe them all as a security attack
in place (I could link previous threads here, but this isn't the main
point of the bug report). Her second mail in italian was almost confuse
as the first english one, plus adding some sarcastic comments that I
personally didn't like (but I won't really engage an harsh discussion
here).

Nonetheless, I tried to be objective and inspected the issue
from a neutral POV. Eric, please read all the above comments and decide
by yourself.

Cheers, Luca

[1] http://www.mikx.de/firespoofing/

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpjuuc98jm0Z.pgp
Description: PGP signature

Bug#503612: /usr/bin/pulseaudio: pulseaudio fails to work

[Luca Bruno]

 Package: pulseaudio
 Version: 0.9.10-3
 
 I have installed the version of Pulseaudio in experimental and, now,
 have no audio.

experimental has 0.9.13, while your report here claims 0.9.10. What's
the real version in use? If it really just affects 0.9.13, please
change the version-found accordingly.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpOq4ufZ5bbh.pgp
Description: PGP signature

Bug#497789: security bug on iceweasel

[Luca Bruno]

Ciao,
sembra esserci stata qualche incomprensione riguardo la segnalazione
iniziale, per cui non riesco a capire dalla tua prima mail in
inglese i dettagli del problema (e come me anche Christoph).

Ti chiederei quindi di esporre più dettagliatamente in italiano il
problema che hai riscontrato, così che mi/ci sia più facile capire di
cosa si tratta. In particolare sotto quali condizioni hai riscontrato
il problema e in cosa consiste l'attacco alla sicurezza. Le schermate
che hai allegato possono essere interpretate in diverse maniere, quindi
mi piacerebbe anche avere un commento sul dettaglio fondamentale che
ciascuna cerca di evidenziare.
Inoltre non ho colto il passaggio tra il problema del plugin flash e
quel che tu descrivi come sniffing e spoofing; ti spiacerebbe
illustrarmelo meglio?

Grazie, Luca

(Basically asking for a more complete report in Italian, hoping that's
easier to understand)

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpgrRWAiY8fg.pgp
Description: PGP signature

Bug#503330: Multiple Vulnerabilities (xss, insecure file handling and code execution)

[Luca Bruno]

Package: websvn
Version: 1.61-20
Severity: critical
Tags: security

A full disclosure bulletin has been posted today, reporting various 
security vulnerabilities in websvn.
The remote code execution should only affect etch version, while at a 
first glance the others are also still open in lenny/sid.
Check the complete bulletin at:
http://www.gulftech.org/?node=researcharticle_id=00132-10202008
http://www.milw0rm.com/exploits/6822

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpIHBexEXyFu.pgp
Description: PGP signature

Bug#500468: No editor in anjuta

[Luca Bruno]

In particular, anjuta now fails to find gtksourceview or scintilla
plugin to edit files (you could see that it no more asks for a choice
among them). It was still working in 2:2.4.2-1

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgphxDa7PwPlE.pgp
Description: PGP signature

Bug#500468: Rebuilt and working

[Luca Bruno]

Just as a note, I've rebuilt it in a clean i386 sid chroot and now it
works.
As the autobuilders for other arch are still waiting for some
build-deps, I can't check those build log.

Rob, can you please check your build environment?

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpuki8YXMOc8.pgp
Description: PGP signature

Bug#487623: inkscape rc

[Luca Bruno]

tags 487623 + patch
tags 487623 + fixed-upstream
thanks

[EMAIL PROTECTED] scrisse:

 OK, please notify me via Debian's BTS if you have an update on that.
 If I have problem in backporting it, I'll ask for help.

Well, I've got no reply from Gail, so this patch will probably remain
as is for some time. If you haven't yet backported the patch, you can
find it attached here.

 Thanks,
 Wolfi
 
Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
Index: src/libnrtype/FontFactory.cpp
===
--- src/libnrtype/FontFactory.cpp	(revisione 19753)
+++ src/libnrtype/FontFactory.cpp	(copia locale)
@@ -821,7 +821,8 @@
 res-Ref();
 AddInCache(res);
 }
-res-InitTheFace();
+if(res)
+	res-InitTheFace();
 return res;
 }
 
Index: src/libnrtype/Layout-TNG-Output.cpp
===
--- src/libnrtype/Layout-TNG-Output.cpp	(revisione 19753)
+++ src/libnrtype/Layout-TNG-Output.cpp	(copia locale)
@@ -116,22 +116,24 @@
 _getGlyphTransformMatrix(glyph_index, glyph_matrix);
 NR::Matrix total_transform = glyph_matrix;
 total_transform *= transform;
-NR::MaybeNR::Rect glyph_rect = _glyphs[glyph_index].span(this).font-BBox(_glyphs[glyph_index].glyph);
-if (glyph_rect) {
-NR::Point bmi = glyph_rect-min(), bma = glyph_rect-max();
-NR::Point tlp(bmi[0],bmi[1]), trp(bma[0],bmi[1]), blp(bmi[0],bma[1]), brp(bma[0],bma[1]);
-tlp *= total_transform;
-trp *= total_transform;
-blp *= total_transform;
-brp *= total_transform;
-*glyph_rect = NR::Rect(tlp,trp);
-glyph_rect-expandTo(blp);
-glyph_rect-expandTo(brp);
-if ( (glyph_rect-min())[0]  bounding_box-x0 ) bounding_box-x0=(glyph_rect-min())[0];
-if ( (glyph_rect-max())[0]  bounding_box-x1 ) bounding_box-x1=(glyph_rect-max())[0];
-if ( (glyph_rect-min())[1]  bounding_box-y0 ) bounding_box-y0=(glyph_rect-min())[1];
-if ( (glyph_rect-max())[1]  bounding_box-y1 ) bounding_box-y1=(glyph_rect-max())[1];
-}
+if(_glyphs[glyph_index].span(this).font) {
+	NR::MaybeNR::Rect glyph_rect = _glyphs[glyph_index].span(this).font-BBox(_glyphs[glyph_index].glyph);
+if (glyph_rect) {
+	NR::Point bmi = glyph_rect-min(), bma = glyph_rect-max();
+	NR::Point tlp(bmi[0],bmi[1]), trp(bma[0],bmi[1]), blp(bmi[0],bma[1]), brp(bma[0],bma[1]);
+tlp *= total_transform;
+trp *= total_transform;
+blp *= total_transform;
+brp *= total_transform;
+*glyph_rect = NR::Rect(tlp,trp);
+glyph_rect-expandTo(blp);
+glyph_rect-expandTo(brp);
+if ( (glyph_rect-min())[0]  bounding_box-x0 ) bounding_box-x0=(glyph_rect-min())[0];
+if ( (glyph_rect-max())[0]  bounding_box-x1 ) bounding_box-x1=(glyph_rect-max())[0];
+if ( (glyph_rect-min())[1]  bounding_box-y0 ) bounding_box-y0=(glyph_rect-min())[1];
+if ( (glyph_rect-max())[1]  bounding_box-y1 ) bounding_box-y1=(glyph_rect-max())[1];
+}
+	}
 }
 }
 
Index: src/libnrtype/Layout-TNG-Compute.cpp
===
--- src/libnrtype/Layout-TNG-Compute.cpp	(revisione 19753)
+++ src/libnrtype/Layout-TNG-Compute.cpp	(copia locale)
@@ -478,9 +478,9 @@
 new_span.in_input_stream_item = unbroken_span.input_index;
 new_span.baseline_shift = _y_offset;
 new_span.block_progression = _block_progression;
-if (_flow._input_stream[unbroken_span.input_index]-Type() == TEXT_SOURCE) {
-new_span.font = para.pango_items[unbroken_span.pango_item_index].font;
-new_span.font-Ref();
+if ((_flow._input_stream[unbroken_span.input_index]-Type() == TEXT_SOURCE)  (new_span.font = para.pango_items[unbroken_span.pango_item_index].font))
+{
+		new_span.font-Ref();
 new_span.font_size = unbroken_span.font_size;
 new_span.direction = para.pango_items[unbroken_span.pango_item_index].item-analysis.level  1 ? RIGHT_TO_LEFT : LEFT_TO_RIGHT;
 new_span.input_stream_first_character = Glib::ustring::const_iterator(unbroken_span.input_stream_first_character.base() + it_span-start.char_byte);
@@ -565,7 +565,7 @@
 new_glyph.x = x + unbroken_span.glyph_string-glyphs[glyph_index].geometry.x_offset * font_size_multiplier;
 new_glyph.y = _y_offset + unbroken_span.glyph_string-glyphs

Bug#496558: nautilus: Fails to browser - confirmed

[Luca Bruno]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I've an amd64 but I haven't found this problem, same version of nautilus.
I haven't tried with a fresh user.
My $LANG is en_US.UTF-8 if this can help.

- -- 
http://syx.googlecode.com - Smalltalk YX
http://lethalman.blogspot.com - Thoughts about computer technologies
http://www.ammazzatecitutti.org - Ammazzateci tutti
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki2d+kACgkQw9Qj+8Kak3HuEQCfRgQWQUIJ6HIFV07zmWqZhBc/
rvoAnRUjw9gOXy8Cc3V+14QCq7/EvQhs
=HAyc
-END PGP SIGNATURE-

Bug#487623: inkscape rc

[Luca Bruno]

forwarded 487623 https://bugs.launchpad.net/inkscape/+bug/261475
thanks

This is probably the same bug as http://bugs.debian.org/349515 ;
that part of code has been reworked in the meantime but it looks like
the same issue.

zh_CN triggers the crash every time as open dialog translation contains
an evil char, but this can be reproduced in other locales too.

I'm working on a patch to prevent the crash, even I haven't yet
discovered the cause of the failure while retrieving the typeface.

Please follow this up on upstream bugtracker.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpQwDBoVTXZ4.pgp
Description: PGP signature

Bug#487623: #487623 confirmed and backtraced

[Luca Bruno]

tags 487623 + confirmed
thanks

Bug reproducible even on recent svn (0.46+devel, actually svn r19753).
I think the bug hasn't changed since 0.46, so I'm providing backtrace
from svn version.
Below a clean backtrace, attached a full backtrace.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6203700 (LWP 4030)]
font_instance::InitTheFace (this=0x0) at libnrtype/FontInstance.cpp:349
349 theFace=pango_ft2_font_get_face(pFont);
(gdb) bt
#0  font_instance::InitTheFace (this=0x0) at libnrtype/FontInstance.cpp:349
#1  0x083e9ed0 in font_factory::Face (this=0xa0370b0, descr=0xc3ca100, 
canFail=false) at libnrtype/FontFactory.cpp:824
#2  0x083ea132 in font_factory::Face (this=0xa0370b0, descr=0xc3ca100, 
canFail=true) at libnrtype/FontFactory.cpp:801
#3  0x083f806b in 
Inkscape::Text::Layout::Calculator::_buildPangoItemizationForPara 
(this=0xbf88affc, para=0xbf88af44)
at libnrtype/Layout-TNG-Compute.cpp:879
#4  0x083f990a in Inkscape::Text::Layout::Calculator::calculate 
(this=0xbf88affc) at libnrtype/Layout-TNG-Compute.cpp:1377
#5  0x083f9f2d in Inkscape::Text::Layout::calculateFlow (this=0xb1bd2d8) at 
libnrtype/Layout-TNG-Compute.cpp:1515
#6  0x080f5657 in SPText::rebuildLayout (this=0xb1bd1b8) at sp-text.cpp:573
#7  0x080f5936 in sp_text_update (object=0xb1bd1b8, ctx=0xbf88b1a8, 
flags=value optimized out) at sp-text.cpp:248
#8  0x080d8856 in SPObject::updateDisplay (this=0xb1bd1b8, ctx=0xbf88b1a8, 
flags=127) at sp-object.cpp:1298
#9  0x080c79df in CGroup::onUpdate (this=0xc414800, ctx=0xbf88b2e8, flags=92) 
at sp-item-group.cpp:668
#10 0x080d8856 in SPObject::updateDisplay (this=0xb1a0da0, ctx=0xbf88b2e8, 
flags=95) at sp-object.cpp:1298
#11 0x080c79df in CGroup::onUpdate (this=0xc414da8, ctx=0xbf88b42c, flags=28) 
at sp-item-group.cpp:668
#12 0x080e8ce1 in sp_root_update (object=0x9ac4410, ctx=0xbf88b648, flags=27) 
at sp-root.cpp:553
#13 0x080d8856 in SPObject::updateDisplay (this=0x9ac4410, ctx=0xbf88b648, 
flags=27) at sp-object.cpp:1298
#14 0x0808c038 in SPDocument::_updateDocument (this=0x965bea0) at 
document.cpp:826
#15 0x0808c132 in sp_document_idle_handler (data=0x965bea0) at document.cpp:872
#16 0xb73b9381 in ?? () from /usr/lib/libglib-2.0.so.0
#17 0x0965bea0 in ?? ()
#18 0x0c410bf0 in ?? ()
#19 0xbf88b718 in ?? ()
#20 0xb74364a8 in ?? () from /usr/lib/libglib-2.0.so.0
#21 0xb686a3f0 in ?? () from /lib/i686/cmov/libpthread.so.0
#22 0xb74364a8 in ?? () from /usr/lib/libglib-2.0.so.0
#23 0xbf88b768 in ?? ()
#24 0xb73bb2e1 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
Backtrace stopped: frame did not save the PC

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type show copying
and show warranty for details.
This GDB was configured as i486-linux-gnu...
(gdb) run
Starting program: /usr/local/bin/inkscape 
[Thread debugging using libthread_db enabled]
[New Thread 0xb6204700 (LWP 4001)]
[New Thread 0xb5455b90 (LWP 4014)]
[New Thread 0xb4c54b90 (LWP 4015)]
[Thread 0xb5455b90 (LWP 4014) exited]
[Thread 0xb4c54b90 (LWP 4015) exited]
[New Thread 0xb4c54b90 (LWP 4016)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6204700 (LWP 4001)]
font_instance::InitTheFace (this=0x0) at libnrtype/FontInstance.cpp:349
349 theFace=pango_ft2_font_get_face(pFont);
(gdb) bt full
#0  font_instance::InitTheFace (this=0x0) at libnrtype/FontInstance.cpp:349
No locals.
#1  0x083e9ed0 in font_factory::Face (this=0x9a860b0, descr=0xbe518c0, 
canFail=false) at libnrtype/FontFactory.cpp:824
res = (class font_instance *) 0x0
#2  0x083ea132 in font_factory::Face (this=0x9a860b0, descr=0xbe518c0, 
canFail=true) at libnrtype/FontFactory.cpp:801
tc = value optimized out
nFace = value optimized out
res = (class font_instance *) 0xbe5c208
#3  0x083f806b in 
Inkscape::Text::Layout::Calculator::_buildPangoItemizationForPara 
(this=0xbfb8aafc, para=0xbfb8aa44)
at libnrtype/Layout-TNG-Compute.cpp:879
new_item = {item = 0xbe41a28, font = 0x0}
font_description = (PangoFontDescription *) 0xbe518c0
current_pango_item = (GList *) 0xbdf9bd0
para_text = {static npos = 4294967295, string_ = {static npos = 
4294967295, 
_M_dataplus = {std::allocatorchar = {__gnu_cxx::new_allocatorchar = 
{No data fields}, No data fields}, 
  _M_p = 0xb9f8bc4 æ\227 é¢\204è§\210}}}
attributes_list = (PangoAttrList *) 0xbdf9830
input_index = value optimized out
pango_items_glist = (GList *) 0xbdf9bd0
#4  0x083f990a in Inkscape::Text

Bug#491621:

[Luca Bruno]

Rince scrisse:

 I'll submit the 0.7.0 version of the package for inspection shortly.

Any news on this? I've seen no change in our repo recently.
I you don't proceed and object, I'll take care of this in a few days...

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpzIoACbL1lF.pgp
Description: PGP signature

Bug#493961: menu: Debian menu not visible on fresh installs

[Luca Bruno]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yes GNOME menu doesn't visualize it.
Though modifying the main menu, you can see the Debian category, very strange.

- -- 
http://syx.googlecode.com - Smalltalk YX
http://lethalman.blogspot.com - Thoughts about computer technologies
http://www.ammazzatecitutti.org - Ammazzateci tutti
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiaLI0ACgkQw9Qj+8Kak3GVUgCcCzrELwrAGC5H4CvaYVLKl1N9
bBQAn0iWyCBvZ0h7b+2SORFAliqoAHov
=1/4s
-END PGP SIGNATURE-

Bug#476105: did you try to activate record 3d?

[Luca Bruno]

severity 476105 normal
thanks

After a couple of test with a friend and a similar video card, I think
that enabling the Record 3D option before recording could fix the
issue.

Can you please try it? Moreover, what wm are you using?

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpBjTd41JBDz.pgp
Description: PGP signature

Bug#477264: python-awn-extras rebuild

[Luca Bruno]

That's probably because it landed in NEW _before_ the python transition
and remained there until now.
I think Julien will fix #477181 soon, so a rebuild will close this one
too.

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpbLgd48h2cx.pgp
Description: PGP signature

Bug#476722: Files produced by istanbul are broken

[Luca Bruno]

tags 476722 + confirmed
severity 476722 important
retitle 476722 istanbul doesn't work well with multiple screens
thanks

Alban Crequy scrisse:

 Since I dist-upgraded today, files produced by Istanbul are broken and
 are mostly unreadable.

After some investigations, this bug turned out to be due to having
multiple screens one above the other.
Waiting for a proper fix, the workaround for this is to temporarily
switch off the secondary screen with xrandr (eg. `xrandr --output VGA
--off`).

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpPcyr5Leo59.pgp
Description: PGP signature

Bug#476105: istanbul: Recorded movies not usable--static areas of the screen are totally black

[Luca Bruno]

tags 476105 unreproducible
thanks

Sam Morris scrisse:

 See the attached movie... it seems that bits of the screen where
 nothing moves keep going black. In addition, several copies of the
 mouse cursor are left behind throughout the movie.

I can't reproduce it here, but I think I have a completely different
setup. Can you please check if this is related to #476722 (ie. you have
more than one screen attached, try to switch the secondary off via
xrandr).

Also, IIRC I've seen something similar happening some time ago when
using compiz. If you have it (or something similar, like beryl)
running, can you please switching it off and using a simpler wm?

Moreover, I see you're trying to record a fixed area of the screen. Does
the corruption happen independently of any width and height?
Can you please try to record a full-screen long-enough session, and see
if it fine?

Finally, please try to combine previous hints, and report if anything
changes.

This is probably related to a particular configuration, but before
downgrading I'd like to inspect it more deeply.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpp9dB6Yv4ZM.pgp
Description: PGP signature

Bug#463470: No more FTBFS

[Luca Bruno]

This builds fine in my current (sid) pbuilder.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno
: :'  :   The Universal O.S.| lucab (AT) debian.org
`. `'`  | GPG Key ID: 3BFB9FB3
  `- http://www.debian.org  | Debian GNU/Linux Developer


pgpshiIeEBKOJ.pgp
Description: PGP signature