Re: Bug#781228: freexl: Multiple vulnerabilitities
On Thu, Mar 26, 2015 at 08:35:37PM +0100, Sebastiaan Couwenberg wrote: Hi Moritz, On 03/26/2015 02:23 PM, Moritz Mühlenhoff wrote: On Thu, Mar 26, 2015 at 11:08:52AM +0100, Sebastiaan Couwenberg wrote: This is fixed in experimental, but since we're in freeze, testing should rather be fixed with a targeted upload to sid plus unblock. (A patch set and reproducers are linked from the oss-security posting). I have an update ready for unstable jessie, I'll also prepare an update for wheezy. Thanks! Please contact us at t...@security.debian.org once the Wheezy update is ready. The packaging for wheezy is available in git: http://anonscm.debian.org/cgit/pkg-grass/freexl.git/log/?h=wheezy Is it OK to upload to wheezy-security? Yes, please build with -sa (since freexl is new in wheezy-security) and upload to security-master. I'll take care of the DSA. Cheers, Moritz ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
Bug#661914: FTBFS
Package: mapserver Version: 6.0.1-2 Severity: serious Your package fails to build from source: checking for vsnprintf... yes MapServer Version from mapserver.h: '6.0.1' checking if pkg-config path is provided... checking for pkg-config... /usr/bin/pkg-config checking for Freetype2.x in /usr... checking for FT_Init_FreeType in -lfreetype... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking ft2build.h usability... yes checking ft2build.h presence... yes checking for ft2build.h... yes configure: checking where Zlib is installed... checking for zlibVersion in -lz... yes using libz from system libs (-DUSE_ZLIB). configure: checking where PNG is installed... checking for png_init_io in -lpng... yes checking png.h usability... yes checking png.h presence... yes checking for png.h... yes using libpng from system libs. checking setjmp.h usability... yes checking setjmp.h presence... yes checking for setjmp.h... yes configure: checking where GIF is installed... checking for DGifOpenFileHandle in -lgif... yes checking gif_lib.h usability... yes checking gif_lib.h presence... yes checking for gif_lib.h... yes using libgif from system libs. configure: checking whether we should include JPEG support... configure: error: Could not find jpeglib.h or libjpeg.a/libjpeg.so/libjpeg.dylib in /usr. make: *** [configure-stamp] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] Bug#591346: Bug#591346: Allow the installation of libhdf5-serial and libhdf5-openmpi at the same time
severity 591346 important thanks On Thu, Aug 19, 2010 at 03:43:18PM +0200, Francesco P. Lovergine wrote: WTF is the reason to both depend on serial and parallel flavors at building time instead of the parallel version libhdf5-mpi-dev? Note that *if the ABI are compatible* is a wrong guess AFAIK: serial and parallel versions have different shlib sub-dependendecies. There are also many limitations in parallel edition: e.g. parallel edition does not support pluggable compression in writing and does not support variable length records, cannot coexists with threadsafe and C++, and so on. I think the only safe and clean approach would be having different lib names for MPI flavors, but upstream think differently at the moment. I'm not intentioned to diverge about that, which would require rdepends changing their building snippets forever in Debian, and adopt other dirty tricks. Both bugs marked as blocked have been fixed and transitioned to testing, resetting severity to important. Cheers, Moritz ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
[DebianGIS-dev] Bug#461673: FTBFS with GCC 4.3: missing #includes
tags 461673 patch thanks On Sun, Jan 20, 2008 at 10:14:12AM +0100, Martin Michlmayr wrote: Package: grass Version: 6.2.3-1 Usertags: ftbfs-gcc-4.3 Your package fails to build with GCC 4.3. Version 4.3 has not been released yet but I'm building with a snapshot in order to find errors and give people an advance warning. In GCC 4.3, the C++ header dependencies have been cleaned up. The advantage of this is that programs will compile faster. The downside is that you actually need to directly #include everything you use (but you really should do this anyway, otherwise your program won't work with any compiler other than GCC). There's some more information about this at http://gcc.gnu.org/gcc-4.3/porting_to.html You can reproduce this problem with gcc-4.3 or gcc-snapshot from unstable. Dear GIS maintainers, attached dpatch fixes compilation with GCC 4.3. Shall I NMU? Cheers, Moritz #! /bin/sh /usr/share/dpatch/dpatch-run ## Fix GCC 4.3 compatbility, jmm ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: No description. @DPATCH@ diff -aur grass-6.2.3.orig/raster/r.terraflow/IOStream/include/ami_stream.h grass-6.2.3/raster/r.terraflow/IOStream/include/ami_stream.h --- grass-6.2.3.orig/raster/r.terraflow/IOStream/include/ami_stream.h 2004-11-09 14:29:58.0 +0100 +++ grass-6.2.3/raster/r.terraflow/IOStream/include/ami_stream.h 2008-03-21 01:03:36.0 +0100 @@ -51,6 +51,7 @@ #include fcntl.h #include errno.h #include unistd.h +#include cstring #include iostream using namespace std; Only in grass-6.2.3/raster/r.terraflow/IOStream/include: ami_stream.h~ ___ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel