() failed: No such file or directory
Sat, 06 May 2017 08:45:30 +
This would happen if you ran "dak rm" from non-existent cwd.
Should be fixed by this:
https://salsa.debian.org/ftp-team/dak/commit/400066ea702d5185
--
Jakub Wilk
libdpkg-perl1.19.7
--
Jakub Wilk
compressed version of removals-full.822 available for
download.
--
Jakub Wilk
ls-full.822
$ grep-dctrl '' < removals-full.822 > /dev/null
$ echo $?
0
--
Jakub Wilk
that seems to fix it for me; but beware I have no
idea what I'm doing.
-- System Information:
Architecture: i386
Versions of packages fonts-terminus-otb depends on:
ii xfonts-utils 1:7.7+6
--
Jakub Wilk
--- unpacked/usr/share/fontconfig/conf.avail/71-enable-terminus.conf 2014-05-11 20:06
+dfsg-1~
This bug was found using adequate:
https://packages.debian.org/unstable/main/adequate
-- System Information:
Architecture: i386
Versions of packages libjs-jquery depends on:
ii node-jquery 3.5.0+dfsg-2
--
Jakub Wilk
inmode().
You want:
$ echo 包 | perl -E 'STDIN->binmode(":encoding(UTF-8)") or die; while(<>) {
s|\s+\n|\n|sg; print }'
Wide character in print at -e line 1, <> line 1.
包
or:
$ echo 包 | perl -E 'STDIN->binmode(":utf8") or die; while(<>) {
s|\s+\n|\n|sg; print }'
Wide character in print at -e line 1, <> line 1.
包
--
Jakub Wilk
3/dist-packages/apt_offline_core/AptOfflineCoreLib.py", line
45, in
import apt
ModuleNotFoundError: No module named 'apt'
Looks like dependency on python3-apt is missing.
--
Jakub Wilk
/usr/lib/i386-linux-gnu/openvpn/plugins/openvpn-plugin-down-root.so
This bug was found using adequate:
https://packages.debian.org/unstable/main/adequate
-- System Information:
Architecture: i386
--
Jakub Wilk
ture: i386
Versions of packages git depends on:
ii libc62.30-2
ii libcurl3-gnutls 7.68.0-1
ii libexpat12.2.9-1
ii libpcre2-8-0 10.34-7
ii zlib1g 1:1.2.11.dfsg-2
ii perl 5.30.0-9
ii liberror-perl0.17029-1
ii git-man 1:2.26.0~rc2-1
1:4.2-3
ii qemu-system-data 1:4.2-3
ii seabios 1.13.0-1
ii zlib1g1:1.2.11.dfsg-2
--
Jakub Wilk
quot;
$ md5sum "$x"
\d41d8cd98f00b204e9800998ecf8427e foo\nbar
--
Jakub Wilk
Source: freetype
Version: 2.10.1-2
Severity: wishlist
Tags: patch
Upstream provides xz-compressed tarballs which are significantly smaller
than gzipped ones. Please switch to .tar.xz by the next upstream
release.
--
Jakub Wilk
diff -Nru freetype-2.10.1/debian/watch freetype-2.10.1/debian
chitecture: i386
--
Jakub Wilk
-l
0
--
Jakub Wilk
Package: lintian
Version: 2.55.0
Severity: minor
These "B<...>" formatting codes shouldn't be visible in the man page:
$ man lintian | grep 'B<'
B<-L> ">=important" B<-L> "+>=normal/possible" B<-L>
"+minor/certain"
--
Jakub Wilk
t -Y 'echo DISPLAY=$DISPLAY'
Warning: No xauth data; using fake authentication data for X11 forwarding.
DISPLAY=localhost:10.0
--
Jakub Wilk
-12_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
--
Jakub Wilk
ii libgnutls30 3.6.11.1-2
ii libseccomp2 2.4.2-2
ii libstdc++6 9.2.1-23
--
Jakub Wilk
:
Setting up resolvconf...failed (/run/resolvconf is neither a directory nor a
symbolic link).
-- System Information:
Architecture: i386
Versions of packages resolvconf depends on:
ii lsb-base 11.1.0
ii debconf 1.5.73
--
Jakub Wilk
--- /etc/init.d/resolvconf 2019-12-10 16:45
d is required by internetarchive
-- System Information:
Architecture: i386
Versions of packages internetarchive depends on:
ii python3 3.7.5-3
ii python3-internetarchive 1.8.5-1
--
Jakub Wilk
py:68: SyntaxWarning: "is not" with
a literal. Did you mean "!="?
if prompt[-1] is not ' ':
-- System Information:
Architecture: i386
Versions of packages python3-clint depends on:
ii python3-args 0.1.0-3
ii python3 3.7.5-3
--
Jakub Wilk
Source: coreutils
Version: 8.30-3
Severity: wishlist
Please add
Homepage: https://www.gnu.org/software/coreutils/
to debian/control.
--
Jakub Wilk
Package: tran
Version: 4-1
Severity: grave
tran no longer works in unstable:
$ echo foo | tran
Conflict for [ა] in mtavruli>latin, it resolves to [a] and [a]
-- System Information:
Architecture: i386
--
Jakub Wilk
Package: git-man
Version: 1:2.24.0-1
Severity: minor
Please fix this FIXME:
$ man git-subtree | head -n 1
GIT-SUBTREE(1) [FIXME: manual] GIT-SUBTREE(1)
--
Jakub Wilk
* Santiago Vila , 2019-11-21, 13:55:
you seem to be the upstream author,
Indeed.
would you consider adopting it?
No. Sorry!
--
Jakub Wilk
idea what I'm doing.
-- System Information:
Architecture: i386
Versions of packages vim-runtime recommends:
ii vim 2:8.1.2269-1
ii vim-gtk32:8.1.2269-1
--
Jakub Wilk
diff --git a/syntax/debchangelog.vim b/syntax/debchangelog.vim
index eb82613..3b6213c 100644
--- a/syntax/debchangelog
386
Versions of packages bubblewrap depends on:
ii libc62.29-3
ii libcap2 1:2.27-1
ii libselinux1 2.9-3
--
Jakub Wilk
onfigure the triggering package immediately, without waiting for the
trigger to be run.
This declaration is correct, because running ldconfig shouldn't have any
effect on software functionality, unless there's a bug somewhere else.
--
Jakub Wilk
lt; /dev/null
to make msmtp send unencrypted password to a proxy server of the
attacker's choice.
--
Jakub Wilk
PLAIN AGFsaWNlAGh1bnRlcjI=
...
$ base64 -d <<< 'AGFsaWNlAGh1bnRlcjI=' | tr '\0' ':'; echo
:alice:hunter2
--
Jakub Wilk
* Santiago Vila , 2019-10-27, 17:45:
https://people.debian.org/~sanvila/build-logs/didjvu/
[...]
Please advise if it's ok to repoen this bug or a new one should be
filed instead.
It's an entirely different bug; I've filed #943695.
--
Jakub Wilk
The test in question needs the time zone database to work correctly, but
it was not available in the build environment.
Please add "tzdata" to Build-Depends to fix this.
--
Jakub Wilk
Package: jq
Version: 1.6-1
Severity: minor
$ dpkg -L jq | xargs -n1 file 2>&1 | grep -w broken
/usr/share/doc/jq/README: broken symbolic link to README.md
-- System Information:
Architecture: i386
Versions of packages jq depends on:
ii libjq1 1.6-1
ii libc6 2.29-2
--
Jakub Wilk
Architecture: i386
Versions of packages perl depends on:
ii dpkg 1.19.7
ii perl-base 5.30.0-6
ii perl-modules-5.30 5.30.0-6
ii libperl5.30 5.30.0-6
--
Jakub Wilk
* Thorsten Glaser , 2019-10-08, 13:57:
setting effective gid to 32767: Invalid argument at /usr/bin/adequate
line 1070.
That's probably #941985.
--
Jakub Wilk
to make it work by using the name of the
deskop file:
org.gnome.Evince:application/pdf
Admittedly this is neither intuitive nor (AFAIK) documented anywhere.
:-/
In the mean time, someone opened #935426 asking for documentation
update.
--
Jakub Wilk
on:
ii libc6 2.29-2
--
Jakub Wilk
perlmain.c:122
-- System Information:
Architecture: i386
Versions of packages libterm-readline-gnu-perl depends on:
ii perl5.28.1-6
ii libc6 2.29-2
ii libreadline88.0-3
ii libtinfo6 6.1+20190803-1
--
Jakub Wilk
#!/usr/bin/perl
use Term::ReadLine;
my $t
Control: tags -1 + fixed-upstream
sinntp 1.6 switched to Python 3.
--
Jakub Wilk
1
Versions of packages rss2email recommends:
ii python3-bs4 4.8.0-1
Versions of packages rss2email suggests:
ii esmtp 1.2-17
--
Jakub Wilk
Package: exfalso
Version: 4.2.1-1
"operon edit" doesn't work out of the box for me:
$ operon edit foobar.mp3
edit: Starting text editor 'nano' failed.
As per Policy §11.4, it should call "editor", not "nano".
--
Jakub Wilk
Package: cron
Version: 3.0pl1-134
Tags: patch
--
Jakub Wilk
From 999fe1caa6bb96a3dca44b3727a2c590b5cf7b8c Mon Sep 17 00:00:00 2001
From: Jakub Wilk
Date: Mon, 12 Aug 2019 09:13:43 +0200
Subject: [PATCH 1/2] crontab.5: Fix misuse of en-dash in examples
Use ASCII hyphen-minus instead of en-dash
to make it work by using the name of the deskop
file:
org.gnome.Evince:application/pdf
Admittedly this is neither intuitive nor (AFAIK) documented anywhere. :-/
--
Jakub Wilk
hunspell
ii less 487-0.1+b1
un most
--
Jakub Wilk
Control: reassign -1 mosh 1.3.2-2.1
Control: affects -1 + irssi
This happens because mosh doesn't implement the repetition operator (see
bug #933053).
Minimal reproducer:
$ printf 'mo\33[5b\n'
mo
But in xterm proper it is:
$ printf 'mo\33[5b\n'
moo
--
Jakub Wilk
-live.alioth.debian.org/live-build/
...
Please give them a warning.
--
Jakub Wilk
es debdate depends on:
ii python3-dateutil 2.7.3-3
ii python3 3.7.3-1
Versions of packages debdate recommends:
ii distro-info-data 0.41
--
Jakub Wilk
-- System Information:
Architecture: i386
--
Jakub Wilk
62.24-11+deb9u4
ii libgnutls30 3.5.8-5+deb9u4
ii libidn11 1.33-1
ii libnettle6 3.3-1+b2
ii libpcre3 2:8.39-3
ii libpsl5 0.17.0-3
ii libuuid1 2.29.2-1+deb9u1
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages wget recommends:
ii ca-certificates 20161130+nmu1+deb9u1
--
Jakub Wilk
* Thomas Dickey , 2019-06-05, 18:57:
A "typescript" from the "script" program would show what escape
sequences irrsi is using when producing the problematic image.
Attached.
--
Jakub Wilk
bad_6.1+20181013-2.typescript
Description: Binary data
good_6.0+20161126
far.
--
Jakub Wilk
.
Downgrading ncurses-base base to the stretch version
(6.0+20161126-1+deb9u2) fixes it for me.
-- System Information:
Debian Release: 9.9
Architecture: amd64 (x86_64)
--
Jakub Wilk
atchutils 0.3.4-2
ii perl 5.28.1-6
ii t1utils1.41-3
ii xz-utils 5.2.4-1
--
Jakub Wilk
newline_1_all.deb
Description: application/vnd.debian.binary-package
ere:
https://github.com/jwilk/newline.deb
-- System Information:
Architecture: i386
Versions of packages dpkg depends on:
ii libbz2-1.0 1.0.6-9
ii libc62.28-10
ii liblzma5 5.2.4-1
ii libselinux1 2.8-1+b1
ii zlib1g 1:1.2.11.dfsg-1
ii tar 1.30+dfsg-6
--
Jakub Wilk
/20180624202111/https://sources.debian.org/src/bash/
--
Jakub Wilk
. Huh?
-- System Information:
Architecture: i386
Versions of packages gammu depends on:
ii libbluetooth35.50-1
ii libc62.28-8
ii libcurl3-gnutls 7.64.0-2
ii libgammu81.40.0-1
ii libglib2.0-0 2.58.3-1
ii libgudev-1.0-0 232-2
--
Jakub Wilk
the latter. As a data point, there's already a lot of
software under this license in Debian:
https://codesearch.debian.net/search?q=%2Funlicense%5B.%5Dorg%2F+path%3Adebian%2Fcopyright
--
Jakub Wilk
This package installs "tx" and "rx" executables, but these names are
already taken:
$ apt-file search -x '/bin/[tr]x$'
lrzsz: /usr/bin/rx
transifex-client: /usr/bin/tx
The prospective packager should talk to upstream about renaming the
exe
/dev/pts/0 doesn't exist when nothing is using ptys at the moment;
indeed, evidently it didn't exist when this package was built on
buildds.
So regenerating autotools files is strictly required after all.
No-change rebuilds wouldn't be sufficient.
--
Jakub Wilk
diff -Nru zssh-1.5c.debian.1/deb
hooses in not adequate:
https://github.com/indutny/miller-rabin/issues/9
--
Jakub Wilk
libc62.28-8
ii libgcc1 1:8.3.0-4
--
Jakub Wilk
'/usr/bin/imagetops', which is also in package netpbm
2:10.0-15.3+b2
Errors were encountered while processing:
/tmp/apt-dpkg-install-HhGtJC/7-leptonica-progs_1.78.0-1_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
--
Jakub Wilk
the communication pipe out of /tmp.
-- System Information:
Architecture: i386
--
Jakub Wilk
#!/bin/sh
set -e -u
cd /tmp
getent passwd | while IFS=: read -r user _ uid _
do
fifo="doublecmd--$uid"
rm -f "$fifo" || true # maybe stale fifo from the previous exploit run?
"put the fifo in
$HOME" in src/utils.c), to this should be a matter of disabling the /tmp
codepath.
--
Jakub Wilk
Package: librust-rustc-version-dev
Version: 0.2.3-1
a installed -> an installed
--
Jakub Wilk
splitting were added in the same commit:
https://github.com/torvalds/linux/commit/74aadce986052f20088c2678f589ea0e8d3a4b59
So corekeeper wouldn't work on kernels without %c anyway.
--
Jakub Wilk
work because
the lock is acquired before dropping privileges.
--
Jakub Wilk
* Ritesh Raj Sarraf , 2019-03-18, 20:06:
Do you use apport ?
No.
Or have interest for it in Debian ?
Also no.
--
Jakub Wilk
(bad idea...), so the sticky
bit is needed so that the user can delete their own core dumps.
I've filed #924692 and #924693 so far, but there's probably more.
--
Jakub Wilk
crash/$owner/$core"
(I'll leave wrapping this in su(1) as an exercise to reader. :-P)
You will also need special cases when the limit is 0, and when there's
no limit.
--
Jakub Wilk
, and then the
"Something is majorly broken" path would be taken.
--
Jakub Wilk
.
* corekeeper doesn't enforce this limit on its own either.
--
Jakub Wilk
* Jakub Wilk , 2019-03-15, 23:35:
+for arg; do
+ case "$1" in
Ooops, that should be "$arg", not "$1".
BTW, what is the uid variable for? It's not used anywhere...
--
Jakub Wilk
* Paul Wise , 2019-03-15, 12:56:
I decided to just check if the arguments are integers, attached the
patch.
I like the idea, but how about the attached patch instead?
It's less repetitive, the diff is smaller, and it's hopefully slightly
easier to understand.
--
Jakub Wilk
diff --git
/
Please make the lock file accessible only to root.
--
Jakub Wilk
Package: apport
Version: 2.20.4-5
Tags: security
Apport tries to create /var/crash/.lock if doesn't exist already. But
/var/crash/ is world-writable, so a malicious local user could do:
ln -sf /nonexistent /var/crash/.lock
to prevent Apport from creating the lock file.
--
Jakub Wilk
rash
OTOH, this directory is only accessible to trusted users on stock
FreeBSD:
drwxr-x--- 2 root wheel 2 Jul 2 2018 /var/crash/
So I imagine there's software out there that assumes this directory has
safe permissions.
What a mess...
--
Jakub Wilk
d or prepend a character to %d to make sure the argument
won't disappear after %-expansion, for example:
|/usr/lib/corekeeper/dump +%d %u %p-%u-%g-%s-%t-%h-%E.core
Keeping the number of arguments (almost) constant should also make
parsing easier.
--
Jakub Wilk
+ if [ ! -e $(script) ; then chmod 1777 debian/corekeeper/var/crash ; fi
This never does anything, because closing square bracket is missing:
/bin/sh: 1: [: missing ]
Also, it looks like dpkg doesn't update directory permissions on
upgrade. Ugh. :-(
--
Jakub Wilk
1
fi
The majorly broken thing is, unfortunately, the Linux kernel. It does
argument splitting only _after_ it expanded the macros. If the
executable name contains spaces, you will get more than 2 or 3
arguments. On kernels that don't support %d, this allows an attacker to
control the "owner" variable.
--
Jakub Wilk
ns (700) is probably
also a good idea.
--
Jakub Wilk
a proof-of-concept exploit.
--
Jakub Wilk
#!/bin/sh
set -e -u
if ! command -v xeyes > /dev/null
then
printf 'xeyes(1) not found. Please install x11-apps.\n' >&2
exit 1
fi
cd /tmp
basedir=$(mktemp -d tvtime-exploit.XX)
chmod 755 "$basedir"
mkfifo -m 644 "$basedir/cmd
Package: tvtime
Version: 1.0.11-4
The first item in the FILES section of the tvtime(1) manual page is:
/tvtime/tvtime.xml
This file doesn't exist of course. I think it should be:
/etc/tvtime/tvtime.xml
--
Jakub Wilk
Package: python3-periodictable
Version: 1.5.0-7
python3-periodictable has "python-python-periodictable-doc" in Suggests.
That's one "python-" too many.
--
Jakub Wilk
in the container. (Though I couldn't find any way to
exploit this without disabling protected_symlinks.)
--
Jakub Wilk
* Axel Beckert , 2019-03-01, 01:12:
Jakub Wilk wrote:
I request an adopter for the adequate package. (Note that RFA != O.
Talk to me before taking over this package.)
I wrote this in May 2015.
Then, in May 2016, I orphaned the package.
In June 2016, Paul Wise declared his intention to adopt
ripts package,
version ###VERSION###
/usr/bin/pts-unsubscribe:"This is $PROGNAME, from the Debian devscripts
package, version ###VERSION###
-- System Information:
Architecture: i386
--
Jakub Wilk
liburi-perl 1.76-1
ii libwww-perl 6.36-1
--
Jakub Wilk
are/perl5/Pod/POM.pm line 193.
-- System Information:
Architecture: i386
Versions of packages libpod-pom-perl depends on:
ii perl 5.28.1-4
--
Jakub Wilk
Package: devscripts
Version: 2.19.3
Tags: patch
--
Jakub Wilk
From 1e66c5262bb46f325a2778849c1faef27ff915d3 Mon Sep 17 00:00:00 2001
From: Jakub Wilk
Date: Fri, 22 Feb 2019 15:16:48 +0100
Subject: [PATCH] genmanpage.pl: Fix whitespace stripping regexp
Fixes weird spacing in devscripts(1) man
Control: found -1 60.5.1esr-1~deb9u1
* Jakub Wilk , 2019-01-31, 18:52:
On <https://shaka-player-demo.appspot.com/demo/>, I get "Firefox is
installing components needed to play the audio or video on this page.
Please try again later." all the time.
This is still happening.
--
Jakub Wilk
Package: perl
Version: 5.28.1-4
As per Policy §11.4, the default editor should be "editor", not "vi".
-- System Information:
Architecture: i386
--
Jakub Wilk
libncursesw6 6.1+20181013-2
ii libreadline7 7.0-5
ii libtinfo6 6.1+20181013-2
ii install-info 6.5.0.dfsg.1-4+b1
--
Jakub Wilk
pres URxvt
*customization: -color
(The "customization" line comes from /etc/X11/Xresources/x11-common.)
The effect is quite subtle, so I can imagine some people might not
notice it.
--
Jakub Wilk
1
ii base-passwd 3.5.46
ii ncurses-base 6.1+20181013-2
ii ncurses-term 6.1+20181013-2
--
Jakub Wilk
ii libxft2 2.3.2-2
ii libxrender1 1:0.9.10-1
ii base-passwd 3.5.46
ii ncurses-base 6.1+20181013-2
ii ncurses-term 6.1+20181013-2
--
Jakub Wilk
2.3.2-2
ii libxrender1 1:0.9.10-1
ii base-passwd 3.5.46
ii ncurses-base 6.1+20181013-2
ii ncurses-term 6.1+20181013-2
--
Jakub Wilk
Source: irssi
Severity: wishlist
I'd love to have Irssi 1.2.0 in Debian.
https://irssi.org/2019/02/11/irssi-1.2.0-released/
--
Jakub Wilk
a0
ii libgssapi-krb5-2 1.15-1+deb9u1
ii libgtk2.0-02.24.31-2
pn pulseaudio
--
Jakub Wilk
401 - 500 of 7735 matches
Mail list logo