date:20050118

Bug#291132: perdition: FTBFS: Using non PIC code in shared lib.

2005-01-18 Thread Horms

On Tue, Jan 18, 2005 at 11:48:26PM +0100, Kurt Roeckx wrote:
> Package: perdition
> Version: 1.15-4
> Severity: serious
> 
> Hi,
> 
> Your package is failing to build because it's contains
> non PIC code.  Here is an extraction from the log file:
> 
> gcc -shared  .libs/perditiondb_daemon.o .libs/unix_socket.o  -ldb 
> -L/build/buil
> dd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet  -Wl,-soname
> -Wl,libperditiondb_daemon.so.0 -o .libs/libperditiondb_daemon.so.0.0.0  -ldb 
> -L
> /build/buildd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet
> /usr/bin/ld: 
> /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_da
> emon_packet.a(packet.o): relocation R_PARISC_DPREL21L can not be used when 
> maki
> ng a shared object; recompile with -fPIC
> /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_daemon_packet.a
> : could not read symbols: Bad value
> collect2: ld returned 1 exit status
> make[5]: *** [libperditiondb_daemon.la] Error 1
> 
> It's saying that packet.o is build without -fPIC.
> 
> 
> Please note that static libs need to be build without -fPIC and
> shared libs with.

Thanks, I will fix this up.

-- 
Horms


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: version is only in sid

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 290236 sid
Bug#290236: ldaptor: FTBFS: Test failures (Missing Build-Depends?)
There were no tags set.
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291125: marked as done (vim: temporary file vulnerabilities (CAN-2005-0069))

2005-01-18 Thread Debian Bug Tracking System

Your message dated Wed, 19 Jan 2005 02:17:20 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#289560: fixed in vim 1:6.3-058+1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 21:48:15 +
>From [EMAIL PROTECTED] Tue Jan 18 13:48:14 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr1Cw-0008RO-00; Tue, 18 Jan 2005 13:48:14 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 1837017E9E
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 21:48:13 + (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 4F33C6F23C; Tue, 18 Jan 2005 16:50:17 -0500 (EST)
Date: Tue, 18 Jan 2005 16:50:17 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: vim: temporary file vulnerabilities (CAN-2005-0069)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="XF85m9dhOBO43t/C"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--XF85m9dhOBO43t/C
Content-Type: multipart/mixed; boundary="CE+1k2dSO48ffgeK"
Content-Disposition: inline


--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: vim
Version: 1:6.3-054+1
Severity: grave
Tags: patch security

As described in the Ubuntu advisory below, vim's tcltags and vimspell
scripts use temp files insecurely. I've attached a patch I extraced from
the Ubuntu diff.

- Forwarded message from Martin Pitt <[EMAIL PROTECTED]> -

=46rom: Martin Pitt <[EMAIL PROTECTED]>
Date: Tue, 18 Jan 2005 17:56:58 +0100
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Subject: [USN-61-1] vim vulnerabilities
User-Agent: Mutt/1.5.6+20040907i

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-61-1January 18, 2005
vim vulnerabilities
CAN-2005-0069
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

kvim
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

The problem can be corrected by upgrading the affected package to
version 1:6.3-025+1ubuntu2.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fern=E1ndez-Sanguino Pe=F1a noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2.diff.gz
  Size/MD5:   425421 ee7e4653fb70fd45329bf5773e610ad6
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2.dsc
  Size/MD5: 1122 9bd9428dd29c8aa562f4b97566b9a05a
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
  Size/MD5:  5624622 de1c964ceedbc13538da87d2d73fd117

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1u=
buntu2.2_all.deb
  Size/MD5:  3421084 8dc7b200376add6ccb2896e2f6e80e0d
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubun=
tu2.2_all.deb
  Size/MD5:  1646686 2c2716a1dad40612baaaf28ebc0de3a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/v/v

Bug#289560: marked as done (vim: Race conditions and symlink attacks in vim (tcltags and vimspell))

2005-01-18 Thread Debian Bug Tracking System

Your message dated Wed, 19 Jan 2005 02:17:20 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#289560: fixed in vim 1:6.3-058+1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 9 Jan 2005 20:05:29 +
>From [EMAIL PROTECTED] Sun Jan 09 12:05:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from tornado.dat.etsit.upm.es (dat.etsit.upm.es) [138.100.17.73] 
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CnjJY-xF-00; Sun, 09 Jan 2005 12:05:28 -0800
Received: (qmail 5683 invoked by uid 1013); 9 Jan 2005 20:05:26 -
Date: Sun, 9 Jan 2005 21:05:26 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Bram Moolenaar <[EMAIL PROTECTED]>
Subject: vim: Race conditions and symlink attacks in vim (tcltags and vimspell)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="2B/JsCI69OhZNC5r"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--2B/JsCI69OhZNC5r
Content-Type: multipart/mixed; boundary="AhhlLboLdkugWU4S"
Content-Disposition: inline


--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: vim
Version: 1:6.3-046+1
Severity: minor
Tags: patch security sid woody sarge

Hi there,

Reviewing vim as part of the security audit the Audit team [1] is=20
conducting I've found what I believe are some race conditions and symlink=
=20
attacks through temporary files in vim. They appear in two scripts which=20
are not installed in Debian in binary locations (they are installed under
/usr/share/doc/vim/tools/) but are provided with execute permissions.

That's mainly why I'm opening this bug up in Debian's BTS and not=20
contacting the security team directly although the code is present in all=
=20
vim releases in Debian.

These appear in:

1.- the tcltags script (runtime/tools/tcltags):
(...)
11 tmp_tagfile=3D/tmp/${program_name}.$$
(...)
130 sed -e "/^!_TAG_FILE_SORTED/s/  [01]/   $sorted /"=
=20
\
131 -e "/^!_TAG_FILE_FORMAT/s/  1   /   $format /"=
=20
\
132 $tagfile > $tmp_tagfile


2.- the vimspell script (runtime/tools/vimspell.sh)

 16 OUTFILE=3D/tmp/vimspell.$$
 17 # if you have "tempfile", use the following line
 18 #OUTFILE=3D`tempfile`
(...)
 30 spell $SPELL_ARGS $INFILE | sort -u |
 31 awk '
 32   {
 33 printf "syntax match SpellErrors \"\\<%s\\>\"\n", $0 ;
 34   }
 35
 36 END   {
 37 printf "highlight link SpellErrors ErrorMsg\n\n" ;
 38   }
 39 ' > $OUTFILE
 40 echo "!rm $OUTFILE" >> $OUTFILE
 41 echo $OUTFILE

Since these are tools that are run from vim, an attacker can get a=20
good-enough approximation of the PIDs that will be used in these temporary=
=20
files and can conduct a symlink attack if these tools are used.

The attached patch should fix both of these issues, I've taken the=20
approach implemented in vimtutor, but modified it slightly for vimspell as=
=20
the temporary file cannot be removed by the script (vim removes it) when=20
mktemp and tempfile are not avilable, there will still be a race condition=
=20
in the script. Since most GNU/Linux and UNIX  operating systems seem to=20
have either one I don't think it's a big issue, however.

Best regards

Javier

--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="vim-6.3.diff"
Content-Transfer-Encoding: quoted-printable

diff -Nru vim-6.3.old/vim63/runtime/tools/tcltags vim-6.3/vim63/runtime/too=
ls/tcltags
--- vim-6.3.old/vim63/runtime/tools/tcltags 1999-08-01 14:01:46.0 +=
0200
+++ vim-6.3/vim63/runtime/tools/tcltags 2005-01-09 20:41:41.0 +0100
@@ -8,7 +8,31 @@
 program_version=3D"0.3"
 program_author=3D"Darren Hiebert"
 author_email=3D"[EMAIL PROTECTED]"
-tmp_tagfile=3D/tmp/${program_name}.$$
+tmp=3D"${TMPDIR-/tmp}"
+tmp_tagfile=3D`mktemp -t $tmp/tcltagXX || tempfile -p tclag || echo no=
ne`
+
+# I

Bug#291140: poedit: FTBFS: Missing dependency?

2005-01-18 Thread Christian Perrier

tags 291140 sid
thanks

Quoting Kurt Roeckx ([EMAIL PROTECTED]):
> Package: poedit
> Version: 1.3.1-5
> Severity: serious
> 
> Hi,
> 
> Your package is failing to build with the following error:
> cp -f /usr/share/aclocal/wxwin.m4 ./admin/
> cp: cannot stat `/usr/share/aclocal/wxwin.m4': No such file or directory
> make: *** [autotools] Error 1
> 
> This looks like a missing build dependency on wx2.5-common.


This, of course, only affects sid. Hence tagging the bug.

Anyway, I'm taking care of it so no need for any bugsquasher to waste
time on the time, of course.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291140: poedit: FTBFS: Missing dependency?

2005-01-18 Thread Christian Perrier

Quoting Kurt Roeckx ([EMAIL PROTECTED]):
> Package: poedit
> Version: 1.3.1-5
> Severity: serious
> 
> Hi,
> 
> Your package is failing to build with the following error:
> cp -f /usr/share/aclocal/wxwin.m4 ./admin/
> cp: cannot stat `/usr/share/aclocal/wxwin.m4': No such file or directory
> make: *** [autotools] Error 1
> 
> This looks like a missing build dependency on wx2.5-common.


Sure. This was obviously forgotten in the hunting of #285940. Thanks
for reporting. I was unfortunately more or less expecting something
similar..:-(




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291166: rosegarden4: will not load any files

2005-01-18 Thread Brian May

> "Brian" == Brian May <[EMAIL PROTECTED]> writes:

Brian> Package: rosegarden4
Brian> Version: 0.9.9-1
Brian> Severity: grave
Brian> Justification: renders package unusable

Brian> I upgraded from rosegarden4 version 0.9.6-2 to 0.9.9 (both
Brian> in sarge), and now it won't let me load any rg files
Brian> (including the sample files supplied).

Now I am really confused. After playing around with rosegarden 0.9.9
for a while, all the problems I reported in this bug report suddenly
disappeared.

I don't know what I did to fix the problems, all I did was save a file
in 0.9.9 and load it. Not only did that file load, but all my other
files load now, too.

Feel free to downgrade this bug unless you can work out what went
wrong ;-).

The other bug report still stands.
-- 
Brian May <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#291140: poedit: FTBFS: Missing dependency?

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 291140 sid
Bug#291140: poedit: FTBFS: Missing dependency?
There were no tags set.
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291136: capi4hylafax: FTBFS: Missing build dependencies

2005-01-18 Thread Steve Langasek

reassign 291136 libtiff4-dev
thanks

Hi Jay,

This build failure in capi4hylafax is caused by the new upstream version of
libtiff4 introducing the use of libtool.  The presence of .la files in a
-dev package means that this -dev package must depend on the -dev packages
referenced by those .la files; otherwise, any software using libtool (which
seems to be a healthy majority of software in Debian, now) will fail to
build with the same error shown in this log.

Please make libtiff4-dev depend on the appropriate libjpeg dev package.

Because this bug causes regressions in tiff-related packages, it is
release-critical, and this bug will hold the new version of tiff out of
testing until it is fixed.

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Processed: Re: capi4hylafax: FTBFS: Missing build dependencies

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> reassign 291136 libtiff4-dev
Bug#291136: capi4hylafax: FTBFS: Missing build dependencies.
Bug reassigned from package `capi4hylafax' to `libtiff4-dev'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290798: marked as done (kernel-package: grub configuration wrong when root partion is on a SATA/libata disk)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Wed, 19 Jan 2005 00:02:08 -0600
with message-id <[EMAIL PROTECTED]>
and subject line Bug#290798: kernel-package: grub configuration wrong when root 
partion is on a SATA/libata disk
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 16 Jan 2005 19:17:55 +
>From [EMAIL PROTECTED] Sun Jan 16 11:17:55 2005
Return-path: <[EMAIL PROTECTED]>
Received: from gibson.q2s.ntnu.no [129.241.205.18] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqFuM-0002vq-00; Sun, 16 Jan 2005 11:17:55 -0800
Received: from ansatt6.q2s.ntnu.no (ansatt6.q2s.ntnu.no [129.241.205.56])
by gibson.q2s.ntnu.no (Postfix) with ESMTP
id 224E71760C; Sun, 16 Jan 2005 20:17:52 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: =?iso-8859-15?q?Bj=F8rnar_Lib=E6k?= <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kernel-package: grub configuration wrong when root partion is on a
 SATA/libata disk
X-Mailer: reportbug 3.2
Date: Sun, 16 Jan 2005 20:16:19 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel-package
Version: 8.111
Severity: critical
Justification: breaks the whole system

The libata driver uses scsi naming (e.g. /dev/sda) for SATA 
devices, but when making a menu.lst (grub configuration file), 
make-kpkg uses ATA naming (e.g /dev/hde) for such devices. 
When root partition is located on a SATA device, this causes a 
kernel panic at boot because root partiotion is not found by 
the bootloader. 

This problem ocured when running 2.4 kernel not using the libata 
driver, and building a 2.6 kernel with libata included. 

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.22-07sept03
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages kernel-package depends on:
ii  dpkg 1.10.25 Package maintenance system for Deb
ii  dpkg-dev 1.10.23 Package building tools for Debian
ii  gcc [c-compiler] 4:3.3.5-1   The GNU C compiler
ii  gcc-2.95 [c-compiler]1:2.95.4-22 The GNU C compiler
ii  gcc-3.0 [c-compiler] 1:3.0.4-7   The GNU C compiler.
ii  gcc-3.3 [c-compiler] 1:3.3.5-5   The GNU C compiler
ii  gcc-3.4 [c-compiler] 3.4.2-2 The GNU C compiler
ii  make 3.80-9  The GNU version of the "make" util
ii  perl 5.8.4-3 Larry Wall's Practical Extraction 

-- no debconf information

---
Received: (at 290798-done) by bugs.debian.org; 19 Jan 2005 06:12:55 +
>From [EMAIL PROTECTED] Tue Jan 18 22:12:55 2005
Return-path: <[EMAIL PROTECTED]>
Received: from host-12-107-230-171.dtccom.net 
(glaurung.internal.golden-gryphon.com) [12.107.230.171] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr95L-0001FF-00; Tue, 18 Jan 2005 22:12:55 -0800
Received: from glaurung.internal.golden-gryphon.com ([EMAIL PROTECTED] 
[127.0.0.1])
by glaurung.internal.golden-gryphon.com (8.13.2/8.13.2/Debian-1) with 
ESMTP id j0J62N5I013682
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
Wed, 19 Jan 2005 00:02:34 -0600
Received: (from [EMAIL PROTECTED])
by glaurung.internal.golden-gryphon.com (8.13.2/8.13.2/Submit) id 
j0J6280o013671;
Wed, 19 Jan 2005 00:02:08 -0600
X-Authentication-Warning: glaurung.internal.golden-gryphon.com: srivasta set 
sender to [EMAIL PROTECTED] using -f
From: Manoj Srivastava <[EMAIL PROTECTED]>
To: =?iso-8859-1?q?Bj=F8rnar_Lib=E6k?= <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Bug#290798: kernel-package: grub configuration wrong when root
 partion is on a SATA/libata disk
Organization: The Debian Project
References: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux)
 (i686-pc-linux-gnu)
X-URL: http://www.debian.org/%7Esrivasta/
Mail-Copies-To: nobody
X-Hashcash: 1:24:050119:[EMAIL 
PROTECTED]::8kFrLpE/aI+RSao5:000Q

Bug#291166: rosegarden4: will not load any files

2005-01-18 Thread Brian May

Package: rosegarden4
Version: 0.9.9-1
Severity: grave
Justification: renders package unusable

Hello,

I upgraded from rosegarden4 version 0.9.6-2 to 0.9.9 (both in sarge),
and now it won't let me load any rg files (including the sample files
supplied).

1. When starting, I first get an error "Error when parsing file
'/usr/share/apps/rosegarden/autoload.rg': error occured while parsing
element at line 1, column 1".

2. When I select file open, I get the error "Could not find mime type
application/octet-stream", followed by "No mime types installed".

3. Then when I try to open any files, I get the same error as above (but
for the different file).

Curiously, importing *.mid files works.

Downgrading to version 0.9.6-2 fixes issue 1 and 3 but not 2, so
it is possible another package broke my mime setup somehow
(what file should I be looking at here?). I am not sure if issue 2
is the same thing.

rosegarden4 generates huge amounts of debugging output, e.g. for
the session above (not sure if this is going to help...).

If there is any more information I can provide, please ask.

rosegarden: main: Showing startup logo
rosegarden: RosegardenGUIDoc::syncDevices - waiting for Sequencer to come up
rosegarden (sequencer): SequencerMmapper : setting size of 
/tmp/kde-bam//rosegarden_sequencer_timing_block to 91012
rosegarden (sequencer): SequencerMmapper : mmap size : 91012 at 0x41b45000
rosegarden (sequencer): SequencerMmapper::init()
rosegarden (sequencer): Registering with DCOP server
Rosegarden 0.9.9 - AlsaDriver - alsa-lib version 1.0.4

JackDriver::initialiseAudio - JACK server not running

  ALSA Client information:

128,0 - (TiMidity, TiMidity port 0) (WRITE ONLY) [ctype 1, ptype 2, 
cap 66]
128,1 - (TiMidity, TiMidity port 1) (WRITE ONLY) [ctype 1, ptype 2, 
cap 66]
128,2 - (TiMidity, TiMidity port 2) (WRITE ONLY) [ctype 1, ptype 2, 
cap 66]
128,3 - (TiMidity, TiMidity port 3) (WRITE ONLY) [ctype 1, ptype 2, 
cap 66]

Creating device 0 in Play mode for connection 128:0 TiMidity port 0 (write)
Default device name for this device is MIDI software device
Creating device 1 in Play mode for connection 128:1 TiMidity port 1 (write)
Default device name for this device is MIDI software device 2
Creating device 2 in Play mode for connection 128:2 TiMidity port 2 (write)
Default device name for this device is MIDI software device 3
Creating device 3 in Play mode for connection 128:3 TiMidity port 3 (write)
Default device name for this device is MIDI software device 4
AlsaDriver::setCurrentTimer((auto))
Current timer set to "system timer"
WARNING: using system timer with only 100Hz resolution!
AlsaDriver::initialiseMidi -  initialised MIDI subsystem

rosegarden (sequencer): RosegardenSequencer - started OK
AlsaDriver::reportFailure(6)
rosegarden (sequence manager): ControlBlockMmapper : Couldn't open 
/tmp/kde-bam//rosegarden_control_block
WARNING: Rosegarden::Exception: "Couldn't open 
/tmp/kde-bam//rosegarden_control_block"
rosegarden: RosegardenGUIDoc::syncDevices - devices = 4
rosegarden: RosegardenGUIDoc::syncDevices - i = 0
SoundDriver::getMappedDevice(0) - name = "MIDI software device" type = 0 
direction = 0 connection = "128:0 TiMidity port 0 (write)" recording = 0
rosegarden: RosegardenGUIDoc::getMappedDevice - adding MIDI Device "MIDI 
software device" id = 0 direction = 0 recording = false
rosegarden: RosegardenGUIDoc::getMappedDevice - got "128:0 TiMidity port 0 
(write)", direction 0 recording false
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2000
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2001
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2002
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2003
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2004
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2005
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2006
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2007
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2008
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2009
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2010
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2011
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2012
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2013
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2014
rosegarden: RosegardenGUIDoc::getMappedDevice: new instr 2015
rosegarden: RosegardenGUIDoc::syncDevices - i = 1
SoundDriver::getMappedDevice(1) - name = "MIDI software device 2" type = 0 
direction = 0 connection = "128:1 TiMidity port 1 (write)" recording = 0
rosegarden: RosegardenGUIDoc::getMappedDevice - adding MIDI Device "MIDI 
software device 2" id = 1 direction = 0 recording = false
rosegarden: RosegardenGUIDoc::getMappedDevice - got "128:1 TiMidity port 1 
(write)", direction 0 recording false
rosegarden: RosegardenGUIDoc::getMappedDe

Processed: specific to version in sid

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 291136 sid
Bug#291136: capi4hylafax: FTBFS: Missing build dependencies.
There were no tags set.
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: new dia has reached testing today

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 287193 - sarge pending
Bug#287193: dia: FTBFS: Can't find python >= 1.5.2
Tags were: pending sarge
Tags removed: sarge, pending

> close 287193
Bug#287193: dia: FTBFS: Can't find python >= 1.5.2
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Kurt Roeckx <[EMAIL PROTECTED]>

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291122: temporary file security hole in mysqlaccess

2005-01-18 Thread Joey Hess

Christian Hammers wrote:
> I guess I will upload the patched packages for unstable then...

As far as I can see, you've uploaded mysql-dfsg-4.1, but have not fixed
mysql-dfsg. Could you please let me know when you've fixed mysql-dfsg
too so I can track it and make sure it reaches sarge.

-- 
see shy jo


signature.asc
Description: Digital signature

Bug#291133: marked as done (blackbox: FTBFS: Missing build dependencies.)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 22:32:17 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291133: fixed in blackbox 0.65.0-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 22:52:28 +
>From [EMAIL PROTECTED] Tue Jan 18 14:52:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from astra.telenet-ops.be [195.130.132.58] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr2D5-0007QZ-00; Tue, 18 Jan 2005 14:52:27 -0800
Received: from localhost (localhost.localdomain [127.0.0.1])
by astra.telenet-ops.be (Postfix) with SMTP id C8983328140
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 23:52:26 +0100 (MET)
Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217])
by astra.telenet-ops.be (Postfix) with ESMTP id B9EF432816B
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 23:52:26 +0100 (MET)
Received: by Q.roeckx.be (Postfix, from userid 501)
id 74ADA26136; Tue, 18 Jan 2005 23:52:26 +0100 (CET)
Date: Tue, 18 Jan 2005 23:52:26 +0100
From: Kurt Roeckx <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: blackbox: FTBFS: Missing build dependencies.
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: blackbox
Verison: 0.65.0-4
Severity: serious

Hi,

Your package is failing to build with the following error:
dh_clean
 debian/rules build
dh_testdir
autoconf
make: autoconf: Command not found
make: *** [build-stamp] Error 127

This looks like a missing build dependency on autoconf.


Kurt


---
Received: (at 291133-close) by bugs.debian.org; 19 Jan 2005 03:37:08 +
>From [EMAIL PROTECTED] Tue Jan 18 19:37:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr6ea-0005lD-00; Tue, 18 Jan 2005 19:37:08 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cr6Zt-00020c-00; Tue, 18 Jan 2005 22:32:17 -0500
From: [EMAIL PROTECTED] (Bruno Barrera C.)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291133: fixed in blackbox 0.65.0-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 18 Jan 2005 22:32:17 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: blackbox
Source-Version: 0.65.0-5

We believe that the bug you reported is fixed in the latest version of
blackbox, which is due to be installed in the Debian FTP archive:

blackbox_0.65.0-5.diff.gz
  to pool/main/b/blackbox/blackbox_0.65.0-5.diff.gz
blackbox_0.65.0-5.dsc
  to pool/main/b/blackbox/blackbox_0.65.0-5.dsc
blackbox_0.65.0-5_i386.deb
  to pool/main/b/blackbox/blackbox_0.65.0-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bruno Barrera C. <[EMAIL PROTECTED]> (supplier of updated blackbox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Tue, 18 Jan 2005 20:22:45 -0300
Source: blackbox
Binary: blackbox
Architecture: source i386
Version: 0.65.0-5
Distribution: unstable
Urgency: high
Maintainer: Bruno Barrera C. <[EMAIL PROTECTED]>
Changed-By: Bruno Barrera C. <[EMAIL PROTECTED]>
Description: 
 blackbox   - Window manager for X
Closes: 291133
Changes: 
 blackbox (0.65.0-5) unstable; urgency=high
 .
   * Fixed FTBFS with the missing build dependency on a

Processed: asterisk-chan-capi: chan-capi fails to detect early B3 on certain situations

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> severity 288539 important
Bug#288539: asterisk-chan-capi: chan-capi fails to detect early B3 on certain 
situations
Severity set to `important'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: affected version only in sid

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 290338 sid
Bug#290338: ara: [m68k] FTBFS dh_testdir: I have no package to build
There were no tags set.
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#286017: [patch] webcheck: Nonfunctional with python 2.3.4

2005-01-18 Thread Sebastien Delafond

tag 286017 + patch
thx

I tested with both python2.2 and python2.3, and I believe the
following patch fixes this problem:

--- old/httplink.py 2004-05-31 11:52:43.0 -0700
+++ new/httplink.py 2005-01-18 17:52:24.0 -0800
@@ -60,11 +60,7 @@
 
 (username, passwd, realhost, port) = parse_host(host)
 
-h = httplib.HTTP()
-if port:
- h.connect(realhost, port)
-else:
- h.connect(realhost)
+h = httplib.HTTPConnection(realhost, None)
 
 h.putrequest('HEAD', document)
 if username and passwd:
@@ -75,7 +71,8 @@
 
 h.endheaders()
 
-errcode, errmsg, headers = h.getreply()
+r = h.getresponse()
+errcode, errmsg, headers = r.status, r.reason, r.msg
 h.close()
 debugio.write(errcode,2)
 debugio.write(errmsg,2)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: sid version

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 291133 sid
Bug#291133: blackbox: FTBFS: Missing build dependencies.
There were no tags set.
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: [patch] webcheck: Nonfunctional with python 2.3.4

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tag 286017 + patch
Bug#286017: webcheck: Nonfunctional with python 2.3.4
There were no tags set.
Tags added: patch

> thx
Unknown command or malformed arguments to command.

> I tested with both python2.2 and python2.3, and I believe the
Unknown command or malformed arguments to command.

> following patch fixes this problem:
Unknown command or malformed arguments to command.

> --- old/httplink.py 2004-05-31 11:52:43.0 -0700
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291153: Can't load/install gnucash into unstable

2005-01-18 Thread Russell Sutherland

Package: gnucash
Severity: grave
Justification: renders package unusable


I can't install the gnucash package onto an
updated unstable system. The error message is as follows:

# apt-get install gnucash
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
  gnucash: Depends: gnucash-common (>= 1.8.9-4) but it is not going to
  be installed
E: Broken packages

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26.2004091501
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages gnucash depends on:
ii  bonobo   1.0.22-2.2  The GNOME Bonobo System.
ii  gdk-imlib1   1.9.14-16.2 imaging library for use with gtk (
pn  gnucash-common   Not found.
ii  guile-1.6-libs   1.6.7-1 Main Guile libraries
ii  guile-1.6-slib   1.6.7-1 Guile SLIB support
ii  libart2  1.4.2-19The GNOME canvas widget - runtime 
ii  libaudiofile00.2.6-5 Open-source version of SGI's audio
ii  libbonobo2   1.0.22-2.2  The GNOME Bonobo library.
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii  libdate-manip-perl   5.42a-2 a perl library for manipulating da
ii  libdb3   3.2.9-20Berkeley v3 Database Libraries [ru
ii  libesd0  0.2.35-2Enlightened Sound Daemon - Shared 
ii  libfinance-quote-perl1.08-1  Perl module for retrieving stock q
ii  libfreetype6 2.1.7-2.3   FreeType 2 font engine, shared lib
ii  libgal23 0.24-1.4G App Libs (run time library)
ii  libgdk-pixbuf-gnome2 0.22.0-7The GNOME1 Canvas pixbuf library
ii  libgdk-pixbuf2   0.22.0-7The GdkPixBuf image library, gtk+ 
ii  libghttp11.0.9-15original GNOME HTTP client library
ii  libglade-gnome0  1:0.17-3Library to load .glade files at ru
ii  libglade01:0.17-3Library to load .glade files at ru
ii  libglib1.2   1.2.10-9The GLib library of C routines
ii  libgnome32   1.4.2-19The GNOME libraries
ii  libgnomeprint15  0.37-5  The GNOME Print architecture - run
ii  libgnomesupport0 1.4.2-19The GNOME libraries (Support libra
ii  libgnomeui32 1.4.2-19The GNOME libraries (User Interfac
ii  libgtk1.21.2.10-17   The GIMP Toolkit set of widgets fo
ii  libgtkhtml20 1.0.4-6.2   HTML rendering/editing library - r
ii  libguile-ltdl-1  1.6.7-1 Guile's patched version of libtool
ii  libguppi16   0.40.3-11   GNOME graph and plot component
ii  libgwrapguile1   1.3.4-12g-wrap: Tool for exporting C libra
ii  libice6  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libltdl3 1.5.6-3 A system independent dlopen wrappe
ii  liboaf0  0.6.10-3The GNOME Object Activation Framew
ii  libofx0c102  1:0.6.6-3   library to support Open Financial 
ii  liborbit00.5.17-9Libraries for ORBit - a CORBA ORB
ii  libpopt0 1.7-5   lib for parsing cmdline parameters
ii  libqthreads-12   1.6.7-1 QuickThreads library for Guile
ii  libsm6   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5   1:3.3.5-6   The GNU Standard C++ Library v3
ii  libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxi6   4.3.0.dfsg.1-10 X Window System Input extension li
ii  libxml1  1:1.8.17-10 GNOME XML library
ii  libzvt2  1.4.2-19The GNOME zvt (zterm) widget
ii  oaf  0.6.10-3The GNOME Object Activation Framew
ii  slib 3a1-4.2 Portable Scheme library
ii  xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  zlib1g   1:1.2.2-4   compression library - runtime

-- 
Quist ConsultingEmail: [EMAIL PROTECTED]
21

Bug#290855: Re :Bug#290855: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #2

2005-01-18 Thread Steve Langasek

On Tue, Jan 18, 2005 at 05:18:42PM +0100, Stephane Leclerc wrote:
> > Can you please tell me what the output of
> > "dpkg -S /usr/share/man/man8/smtpd.8.gz" shows on your system?

> Hi Steve!

> Below the result.

> tex-mail:/home/sleclerc# dpkg -S /usr/share/man/man8/smtpd.8.gz
> smtpd: /usr/share/man/man8/smtpd.8.gz

Ok, and what about

  dpkg -S /usr/share/man/man8/smtpd.real.8.gz

?

> I've forgot to detail this may be important. In the past, this server under
> Woody was installed with a Postfix backport (from backports.org). When I've
> token charge of this server, I upgraded it to sarge and replaced/removed all
> not full debian debs.

Hmm, it unfortunately does seem possible that this is related...

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Bug#289646: kbabel: crash with some .po file

2005-01-18 Thread Adeodato Simó

reassign 289646 kdelibs4
tags 289646 - experimental
tags 289646 + sid
thanks

* Matías Costa [Mon, 10 Jan 2005 11:33:09 +0100]:

Hi Matías,

> kbabel crashes (SIGSEGV) with certain entries. This makes imposible to work. 
> You can find a file with this problem at

> http://webs.ono.com/uucp/knewsticker_crash.po

> Open the file, go to entry 98 (Crtl+g). Try to save or move to other entry. 

  After some investigations, it seems that the crash is libkspell
  related. Can you tell us your settings under KControl -> KDE
  Components -> Spell checker? And to confirm that is really that: what
  happens if you chmod -x /usr/bin/[ai]spell?

* Steve Langasek [Tue, 18 Jan 2005 05:14:14 -0800]:

> I am not able to reproduce this bug using the packages in sarge.  Can you
> please downgrade kdelibs4 on your system to the version in unstable, to
> confirm whether this bug still exists for you?

  Seems to me that the version of kdelibs4 in sarge is not affected. The
  bogus version has hit unstable, though. Reassigning and tagging
  accordingly.

  Thanks.

-- 
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
You've come to the right place.  At debian-devel we are always willing
to argue over the meanings of words.
-- seen on [EMAIL PROTECTED]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: kbabel: crash with some .po file

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> reassign 289646 kdelibs4
Bug#289646: kbabel: crash with some .po file
Bug reassigned from package `kbabel' to `kdelibs4'.

> tags 289646 - experimental
Bug#289646: kbabel: crash with some .po file
Tags were: experimental
Tags removed: experimental

> tags 289646 + sid
Bug#289646: kbabel: crash with some .po file
There were no tags set.
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291145: sun-j2re1.5 depends on sun-j2re1.5debian and sun-j2re1.5debian depends on sun-j2re1.5

2005-01-18 Thread Lawrence Williams

package: java-package
Severity: grave
For whatever reason, the java packages created with java-package and the 
packages containing the debian-specific stuff ( like Firefox 
integration, etc. ) cause a cyclinic dependency problem.

In my case, sun-j2re1.5 depends on sun-j2re1.5debian and 
sun-j2re1.5debian depends on sun-j2re1.5.

Lawrence
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291143: openswan: FTBFS: Missing build dependency.

2005-01-18 Thread Kurt Roeckx

Package: openswan
Version: 2.3.0-1
Severity: serious

Hi,

Your package is failing to build with the following error:
lynx -dump HowTo.html > HowTo.txt
/bin/sh: lynx: command not found
make[2]: *** [HowTo.txt] Error 127

Adding a build dependency on lynx fixes that.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291140: poedit: FTBFS: Missing dependency?

2005-01-18 Thread Kurt Roeckx

Package: poedit
Version: 1.3.1-5
Severity: serious

Hi,

Your package is failing to build with the following error:
cp -f /usr/share/aclocal/wxwin.m4 ./admin/
cp: cannot stat `/usr/share/aclocal/wxwin.m4': No such file or directory
make: *** [autotools] Error 1

This looks like a missing build dependency on wx2.5-common.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291136: capi4hylafax: FTBFS: Missing build dependencies.

2005-01-18 Thread Kurt Roeckx

Package: capi4hylafax
Version: 1:01.02.03-8
Severity: serious


Hi,

Your package fails to build with the following error:
libtool: link: cannot find the library `/usr/lib/libjpeg.la'

This is fix if adding libjpeg62-dev to the build dependencies.

I think however that this is a bug in the libtiff4 package and
that libtiff4-dev should depend on libjpeg62-dev.  Please clone
and reassign if you think this is the case.

Then it also fails with the following error:
g++ -Wall -W -O2 -DC_PLATFORM_64 -D_GNU_SOURCE -DDONT_USE_PROTECT_FEATURE 
-DNDEBUG -o c2faxrecv faxrecv.o recvdev.o recvmain.o  ../capi/libcapi.a 
../convert/libconvert.a ../linuxdep/liblinuxdep.a ../standard/libstandard.a 
-lpthread /usr/lib/libtiff.so /usr/lib/libcapi20.so -lz

This gets fixed by adding zlib1g-dev to the build dependencies.

PS: I think something is wrong in your rules file as it's using
C_PLATFORM_64 on all arches.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289762: marked as done (nagios-mysql: no status update after mysql update)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 18:02:29 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#289762: fixed in mysql-dfsg 4.0.23-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 10 Jan 2005 21:55:14 +
>From [EMAIL PROTECTED] Mon Jan 10 13:55:14 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail1.arcor-ip.de [145.253.2.10] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Co7VK-is-00; Mon, 10 Jan 2005 13:55:14 -0800
Received: from proxy.dmz.bonami.de (unknown [145.253.251.106])
by mail1.arcor-ip.de (Arcor-IP) with ESMTP id EB6491BD0;
Mon, 10 Jan 2005 22:54:51 +0100 (MET)
Received: from localhost (localhost.localdomain [127.0.0.1])
by proxy.dmz.bonami.de (Postfix) with ESMTP id 784D037B9A;
Mon, 10 Jan 2005 22:54:51 +0100 (CET)
Received: from proxy.dmz.bonami.de ([127.0.0.1])
by localhost (proxy.dmz.bonami.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 01077-03; Mon, 10 Jan 2005 22:54:51 +0100 (CET)
Received: by proxy.dmz.bonami.de (Postfix, from userid 502)
id 59BA637B96; Mon, 10 Jan 2005 22:54:51 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Philipp Niemann <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: nagios-mysql: no status update after mysql update
X-Mailer: reportbug 3.2
Date: Mon, 10 Jan 2005 22:54:51 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: durch amavisd-new-20030616-p10 (Debian) at bonami.de
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: nagios-mysql
Version: 2:1.3-0+pre6
Severity: important

I experience problems after upgrading mysql from 4.0.22-6 to 4.0.23-1
I am not shure, if this is really a mysql problem. But as all my other
applications don't complain, I am posting it here.

So, after the upgrade, there are no longer useable hoststatus and
servicestatus tables. The WebUI almost hangs on reload and has zero
hosts and zero services configured.

This error message is logged to syslogd (actually
/var/log/nagios/nagios.log):
Error: Could not insert/update status record for host 'datamart' in table 
'hoststatus' of database 'nagios'

Any more information? The tables do exist, but have no longer any
content. There often is a process locking the mysql tables.

Maybe it is because nagios is running during the update of mysql?

Regards,
Philipp Niemann

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages nagios-mysql depends on:
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libgd2-noxpm2.0.33-1.1   GD Graphics Library version 2 (wit
ii  libjpeg62   6b-9 The Independent JPEG Group's JPEG 
ii  libmysqlclient103.23.56-2LGPL-licensed client library for M
ii  libpng12-0  1.2.8rel-1   PNG library - runtime
ii  nagios-common   2:1.3-0+pre6 A host/service/network monitoring 
ii  zlib1g  1:1.2.2-3compression library - runtime

-- no debconf information

---
Received: (at 289762-close) by bugs.debian.org; 18 Jan 2005 23:06:20 +
>From [EMAIL PROTECTED] Tue Jan 18 15:06:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr2QW-000459-00; Tue, 18 Jan 2005 15:06:20 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cr2Mn-0004jE-00; Tue, 18 Jan 2005 18:02:29 -0500
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#289762: fixed in mysql-dfsg 4.0.23-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 18 Jan 2005 18:02:29 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Statu

Bug#291122: marked as done (temporary file security hole in mysqlaccess)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 18:02:41 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291122: fixed in mysql-dfsg-4.1 4.1.8a-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 21:38:20 +
>From [EMAIL PROTECTED] Tue Jan 18 13:38:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr13M-0006Pq-00; Tue, 18 Jan 2005 13:38:20 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 6AB5417ED6
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 21:38:19 + (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 294126F23C; Tue, 18 Jan 2005 16:40:20 -0500 (EST)
Date: Tue, 18 Jan 2005 16:40:19 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: temporary file security hole in mysqlaccess
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="QKdGvSO+nmPlgiQ/"
Content-Disposition: inline
X-Reportbug-Version: 3.5
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--QKdGvSO+nmPlgiQ/
Content-Type: multipart/mixed; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline


--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: mysql-dfsg
Severity: grave
Tags: security patch

There is a security hole in the mysqlaccess script, as described here:
http://www.vuxml.org/freebsd/ce109fd4-67f3-11d9-a9e7-0001020eed82.html

I've attached a patch taken from Ubuntu.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

--=20
see shy jo

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="mysql-dfsg.tempfile"
Content-Transfer-Encoding: quoted-printable

diff -Nur mysql-dfsg-4.0.23/scripts/mysqlaccess.sh mysql-dfsg-4.0.23.new/sc=
ripts/mysqlaccess.sh
--- mysql-dfsg-4.0.23/scripts/mysqlaccess.sh2005-01-18 13:45:56.363964096 =
+0100
+++ mysql-dfsg-4.0.23.new/scripts/mysqlaccess.sh2005-01-18 
13:46:29.920862=
672 +0100
@@ -3,6 +3,7 @@
 package MySQLaccess;
 #use strict;
 use POSIX qw(tmpnam);
+use File::Temp qw/ tempfile tempdir /;
 use Fcntl;
=20
 BEGIN {
@@ -32,7 +33,6 @@
$ACCESS_U_BCK =3D 'user_backup';  =20
$ACCESS_D_BCK =3D 'db_backup';=20
 $DIFF  =3D '/usr/bin/diff';=20
-$TMP_PATH  =3D '/tmp'; #path to writable tmp-directory
 $MYSQLDUMP =3D '@bindir@/mysqldump';
  #path to mysqldump executable
=20
@@ -583,8 +583,6 @@
 push(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL);
 push(@MySQLaccess::Grant::Error,'not_found_diff')  if !(-x $DIFF);
 push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP);
-push(@MySQLaccess::Grant::Error,'not_found_tmp')   if !(-d $TMP_PATH);
-push(@MySQLaccess::Grant::Error,'write_err_tmp')   if !(-w $TMP_PATH);
 if (@MySQLaccess::Grant::Error) {
MySQLaccess::Report::Print_Error_Messages() ;
exit 0;
@@ -1783,9 +1781,10 @@
@before =3D sort(@before);
@after  =3D sort(@after);
=20
-   $before =3D "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$";
-   $after  =3D "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$";
-   #$after =3D "/tmp/t0";
+   $before =3D new File::Temp ( Template =3D> "$MySQLaccess::script.XX=
", SUFFIX =3D> ".before" ) or
+die "Cannot create temporary file: $!" ;
+   $after =3D new File::Temp ( Template =3D> "$MySQLaccess::script.XX"=
, SUFFIX =3D> ".after" ) or=20
+die "Cannot create temporary file: $!" ;
open(BEFORE,"> $before") ||
 push(@MySQLaccess::Report::Errors,"Can't open temp

Bug#291125: vim: temporary file vulnerabilities (CAN-2005-0069)

2005-01-18 Thread Norbert Tretkowski

severity 289560 grave
merge 289560 291125
thanks

* Joey Hess wrote:
> As described in the Ubuntu advisory below, vim's tcltags and vimspell
> scripts use temp files insecurely.

Updated package is already building currently.

Norbert


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291132: perdition: FTBFS: Using non PIC code in shared lib.

2005-01-18 Thread Kurt Roeckx

Package: perdition
Version: 1.15-4
Severity: serious

Hi,

Your package is failing to build because it's contains
non PIC code.  Here is an extraction from the log file:

gcc -shared  .libs/perditiondb_daemon.o .libs/unix_socket.o  -ldb -L/build/buil
dd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet  -Wl,-soname
-Wl,libperditiondb_daemon.so.0 -o .libs/libperditiondb_daemon.so.0.0.0  -ldb -L
/build/buildd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet
/usr/bin/ld: /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_da
emon_packet.a(packet.o): relocation R_PARISC_DPREL21L can not be used when maki
ng a shared object; recompile with -fPIC
/build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_daemon_packet.a
: could not read symbols: Bad value
collect2: ld returned 1 exit status
make[5]: *** [libperditiondb_daemon.la] Error 1

It's saying that packet.o is build without -fPIC.


Please note that static libs need to be build without -fPIC and
shared libs with.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291133: blackbox: FTBFS: Missing build dependencies.

2005-01-18 Thread Kurt Roeckx

Package: blackbox
Verison: 0.65.0-4
Severity: serious

Hi,

Your package is failing to build with the following error:
dh_clean
 debian/rules build
dh_testdir
autoconf
make: autoconf: Command not found
make: *** [build-stamp] Error 127

This looks like a missing build dependency on autoconf.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder

2005-01-18 Thread Daniel Kobras

tag 291033 - woody
tag 291033 + patch
tag 291033 - fixed
merge 291033 291118
tag 291033 + sarge
thanks

On Tue, Jan 18, 2005 at 04:24:28PM -0500, Joey Hess wrote:
> Our imagemagick package has a buffer overflow security hole, as
> described here:
> 
> http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities

This is a duplicate of #291033. Sid has already been fixed earlier
today, and a woody update is being prepared. But okay, let's keep the
bugs open until the fix has migrated to sarge. I've tweaked the tags
accordingly.

Regards,

Daniel.

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tag 291033 - woody
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: fixed security woody
Tags removed: woody

> tag 291033 + patch
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: fixed security
Tags added: patch

> tag 291033 - fixed
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: patch fixed security
Tags removed: fixed

> merge 291033 291118
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Merged 291033 291118.

> tag 291033 + sarge
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: security patch
Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Tags added: sarge

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Fixed in NMU of linux-wlan-ng 0.2.0+0.2.1pre21-1.1

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tag 286305 + fixed
Bug#286305: linux-wlan-ng: modules must be recompiled against new 2.4.27 kernel
There were no tags set.
Tags added: fixed

> tag 290047 + fixed
Bug#290047: linux-wlan-ng: insecure /tmp usage
Tags were: patch confirmed security
Tags added: fixed

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#291125: vim: temporary file vulnerabilities (CAN-2005-0069)

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> severity 289560 grave
Bug#289560: vim: Race conditions and symlink attacks in vim (tcltags and 
vimspell)
Severity set to `grave'.

> merge 289560 291125
Bug#289560: vim: Race conditions and symlink attacks in vim (tcltags and 
vimspell)
Bug#291125: vim: temporary file vulnerabilities (CAN-2005-0069)
Merged 289560 291125.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#287899: Vdr should not be released unless this bug is fixed

2005-01-18 Thread Thomas Schmidt

* Javier Fernández-Sanguino Peña schrieb am 17.01.05, um 09:08 Uhr:
> > I also think that it would be the best to just keep the user, because 
> > other packages will use it too (vdradmin and some plugins).
> 
> The user, if created by the package, should be removed. If other packages 
> depend on it, they should depend on the package. As for the directories 
> that belong to the user, just do a 
> 
>   find $directory -uid $CREATEDUID -exec chown root:root {} \;
> 
> For all of the directories, once you have the UID.
> 
> The standard procedure when creating users (check other packages) is to add 
> them in postinst and remove them in postrm, please do it properly.

Well, it seems that there are different opinions in this case - some
developers (you for example) say that system users should be removed
when the package is purged, some say that it is no problem if the
user is not deleted.

After searching i found some interesting discussions about this issue:
http://lists.debian.org/debian-mentors/2004/10/msg00338.html
http://people.debian.org/~terpstra/message/20040830.032353.ea3ef3a5.en.html
http://lists.debian.org/debian-devel/2004/05/msg01156.html

In the case of vdr i think it would be better if we keep the user,
even when the package is purged.

Note: I am not against removing system users on purge at all (the next
revision of vdradmin will create the user vdradmin and will remove it
again on purge), but in this case i do not want to remove the user.


Regards,
Thomas

-- 
Thomas Schmidt
[EMAIL PROTECTED]


signature.asc
Description: Digital signature

Bug#291122: temporary file security hole in mysqlaccess

2005-01-18 Thread Christian Hammers

Hello Joey

On 2005-01-18 Joey Hess wrote:
> There is a security hole in the mysqlaccess script, as described here:
> http://www.vuxml.org/freebsd/ce109fd4-67f3-11d9-a9e7-0001020eed82.html
> I've attached a patch taken from Ubuntu.

Thanks for reporting. The security team and I am already aware of it
I just held back the patch to not disclosure the bug until the DSA for 
the stable version has been released. Strange that competing distributions
are making it public first with references to the Debian sub project that
has actually found the bug...

I guess I will upload the patched packages for unstable then...

bye,

-christian-

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#286305: How to compile the modules

2005-01-18 Thread Robert Cheramy

Hi,

I just wanted to add that since 0.2.0-15, the way to compile modules for
stock debian kernels is pretty clearly explained in
/usr/share/doc/linux-wlan-ng/README.Debian.gz

I use it to compile my modules (kernel 2.4 on x86) and have no problem
with it. Well the first time was hard-core (I needed 2 weeks or so to
understand it), but since the Readme exists, it's really a piece of cake
for stock debian kernels.

Cheers,

tibob


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291125: vim: temporary file vulnerabilities (CAN-2005-0069)

2005-01-18 Thread Joey Hess

Package: vim
Version: 1:6.3-054+1
Severity: grave
Tags: patch security

As described in the Ubuntu advisory below, vim's tcltags and vimspell
scripts use temp files insecurely. I've attached a patch I extraced from
the Ubuntu diff.

- Forwarded message from Martin Pitt <[EMAIL PROTECTED]> -

From: Martin Pitt <[EMAIL PROTECTED]>
Date: Tue, 18 Jan 2005 17:56:58 +0100
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Subject: [USN-61-1] vim vulnerabilities
User-Agent: Mutt/1.5.6+20040907i

===
Ubuntu Security Notice USN-61-1January 18, 2005
vim vulnerabilities
CAN-2005-0069
===

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

kvim
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl

The problem can be corrected by upgrading the affected package to
version 1:6.3-025+1ubuntu2.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.2.diff.gz
  Size/MD5:   425421 ee7e4653fb70fd45329bf5773e610ad6
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.2.dsc
  Size/MD5: 1122 9bd9428dd29c8aa562f4b97566b9a05a
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
  Size/MD5:  5624622 de1c964ceedbc13538da87d2d73fd117

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1ubuntu2.2_all.deb
  Size/MD5:  3421084 8dc7b200376add6ccb2896e2f6e80e0d

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubuntu2.2_all.deb
  Size/MD5:  1646686 2c2716a1dad40612baaaf28ebc0de3a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5: 2586 1e0b1528b70e54e2bcff3a02acaacbc5

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   805722 51093d7843d5fb20ece35d2f53eadb0d

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   802452 d4fd55aca188063434361f5674805dec

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   784100 1d477c5f09466e8942d0f7da3c221afd

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   809126 646c31a0d612b398943b4c2a42c9b6f9

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   802470 ede70bb09d39b7571fae1192900b0385

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   801160 aa65781693eca8d06230bc5f8ee29463

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.2_amd64.deb
  Size/MD5:   765120 b5425b1b087b9528e7e4a9ef25493299

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5: 2590 edbd9dc0be6acaea44ee02e09c6e5c3e

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   702656 7a12cb5196a1257eae527f5b231d763d

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   76 486ea88f3d0a2c4eb1804c09bca8418b

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   682462 61c39ffed3017081974a3af522b61959

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   707674 05989ac6496d7a1db524b68bd1acd313

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   700022 09e7ebbe082c99520d11fa33277cc212

http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   699634 673329baa7cd9aca70cca9f87943a628

http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.2_i386.deb
  Size/MD5:   680130 305b1d85bbdb52dd9869a21664049be3

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubuntu2.2_powerpc.deb
  Size/MD5: 2586 f56083ef36048c9b94c41a37c35

Bug#291122: temporary file security hole in mysqlaccess

2005-01-18 Thread Joey Hess

Package: mysql-dfsg
Severity: grave
Tags: security patch

There is a security hole in the mysqlaccess script, as described here:
http://www.vuxml.org/freebsd/ce109fd4-67f3-11d9-a9e7-0001020eed82.html

I've attached a patch taken from Ubuntu.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

-- 
see shy jo
diff -Nur mysql-dfsg-4.0.23/scripts/mysqlaccess.sh 
mysql-dfsg-4.0.23.new/scripts/mysqlaccess.sh
--- mysql-dfsg-4.0.23/scripts/mysqlaccess.sh2005-01-18 13:45:56.363964096 
+0100
+++ mysql-dfsg-4.0.23.new/scripts/mysqlaccess.sh2005-01-18 
13:46:29.920862672 +0100
@@ -3,6 +3,7 @@
 package MySQLaccess;
 #use strict;
 use POSIX qw(tmpnam);
+use File::Temp qw/ tempfile tempdir /;
 use Fcntl;
 
 BEGIN {
@@ -32,7 +33,6 @@
$ACCESS_U_BCK = 'user_backup';   
$ACCESS_D_BCK = 'db_backup'; 
 $DIFF  = '/usr/bin/diff'; 
-$TMP_PATH  = '/tmp'; #path to writable tmp-directory
 $MYSQLDUMP = '@bindir@/mysqldump';
  #path to mysqldump executable
 
@@ -583,8 +583,6 @@
 push(@MySQLaccess::Grant::Error,'not_found_mysql') if !(-x $MYSQL);
 push(@MySQLaccess::Grant::Error,'not_found_diff')  if !(-x $DIFF);
 push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP);
-push(@MySQLaccess::Grant::Error,'not_found_tmp')   if !(-d $TMP_PATH);
-push(@MySQLaccess::Grant::Error,'write_err_tmp')   if !(-w $TMP_PATH);
 if (@MySQLaccess::Grant::Error) {
MySQLaccess::Report::Print_Error_Messages() ;
exit 0;
@@ -1783,9 +1781,10 @@
@before = sort(@before);
@after  = sort(@after);
 
-   $before = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$";
-   $after  = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$";
-   #$after = "/tmp/t0";
+   $before = new File::Temp ( Template => "$MySQLaccess::script.XX", 
SUFFIX => ".before" ) or
+die "Cannot create temporary file: $!" ;
+   $after = new File::Temp ( Template => "$MySQLaccess::script.XX", SUFFIX 
=> ".after" ) or 
+die "Cannot create temporary file: $!" ;
open(BEFORE,"> $before") ||
 push(@MySQLaccess::Report::Errors,"Can't open temporary file $before for 
writing");
open(AFTER,"> $after") ||


signature.asc
Description: Digital signature

Bug#291124: webmin-ldap-user-simple gives wrong error message

2005-01-18 Thread Klaus Ade Johnstad

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Package:webmin-ldap-user-simple
Version: 1.3-20
Severity:critical
When I upgrade debian-edu-config to 0.394-1.desa2004021,  some new ldap 
schemas are introduced . The way webmin-ldap-user-simple handles these 
new schemas is with an error message that tells the user to do 
something that breaks his system.

When upgrading this is the message that  webmin-ldap-user-simple gives 
the user:
Failed to update ldap admin passwd in samba.This function is 
turned off for security reasons.Please set the password for your 
samba -'ldap admin dn' via 'smbpasswd -w yourpassword'"
Error; User account not created

When running a 'smbpasswd -w yourpassword' users are reporting that 
their windows machines in samba no longer authenticate against ldap.

The proper way seems is to restart ldap.


- -- 
Klaus
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7YJAhJ+fXyb6R30RAl3vAJ4uj4MWTD84nFrbKzZwhsHfVwzC/QCcDAkn
v+URbfv2/RNsIwDqklNCW9E=
=IVWi
-END PGP SIGNATURE-

Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder

2005-01-18 Thread Joey Hess

Package: imagemagick
Version: 6:6.0.6.2-1.6
Severity: grave
Tags: security patch

Our imagemagick package has a buffer overflow security hole, as
described here:

http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities

I've attached a patch sideported from Ubuntu.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages imagemagick depends on:
ii  libmagick6 6:6.0.6.2-1.6 Image manipulation library

-- no debconf information

-- 
see shy jo
--- imagemagick-6.0.2.5.orig/coders/psd.c
+++ imagemagick-6.0.2.5/coders/psd.c
@@ -672,6 +672,8 @@
   }
   (void) ReadBlob(image,6,psd_info.reserved);
   psd_info.channels=ReadBlobMSBShort(image);
+  if (psd_info.channels > 24)
+ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
   psd_info.rows=ReadBlobMSBLong(image);
   psd_info.columns=ReadBlobMSBLong(image);
   psd_info.depth=ReadBlobMSBShort(image);
@@ -853,6 +855,8 @@
 
layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y);
 
layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x);
 layer_info[i].channels=ReadBlobMSBShort(image);
+if (layer_info[i].channels > 24)
+  
ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
   if (image->debug != MagickFalse)
 (void) LogMagickEvent(CoderEvent,GetMagickModule(),"
offset(%ld,%ld), size(%ld,%ld), channels=%d",
   layer_info[i].page.x, layer_info[i].page.y,


signature.asc
Description: Digital signature

Bug#265399: patch affect quota bouncing

2005-01-18 Thread Stefan Alfredsson


I have a setup consisting of postfix + maildrop, with maildir delivery and
quotas on maildirs (via maildirmake -q ).

While examining the logs, I noted that over-quota mails were deferred by
postfix, rather than bounced with an over-quota message.

Searching all over the net and through man-pages, maildrop (or rather
deliverquota) should return exit code 77 (EX_NOPERM) when over quota, and
postfix should bounce such messages.

However, I finally stumbled upon README.Debian, that says



Patches
***

The error code for errors on opening maildirs has been changed from
77 (EX_NOPERM) to 75 (temporary failure). See Debian bug 265399 for
a more thorough discussion of the reason for this patch.


In deliver.C :


if ( deliver_maildir.MaildirOpen(mailbox, deliver_file,
 maildrop.msgptr->MessageSize()) < 0)
  throw 75;


In maildir.C :

...
 merr << "maildrop: maildir over quota.\n";
   return (-1);
...


So - MaildirOpen returns < 0 if account is over quota, as well as if the
disk-space is full.

A high-volume mailserver with possibly lot of "abusing" or forgetful
users, should not have over-quota mails deferred, as this may even cause
the server to run out of disk-space in the long run because of queue build
up.

A more fine-grained patch is thus required.

Regards,
 Stefan

Processed: Re: libstdc++6-4.0-doc: cannot install

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 291060 + experimental confirmed
Bug#291060: libstdc++6-4.0-doc: cannot install
There were no tags set.
Tags added: experimental, confirmed

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 290047

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 290047 patch
Bug#290047: linux-wlan-ng: insecure /tmp usage
Tags were: confirmed security
Tags added: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290047: patch

2005-01-18 Thread Joey Hess

Here's a patch for the security holes.

-- 
see shy jo
diff -ur old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog 
linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog
--- old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog 2005-01-18 
15:22:29.0 -0500
+++ linux-wlan-ng-0.2.0+0.2.1pre21/debian/changelog 2005-01-18 
15:22:20.0 -0500
@@ -1,3 +1,12 @@
+linux-wlan-ng (0.2.0+0.2.1pre21-1.1) UNRELEASED; urgency=low
+
+  * NMU
+  * Remove unsafe echo to /tmp/log that I added for debugging ages ago.
+  * Fix unsafe uses of temp files in /etc/wlan/shared (not used by default
+in Debian) -- use /var/run instead. Closes: #290047
+
+ -- Joey Hess <[EMAIL PROTECTED]>  Tue, 18 Jan 2005 15:18:15 -0500
+
 linux-wlan-ng (0.2.0+0.2.1pre21-1) unstable; urgency=low
 
   * New upstream prerelease (Closes: #269678)
diff -ur old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume 
linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume
--- old/linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume  
2005-01-18 15:22:29.0 -0500
+++ linux-wlan-ng-0.2.0+0.2.1pre21/debian/linux-wlan-ng-resume  2005-01-18 
15:18:11.0 -0500
@@ -3,7 +3,6 @@
 # iterfaces. Otherwise they could get into a weird state.
 IFACES=$(ifconfig | grep -B 1 ^wlan | cut -d ' ' -f 1)
 for iface in $IFACES; do
-   echo down $ifcase >>/tmp/log
ifdown $iface || ifconfig $iface down
 done
 
diff -ur old/linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared 
linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared
--- old/linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared  2004-03-12 
11:26:02.0 -0500
+++ linux-wlan-ng-0.2.0+0.2.1pre21/etc/wlan/shared  2005-01-18 
15:21:48.0 -0500
@@ -572,9 +572,9 @@
# Collect the current scheme name and save the file
if [ -r $WLAN_SCHEMEFILE ] ; then
WLAN_SCHEME=`cat $WLAN_SCHEMEFILE`
-   cp $WLAN_SCHEMEFILE /tmp/wlan_scheme_`date +"%T"`.tmp
+   cp $WLAN_SCHEMEFILE /var/run/wlan_scheme_`date +"%T"`.tmp
else
-   touch /tmp/wlan_scheme_`date +"%T"`.tmp
+   touch /var/run/wlan_scheme_`date +"%T"`.tmp

fi
 
@@ -602,7 +602,7 @@
WLAN_SCHEMEFILE="/var/run/pcmcia-scheme"
fi
 
-   TMPFILE=`ls /tmp/wlan_scheme*.tmp | tail -n 1`
+   TMPFILE=`ls /var/run/wlan_scheme*.tmp | tail -n 1`
 
if [ -r $TMPFILE ] ; then
cat $TMPFILE > $WLAN_SCHEMEFILE


signature.asc
Description: Digital signature

Processed: tagging 286305

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.6
> tags 286305 - patch
Bug#286305: linux-wlan-ng: modules must be recompiled against new 2.4.27 kernel
Tags were: patch
Tags removed: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291083: this seems unlikely...

2005-01-18 Thread Thom May

tags 291083 unreproducible
severity 291083 normal
thanks

Hi, 
I suspect we'd've heard before if this was the case; can you send an ls of
your /etc/apache2/mods-available/ directory. Also, is this a clean install,
or have you customised a preexisting install?
Cheers,
-Thom


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: this seems unlikely...

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 291083 unreproducible
Bug#291083: apache2-mpm-prefork: Fail to install
There were no tags set.
Tags added: unreproducible

> severity 291083 normal
Bug#291083: apache2-mpm-prefork: Fail to install
Severity set to `normal'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Fixed in NMU of imagemagick 6:6.0.6.2-2.1

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tag 291033 + fixed
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: security woody
Tags added: fixed

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291043: marked as done (galeon: after update (clean fresh sarge) middle button is not working)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 19:52:03 +0100
with message-id <[EMAIL PROTECTED]>
and subject line galeon: after update (clean fresh sarge) middle button is not 
working
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 11:45:07 +
>From [EMAIL PROTECTED] Tue Jan 18 03:45:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pollux.ds.pg.gda.pl [153.19.208.7] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqrnH-0003OF-00; Tue, 18 Jan 2005 03:45:07 -0800
Received: from localhost (localhost [127.0.0.1])
by pollux.ds.pg.gda.pl (Postfix) with ESMTP id C12A6F5988
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 12:44:56 +0100 (CET)
Received: from pollux.ds.pg.gda.pl ([127.0.0.1])
 by localhost (pollux [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 02958-07 for <[EMAIL PROTECTED]>;
 Tue, 18 Jan 2005 12:44:56 +0100 (CET)
Received: from piorun.ds.pg.gda.pl (piorun.ds.pg.gda.pl [153.19.208.8])
by pollux.ds.pg.gda.pl (Postfix) with ESMTP id 77F31F5984
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 12:44:56 +0100 (CET)
Received: from absurd.kozicki.pl ([EMAIL PROTECTED] [153.19.207.4])
by piorun.ds.pg.gda.pl (8.13.1/8.13.1) with ESMTP id j0IBivnL004707
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 12:44:59 +0100
Received: from janek by absurd.kozicki.pl with local (Exim 3.36 #1 (Debian))
id 1Cqrn7-0002sT-00; Tue, 18 Jan 2005 12:44:57 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Janek Kozicki <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: galeon: after update (clean fresh sarge) middle button is not working
X-Mailer: reportbug 3.2
Date: Tue, 18 Jan 2005 12:44:56 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: ClamAV 0.80/661/Tue Jan 11 02:44:13 2005
clamav-milter version 0.80j
on piorun.ds.pg.gda.pl
X-Virus-Status: Clean
X-Virus-Scanned: by amavisd-new at pollux.ds.pg.gda.pl
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: galeon
Version: 1.3.18-1.1
Severity: normal


I have reporoduced this bug on three different machines (including this
one) - after update middle button is not working. It is not possible to
open a new page by middle clicking on current webpage, to do it I must
middle-click in the address bar. Of course I have checked "mouse" in
preferences.

Gestures also stopped working, this is strange.

If I can help in any way to resolve this problem, please tell me.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)

Versions of packages galeon depends on:
ii  debconf  1.4.30.11   Debian configuration management sy
ii  galeon-common1.3.18-1.1  GNOME web browser for advanced use
ii  gconf2   2.8.1-4 GNOME configuration database syste
ii  gnome-control-center 1:2.8.1-3   The GNOME Control Center for GNOME
ii  libart-2.0-2 2.3.16-6Library of functions for 2D graphi
ii  libatk1.0-0  1.8.0-4 The ATK accessibility toolkit
ii  libaudiofile00.2.6-5 Open-source version of SGI's audio
ii  libbonobo2-0 2.8.0-4 Bonobo CORBA interfaces library
ii  libbonoboui2-0   2.8.0-2 The Bonobo UI library
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii  libeel2-22.8.2-1 Eazel Extensions Library (for GNOM
ii  libesd0  0.2.35-2Enlightened Sound Daemon - Shared 
ii  libgail-common   1.8.2-1 GNOME Accessibility Implementation
ii  libgail171.8.2-1 GNOME Accessibility Implementation
ii  libgcc1  1:3.4.3-6   GCC support library
ii  libgconf2-4  2.8.1-4 GNOME configuration database syste
ii  libgcrypt11  1.2.0-4 LGPL Crypto library - runtime libr
ii  libglade2-0  1:2.4.1-1   Library to load .glade files at ru
ii  libglib2.0-0

Processed: your mail

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> severity 291043 serious
Bug#291043: galeon: after update (clean fresh sarge) middle button is not 
working
Severity set to `serious'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability

2005-01-18 Thread Daniel Kobras

On Tue, Jan 18, 2005 at 05:34:08PM +0100, Daniel Kobras wrote:
> Okay, I've sent updated packages to the security team. Debdiff to the
> previous version in stable is attached. While preparing the stable
> update, I noted that the patch applied in 6.0.6.2-2 only fixes part of
> the issue because it missed the second boundary check applied (and
> well-hidden in a pile of unrelated changes) by upstream. Unless you get
> around to it sooner than me, I'll try to fix this up in a 6.0.6.2-2.1
> upload as soon as possible. 

Here's the necessary change for the sid version. I intend to upload the
NMU right away as this should gain us a day in getting the complete fix
into testing. (I also removed the file nohup.out that seems to have
slipped in by mistake in -1.6.)

Regards,

Daniel.

diff -u imagemagick-6.0.6.2/coders/psd.c imagemagick-6.0.6.2/coders/psd.c
--- imagemagick-6.0.6.2/coders/psd.c
+++ imagemagick-6.0.6.2/coders/psd.c
@@ -850,6 +850,8 @@
   layer_info[i].page.x, layer_info[i].page.y,
   layer_info[i].page.height, layer_info[i].page.width,
   layer_info[i].channels);
+   if (layer_info[i].channels > MaxPSDChannels)
+ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded");
 for (j=0; j < (long) layer_info[i].channels; j++)
 {
   layer_info[i].channel_info[j].type=(short)
diff -u imagemagick-6.0.6.2/debian/changelog 
imagemagick-6.0.6.2/debian/changelog
--- imagemagick-6.0.6.2/debian/changelog
+++ imagemagick-6.0.6.2/debian/changelog
@@ -1,3 +1,12 @@
+imagemagick (6:6.0.6.2-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * coders/psd.c: Apply further boundary check to completely plug
+buffer overflow when reading Photoshop images (CAN-2005-0005).
+Closes: #291033
+
+ -- Daniel Kobras <[EMAIL PROTECTED]>  Tue, 18 Jan 2005 18:20:05 +0100
+
 imagemagick (6:6.0.6.2-2) unstable; urgency=high
 
   * Fixes a buffer overflow in the PSD image-decoding.  
reverted:
--- imagemagick-6.0.6.2/nohup.out
+++ imagemagick-6.0.6.2.orig/nohup.out
@@ -1,28 +0,0 @@
-dpkg-buildpackage: source package is imagemagick
-dpkg-buildpackage: source version is 6:6.0.6.2-1.6
-dpkg-buildpackage: source maintainer is Andreas Tille <[EMAIL PROTECTED]>
-dpkg-buildpackage: host architecture is i386
- fakeroot debian/rules clean
-dh_testdir
-dh_testroot
-rm -f build-stamp
-# Add here commands to clean up after the build process.
-cd PerlMagick && /usr/bin/make distclean
-make[1]: Entering directory 
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/PerlMagick'
-make[1]: *** Keine Regel, um »distclean« zu erstellen.  Schluss.
-make[1]: Leaving directory 
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/PerlMagick'
-make: [clean] Fehler 2 (ignoriert)
-/usr/bin/make distclean
-make[1]: Entering directory `/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2'
-make[1]: *** Keine Regel, um »distclean« zu erstellen.  Schluss.
-make[1]: Leaving directory `/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2'
-make: [clean] Fehler 2 (ignoriert)
-cd Magick++ && /usr/bin/make distclean
-make[1]: Entering directory 
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/Magick++'
-make[1]: *** Keine Regel, um »distclean« zu erstellen.  Schluss.
-make[1]: Leaving directory 
`/home/tillea/tmp/imagemagick/imagemagick-6.0.6.2/Magick++'
-make: [clean] Fehler 2 (ignoriert)
-dh_clean
- dpkg-source -b imagemagick-6.0.6.2
-dpkg-source: building imagemagick using existing 
imagemagick_6.0.6.2.orig.tar.gz
-dpkg-source: building imagemagick in imagemagick_6.0.6.2-1.6.diff.gz

Bug#291011: arggg fix the real problem.

2005-01-18 Thread Jamie Heilman

> Changes: 
>  sysfsutils (1.2.0-2) unstable; urgency=low
>  .
>* sysfsutils.init: Use shell bash instead of sh. (closes: #291011)

Please do not use bash, just fix the real problem, I offered a patch
in #291022 which does this (and more).

Additional bugs in the current script:
  Your replacement of '.' to '/' isn't a good idea because there are
paths in sysfs which can contain '.' -- my patch accounted for that as
well.
  You defined a configuration file variable, and then didn't use it,
my patch took care of that too.

-- 
Jamie Heilman http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81.  People said, "No, Holly,
 she's not for you." She was cheap, she was stupid and she wouldn't
 load -- well, not for me, anyway." -Holly


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291089: marked as done (docdiff installs files into a rather nonstandard location)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 13:09:21 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291089: docdiff installs files into a rather nonstandard 
location
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 16:37:42 +
>From [EMAIL PROTECTED] Tue Jan 18 08:37:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from cugglephone.madeley.id.au (persephone.madeley.id.au) 
[203.56.15.217] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqwMQ-0006Wv-00; Tue, 18 Jan 2005 08:37:42 -0800
Received: by persephone.madeley.id.au (Postfix, from userid 1000)
id 7C1C219CB8E; Wed, 19 Jan 2005 00:37:40 +0800 (WST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Davyd Madeley <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: docdiff installs files into a rather nonstandard location
X-Mailer: reportbug 3.5ubuntu2
Date: Wed, 19 Jan 2005 00:37:40 +0800
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: docdiff
Version: 0.3.1-1
Severity: grave
Justification: renders package unusable


docdiff would appear to have some creative locations for files. Here is
a sample of `dpkg -L`:

/usr/share/doc/docdiff/changelog.Debian.gz
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/docdiff.1.gz
/docdiff
/docdiff/document.rb
/docdiff/charstring.rb
/docdiff/encoding

I think it speaks for itself.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages docdiff depends on:
ii  libiconv-ruby1.8   1.8.1+1.8.2pre4-1 A Wrapper class of iconv for the R
ii  ruby1.81.8.1+1.8.2pre4-1 Interpreter of object-oriented scr

-- no debconf information

---
Received: (at 291089-done) by bugs.debian.org; 18 Jan 2005 18:09:26 +
>From [EMAIL PROTECTED] Tue Jan 18 10:09:26 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms-smtp-01.nyroc.rr.com [24.24.2.55] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqxnC-0007Jv-00; Tue, 18 Jan 2005 10:09:26 -0800
Received: from andromeda (syr-24-59-54-124.twcny.rr.com [24.59.54.124])
by ms-smtp-01.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id 
j0II9NK3029762;
Tue, 18 Jan 2005 13:09:24 -0500 (EST)
Received: from pryzbyj by andromeda with local (Exim 3.36 #1 (Debian))
id 1Cqxn7-0008Kq-00; Tue, 18 Jan 2005 13:09:21 -0500
Date: Tue, 18 Jan 2005 13:09:21 -0500
To: Davyd Madeley <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#291089: docdiff installs files into a rather nonstandard 
location
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL 
PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
From: Justin Pryzby <[EMAIL PROTECTED]>
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

On Wed, Jan 19, 2005 at 01:54:41AM +0800, Davyd Madeley wrote:
> On Tue, 2005-01-18 at 12:50 -0500, Justin Pryzby wrote:
> 
> > > For what it's worth, this package is being dragged in through Ubuntu's
> > > universe.
> > So its an ubuntu .deb, not a debian one?  Can you post it online, or
> > give me a url?  Debian's .deb appears to be fine.
> 
> Hmm, as far as I can tell, it should be pretty pure.
> http://archive.ubuntu.com/ubuntu/pool/universe/d/docdiff/docdiff_0.3.1-1_all.deb
Ubuntu's .deb lists files in ./docdiff/, whereas Debian's .deb lists
files only in ./usr/ and ./etc/ (dpkg-deb -c to list the contents).

> I was under the impression that Ubuntu had patched reportbug to only
> report Debian bugs back to Debian, but don't quote me on that.
I do

Bug#291089: docdiff installs files into a rather nonstandard location

2005-01-18 Thread Davyd Madeley

On Tue, 2005-01-18 at 12:39 -0500, Justin Pryzby wrote:

> I don't have any /docdiff in mine, which I just installed.  Did you
> just upgrade, or install from scratch?

Installed from scratch.

For what it's worth, this package is being dragged in through Ubuntu's
universe.

-- 
Davyd Madeley  http://www.davyd.id.au/

PGP Fingerprint 
08B0 341A 0B9B 08BB 2118  C060 2EDD BB4F 5191 6CDA



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290731: marked as done (CAN-2004-1125: Buffer overflow with DoS and possible artbitrary code execution vulnerability)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 12:47:05 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#290731: fixed in gpdf 2.8.2-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 16 Jan 2005 10:09:30 +
>From [EMAIL PROTECTED] Sun Jan 16 02:09:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.o2w.nl [213.227.141.209] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Cq7Le-PB-00; Sun, 16 Jan 2005 02:09:30 -0800
Received: from zensunni.xinara.org (node-072-048.dsl.active24.nl [217.22.72.48])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client did not present a certificate)
	by mail.o2w.nl (Postfix) with ESMTP id 841F2359D1
	for <[EMAIL PROTECTED]>; Sun, 16 Jan 2005 11:09:27 +0100 (CET)
Received: from ray by zensunni.xinara.org with local (Exim 4.34)
	id 1Cq7LQ-QA-6C; Sun, 16 Jan 2005 11:09:16 +0100
Date: Sun, 16 Jan 2005 11:09:16 +0100
From: "J.H.M. Dassen (Ray)" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2004-1125: Buffer overflow with DoS and possible artbitrary code execution vulnerability
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.5
Organization: Ray at home
X-System: Debian GNU/Linux 3.1, kernel 2.4.29-rc2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: gpdf
Version: 2.8.1-1
Severity: grave
Tags: security patch upstream fixed-upstream

The NEWS file for the new upstream release (2.8.2) says:
	* Fix potential buffer overflow in xpdf colorspace handling code.
	  (Derek Noonburg) - CAN 2004-1125

Here's that issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 :
+-+
|Name   |CAN-2004-1125 (under review) |
|---+-|
|   |Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf  |
|   |3.00, and other products that share code such as tetex-bin and   |
|Description|kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote |
|   |attackers to cause a denial of service (application crash) and   |
|   |possibly execute arbitrary code via a crafted PDF file that  |
|   |causes the boundaries of a maskColors array to be exceeded.  |
|---+-|
|   |  * IDEFENSE:20041221 Multiple Vendor xpdf PDF Viewer Buffer |
|   |Overflow Vulnerability   |
|   |  * URL:http://http://www.idefense.com/application/poi/display?id|
|   |=172&type=vulnerabilities|
|   |  * CONFIRM:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch|
|   |  * CONFIRM:http://www.kde.org/info/security/|
|   |advisory-20041223-1.txt  |
|   |  * BUGTRAQ:20041228 KDE Security Advisory: kpdf Buffer Overflow |
|References |Vulnerability|
|   |  * URL:http://marc.theaimsgroup.com/?t=11037859651&r=1&w=2  |
|   |  * FULLDISC:20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities |
|   |  * URL:http://lists.netsys.com/pipermail/full-disclosure/   |
|   |2004-December/030241.html|
|   |  * BUGTRAQ:20041223 [USN-50-1] CUPS vulnerabilities |
|   |  * URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384680309105|
|   |&w=2 |
|   |  * XF:xpdf-gfx-doimage-bo(18641)|
|   |  * URL:http://xforce.iss.net/xforce/xfdb/18641  |
|---+-|
|Phase  |Assigned (20041202)  |
|---+-

Bug#291089: docdiff installs files into a rather nonstandard location

2005-01-18 Thread Justin Pryzby

On Wed, Jan 19, 2005 at 12:37:40AM +0800, Davyd Madeley wrote:
> Package: docdiff
> Version: 0.3.1-1
> Severity: grave
> Justification: renders package unusable
> 
> 
> docdiff would appear to have some creative locations for files. Here is
> a sample of `dpkg -L`:
> 
> /usr/share/doc/docdiff/changelog.Debian.gz
> /usr/share/man
> /usr/share/man/man1
> /usr/share/man/man1/docdiff.1.gz
> /docdiff
> /docdiff/document.rb
> /docdiff/charstring.rb
> /docdiff/encoding
> 
> I think it speaks for itself.
I don't have any /docdiff in mine, which I just installed.  Did you
just upgrade, or install from scratch?

	$ dpkg -L docdiff |grep -v ^/usr/
	/.
	/usr
	/etc
	/etc/docdiff
	/etc/docdiff/docdiff.conf

I see the files you have listed in /docdiff instead under
/usr/lib/ruby/1.8/docdiff/.

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 291089

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 291089 unreproducible
Bug#291089: docdiff installs files into a rather nonstandard location
There were no tags set.
Tags added: unreproducible

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291057: marked as done (Please remove out-of-date kernel module packages from unstable)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Wed, 19 Jan 2005 03:03:22 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291057: Please remove out-of-date kernel module packages 
from unstable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 13:56:17 +
>From [EMAIL PROTECTED] Tue Jan 18 05:56:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) 
[66.93.39.86] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqtqD-0001eh-00; Tue, 18 Jan 2005 05:56:17 -0800
Received: by localhost.localdomain (Postfix, from userid 1000)
id BA03BA30D0; Tue, 18 Jan 2005 05:56:17 -0800 (PST)
Date: Tue, 18 Jan 2005 05:56:17 -0800
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Please remove out-of-date kernel module packages from unstable
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="iAzLNm1y1mIRgolD"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--iAzLNm1y1mIRgolD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: ftp.debian.org
Severity: grave

Security updates for the Debian kernel packages are available in unstable
for multiple architectures, and are ready to propagate into testing once a
number of stale binary packages are removed.


i386


=46rom the i2c source package:

i2c-2.4.27-1-386, i2c-2.4.27-1-586tsc, i2c-2.4.27-1-686,
i2c-2.4.27-1-686-smp, i2c-2.4.27-1-k6, i2c-2.4.27-1-k7,
i2c-2.4.27-1-k7-smp

=46rom the linux-wlan-ng source package:

linux-wlan-ng-modules-2.4.27-1-386, linux-wlan-ng-modules-2.4.27-1-586tsc,
linux-wlan-ng-modules-2.4.27-1-686, linux-wlan-ng-modules-2.4.27-1-686-smp,
linux-wlan-ng-modules-2.4.27-1-k6, linux-wlan-ng-modules-2.4.27-1-k7,
linux-wlan-ng-modules-2.4.27-1-k7-smp

=46rom the lm-sensors source package:

lm-sensors-2.4.27-1-386, lm-sensors-2.4.27-1-586tsc,=20
lm-sensors-2.4.27-1-686, lm-sensors-2.4.27-1-686-smp,=20
lm-sensors-2.4.27-1-k6, lm-sensors-2.4.27-1-k7,=20
lm-sensors-2.4.27-1-k7-smp

=46rom the kernel-image-2.6.8-i386 source package:

kernel-headers-2.6.8-1


Rene does not object that these packages are not built from source, even
though this is the case for lm-sensors, i2c, and kernel-image-2.6.8-i386.
(For linux-wlan-ng, the modules packages are not listed in the source
package control file at all.)  For i2c and lm-sensors, there has been a new
upload that supersedes these binary packages.  For linux-wlan-ng, there has
been no such upload; however, the packages currently in the archive are
broken with all available kernel packages, so I don't think there's any
reason to keep them, especially since they block fixed kernel packages from
testing.  For kernel-headers-2.6.8-1, this package is still referenced by
other source packages in unstable that build it for other architectures
(s390, hppa, alpha) that have not yet been updated.


In addition, a new version of alsa-modules-i386 is awaiting NEW processing
which brings this set of modules into line with the current kernel ABI.  Due
to a bug in the previous version of alsa-modules-i386, this package is *not*
blocking the transition of the fixed 2.4.27 kernel packages into testing,
but it would be nice to have -- there will also be stale 2.4.27-1 binaries
to be removed for this package.


alpha
-

=46rom the kernel-image-2.4.27-alpha package:

kernel-headers-2.4.27-1-generic, kernel-headers-2.4.27-1-smp,
kernel-image-2.4.27-1-generic, kernel-image-2.4.27-1-smp

This is reported by rene.


ia64


=46rom the kernel-image-2.4.27-ia64 package:

kernel-build-2.4.27-1, kernel-headers-2.4.27-1

=46rom the kernel-image-2.6.8-ia64 package:

kernel-headers-2.6.8-1

These are not reported by rene.


sparc
-

=46rom the kernel-image-2.6.8-sparc package:

kernel-headers-2.6.8-1

This is not reported by rene.



Thanks,
--=20
Steve Langasek
postmodern programmer

--iAzLNm1y1mIRgolD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-

Bug#291091: Konqueror 3.3.1-4 respawns on clicking any link

2005-01-18 Thread Bud Rogers

Package: konqueror
Version: 3.3.1-4
Severity: serious

If I start konqueror from the menu or command line, it comes up 
normally.  If I click on any link, it spawns another window and 
contines to spawn new windows at about 2-3 second intervals.  I have to 
killall konqueror or C-c from command line to kill it.  Konqueror is at 
present unusable.

The system was upgraded from woody to sarge about 10 days ago.  This 
behavior started today.

[EMAIL PROTECTED]:~$ konqueror
konqueror: ERROR: Error in BrowserExtension::actionSlotMap(), unknown 
action : searchProvider

[EMAIL PROTECTED]:~$ apt-cache policy konqueror
konqueror:
  Installed: 4:3.3.1-4
  Candidate: 4:3.3.1-4
  Version Table:
 *** 4:3.3.1-4 0
500 http://http.us.debian.org sarge/main Packages
100 /var/lib/dpkg/status

[EMAIL PROTECTED]:~$ uname -a
Linux mug 2.2.19 #1 Sun Apr 8 13:42:11 EST 2001 i686 GNU/Linux

[EMAIL PROTECTED]:~$ dpkg -s libc6 |grep ^Version
Version: 2.3.2.ds1-20


-- 
Bud Rogers <[EMAIL PROTECTED]>
Western Farmers Electric Cooperative


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#267799: nvidia module not autoloading

2005-01-18 Thread Jo Shields

It's worth nothing that I've filed a separate bug (number 288675) which 
covers the exact same symptoms, on udev-based systems.

Essentially, nvidia.(k)o is loaded automatically when something pokes 
/dev/nvidia*, but with udev or devfs, these /dev entries do not exist 
without the nvidia module already being loaded - thus, they cannot 
autoload anymore. The udev people blame the hotplug people, the hotplug 
people refuse to get involved.

--Jo Shields
--

Jo Shields
Systems Manager
Oxford Supercomputing Center
http://www.comlab.ox.ac.uk/oucl/people/jo.shields.html
---
. __
./ BOFH excuse #148:\
.|  |
.\ Insert coin for new game /
. --
.   \   ,__,
.\  (oo)
.   (__))\
.  ||--|| *

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290474: new attempts to solve this problem

2005-01-18 Thread maximilian attems

On Tue, 18 Jan 2005, Olivier Lecarme wrote:

> Somebody told me that there could be an incompatibility between Grub and
> Xfs, thus I switched to Lilo. The result is the same, but with a
> different error message: /sbin/init is not found.
> 
> Maybe this will help...
> -- 
> 
> 
>   Olivier Lecarme

no please provide full error message.

--
maks



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability

2005-01-18 Thread Daniel Kobras

On Tue, Jan 18, 2005 at 08:57:07PM +0900, Ryuichi Arafune wrote:
> From: Daniel Kobras <[EMAIL PROTECTED]>
> > An updated package for unstable is already sitting in incoming and
> > should soon become available in testing as well. However, I've just
> > verified that the vulnerability is present in the woody version as well,
> > so this bug still needs to be acted upon. Ryuichi, do you want to
> > prepare updated woody packages yourself? Otherwise, I'd offer to do so.
> Please do it.  Now, I'm busy.  And I don't have woody system.

Okay, I've sent updated packages to the security team. Debdiff to the
previous version in stable is attached. While preparing the stable
update, I noted that the patch applied in 6.0.6.2-2 only fixes part of
the issue because it missed the second boundary check applied (and
well-hidden in a pile of unrelated changes) by upstream. Unless you get
around to it sooner than me, I'll try to fix this up in a 6.0.6.2-2.1
upload as soon as possible. 

Regards,

Daniel.

diff -u imagemagick-5.4.4.5/debian/changelog 
imagemagick-5.4.4.5/debian/changelog
--- imagemagick-5.4.4.5/debian/changelog
+++ imagemagick-5.4.4.5/debian/changelog
@@ -1,3 +1,11 @@
+imagemagick (4:5.4.4.5-1woody5) stable-security; urgency=high
+
+  * Non-maintainer upload for the Security Team.
+  * coders/psd.c: Fix potential heap overflow when reading Photoshop
+image files (CAN-2005-0005). Closes: #291033
+
+ -- Daniel Kobras <[EMAIL PROTECTED]>  Tue, 18 Jan 2005 12:43:45 +0100
+
 imagemagick (4:5.4.4.5-1woody4) stable-security; urgency=high
 
   * Non-maintainer upload for the Security Team.
only in patch2:
unchanged:
--- imagemagick-5.4.4.5.orig/coders/psd.c
+++ imagemagick-5.4.4.5/coders/psd.c
@@ -408,6 +408,8 @@
 
 static Image *ReadPSDImage(const ImageInfo *image_info,ExceptionInfo 
*exception)
 {
+#define MaxPSDChannels  24
+
   typedef enum
   {
 BitmapMode = 0,
@@ -439,7 +441,7 @@
   channels;
 
 ChannelInfo
-  channel_info[24];
+  channel_info[MaxPSDChannels];
 
 char
   blendkey[4];
@@ -558,6 +560,8 @@
 ThrowReaderException(CorruptImageWarning,"Not a PSD image file",image);
   (void) ReadBlob(image,6,(char *) psd_info.reserved);
   psd_info.channels=ReadBlobMSBShort(image);
+  if (psd_info.channels > MaxPSDChannels)
+ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded",image);
   psd_info.rows=ReadBlobMSBLong(image);
   psd_info.columns=ReadBlobMSBLong(image);
   psd_info.depth=ReadBlobMSBShort(image);
@@ -681,6 +685,9 @@
 
layer_info[i].page.height=(ReadBlobMSBLong(image)-layer_info[i].page.y);
 layer_info[i].page.width=(ReadBlobMSBLong(image)-layer_info[i].page.x);
 layer_info[i].channels=ReadBlobMSBShort(image);
+   if (layer_info[i].channels > MaxPSDChannels)
+ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded",
+   image);
 for (j=0; j < layer_info[i].channels; j++)
 {
   layer_info[i].channel_info[j].type=ReadBlobMSBShort(image);

Bug#291089: docdiff installs files into a rather nonstandard location

2005-01-18 Thread Davyd Madeley

Package: docdiff
Version: 0.3.1-1
Severity: grave
Justification: renders package unusable


docdiff would appear to have some creative locations for files. Here is
a sample of `dpkg -L`:

/usr/share/doc/docdiff/changelog.Debian.gz
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/docdiff.1.gz
/docdiff
/docdiff/document.rb
/docdiff/charstring.rb
/docdiff/encoding

I think it speaks for itself.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages docdiff depends on:
ii  libiconv-ruby1.8   1.8.1+1.8.2pre4-1 A Wrapper class of iconv for the R
ii  ruby1.81.8.1+1.8.2pre4-1 Interpreter of object-oriented scr

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291031: additional Info regarding #291031

2005-01-18 Thread Sebastian Feltel

Hi,
I was running into the same problems which Martin described while 
upgrading postfix. I "solved" the problem by uncommenting the 
newaliases-Section (line 438 - 450) in the postix postinst-Script.

For reference I've saved my configuration at [1]. This configuration was 
used under postfix 1.x and modified some times ago to be compatible with 
postfix 2. Postfix is running quite well as before the upgrade to 
postfix 2.1.5-4

Bye
Sebastian
[1] http://www.feltel.de/tmp/dfde_postfix_main.cf
--
debianforum.de - die deutschsprachige Supportwebseite rund
um das Debian-Projekt  


signature.asc
Description: OpenPGP digital signature

Bug#291083: apache2-mpm-prefork: Fail to install

2005-01-18 Thread Chich Thierry

Package: apache2-mpm-prefork
Version: 2.0.52-3
Severity: grave
Justification: renders package unusable

The install process fail with the postrm script.
It fail when it attempt to enable the cgi module
with :
a2enmod cgi

This command claims :
This module does not exist!

dpkg -l | grep apache2 is giving :
ii  apache2-common 2.0.52-3   Next generation, scalable, extendable
ii  apache2-doc2.0.52-3   Documentation for apache2
iF  apache2-mpm-pr 2.0.52-3   Traditional model for Apache2
ii  libapache2-mod-auth-pam 1.1.1-4.1  Module for Apache2 which authenticate
ii  libapache2-mod-auth-plain 2.0.48-4-2.1   Module for Apache2 which provides
rc  libapache2-mod-php4 4.3.10-2   server-side, HTML-embedded scripting



-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-bf2.4
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2-mpm-prefork depends on:
ii  apache2-common  2.0.52-3 Next generation, scalable, extenda
ii  libapr0 2.0.52-3 The Apache Portable Runtime
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libexpat1   1.95.8-1 XML parsing C library - runtime li
ii  libldap22.1.30-3 OpenLDAP libraries
ii  libssl0.9.7 0.9.7e-2 SSL shared libraries
ii  zlib1g  1:1.2.2-3compression library - runtime

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Fixed in NMU of libhttpfetcher 1.0.1-1.2

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tag 290891 + fixed
Bug#290891: does not supply /usr/lib/libhttp_fetcher.so
Tags were: patch
Tags added: fixed

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: whoops

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 290733 +upstream
Bug#290733: torsmo: Floating point exception
Tags were: sid upstream
Tags added: upstream

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: prozilla

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> package prozilla
Ignoring bugs not assigned to: prozilla

> tag 271736 pending
Bug#271736: Error in the comment on ftp.h
There were no tags set.
Tags added: pending

> tag 284117 pending
Bug#284117: remotely exploitable buffer overflow (CAN-2004-1120)
Tags were: confirmed security
Tags added: pending

> tag 290218 pending
Bug#290218: Improper copyright file
There were no tags set.
Tags added: pending

> tag 290242 pending
Bug#290242: prozilla: note in ftpparse.c makes it non-free
Tags were: confirmed
Tags added: pending

> tag 290327 pending
Bug#290327: prozilla: http.c displays password
There were no tags set.
Tags added: pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: woody bug

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 290650 woody
Bug#290650: xserver-xfree86: Startup fails for clamshell iBook after jan15 
woody update: no valid Screen config
There were no tags set.
Tags added: woody

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Unstable version only

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 290733 sid
Bug#290733: torsmo: Floating point exception
Tags were: upstream
Tags added: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290855: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #2

2005-01-18 Thread Steve Langasek

Stephane,

Can you please tell me what the output of
"dpkg -S /usr/share/man/man8/smtpd.8.gz" shows on your system?

Thanks,
-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Processed: Re: python2.3-libplot: Fails on import

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 290859 unreproducible moreinfo
Bug#290859: python2.3-libplot: Fails on import
There were no tags set.
Tags added: unreproducible, moreinfo

> severity 290859 important
Bug#290859: python2.3-libplot: Fails on import
Severity set to `important'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290111: digikamplugins: FTBFS: Cannot find headers

2005-01-18 Thread Steve Langasek

On Tue, Jan 18, 2005 at 03:43:12PM +0100, Achim Bohnet wrote:
> On Tuesday 18 January 2005 12:55, Steve Langasek wrote:
> > If this package is obsoleted by digikam 0.7, what reason is there to wait
> > before asking for its removal?  To me, "obsoleted" means "doesn't work".
> the plugins 'work' but no package use the plugins anymore.

> As I tried to explain in my last msg, I would like to upload a dummy
> digikamplugins pkg, that just depends on kipi-plugins as 'soon' as
> kipi-plugins enters sid (currently still pending in NEW queue).
> That's just to smooth upgrade.  Some weeks before pkg freeze, my
> plan was ask for the digikamplugin removal.

Since there was no digikamplugins package in woody, I think a dummy package
for this would be overkill.  Transition packages are normally only used for
stable->stable upgrade paths.

I also think that there is no reason to keep the current digikamplugins
packages in testing, since you say that they aren't useful with the current
digikam package; so I have hinted digikamplugins for removal from testing in
response to this bug.

It seems to me that it also makes sense to request the removal of
digikamplugins from unstable, but that's your decision to make.

-- 
Steve Langasek
postmodern programmer

signature.asc
Description: Digital signature

Bug#290111: digikamplugins: FTBFS: Cannot find headers

2005-01-18 Thread Achim Bohnet

On Tuesday 18 January 2005 12:55, Steve Langasek wrote:
> If this package is obsoleted by digikam 0.7, what reason is there to wait
> before asking for its removal?  To me, "obsoleted" means "doesn't work".

Hi Steve,

the plugins 'work' but no package use the plugins anymore.

As I tried to explain in my last msg, I would like to upload a dummy
digikamplugins pkg, that just depends on kipi-plugins as 'soon' as
kipi-plugins enters sid (currently still pending in NEW queue).
That's just to smooth upgrade.  Some weeks before pkg freeze, my
plan was ask for the digikamplugin removal.

If you, as RM, think the timescales are too short let me know and
I'll submit a bugreport for removal to ftp-masters now.

Achim
> -- 
> Steve Langasek
> postmodern programmer
-- 
  To me vi is Zen.  To use vi is to practice zen. Every command is
  a koan. Profound to the user, unintelligible to the uninitiated.
  You discover truth everytime you use it.
  -- [EMAIL PROTECTED]

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 278942

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 278942 woody patch security
Bug#278942: Daemon Hijacking vuln. CAN-2003-0740 not fixed in woody
Tags were: security woody
Tags added: woody, patch, security

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity 290547 important

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> severity 290547 important
Bug#290547: libarts1: Troubled system-sound with KDE 3.3.1 on testing
Severity set to `important'.

> stop
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291064: Arbitrary command execution

2005-01-18 Thread Martin Schulze

Package: awstats
Version: 6.2-1
Severity: grave
Tags: security sarge sid patch

Please see this advisory at iDEFENSE for details
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false

   VI. VENDOR RESPONSE

   This vulnerability is addressed in AWStats 6.3, available for download

The version in woody is not affected by this problem.

Regards,

Joey

-- 
Ten years and still binary compatible.  -- XFree86

Please always Cc to me when replying to me on the lists.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291060: libstdc++6-4.0-doc: cannot install

2005-01-18 Thread Laurent Bonnaud

Package: libstdc++6-4.0-doc
Version: 4.0-0pre4
Severity: grave
Justification: renders package unusable


Hi,

here is the problem:

# apt-get install libstdc++6-4.0-doc
[...]
Unpacking libstdc++6-4.0-doc (from .../libstdc++6-4.0-doc_4.0-0pre4_all.deb) ...
dpkg: error processing 
/var/cache/apt/archives/libstdc++6-4.0-doc_4.0-0pre4_all.deb (--unpack):
 unable to clean up mess surrounding 
`./usr/share/doc/gcc-4.0-base/libstdc++/html_user/structstd_1_1tr1_1_1tuple__size_3_01tuple_3_01___null_class_00_01___null_class_00_01___null_class_00_01___null_class_00_01___null_class_00_01___null_class_00_01___null_class_00_01___null_class_00_01___null_'
 before installing another version: File name too long
dpkg-deb: subprocess paste killed by signal (Broken pipe)


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: prozilla

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> package prozilla
Ignoring bugs not assigned to: prozilla

> tag 271736 -pending
Bug#271736: Error in the comment on ftp.h
Tags were: pending
Tags removed: pending

> tag 284117 -pending
Bug#284117: remotely exploitable buffer overflow (CAN-2004-1120)
Tags were: pending confirmed security
Tags removed: pending

> tag 290218 -pending
Bug#290218: Improper copyright file
Tags were: pending
Tags removed: pending

> tag 290242 -pending
Bug#290242: prozilla: comment in ftpparse.c is ambiguous
Tags were: pending confirmed
Tags removed: pending

> tag 290327 -pending
Bug#290327: prozilla: http.c displays password
Tags were: pending
Tags removed: pending

> severity 290242 serious
Bug#290242: prozilla: comment in ftpparse.c is ambiguous
Severity set to `serious'.

> retitle 290242 prozilla: note in ftpparse.c makes it non-free
Bug#290242: prozilla: comment in ftpparse.c is ambiguous
Changed Bug title.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291057: Please remove out-of-date kernel module packages from unstable

2005-01-18 Thread Steve Langasek

Package: ftp.debian.org
Severity: grave

Security updates for the Debian kernel packages are available in unstable
for multiple architectures, and are ready to propagate into testing once a
number of stale binary packages are removed.


i386


From the i2c source package:

i2c-2.4.27-1-386, i2c-2.4.27-1-586tsc, i2c-2.4.27-1-686,
i2c-2.4.27-1-686-smp, i2c-2.4.27-1-k6, i2c-2.4.27-1-k7,
i2c-2.4.27-1-k7-smp

From the linux-wlan-ng source package:

linux-wlan-ng-modules-2.4.27-1-386, linux-wlan-ng-modules-2.4.27-1-586tsc,
linux-wlan-ng-modules-2.4.27-1-686, linux-wlan-ng-modules-2.4.27-1-686-smp,
linux-wlan-ng-modules-2.4.27-1-k6, linux-wlan-ng-modules-2.4.27-1-k7,
linux-wlan-ng-modules-2.4.27-1-k7-smp

From the lm-sensors source package:

lm-sensors-2.4.27-1-386, lm-sensors-2.4.27-1-586tsc, 
lm-sensors-2.4.27-1-686, lm-sensors-2.4.27-1-686-smp, 
lm-sensors-2.4.27-1-k6, lm-sensors-2.4.27-1-k7, 
lm-sensors-2.4.27-1-k7-smp

From the kernel-image-2.6.8-i386 source package:

kernel-headers-2.6.8-1


Rene does not object that these packages are not built from source, even
though this is the case for lm-sensors, i2c, and kernel-image-2.6.8-i386.
(For linux-wlan-ng, the modules packages are not listed in the source
package control file at all.)  For i2c and lm-sensors, there has been a new
upload that supersedes these binary packages.  For linux-wlan-ng, there has
been no such upload; however, the packages currently in the archive are
broken with all available kernel packages, so I don't think there's any
reason to keep them, especially since they block fixed kernel packages from
testing.  For kernel-headers-2.6.8-1, this package is still referenced by
other source packages in unstable that build it for other architectures
(s390, hppa, alpha) that have not yet been updated.


In addition, a new version of alsa-modules-i386 is awaiting NEW processing
which brings this set of modules into line with the current kernel ABI.  Due
to a bug in the previous version of alsa-modules-i386, this package is *not*
blocking the transition of the fixed 2.4.27 kernel packages into testing,
but it would be nice to have -- there will also be stale 2.4.27-1 binaries
to be removed for this package.


alpha
-

From the kernel-image-2.4.27-alpha package:

kernel-headers-2.4.27-1-generic, kernel-headers-2.4.27-1-smp,
kernel-image-2.4.27-1-generic, kernel-image-2.4.27-1-smp

This is reported by rene.


ia64


From the kernel-image-2.4.27-ia64 package:

kernel-build-2.4.27-1, kernel-headers-2.4.27-1

From the kernel-image-2.6.8-ia64 package:

kernel-headers-2.6.8-1

These are not reported by rene.


sparc
-

From the kernel-image-2.6.8-sparc package:

kernel-headers-2.6.8-1

This is not reported by rene.



Thanks,
-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Bug#290474: new attempts to solve this problem

2005-01-18 Thread Olivier Lecarme

Somebody told me that there could be an incompatibility between Grub and
Xfs, thus I switched to Lilo. The result is the same, but with a
different error message: /sbin/init is not found.

Maybe this will help...

-- 


Olivier Lecarme


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291053: kernel-source-2.4.19: CAN-2004-1235 not been patched

2005-01-18 Thread Wim De Smet

Package: kernel-source-2.4.19
Version: stable
Severity: grave
Tags: security
Justification: user security hole


Is this package no longer being patched? The changelog doesn't mention
anything about the recent vulnerabilities and the last upload seems to
have been a long time ago. I need a patched kernel on my woody
systems...

greets,
Wim


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=nl_BE.ISO-8859-1, LC_CTYPE=nl_BE.ISO-8859-1 (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: systraq: Sends cronjob output every hour about missing paterns file

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> reopen 289791
Bug#289791: systraq: Sends cronjob output every hour about missing paterns file
Bug reopened, originator not changed.

> severity 289791 serious
Bug#289791: systraq: Sends cronjob output every hour about missing paterns file
Severity set to `serious'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289646: kbabel: crash with some .po file

2005-01-18 Thread Steve Langasek

tags 289646 experimental
thanks

Matias,

I am not able to reproduce this bug using the packages in sarge.  Can you
please downgrade kdelibs4 on your system to the version in unstable, to
confirm whether this bug still exists for you?

Thanks,
-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Processed: Re: kbabel: crash with some .po file

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 289646 experimental
Bug#289646: kbabel: crash with some .po file
There were no tags set.
Tags added: experimental

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290731: Bug#282241: gpdf: Works...

2005-01-18 Thread Filip Van Raemdonck

tags 282241 + fixed-upstream pending
tags 290731 + fixed-upstream pending
tags 290969 + fixed-upstream pending
thanks

On Sat, Jan 15, 2005 at 10:55:14PM -0600, Adam Majer wrote:
> 
> I can verify that this patch seems to work perfectly. Could this patch
> be applied for next revision of gpdf?

I've prepared a new upstream version which fixes the referenced bugs.


Regards,

Filip

-- 
Linux/PPC - where iMacs become real men's computers.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#282241: gpdf: Works...

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tags 282241 + fixed-upstream pending
Bug#282241: gpdf shows embedded bookmark tree, but clicking bookmarks goes to 
first page
Tags were: patch
Tags added: fixed-upstream, pending

> tags 290731 + fixed-upstream pending
Bug#290731: CAN-2004-1125: Buffer overflow with DoS and possible artbitrary 
code execution vulnerability
Tags were: fixed-upstream patch security upstream
Tags added: fixed-upstream, pending

> tags 290969 + fixed-upstream pending
Bug#290969: gpdf: Left bar display items, but clicking on them doesn't have any 
effect
There were no tags set.
Tags added: fixed-upstream, pending

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#278942: #278942 Daemon Hijacking vuln. CAN-2003-0740 not fixed in woody stunnel

2005-01-18 Thread Stefan Fritsch

Sorry for not responding for so long, but I still think this security issue
should be fixed in woody. I have made a diff between 3.22 and 3.26
and removed everything obviously not security related (unfortunately
it is still ~600 lines). It should contain the changes corresponding to
the following entries in the 3.26 HISTORY file:

Version 3.26, 2003.08.29 urgency: MEDIUM:
* Fixed new child signal handler, introduced in 3.25,
  which was buggy in pthreads environments
* Fixed problem where the accept() can block indefinately
  if the user or OS has discarded the connection.

Version 3.25, 2003.07.25, urgency: HIGH:
* Fixed buggy SIGCHLD handling using patch supplied by Nalin Dahyabhai
  of Red Hat.
* Fixed buggy SIGCHLD handling patch (their new pipe descriptors were
  leaked), removed CRIT_LIBWRAP which needs to
  be inside CRIT_NTOA anyway.
* REMOTE_HOST variable is always placed in the environment of
  procesess spawned with 'exec'.

I have not included the following changes since RSA blinding has been
backported to woody openssl:

Version 3.24, 2002.04.23, urgency: HIGH:
* Fixed bug whereby RSA blinding was called in client mode
  even when no cert was in use.

Version 3.23, 2002.04.02, urgency: HIGH:
* Enabled RSA blinding on all RSA keys to prevent RSA timing attack that
  was proven to be exploitable by David Brumley and Dan Boneh.  See
  http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html for more
  details about the attack.  If you have an OpenSSL library that has
  RSA blinding on by default (>=0.9.7b or >=0.9.6j) then you do not
  need to upgrade, but it is still suggested.


The patched version compiles cleanly. However, I have NOT tested it
since I have no working stunnel setup. I hope the patch helps
nontheless.

Cheers,
Stefan
diff -rch stunnel-3.22/client.c stunnel-3.26/client.c
*** stunnel-3.22/client.c	2001-12-23 20:41:32.0 +0100
--- stunnel-3.26/client.c	2003-08-02 06:33:41.0 +0200
***
*** 591,609 
  struct request_info request;
  int result;
  
! enter_critical_section(CRIT_LIBWRAP); /* libwrap is not mt-safe */
  request_init(&request, RQ_DAEMON, options.servname, RQ_FILE, c->local_rfd, 0);
  fromhost(&request);
  result=hosts_access(&request);
- leave_critical_section(CRIT_LIBWRAP);
  if (!result) {
- enter_critical_section(CRIT_NTOA); /* inet_ntoa is not mt-safe */
  log(LOG_WARNING, "Connection from %s:%d REFUSED by libwrap",
  inet_ntoa(c->addr.sin_addr), ntohs(c->addr.sin_port));
  leave_critical_section(CRIT_NTOA);
  log(LOG_DEBUG, "See hosts_access(5) for details");
  return -1; /* FAILED */
  }
  #endif
  return 0; /* OK */
  }
--- 599,617 
  struct request_info request;
  int result;
  
! enter_critical_section(CRIT_NTOA); /* libwrap is not mt-safe, and uses
! 	 inet_ntoa internally, so wrap thusly */
  request_init(&request, RQ_DAEMON, options.servname, RQ_FILE, c->local_rfd, 0);
  fromhost(&request);
  result=hosts_access(&request);
  if (!result) {
  log(LOG_WARNING, "Connection from %s:%d REFUSED by libwrap",
  inet_ntoa(c->addr.sin_addr), ntohs(c->addr.sin_port));
  leave_critical_section(CRIT_NTOA);
  log(LOG_DEBUG, "See hosts_access(5) for details");
  return -1; /* FAILED */
  }
+ leave_critical_section(CRIT_NTOA);
  #endif
  return 0; /* OK */
  }
***
*** 686,691 
--- 694,702 
  char env[3][STRLEN], name[STRLEN];
  int fd[2];
  X509 *peer;
+ #ifdef HAVE_PTHREAD_SIGMASK
+ sigset_t newmask;
+ #endif
  
  if (options.option & OPT_PTY) {
  char tty[STRLEN];
***
*** 711,726 
  if(!options.foreground)
  dup2(fd[1], 2);
  closesocket(fd[1]);
  if(c->ip) {
  putenv("LD_PRELOAD=" libdir "/stunnel.so");
  /* For Tru64 _RLD_LIST is used instead */
  putenv("_RLD_LIST=" libdir "/stunnel.so:DEFAULT");
  addr.s_addr = c->ip;
- safecopy(env[0], "REMOTE_HOST=");
- enter_critical_section(CRIT_NTOA); /* inet_ntoa is not mt-safe */
- safeconcat(env[0], inet_ntoa(addr));
- leave_critical_section(CRIT_NTOA);
- putenv(env[0]);
  }
  if(c->ssl) {
  peer=SSL_get_peer_certificate(c->ssl);
--- 722,738 
  if(!options.foreground)
  dup2(fd[1], 2);
  closesocket(fd[1]);
+ signal(SIGCHLD, SIG_DFL);
+ safecopy(env[0], "REMOTE_HOST=");
+ enter_critical_section(CRIT_NTOA); /* inet_ntoa is not mt-safe */
+ safeconcat(env[0], inet_ntoa(c->addr.sin_addr));
+ leave_critical_section(CRIT_NTOA);
+ putenv(env[0]);
  if(c->ip) {
  putenv("LD_PRELOAD=" libdir "/stunnel.so");
  /* For Tru64 _RLD_LIST is used instead */
  putenv("_RLD_LIST=

Processed: 2.6.9 bugs -> kernel

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> reassign 279689 kernel
Bug#279689: /boot/vmlinuz-2.6.9-1-686: freeze when starting rivafb
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 280075 kernel
Bug#280075: kernel-image-2.6.9-1-686: Laptop has problems when resuming after 
suspend with apm
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 281739 kernel
Bug#281739: kernel-image-2.6.9-1-686: dangling source symlink in  
/lib/modules/`uname -r`
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 282195 kernel
Bug#282195: kernel-image-2.6.9-1-686: ip_tables seem to be broken
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 283478 kernel
Bug#283478: kernel-image-2.6.9-1-686: TV apps without sound invoke sound. 
Module saa7134 broken?
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 284015 kernel
Bug#284015: kernel-image-2.6.9-1-686: DMA timeout error
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 285615 kernel
Bug#285615: kernel-image-2.6.9-1-686: IBM thinkpad T41 can not power off and 
suspend without ACPI patch
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 287100 kernel
Bug#287100: kernel-image-2.6.9-1-686: missing logging functionality selinux
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 287271 kernel
Bug#287271: Bugfix in /etc/dev.d/block/hal-unmount.dev
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 289719 kernel
Bug#289719: ipip module doesn't marked as used -- but it shall be
Warning: Unknown package 'kernel-image-2.6.9-1-686'
Bug reassigned from package `kernel-image-2.6.9-1-686' to `kernel'.

> reassign 284783 kernel
Bug#284783: kernel-image-2.6.9-1-686-smp: Kernel oops possibly related to kswapd
Warning: Unknown package 'kernel-image-2.6.9-1-686-smp'
Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'.

> reassign 285108 kernel
Bug#285108: kernel-image-2.6.9: Fails to recognize CDRW/DVD
Warning: Unknown package 'kernel-image-2.6.9-1-686-smp'
Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'.

> reassign 286609 kernel
Bug#286609: kernel-image-2.6.9-1-686-smp: No entropy from /dev/random
Warning: Unknown package 'kernel-image-2.6.9-1-686-smp'
Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'.

> reassign 287970 kernel
Bug#287970: instalation on SATA drive and Kernel Panic
Warning: Unknown package 'kernel-image-2.6.9-1-686-smp'
Bug reassigned from package `kernel-image-2.6.9-1-686-smp' to `kernel'.

> reassign 280404 kernel
Bug#280404: cdrom: Changed API Cedega(winex) was dependant on, Diablo2 stoped 
finding CD.
Warning: Unknown package 'kernel-image-2.6.9-1-k7'
Bug reassigned from package `kernel-image-2.6.9-1-k7' to `kernel'.

> reassign 283715 kernel
Bug#283715: kernel-image-2.6.9-1-k7: Removes /initrd.img, makes system 
unbootable
Warning: Unknown package 'kernel-image-2.6.9-1-k7'
Bug reassigned from package `kernel-image-2.6.9-1-k7' to `kernel'.

> --
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Fixed in NMU of xodo 1.2-9.2

2005-01-18 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]:

> tag 289732 + fixed
Bug#289732: postint use command -v update-menus
Tags were: patch
Tags added: fixed

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290111: digikamplugins: FTBFS: Cannot find headers

2005-01-18 Thread Steve Langasek

If this package is obsoleted by digikam 0.7, what reason is there to wait
before asking for its removal?  To me, "obsoleted" means "doesn't work".

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability

2005-01-18 Thread Ryuichi Arafune

From: Daniel Kobras <[EMAIL PROTECTED]>
Subject: Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap 
Overflow Vulnerability
Date: Tue, 18 Jan 2005 11:46:12 +0100
Message-ID: <[EMAIL PROTECTED]>

> tag 291033 + woody security
> severity 291033 grave
> thanks
> 
> On Tue, Jan 18, 2005 at 11:09:08AM +0100, Ruben Puettmann wrote:
> > Remote exploitation of a buffer overflow vulnerability in The
> > ImageMagick's Project's ImageMagick PSD image-decoding module could
> > allow an attacker to execute arbitrary code.
> 
> An updated package for unstable is already sitting in incoming and
> should soon become available in testing as well. However, I've just
> verified that the vulnerability is present in the woody version as well,
> so this bug still needs to be acted upon. Ryuichi, do you want to
> prepare updated woody packages yourself? Otherwise, I'd offer to do so.
Please do it.  Now, I'm busy.  And I don't have woody system.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289732: postint use command -v update-menus

2005-01-18 Thread Steve Langasek

I've prepared and uploaded an NMU to fix this problem.  The patch for this
NMU is attached.

I did not use the proposed form that comes from debhelper; although it's
resilient against changes to update-menu's path, it is not resilient against
problems with using the "which" command, and there seem to be some concerns
about whether "which" is the appropriate method to use.  The debhelper
method also seems to be in the minority when looking at all packages on my
system that call update-menus from the postinst.

Thanks,
-- 
Steve Langasek
postmodern programmer
diff -u xodo-1.2/debian/postinst xodo-1.2/debian/postinst
--- xodo-1.2/debian/postinst
+++ xodo-1.2/debian/postinst
@@ -7,5 +7,7 @@
   fi
 
-  if command -v update-menus >/dev/null 2>&1; then update-menus; fi
+  if [ -x /usr/bin/update-menus ]; then
+update-menus
+  fi
 
 fi
diff -u xodo-1.2/debian/changelog xodo-1.2/debian/changelog
--- xodo-1.2/debian/changelog
+++ xodo-1.2/debian/changelog
@@ -1,3 +1,13 @@
+xodo (1.2-9.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * High-urgency upload for sarge-targetted RC bugfix.
+  * Use [ -x /usr/bin/update-menus ] instead of command -v update-menus
+to check whether we can call this program, as per the interface
+actually provided by the menu package (closes: #289732).
+
+ -- Steve Langasek <[EMAIL PROTECTED]>  Tue, 18 Jan 2005 01:59:23 -0800
+
 xodo (1.2-9.1) unstable; urgency=low
 
   * Non-maintainer upload, bug squashing party.
diff -u xodo-1.2/debian/postrm xodo-1.2/debian/postrm
--- xodo-1.2/debian/postrm
+++ xodo-1.2/debian/postrm
@@ -3 +3,3 @@
-if command -v update-menus >/dev/null 2>&1; then update-menus; fi
+if [ -x /usr/bin/update-menus ]; then
+  update-menus
+fi


signature.asc
Description: Digital signature

Bug#290828: marked as done (gpsd: Version in Sid contains security related bugfixes...)

2005-01-18 Thread Debian Bug Tracking System

Your message dated Tue, 18 Jan 2005 03:22:31 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#290828: gpsd: Version in Sid contains security related 
bugfixes...
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 17 Jan 2005 01:13:42 +
>From [EMAIL PROTECTED] Sun Jan 16 17:13:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mxout.hispeed.ch (smtp.hispeed.ch) [62.2.95.247] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqLSg-00059m-00; Sun, 16 Jan 2005 17:13:42 -0800
Received: from holly.subnetz.org (217-162-24-227.dclient.hispeed.ch 
[217.162.24.227])
by smtp.hispeed.ch (8.12.6/8.12.6/tornado-1.0) with ESMTP id 
j0H1DeVd006487
for <[EMAIL PROTECTED]>; Mon, 17 Jan 2005 02:13:40 +0100
Received: from localhost (localhost.localdomain [127.0.0.1])
by holly.subnetz.org (Postfix) with ESMTP id 7A66F208001E;
Mon, 17 Jan 2005 02:13:40 +0100 (CET)
Received: from holly.subnetz.org ([127.0.0.1])
by localhost (holly [127.0.0.1]) (amavisd-new, port 10024) with LMTP
id 10369-01; Mon, 17 Jan 2005 02:13:39 +0100 (CET)
Received: from localhost.localdomain (mother.subnetz.org [192.168.5.3])
by holly.subnetz.org (Postfix) with ESMTP id 68E852098D4F;
Mon, 17 Jan 2005 02:13:39 +0100 (CET)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 50EFE9F1ED; Mon, 17 Jan 2005 02:13:39 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Tilman Koschnick <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: gpsd: Version in Sid contains security related bugfixes...
X-Mailer: reportbug 3.2
Date: Mon, 17 Jan 2005 02:13:39 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at subnetz.org
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: gpsd
Version: 2.7-2
Severity: grave
Justification: user security hole

... and should migrate to Sarge ASAP. I missed the opportunity to
set urgency to 'high' with the last upload, but will do so on the next
one. In the meantime, I'll tag this report sarge,security to document
the problem.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages gpsd depends on:
ii  debconf [debconf-2.0]   1.4.30.11Debian configuration management sy
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an

-- debconf information excluded

---
Received: (at 290828-done) by bugs.debian.org; 18 Jan 2005 11:22:34 +
>From [EMAIL PROTECTED] Tue Jan 18 03:22:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) 
[66.93.39.86] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqrRR-0005zI-00; Tue, 18 Jan 2005 03:22:33 -0800
Received: by localhost.localdomain (Postfix, from userid 1000)
id EB7E1A30D0; Tue, 18 Jan 2005 03:22:31 -0800 (PST)
Date: Tue, 18 Jan 2005 03:22:31 -0800
From: Steve Langasek <[EMAIL PROTECTED]>
To: Tilman Koschnick <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Bug#290828: gpsd: Version in Sid contains security related 
bugfixes...
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="NKoe5XOeduwbEQHU"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--NKoe5XOeduwbEQHU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 18, 2005 at 11:29:55AM +0100, Tilman Koschnick wrot

Bug#291037: exim4 4.43-3 fails to send mail after upgrade from 4.34-10 (syntax error)

2005-01-18 Thread Marc Haber

severity 291037 important
# this doesn't render the package completely unuseable for everyone
# since the bug only appears in nullmailer setups
merge 291037 290954 290956
# please refer to the bts before reporting new bugs. that one has
# already been reported twice
thanks

A fix is under way.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

1 2 >

1 - 100 of 122 matches

Mail list logo