Bug#291658: nessus-plugins: non-free

2005-01-21 Thread Florian Weimer 
Package: nessus-plugins
Severity: serious
Justification: Policy 2.2.1

Upstream claims that large parts of nessus-plugins has never been
licensed under the GPL.  The copyright status of many NASL scripts is
indeed very unclear.

The new upstream license does not give permission to redistribute, so
it's not suitable for non-free either.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (800, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-rc1fw
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#270388: debian-pkg-add-load-path-item cannot handle nil in load-path

2005-01-21 Thread Manoj Srivastava 
reassign 270388 emacsen-common
retitle 270388  debian-pkg-add-load-path-item cannot handle nil in load-path
tags 270388 +patch
thanks

Hi,


==
File: emacs,  Node: Lisp Libraries

The sequence of directories searched by `M-x load-library' is
specified by the variable `load-path', a list of strings that are
directory names.  The default value of the list contains the directory
where the Lisp code for Emacs itself is stored.  If you have libraries
of your own, put them in a single directory and add that directory to
`load-path'.  `nil' in this list stands for the current default
directory, but it is probably not a good idea to put `nil' in the
list.
==

Arguably, putting nil in the load-path is a bad idea, just
 like putting . in PATH is a bad idea, but it is still a legal value
 with potentially useful semantics. People may well add nil to load
 paths on their own, and it would be nice if Debian infrastructure
 does not fall flat on its face when faced with a legal load-path.

I mean, this time it happened to be cedet-common, but it could
 be anything -- or even the end user, the next time.

The fix is simple enough, and mentioned early in the bug
 report: just fix the darned debian-pkg-add-load-path-item to not call
 string-match on a nil value, which is as simple as adding a simple
 test for nil (I am pedantically using (not (null foo)) below instead
 of just foo, but hey).

manoj

diff -uBbwr emacsen-common-1.4.15.orig/debian-startup.el emacsen-common-1.4.15/debian-startup.el
--- emacsen-common-1.4.15.orig/debian-startup.el	2002-02-18 11:12:15.0 -0600
+++ emacsen-common-1.4.15/debian-startup.el	2005-01-22 00:35:34.0 -0600
@@ -41,7 +41,9 @@
 
 ;; Find the last /usr/local/ element.
 (while (not (null lp-rest))
-  (if (string-match "^/usr/local" (car lp-rest))
+  (if (and
+   (not (null (car lp-rest)))
+   (string-match "^/usr/local" (car lp-rest)))
   (setq last-local-pos pos))
   (setq pos (+ pos 1))
   (setq lp-rest (cdr lp-rest)))

-- 
Before destruction a man's heart is haughty, but humility goes before
honour. Psalms 18:12
Manoj Srivastava   <[EMAIL PROTECTED]>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Processed: debian-pkg-add-load-path-item cannot handle nil in load-path

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> reassign 270388 emacsen-common
Bug#270388: cedet-common: breaks other packages in batch mode
Bug reassigned from package `cedet-common' to `emacsen-common'.

> retitle 270388  debian-pkg-add-load-path-item cannot handle nil in load-path
Bug#270388: cedet-common: breaks other packages in batch mode
Changed Bug title.

> tags 270388 +patch
Bug#270388: debian-pkg-add-load-path-item cannot handle nil in load-path
There were no tags set.
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#287507: marked as done (labplot: license problem with cephes library)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Sat, 22 Jan 2005 01:47:08 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#287507: fixed in labplot 1.4.0-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 28 Dec 2004 11:49:21 +
>From [EMAIL PROTECTED] Tue Dec 28 03:49:21 2004
Return-path: <[EMAIL PROTECTED]>
Received: from astro.systems.pipex.net [62.241.163.6] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CjFqq-0004oG-00; Tue, 28 Dec 2004 03:49:20 -0800
Received: from [192.168.2.114] (81-86-101-35.dsl.pipex.com [81.86.101.35])
by astro.systems.pipex.net (Postfix) with ESMTP id 5CB11E0001D2
for <[EMAIL PROTECTED]>; Tue, 28 Dec 2004 11:48:49 + (GMT)
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 28 Dec 2004 11:48:47 +
From: Helen Faulkner <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041007 
Debian/1.7.3-5
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: labplot:  license problem with cephes library
X-Enigmail-Version: 0.89.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: labplot
Version: 1.3.1.1-1
Severity: serious

The cephes library contained in labplot seems to have no license other
than "free", which is not clearly DFSG-free.  The authors of cephes and 
labplot have been contacted and the cephes author has been asked to 
relicense cephes in a DFSG-free way.

This bug submitted to prevent labplot from moving into sarge until the
issue is resolved.

Helen


-- System Information:
Debian Release: 3.1
   APT prefers unstable
   APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages labplot depends on:
ii  fftw33.0.1-11Library for computing Fast Fourier
ii  kdelibs4 4:3.3.1-4   KDE core libraries
ii  libart-2.0-2 2.3.16-6Library of functions for 2D graphi
ii  libaudiofile00.2.6-5 Open-source version of SGI's audio
ii  libbz2-1.0   1.0.2-2 high-quality block-sorting file co
ii  libc62.3.2.ds1-19GNU C Library: Shared libraries an
ii  libdps1  4.3.0.dfsg.1-10 Display PostScript (DPS) client li
ii  libfam0c102  2.7.0-6 client library to control the FAM
ii  libfreetype6 2.1.7-2.3   FreeType 2 font engine, shared lib
ii  libgcc1  1:3.4.3-6   GCC support library
ii  libgsl0  1.5-2   The GNU Scientific Library (GSL) -
ii  libice6  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libidn11 0.5.2-3 GNU libidn library, implementation
ii  libjasper-1.701-11.701.0-2   The JasPer JPEG-2000 runtime libra
ii  libjpeg626b-9The Independent JPEG Group's JPEG
ii  liblcms1 1.13-1  Color management library
ii  libmagick++6 6:6.0.6.2-1.6   The object-oriented C++ API to the
ii  libmagick6   6:6.0.6.2-1.6   Image manipulation library
ii  libpng12-0   1.2.8rel-1  PNG library - runtime
ii  libqt3c102-mt3:3.3.3-7   Qt GUI Library (Threaded runtime v
ii  libsm6   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5   1:3.3.5-5   The GNU Standard C++ Library v3
ii  libtiff4 3.6.1-4 Tag Image File Format library
ii  libvtk4  4.2.6-5 Visualization Toolkit - A high lev
ii  libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxml2  2.6.11-5GNOME XML library
ii  libxrender1  0.8.3-7 X Rendering Extension client libra
ii  libxt6   4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii  netcdfg3 3.5.0-7.1   An interface for scientific data a
ii  xlibs

Processed: severity of 281655 is serious

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.10
> severity 281655 serious
Bug#281655: info2www: Cross-site scripting vulnerability
Severity set to `serious'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity of 291613 is grave

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.10
> severity 291613 grave
Bug#291613: ~/.xshisenrc owned by group games, follows symlinks
Severity set to `grave'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 291632

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 291632 pending confirmed
Bug#291632: Destroys backup files by default with little sanity checking
Tags were: confirmed upstream
Tags added: pending, confirmed

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291651: straw: depends on experimental libraries

2005-01-21 Thread Aaron M. Ucko 
Package: straw
Version: 0.25.1-3
Severity: grave
Justification: renders package unusable (uninstallable)

The following packages have unmet dependencies:
  straw: Depends: libgtk2.0-0 (>= 2.6.0) but 2.4.14-2 is installed.
 Depends: libpango1.0-0 (>= 1.8.0) but 1.6.0-3 is installed.

Please rebuild against packages that are actually available in sid.
(Given that the package is now orphaned, perhaps I should just do that
myself?  I have no interest in, or time to spare for, adopting it
long-term, though.)

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages straw depends on:
ii  gconf2  2.8.1-4  GNOME configuration database syste
ii  libatk1.0-0 1.8.0-4  The ATK accessibility toolkit
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libglib2.0-02.6.1-2  The GLib library of C routines
ii  libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface 
ii  libpango1.0-0   1.6.0-3  Layout and rendering of internatio
ii  python  2.3.4-6  An interactive high-level object-o
ii  python2.3   2.3.4-19 An interactive high-level object-o
ii  python2.3-egenix-mxdatetime 2.0.5-2  Date and time handling routines fo
ii  python2.3-glade22.4.1-2  GTK+ bindings: Glade support
ii  python2.3-gnome22.6.1-1  Python bindings for the GNOME desk
ii  python2.3-gtk2  2.4.1-2  Python bindings for the GTK+ widge

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291632: Destroys backup files by default with little sanity checking

2005-01-21 Thread Daniel Burrows 
On Friday 21 January 2005 09:09 pm, Thomas Bushnell BSG wrote:
> Create file named "foo.xac"
> Do lots of edits on foo.xac [set 1]
> Then open file named "foo.2004xx.xac" (a backup of foo).
> Do lots of edits on foo.2004xx.xac [set 2]
> Then open foo.xac again.
> Do lots of edits on foo.xac [set 3], which triggers the backup purger and
>   deletes foo.2004xx.xac, and all of the set 2 edits are now gone.

  Yes, that's an accurate summary, except that it only took one edit on set 3 
:).

> If you set the file retention days in preferences to 0, that has the
> effect of turning of the backup-pruning function entirely.

  Yes, that's true, and as far as I'm concerned, making that the default would
be enough to close the bug.  The main thing that bothered me is that you can
lose a lot of data with no warning just using the default behavior of the
program the way it's intended.

  I think that you're right, though.  Tightening the backup-purging function
is enough to eliminate the most pathological parts of this bug: right now it'll
match .* (if I follow the code), but it should only match
..xac.  Probably just checking that strcmp(res, "xac")==0 will do
it; ie:

--- gnucash-1.8.10/src/backend/file/gnc-backend-file.c  2003-07-27 00:04:42.
0 -0400
+++ gnucash-1.8.10/src/backend/file/gnc-backend-file.c.new  2005-01-21 22:16
:08.0 -0500
@@ -630,8 +630,8 @@
days = (int)(difftime(now, file_time) / 86400);
 
/* Make sure this file actually has a date before unlinking */
-   if (res && res != name+pathlen+1 &&
-   /* We consumed some but not all of the filename */
+   if (res && res != name+pathlen+1 && strcmp(res, ".xac") == 0 &&
+   /* The filename has the form ..xac */
file_time > 0 &&
/* we actually have a reasonable time and it is old enough *
/
days > file_retention_days) {


  (that's totally untested, just an example of what I meant)

  Daniel

-- 
/- Daniel Burrows <[EMAIL PROTECTED]> -\
|   "Do you know why the prisoner in the|
|tower watches the flight of birds?"|
| -- Terry Pratchett, _Reaper_Man_  |
\ The Turtle Moves! -- http://www.lspace.org ---/


pgp6TZQdBy1O2.pgp
Description: PGP signature

Bug#291632: Destroys backup files by default with little sanity checking

2005-01-21 Thread Thomas Bushnell BSG 
Daniel Burrows <[EMAIL PROTECTED]> writes:

> Yes, that's true, and as far as I'm concerned, making that the default would
> be enough to close the bug.  The main thing that bothered me is that you can
> lose a lot of data with no warning just using the default behavior of the
> program the way it's intended.

Um, you weren't using the program the way it's intended.  It is not
intended that you open backup files and start operating on them as
regular files; it's intended that you copy them to some other name and
use that.  

Does this intention suck?  Yes.  Is it not even documented?  Yes.

> I think that you're right, though.  Tightening the backup-purging
> function is enough to eliminate the most pathological parts of this
> bug: right now it'll match .* (if I follow the code),
> but it should only match ..xac.  Probably just checking
> that strcmp(res, "xac")==0 will do it...

Well, ".xac" (as your patch indicates) actually, which is the fix I
have already uploaded as gnucash-1.8.10-3.

Thomas


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291632: marked as done (Destroys backup files by default with little sanity checking)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 22:02:47 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291632: fixed in gnucash 1.8.10-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 21 Jan 2005 23:22:39 +
>From [EMAIL PROTECTED] Fri Jan 21 15:22:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from f05s05.cac.psu.edu (f05n05.cac.psu.edu) [128.118.141.48] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs86x-0007L1-00; Fri, 21 Jan 2005 15:22:39 -0800
Received: from jester.burrows.local (pool-207-68-120-192.alt.east.verizon.net 
[207.68.120.192])
(authenticated bits=0)
by f05n05.cac.psu.edu (8.13.2/8.13.2) with ESMTP id j0LNMTfC028860
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
for <[EMAIL PROTECTED]>; Fri, 21 Jan 2005 18:22:37 -0500
From: Daniel Burrows <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Destroys backup files by default with little sanity checking
Date: Fri, 21 Jan 2005 18:19:24 -0500
User-Agent: KMail/1.7.1
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1308038.xUQko6vjNI";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

--nextPart1308038.xUQko6vjNI
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Package: gnucash
Version: 1.8.9-4
Severity: grave

  I'm sitting here watching a (likely futile) attempt to restore two months=
'=20
worth of lost information for a user.  While it's likely that nothing can g=
et=20
the data back, I finally think I figured out what happened and how the data=
=20
was lost.  I think the sequence of events is quite likely to occur in the=20
hands of a user.  (in fact, I myself would probably only have avoided it by=
=20
accident)

  Here's the deal: when you save a gnucash file, it creates a backup file=20
that's indexed by the date on which it was saved.  This backup is very usef=
ul=20
in the event that you have a program crash or make a serious blunder with t=
he=20
interface.  In early November, the user in question did just this: she load=
ed=20
a backup of her "Accounts" file due to some sort of problem with the progra=
m. =20
However, this resulted in the *backup* file being used as the new default=20
save file and as gnucash's default file to load on startup.  "Accounts"=20
remained frozen in a state from about November 3.

  All was well until she asked me for help with importing some old Quicken=
=20
data, earlier today.  After importing the data into a separate file, I (not=
=20
knowing that she was using the backup file) innocently opened the file=20
"Accounts".  Apparently, either this or saving the file Accounts (not sure=
=20
which) triggered GNUCash's "helpful" backup-purger, which immediately wiped=
=20
out both her main accounts file and all of her recent backups.  We were lef=
t=20
only with Accounts (the November 3rd edition, remember); two months' worth =
of=20
data entry went down the drain without my knowing.

  Now, I understand why this functionality might be useful, but it seems fa=
r=20
too easy to destroy data with it at the moment.  I suggest that, at the ver=
y=20
least, several more sanity checks be incorporated.  For instance, only dele=
te=20
a file if:

  (A) there are at least X newer backups *by mtime* of the main file, AND
  (B) the file in question is at least Y days old *by mtime*, AND
  (C) the current sanity checks (that it looks like a GNUcash backup file w=
ith=20
timestamp >Y days ago) apply, where the timestamp takes the LAST date in th=
e=20
filename when multiple dates are available.

  (A) makes sure that some backups are always available if you screw up; (B=
)=20
makes sure that GNUcash isn't mislead by confusing filenames (such as=20
Accounts.200411060911.xac.200501201015.xac).  At the very least, the=20
modification of (C) should be made so that the ill effects of filenames lik=
e=20
the one above are limited.

  Without some tightening of the criteria, I think the backup-purging shoul=
d=20
be disabled by default, as it's way too easy to une

Processed: tag it

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 291632 + pending confirmed
Bug#291632: Destroys backup files by default with little sanity checking
Tags were: upstream
Tags added: pending, confirmed

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: forwarded the bug

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> forwarded 291632 http://bugzilla.gnome.org/show_bug.cgi?id=164875
Bug#291632: Destroys backup files by default with little sanity checking
Noted your statement that Bug has been forwarded to 
http://bugzilla.gnome.org/show_bug.cgi?id=164875.

> tags 291632 +upstream +pending +confirmed
Unknown tag/s: +pending, +confirmed.
Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid 
help security upstream pending sarge sarge-ignore experimental d-i confirmed 
ipv6 lfs fixed-in-experimental fixed-upstream l10n.

Bug#291632: Destroys backup files by default with little sanity checking
There were no tags set.
Tags added: upstream

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290605: marked as done (CAN-2005-0012: Arbitrary code execution in dillo)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 18:01:34 -0800
with message-id <[EMAIL PROTECTED]>
and subject line CAN-2005-0012: Arbitrary code execution in dillo
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 15 Jan 2005 08:07:29 +
>From [EMAIL PROTECTED] Sat Jan 15 00:07:28 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cpiy0-0005zC-00; Sat, 15 Jan 2005 00:07:28 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id A4076366B71; Sat, 15 Jan 2005 09:07:31 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Sat, 15 Jan 2005 09:03:10 +0100 (CET) 
Date: Sat, 15 Jan 2005 09:03:10 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0012: Arbitrary code execution in dillo
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: dillo
Version: 0.8.1-1
Severity: grave
Tags: pending security sarge

The problem below seems to be fixed in the version in sid (0.8.3-1) but
not yet in the version in sarge), hence this bug report.  This bug report
is meant to track this issue.  Please close it when the fixed pacakge
enters sarge.


==
Candidate: CAN-2005-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20050104
Category: SF
Reference: GENTOO:GLSA-200501-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml
Reference: BID:12203
Reference: URL:http://www.securityfocus.com/bid/12203
Reference: SECUNIA:13760
Reference: URL:http://secunia.com/advisories/13760/
Reference: XF:dillo-capi-format-string(18807)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18807

Format string vulnerability in the a_Interface_msg function in Dillo
before 0.8.3-r4 allows remote attackers to execute arbitrary code via
format string specifiers in a web page.


Regards,

Joey

-- 
There are lies, statistics and benchmarks.

Please always Cc to me when replying to me on the lists.

---
Received: (at 290605-done) by bugs.debian.org; 22 Jan 2005 02:01:35 +
>From [EMAIL PROTECTED] Fri Jan 21 18:01:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) 
[66.93.39.86] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CsAal-000156-00; Fri, 21 Jan 2005 18:01:35 -0800
Received: by localhost.localdomain (Postfix, from userid 1000)
id 91830171D23; Fri, 21 Jan 2005 18:01:34 -0800 (PST)
Date: Fri, 21 Jan 2005 18:01:34 -0800
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: CAN-2005-0012: Arbitrary code execution in dillo
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="76DTJ5CE0DCVQemd"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--76DTJ5CE0DCVQemd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

The fixed version of dillo has reached sarge, so I think this bug can be
closed.

--=20
Steve Langasek
postmodern programmer

--76DTJ5CE0DCVQemd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB8bP7KN6ufymYLloRAo8yAKC6mBCo9Q1kH/Egsr7YX5Jx3RFbWACgok

Bug#291632: Destroys backup files by default with little sanity checking

2005-01-21 Thread Thomas Bushnell BSG 

So it sounds like you did:

Create file named "foo.xac"
Do lots of edits on foo.xac [set 1]
Then open file named "foo.2004xx.xac" (a backup of foo).
Do lots of edits on foo.2004xx.xac [set 2]
Then open foo.xac again.
Do lots of edits on foo.xac [set 3], which triggers the backup purger and
  deletes foo.2004xx.xac, and all of the set 2 edits are now gone.

Except, set 2 of the edits created backup files themselves, which
should be named, say "foo.2004xx.2005xx.xac".  So even when
foo.2004xx.xac gets deleted by the backup purger on foo.xac, you
should have lots of backups named foo.2004xx.2005xx.xac.

But from my read of the functions in question, there is a bug here,
and the 2004xx.2005xx.xac backups will get deleted
erroneously.

I will make a fix and submit it upstream.

As for the idea that the way backups are done should be improved,
that's certainly true, but the solution (which is in the works
upstream) is actually to replace the whole backend with a database
system that will avoid these kinds of problems entirely.  

If you set the file retention days in preferences to 0, that has the
effect of turning of the backup-pruning function entirely.

Thomas


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290597: fails to configure because gs-common is not configured

2005-01-21 Thread Matt Kraai 
On Fri, Jan 21, 2005 at 04:31:55PM +0100, Frank Lichtenheld wrote:
> On Fri, Jan 14, 2005 at 02:16:45PM -0800, Matt Kraai wrote:
> > The Desktop task failed to install while installing Debian because
> > gs-gpl failed to configure because gs-common was not configured:
> > 
> >  dpkg: dependency problems prevent configuration of gs-gpl:
> >   gs-gpl depends on gs-common (>= 0.2); however:
> >Package gs-common is not configured yet.
> >  dpkg: error processing gs-gpl (--configure):
> >   dependency problems - leaving unconfigured
> 
> I don't quite understand how this would be gs-gpl's fault, it's either
> gs-common (because of an error during the configuration) or apt/dpkg,
> isn't it? Do you have a complete log of the install, I suspect there
> was an error during configuring gs-common.

I reported it against gs-gpl because that was what failed to compile.
There appears to be a dependency loop between gs-gpl, gs-common, and
gs.

-- 
Matt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual libmysqlclient-dev.

2005-01-21 Thread Kurt Roeckx 
tags 291623 + sarge
thanks

On Fri, Jan 21, 2005 at 06:04:22PM -0600, Adam Majer wrote:
> 
> So what do you want me to do about it? I provided the patch that should
> fix #285071. All new MySQL based packages should use
> libmysqlclient14-dev and not 12 or 10 because these old clients are not
> compatible with the new way MySQL stores passwords.

This bug will get closed when your package moves to testing.
This is just so we know it has a problem.

(I forgot to set the tag, you forgot to CC
[EMAIL PROTECTED])


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual libmysqlclient-dev.

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 291623 + sarge
Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual 
libmysqlclient-dev.
Tags were: sarge
Tags added: sarge

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual libmysqlclient-dev.

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tag 291623 + sarge
Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual 
libmysqlclient-dev.
There were no tags set.
Tags added: sarge

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual libmysqlclient-dev.

2005-01-21 Thread Adam Majer 
tag 291623 + sarge
thanks

Kurt Roeckx wrote:

>Package: mysql-admin
>Version: 1.0.14-1
>Severity: serious
>
>Hi,
>
>Your package is failing to build in sarge because it still build
>depends on libmysqlclient-dev (>4.0.20) and libmysqlclient-dev is
>a virtual package.
>
>You seem to have changed it to use libmysqlclient14-dev in more
>recent versions but mysql-dfsg-4.1 failed to build on arm
>(#285071).  The fixed version never was attempted to be build and
>the current still seems to be in the needs build state.  Looks
>like there hasn't been a build attempt since the fixed version.
>  
>

So what do you want me to do about it? I provided the patch that should
fix #285071. All new MySQL based packages should use
libmysqlclient14-dev and not 12 or 10 because these old clients are not
compatible with the new way MySQL stores passwords.

This bug will fix itself soon enough.

- Adam



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291233: marked as done (mozilla-firefox: does not start (seg fault))

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 18:36:21 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291233: mozilla-firefox: does not start (seg fault)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 19 Jan 2005 14:47:39 +
>From [EMAIL PROTECTED] Wed Jan 19 06:47:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (ayke.totexa.cl) [200.75.0.192] 
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CrH7S-0007c4-00; Wed, 19 Jan 2005 06:47:38 -0800
Received: (qmail 27083 invoked from network); 19 Jan 2005 14:52:06 -
Received: from unknown (HELO localhost.localdomain) (200.90.177.246)
  by 200.75.0.192 with SMTP; 19 Jan 2005 14:52:06 -
Received: from ajunge by localhost.localdomain with local (Exim 4.34)
id 1CrH1V-000275-FZ; Wed, 19 Jan 2005 11:41:29 -0300
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="ISO-8859-1"
From: Andres Junge <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-firefox: does not start (seg fault)
X-Mailer: reportbug 3.2
Date: Wed, 19 Jan 2005 11:41:29 -0300
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: mozilla-firefox
Version: 1.0+dfsg.1-2
Severity: grave
Justification: renders package unusable

Just seg faults when I try to start it.

[EMAIL PROTECTED]:~$ firefox -V
FIREFOX_DSP=
APPLICATION_ID=firefox
CMDLINE_DISPLAY=
DISPLAY=:0.0
REMOTE=0
TRY_USE_EXIST=0
OPTIONS=
DEBUG=0
DEBUGGER=
Running: /usr/lib/mozilla-firefox/firefox-bin -a firefox -remote
'ping()'
/usr/bin/firefox: line 352:  8096 Violación de segmento
DISPLAY="${CMDLINE_DISPLAY}" ${MOZ_PROGRAM} -remote 'ping()' >/dev/null
2>&1
PING_STATUS=139
Running: /usr/lib/mozilla-firefox/firefox-bin -a firefox
Violación de segmento


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=es_CL, LC_CTYPE=es_CL (charmap=ISO-8859-1) (ignored: LC_ALL set to 
es_CL)

Versions of packages mozilla-firefox depends on:
ii  debianutils  2.8.4   Miscellaneous utilities specific t
ii  fontconfig   2.2.3-4 generic font configuration library
ii  libatk1.0-0  1.8.0-4 The ATK accessibility toolkit
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii  libfontconfig1   2.2.3-4 generic font configuration library
ii  libfreetype6 2.1.7-2.3   FreeType 2 font engine, shared lib
ii  libgcc1  1:3.4.3-6   GCC support library
ii  libglib2.0-0 2.4.8-1 The GLib library of C routines
ii  libgtk2.0-0  2.4.14-2The GTK+ graphical user interface 
ii  libidl0  0.8.3-1 library for parsing CORBA IDL file
ii  libjpeg626b-9The Independent JPEG Group's JPEG 
ii  libkrb53 1.3.6-1 MIT Kerberos runtime libraries
ii  libpango1.0-01.6.0-3 Layout and rendering of internatio
ii  libpng12-0   1.2.8rel-1  PNG library - runtime
ii  libstdc++5   1:3.3.5-5   The GNU Standard C++ Library v3
ii  libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxft2  2.1.2-6 FreeType-based font drawing librar
ii  libxp6   4.3.0.dfsg.1-10 X Window System printing extension
ii  libxrender1  0.8.3-7 X Rendering Extension client libra
ii  libxt6   4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii  psmisc   21.5-1  Utilities that use the proc filesy
ii  xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  zlib1g   1:1.2.2-3   compression library - runtime

-- no debconf information

---
Received: (at 291233-done) by bugs.debian.org; 21 Jan 2005 23:36:23 +
>From [EMAIL PROTECTED] Fri Jan 21 15:36:23 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp.istop.com [66.11.167.

Bug#291632: Destroys backup files by default with little sanity checking

2005-01-21 Thread Daniel Burrows 
Package: gnucash
Version: 1.8.9-4
Severity: grave

  I'm sitting here watching a (likely futile) attempt to restore two months' 
worth of lost information for a user.  While it's likely that nothing can get 
the data back, I finally think I figured out what happened and how the data 
was lost.  I think the sequence of events is quite likely to occur in the 
hands of a user.  (in fact, I myself would probably only have avoided it by 
accident)

  Here's the deal: when you save a gnucash file, it creates a backup file 
that's indexed by the date on which it was saved.  This backup is very useful 
in the event that you have a program crash or make a serious blunder with the 
interface.  In early November, the user in question did just this: she loaded 
a backup of her "Accounts" file due to some sort of problem with the program.  
However, this resulted in the *backup* file being used as the new default 
save file and as gnucash's default file to load on startup.  "Accounts" 
remained frozen in a state from about November 3.

  All was well until she asked me for help with importing some old Quicken 
data, earlier today.  After importing the data into a separate file, I (not 
knowing that she was using the backup file) innocently opened the file 
"Accounts".  Apparently, either this or saving the file Accounts (not sure 
which) triggered GNUCash's "helpful" backup-purger, which immediately wiped 
out both her main accounts file and all of her recent backups.  We were left 
only with Accounts (the November 3rd edition, remember); two months' worth of 
data entry went down the drain without my knowing.

  Now, I understand why this functionality might be useful, but it seems far 
too easy to destroy data with it at the moment.  I suggest that, at the very 
least, several more sanity checks be incorporated.  For instance, only delete 
a file if:

  (A) there are at least X newer backups *by mtime* of the main file, AND
  (B) the file in question is at least Y days old *by mtime*, AND
  (C) the current sanity checks (that it looks like a GNUcash backup file with 
timestamp >Y days ago) apply, where the timestamp takes the LAST date in the 
filename when multiple dates are available.

  (A) makes sure that some backups are always available if you screw up; (B) 
makes sure that GNUcash isn't mislead by confusing filenames (such as 
Accounts.200411060911.xac.200501201015.xac).  At the very least, the 
modification of (C) should be made so that the ill effects of filenames like 
the one above are limited.

  Without some tightening of the criteria, I think the backup-purging should 
be disabled by default, as it's way too easy to unexpectedly lose data right 
now.

  Daniel

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set 
to en_US)

Versions of packages gnucash depends on:
ii  bonobo   1.0.22-2.2  The GNOME Bonobo System.
ii  gdk-imlib1   1.9.14-16.2 imaging library for use with gtk 
(
ii  gnucash-common   1.8.9-4 A personal finance tracking 
progra
ii  guile-1.6-libs   1.6.7-1 Main Guile libraries
ii  guile-1.6-slib   1.6.7-1 Guile SLIB support
ii  libart2  1.4.2-19The GNOME canvas widget - runtime 
ii  libaudiofile00.2.6-5 Open-source version of SGI's 
audio
ii  libbonobo2   1.0.22-2.2  The GNOME Bonobo library.
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries 
an
ii  libdate-manip-perl   5.42a-2 a perl library for manipulating 
da
ii  libdb3   3.2.9-20Berkeley v3 Database Libraries 
[ru
ii  libesd0  0.2.35-2Enlightened Sound Daemon - Shared 
ii  libfinance-quote-perl1.08-1  Perl module for retrieving stock 
q
ii  libfreetype6 2.1.7-2.3   FreeType 2 font engine, shared 
lib
ii  libgal23 0.24-1.4G App Libs (run time library)
ii  libgdk-pixbuf-gnome2 0.22.0-7The GNOME1 Canvas pixbuf library
ii  libgdk-pixbuf2   0.22.0-7The GdkPixBuf image library, gtk+ 
ii  libghttp11.0.9-15original GNOME HTTP client 
library
ii  libglade-gnome0  1:0.17-3Library to load .glade files at 
ru
ii  libglade01:0.17-3Library to load .glade files at 
ru
ii  libglib1.2   1.2.10-9The GLib library of C routines
ii  libgnome32   1.4.2-19The GNOME libraries
ii  libgnomeprint15  0.37-5  The GNOME Print architecture - 
run
ii  libgnomesupport0 1.4.2-19The GNOME libraries (Support 
libra
ii  libgnomeui32 1.4.2-19The GNOME libraries (User 
Interfac
ii  libgtk1.21.2.10-17   T

Processed: Fixed in NMU of gpdf 2.8.2-1.1

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tag 291244 + fixed
Bug#291244: CAN-2005-0064: Arbitrary code execution in gpdf
Tags were: patch sarge security sid
Tags added: fixed

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289715: Same already fixed bugs are back rendering Impress almost unusable

2005-01-21 Thread Eric Valette 
Chris Halls wrote:
Looking at the stack trace, this is the same crash as reported in 289715 so 
I'm merging the bug.  Looking at the code, OOo is dealing with font lists 
which are likely to be different on your machine to mine, which may be why I 
can't reproduce this here.  Please can you do the same as I asked the 
submitter of #284096 to do:
---
Please download this file:

http://people.debian.org/~halls/openoffice/test/libsvt645li.so.bz2
It is a version of the library that crashes with debugging symbols included.  
bunzip the file and copy into /usr/lib/openoffice/program, replacing the file 
that is there from the package.

Then, reproduce the crash.  When the crash dialog comes up, do not click it 
away but instead execute this from the command line (make sure you have gdb 
installed)

echo thread apply all bt > gdb.script
gdb -p $(pgrep -u $USER soffice.bin| head -1) < gdb.script | tee oo.log 

Please send oo.log to the bug report.
As already reported be me and others, the crash while selecting the 
second item of the menu (#284096) has suddently vanished while doing an 
upgrade of _apparently_ unrelated libraries. I recorded it in bug 
(#284096) But there is still some bugs happening when doing this, as 
suddenly, after selectiong the second item on menu, some color for text 
on the master slide permanently change on display (not the document 
itself because if I close and relaod color is restored ???

The single word color selection (#289715) is still broken for me. I 
suggest you insist on someone still having the bug. I would be glad to 
downgrade a library to reproduce it but I have no clue of what changed 
to make the bug disappear.

Annoying because as stated a bug that disappear may reappear. For me it 
something like a wrong pointer that corrupt something unrelated that 
depend on libraries size for final placement...

Anyway I would suggest to not merge the two bugs as one is a crash and 
another is a wrong behavior.

--
   __
  /  `  Eric Valette
 /--   __  o _. 6 rue Paul Le Flem
(___, / (_(_(__ 35740 Pace
Tel: +33 (0)2 99 85 26 76   Fax: +33 (0)2 99 85 26 76
E-mail: [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: reopening - still affects sarge

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> package konversation
Ignoring bugs not assigned to: konversation

> reopen 291503
Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation
Bug reopened, originator not changed.

> tags 291503 - sid
Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation
Tags were: patch sarge security sid
Tags removed: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291623: mysql-admin: FTBFS in sarge: Versioned build dependency on virtual libmysqlclient-dev.

2005-01-21 Thread Kurt Roeckx 
Package: mysql-admin
Version: 1.0.14-1
Severity: serious

Hi,

Your package is failing to build in sarge because it still build
depends on libmysqlclient-dev (>4.0.20) and libmysqlclient-dev is
a virtual package.

You seem to have changed it to use libmysqlclient14-dev in more
recent versions but mysql-dfsg-4.1 failed to build on arm
(#285071).  The fixed version never was attempted to be build and
the current still seems to be in the needs build state.  Looks
like there hasn't been a build attempt since the fixed version.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291592: marked as done (kbugbuster: Please rebuild against libkcal2a)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 17:17:56 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291592: fixed in kdesdk 4:3.3.2-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 21 Jan 2005 18:02:13 +
>From [EMAIL PROTECTED] Fri Jan 21 10:02:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp01.mrf.mail.rcn.net [207.172.4.60] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs36q-0006HF-00; Fri, 21 Jan 2005 10:02:13 -0800
Received: from 208-58-77-33.c3-0.grg-ubr3.lnh-grg.md.cable.rcn.com 
([208.58.77.33] helo=tux.internal.ucko.debian.net)
by smtp01.mrf.mail.rcn.net with esmtp (Exim 3.35 #7)
id 1Cs36q-0006tt-00
for [EMAIL PROTECTED]; Fri, 21 Jan 2005 13:02:12 -0500
Received: from amu by tux.internal.ucko.debian.net with local (Exim 4.43)
id 1Cs36p-00060A-J9
for [EMAIL PROTECTED]; Fri, 21 Jan 2005 13:02:11 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Aaron M. Ucko" <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kbugbuster: Please rebuild against libkcal2a
X-Mailer: reportbug 3.6
Date: Fri, 21 Jan 2005 13:02:11 -0500
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kbugbuster
Version: 4:3.3.1-2
Severity: grave
Justification: renders package unusable (uninstallable)

kbugbuster still depends on libkcal2, which has recently been
superseded by the binary-incompatible (sigh) libkcal2a.  Could you
please rebuild it against libkcal2-dev (>= 4:3.3.2)?

Thanks.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages kbugbuster depends on:
ii  kdelibs4 4:3.3.2-1   KDE core libraries
ii  ktnef4:3.3.2-1   KDE TNEF viewer
ii  libart-2.0-2 2.3.16-6Library of functions for 2D graphi
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii  libgamin0 [libfam0c102]  0.0.12-1Library for the gamin file and dir
ii  libgcc1  1:3.4.3-7   GCC support library
ii  libice6  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libidn11 0.5.2-3 GNU libidn library, implementation
ii  libjpeg626b-9The Independent JPEG Group's JPEG 
ii  libkcal2 4:3.3.1-3   KDE calendaring library
ii  libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii  libpng12-0   1.2.8rel-1  PNG library - runtime
ii  libqt3c102-mt3:3.3.3-8   Qt GUI Library (Threaded runtime v
ii  libsm6   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5   1:3.3.5-6   The GNU Standard C++ Library v3
ii  libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxrender1  0.8.3-7 X Rendering Extension client libra
ii  xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  zlib1g   1:1.2.2-4   compression library - runtime

-- no debconf information

---
Received: (at 291592-close) by bugs.debian.org; 21 Jan 2005 22:23:20 +
>From [EMAIL PROTECTED] Fri Jan 21 14:23:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs7BY-0006VR-00; Fri, 21 Jan 2005 14:23:20 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs76K-0001RS-00; Fri, 21 Jan 2005 17:17:56 -0500
From: Ben Burton <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291592: fixed in kdesdk 4:3.3.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrato

Bug#291428: marked as done (capi4hylafax: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libjpeg.la')

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 17:02:25 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291136: fixed in tiff 3.7.1-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 20 Jan 2005 18:05:42 +
>From [EMAIL PROTECTED] Thu Jan 20 10:05:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from blars.org (renig.nat.blars.org) [64.81.35.59] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Crggg-rN-00; Thu, 20 Jan 2005 10:05:42 -0800
Received: from renig.nat.blars.org (plergb.nat.blars.org [172.16.1.1])
by renig.nat.blars.org (8.12.3/8.12.3/Debian-7.1) with ESMTP id 
j0KI5cXE025593
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
Thu, 20 Jan 2005 10:05:38 -0800
Received: (from [EMAIL PROTECTED])
by renig.nat.blars.org (8.12.3/8.12.3/Debian-7.1) id j0KI5cJM025591;
Thu, 20 Jan 2005 10:05:38 -0800
Message-Id: <[EMAIL PROTECTED]>
From: Blars Blarson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: capi4hylafax: ftbfs [sparc] libtool: link: cannot find the library 
`/usr/lib/libjpeg.la'
X-Mailer: reportbug 1.50
Date: Thu, 20 Jan 2005 10:05:38 -0800
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
UPPERCASE_25_50 autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: capi4hylafax
Version: 1:01.02.03-8
Severity: serious
Tags: sid
Justification: fails to build from source

capi4hylafax fails to build from source on sparc:

if g++ -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKA
GE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"capi4hylafax\" -DVERSION=\"0
1.02.03\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLI
B_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1
 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DSTDC_HEADERS=1 -DHAVE_ST
RING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_CAPI20_H=1 -DHAVE_LIBCAPI20=1 -DHAVE_LIBTIFF=1
 -DHAVE_LIBPTHREAD=1 -DSIZEOF_INT_P=4  -I. -I. -I.. -I./.. -I./../standard -I./.
./capi -I./../convert -I./../linuxdep-Wall -W -O2 -DC_PLATFORM_64 -D_GNU_SOU
RCE -DDONT_USE_PROTECT_FEATURE -DNDEBUG -MT recvmain.o -MD -MP -MF ".deps/recvma
in.Tpo" \
  -c -o recvmain.o `test -f 'recvmain.cpp' || echo './'`recvmain.cpp; \
then mv -f ".deps/recvmain.Tpo" ".deps/recvmain.Po"; \
else rm -f ".deps/recvmain.Tpo"; exit 1; \
fi
In file included from ../capi/capi2def.h:24,
 from ../capi/MSNList.h:22,
 from recvdev.h:24,
 from recvmain.cpp:31:
../standard/osmem.h: In function `void* getPtr(tUByte*)':
../standard/osmem.h:98: warning: cast to pointer from integer of different size
../standard/osmem.h: In function `void setPtr(tUByte*, void*)':
../standard/osmem.h:218: warning: cast from pointer to integer of different 
   size
recvmain.cpp: In member function `void CFaxReceiveMain::vWriteLog(int, char*, 
   void*)':
recvmain.cpp:84: warning: long unsigned int format, int arg (arg 3)
/bin/sh ../../libtool --mode=link g++  -Wall -W -O2 -DC_PLATFORM_64 -D_GNU_SOURC
E -DDONT_USE_PROTECT_FEATURE -DNDEBUG   -o c2faxrecv  faxrecv.o recvdev.o recvma
in.o ../capi/libcapi.a ../convert/libconvert.a ../linuxdep/liblinuxdep.a ../stan
dard/libstandard.a -lpthread -ltiff -lcapi20 
mkdir .libs
libtool: link: cannot find the library `/usr/lib/libjpeg.la'
make[3]: *** [c2faxrecv] Error 1
make[3]: Leaving directory `/tmp/buildd/capi4hylafax-01.02.03/src/faxrecv'


---
Received: (at 291136-close) by bugs.debian.org; 21 Jan 2005 22:05:45 +
>From [EMAIL PROTECTED] Fri Jan 21 14:05:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs6uW-0003vl-00; Fri, 21 Jan 2005 14:05:44 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs6rJ-00017B-00; Fri, 21 Jan 2005 17:02:25 -0500
From: Jay Berkenbilt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291136: fixed in tiff 3.7.1-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 17:02:25 -0500
Delivered-To: [EMAI

Bug#291362: installation-reports: LVM install failed due to missing dmsetup

2005-01-21 Thread Wesley W. Terpstra 
On Thu, Jan 20, 2005 at 04:17:25PM -0500, Joey Hess wrote:
> Great, so something like this? (Untested)

Worked for me.

-- 
Wesley W. Terpstra


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation

2005-01-21 Thread Nathaniel W. Turner 
On Friday 21 January 2005 03:45 pm, Joey Hess wrote:
> I'll sponsor this upload to get the security fix in quickly.

Thank you.

-- 
Nathaniel W. Turner
http://www.houseofnate.net/
Tel: +1 508 579 1948 (mobile)


pgpXgfHbzhhI3.pgp
Description: PGP signature

Bug#291136: marked as done (capi4hylafax: FTBFS: Missing build dependencies.)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 17:02:25 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291136: fixed in tiff 3.7.1-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 23:11:00 +
>From [EMAIL PROTECTED] Tue Jan 18 15:11:00 2005
Return-path: <[EMAIL PROTECTED]>
Received: from adicia.telenet-ops.be [195.130.132.56] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr2V1-0005RF-00; Tue, 18 Jan 2005 15:10:59 -0800
Received: from localhost (localhost.localdomain [127.0.0.1])
by adicia.telenet-ops.be (Postfix) with SMTP id 1EC8144550
for <[EMAIL PROTECTED]>; Wed, 19 Jan 2005 00:10:59 +0100 (MET)
Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217])
by adicia.telenet-ops.be (Postfix) with ESMTP id 0B5BE440FF
for <[EMAIL PROTECTED]>; Wed, 19 Jan 2005 00:10:59 +0100 (MET)
Received: by Q.roeckx.be (Postfix, from userid 501)
id DF1DE26136; Wed, 19 Jan 2005 00:10:58 +0100 (CET)
Date: Wed, 19 Jan 2005 00:10:58 +0100
From: Kurt Roeckx <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: capi4hylafax: FTBFS: Missing build dependencies.
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: capi4hylafax
Version: 1:01.02.03-8
Severity: serious


Hi,

Your package fails to build with the following error:
libtool: link: cannot find the library `/usr/lib/libjpeg.la'

This is fix if adding libjpeg62-dev to the build dependencies.

I think however that this is a bug in the libtiff4 package and
that libtiff4-dev should depend on libjpeg62-dev.  Please clone
and reassign if you think this is the case.

Then it also fails with the following error:
g++ -Wall -W -O2 -DC_PLATFORM_64 -D_GNU_SOURCE -DDONT_USE_PROTECT_FEATURE 
-DNDEBUG -o c2faxrecv faxrecv.o recvdev.o recvmain.o  ../capi/libcapi.a 
../convert/libconvert.a ../linuxdep/liblinuxdep.a ../standard/libstandard.a 
-lpthread /usr/lib/libtiff.so /usr/lib/libcapi20.so -lz

This gets fixed by adding zlib1g-dev to the build dependencies.

PS: I think something is wrong in your rules file as it's using
C_PLATFORM_64 on all arches.


Kurt


---
Received: (at 291136-close) by bugs.debian.org; 21 Jan 2005 22:05:45 +
>From [EMAIL PROTECTED] Fri Jan 21 14:05:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs6uW-0003vl-00; Fri, 21 Jan 2005 14:05:44 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs6rJ-00017B-00; Fri, 21 Jan 2005 17:02:25 -0500
From: Jay Berkenbilt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291136: fixed in tiff 3.7.1-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 17:02:25 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 2

Source: tiff
Source-Version: 3.7.1-2

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive:

libtiff-opengl_3.7.1-2_i386.deb
  to pool/main/t/tiff/libtiff-opengl_3.7.1-2_i386.deb
libtiff-tools_3.7.1-2_i386.deb
  to pool/main/t/tiff/libtiff-tools_3.7.1-2_i386.deb
libtiff4-dev_3.7.1-2_i386.deb
  to pool/main/t/tiff/libtiff4-dev_3.7.1-2_i386.deb
libtiff4_3.7.1-2_i386.deb
  to pool/main/t/tiff/libtiff4_3.7.1-2_i386.deb
tiff_3.7.1-2.diff.gz
  to pool/main/t/tiff/tiff_3.7.1-2.diff.gz
tiff_3.7.1-2.dsc
  to pool/main/t/tiff/tiff_3.7.1-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the main

Bug#291619: systraq: FTBFS: Tries to download sources outside the debian archive.

2005-01-21 Thread Justin Pryzby 
On Fri, Jan 21, 2005 at 10:54:21PM +0100, Kurt Roeckx wrote:
> Package: systraq
> Version: 0.0.20041118-2
> Severity: serious
> 
> Hi,
> 
> Your package is failing to build because it's trying to connect
> to the internet.  A package should be completly build from the
> source and should not need anything outside the archive to build.
> 
> An extraction from the log:
> /usr/bin/openjade -t sgml -D ../doc -d ./html.dsl 
> /usr/share/sgml/declaration/xml.dcl manual.dbx
> /usr/bin/openjade:manual.dbx:6:0:E: error connecting to "www.oasis-open.org" 
> (Connection timed out)
> /usr/bin/openjade:manual.dbx:6:0:E: DTD did not contain element declaration 
> for document type name
> [...]
Its good to provide a makefile rule that downloads the sources, but
nothing should ever depend on that rule.  It should only be called
manually.
Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291503: marked as done (CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 16:47:04 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291503: fixed in konversation 0.15-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 21 Jan 2005 07:17:13 +
>From [EMAIL PROTECTED] Thu Jan 20 23:17:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Crt2f-0007RC-00; Thu, 20 Jan 2005 23:17:13 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id 0C0A8366BB0; Fri, 21 Jan 2005 08:17:16 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Fri, 21 Jan 2005 08:09:04 +0100 (CET) 
Date: Fri, 21 Jan 2005 08:09:03 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: konversation
Version: 0.15-2
Severity: grave
Tags: security sarge sid

These problems have been discovered by Wouter Coekaerts in the konversation
IRC client.  Affected are version 0.15, CVS until 18-19/01/2005, and
some older versions too. They are fixed in 0.15.1.

When you fix these problems, please mention the corresponding CVE id in
the changelog.

URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129

Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference: 
URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html

The Quick Buttons feature in Konversation 0.15 allows remote attackers
to execute certain IRC commands via a channel name containing "%"
variables, which are recursively expanded by the
Server::parseWildcards function when the Part Button is selected.


URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130

Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference: 
URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html

Certain Perl scripts in Konversation 0.15 allow remote attackers to
execute arbitrary commands via shell metacharacters in (1) channel
names or (2) song names that are not properly quoted when the user
runs IRC sripts.


URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131

Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference: 
URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html

The Quick Connection dialog in Konversation 0.15 inadvertently uses
the user-provided password as the nickname instead of the
user-provided nickname when connecting to the IRC server, which could
leak the password to other users.


Regards,

Joey

-- 
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Please always Cc to me when replying to me on the lists.

---
Received: (at 291503-close) by bugs.debian.org; 21 Jan 2005 21:54:05 +
>From [EMAIL PROTECTED] Fri Jan 21 13:54:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs6jF-0002Gr-00; Fri, 21 Jan 2005 13:54:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs6cS-la-00; Fri, 21 Jan 2005 16:47:04 -0500
From: [EMAIL PROTECTED] (Nathaniel W. Turner)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291503: fixed in konversation 0.15-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 16:47:04 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_

Bug#291619: systraq: FTBFS: Tries to download sources outside the debian archive.

2005-01-21 Thread Kurt Roeckx 
Package: systraq
Version: 0.0.20041118-2
Severity: serious

Hi,

Your package is failing to build because it's trying to connect
to the internet.  A package should be completly build from the
source and should not need anything outside the archive to build.

An extraction from the log:
/usr/bin/openjade -t sgml -D ../doc -d ./html.dsl 
/usr/share/sgml/declaration/xml.dcl manual.dbx
/usr/bin/openjade:manual.dbx:6:0:E: error connecting to "www.oasis-open.org" 
(Connection timed out)
/usr/bin/openjade:manual.dbx:6:0:E: DTD did not contain element declaration for 
document type name
[...]


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289466: Identification of problem

2005-01-21 Thread Christian Perrier 
> Attached is a proposed patch which should fix this issue.
> (I included some other simple changes, too)


While preparing what was supposed to be a l10n NMU, I went on a few
other simple to fix issues:

  * Lintian fixes (the obvious ones):
- Remove dh-make boilerplate in copyright
- Remove initial capitals in packages description synopsis
  and improve English slightly

The packages descriptions follow (with fixes in the packages descriptions):

Source: viewcvs
Section: devel
Priority: optional
Maintainer: Takuo KITAME <[EMAIL PROTECTED]>
Build-Depends: debhelper (>= 4.1.16), sharutils, python-dev (>= 2.3), 
python-dev (<< 2.4), docbook-to-man, python2.3-subversion
Standards-Version: 3.6.1

Package: viewcvs
Architecture: all
Depends: ${python:Depends}, cvs | subversion, rcs, mime-support, debconf (>= 
1.0)
Recommends: enscript, httpd
Suggests: cvsgraph, viewcvs-query, python2.3-subversion
Description: view CVS Repositories via HTTP
 The ViewCVS software was inspired by cvsweb (by Henner Zeller).
 ViewCVS can browse directories, commit-logs, and specific revisions of files.
 It can display diffs between versions and show selections of files based on
 tags or branches.
 .
 This version support also subversion repository.

Package: viewcvs-query
Architecture: all
Depends: viewcvs (= ${Source-Version}), python-mysqldb, python-egenix-mxdatetime
Replaces: viewcvs (<< 0.9.2-6)
Description: view CVS (viewcvs-query.cgi)
 The ViewCVS software was inspired by cvsweb (by Henner Zeller).
 ViewCVS can browse directories, commit-logs, and specific revisions of files.
 It can display diffs between versions and show selections of files based on
 tags or branches.
 .
 This package includes viewcvs-query.cgi





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: dhcp3-server: tags 254785 patch

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 254785 patch
Bug#254785: dhcp3-server: purging fails on woody
Tags were: woody
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291618: ldaptor: FTBFS in sarge: dh_python: Python is not installed, aborting. (Probably forgot to Build-Depend on python.)

2005-01-21 Thread Kurt Roeckx 
Package: ldaptor
Version: 0.0.30
Severity: serious
Tags: sarge

Hi,

Your package if failing to build in sarge with the following
error:
dh_python -p'python-ldaptor' -P'debian/install/python-ldaptor'
dh_python: Python is not installed, aborting. (Probably forgot to
Build-Depend on python.)
make: *** [binary-indep-dummy] Error 1

There is only a python2.3 and no python.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291245: marked as done (CAN-2005-0064: Arbitrary code execution in koffice)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 16:17:14 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291245: fixed in koffice 1:1.3.5-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 19 Jan 2005 16:47:23 +
>From [EMAIL PROTECTED] Wed Jan 19 08:47:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrIzK-0006ZT-00; Wed, 19 Jan 2005 08:47:22 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id 20332366B9F; Wed, 19 Jan 2005 17:47:25 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Wed, 19 Jan 2005 17:46:39 +0100 (CET) 
Date: Wed, 19 Jan 2005 17:46:39 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0064: Arbitrary code execution in gpdf
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="H1U3RZHujIvZE2R4"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--H1U3RZHujIvZE2R4
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

Package: koffice
Tags: security sarge sid

This problem also affects koffice:

URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064

Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack 
Overflow
Reference: 
URL:http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
Reference: CONFIRM:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute arbitrary
code via a PDF file with a large /Encrypt /Length keyLength value.

You'll find the patch in the source of xpdf 3.00-12 which I'm attaching.

Regards,

Joey

-- 
Ten years and still binary compatible.  -- XFree86

Please always Cc to me when replying to me on the lists.

--H1U3RZHujIvZE2R4
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="patch.CAN-2005-0064.xpdf_3.00"

diff -u xpdf-3.00/debian/changelog xpdf-3.00/debian/changelog
--- xpdf-3.00/debian/changelog
+++ xpdf-3.00/debian/changelog
@@ -1,3 +1,12 @@
+xpdf (3.00-12) unstable; urgency=high
+
+  * SECURITY UPDATE: Fixed buffer overflow that could overwrite the stack 
+and hence cause the execution of arbitrary code as reported by 
+iDEFENSE (xpdf/Decrypt.cc)
+  * References: CAN-2005-0064
+
+ -- Hamish Moffatt <[EMAIL PROTECTED]>  Wed, 19 Jan 2005 23:48:56 +1100
+
 xpdf (3.00-11) unstable; urgency=high
 
   * SECURITY UPDATE: fix potential buffer overflow
only in patch2:
--- xpdf-3.00.orig/xpdf/Decrypt.cc
+++ xpdf-3.00/xpdf/Decrypt.cc
@@ -73,6 +73,11 @@
   Guchar fx, fy;
   int len, i, j;
 
+  // check whether we have non-zero keyLength
+  if ( !keyLength ) {
+return gFalse;
+  }
+
   // try using the supplied owner password to generate the user password
   *ownerPasswordOk = gFalse;
   if (ownerPassword) {
@@ -98,7 +103,7 @@
 } else {
   memcpy(test2, ownerKey->getCString(), 32);
   for (i = 19; i >= 0; --i) {
-   for (j = 0; j < keyLength; ++j) {
+   for (j = 0; j < keyLength && j < 16; ++j) {
  tmpKey[j] = test[j] ^ i;
}
rc4InitKey(tmpKey, keyLength, fState);
@@ -135,6 +140,11 @@
   int len, i, j;
   GBool ok;
 
+  // check whether we have non-zero keyLength
+  if ( !keyLength ) {
+return gFalse;
+  }
+
   // generate file key
   buf = (Guchar *)gmalloc(68 + fileID->getLength());
   if (userPassword) {
@@ -172,7 +182,7 @@
   } else if (encRevision == 3) {
 memcpy(test, userKey->getCString(), 32);
 for (i = 19; i >= 0; --i) {
-  for (j = 0; j < keyLength; ++j) {
+  for (j = 0; j < keyLength && j < 16; ++j) {
tmpKey[j] = fileKey[j] ^ i;
   }
   rc4InitKey(tmpKey, keyLength, fState);

--H1U3RZHujIvZE2R4--

---
Received: (at 291245-close) by bugs.debian.org; 21 Jan 2005 21

Bug#284188: marked as done (linux-wlan-ng-modules: unresolved symbols)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 16:22:00 -0500
with message-id <[EMAIL PROTECTED]>
and subject line closing
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 4 Dec 2004 12:15:32 +
>From [EMAIL PROTECTED] Sat Dec 04 04:15:31 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mail2.speakeasy.net [216.254.0.202] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CaYp1-0006cq-00; Sat, 04 Dec 2004 04:15:31 -0800
Received: (qmail 28215 invoked from network); 4 Dec 2004 12:15:31 -
Received: from dsl093-026-112.hou1.dsl.speakeasy.net (HELO [10.119.75.19]) 
([EMAIL PROTECTED])
  (envelope-sender <[EMAIL PROTECTED]>)
  by mail2.speakeasy.net (qmail-ldap-1.03) with SMTP
  for <[EMAIL PROTECTED]>; 4 Dec 2004 12:15:31 -
From: "Shawn K. Quinn" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: linux-wlan-ng-modules: unresolved symbols
Date: Sat, 4 Dec 2004 05:23:43 -0600
User-Agent: KMail/1.7
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,DRUGSPAM,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: linux-wlan-ng-modules-2.4.27-1-k7
Version: 2.4.27-2+0.2.0+0.2.1pre21-1
Severity: grave
Justification: renders package unusable
File: linux-wlan-ng-modules

*** Please type your report below this line ***
I think this speaks for itself quite nicely:

$ sudo modprobe prism2_usb
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
sock_release_Ra249e9db
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
netif_rx_R64e6643d
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
netlink_broadcast_R486fa5b1
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
skb_under_panic_R29ac25f0
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
___pskb_trim_R40f13589
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
proc_net_R4019308b
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
__kfree_skb_R16bf76ae
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
softnet_data_Rf03b2cdb
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
proc_mkdir_Re1d5ec83
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
eth_type_trans_Ref618fc5
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
create_proc_entry_Ra185990c
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
remove_proc_entry_R4a81d799
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o:
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: unresolved symbol
netlink_kernel_create_R2cc6f096
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: insmod
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o failed
/lib/modules/2.4.27-1-k7/linux-wlan-ng/p80211.o: insmod prism2_usb
failed


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages linux-wlan-ng-modules-2.4.27-1-k7 depends on:
ii  kernel-image-2.4.27-1 2.4.27-6   Linux kernel image for version 2.4
ii  linux-wlan-ng 0.2.0+0.2.1pre21-1 utilities for wireless prism2 card

-- no debconf information

---
Received: (at 284188-done) by bugs.debian.org; 21 Jan 2005 21:19:59 +
>From [EMAIL PROTECTED] Fri Jan 21 13:19:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by sp

Bug#291615: ldaptor: FTBFS: /usr/bin/trial2.3: Can't find anything named 'ldaptor' to run

2005-01-21 Thread Kurt Roeckx 
Package: ldaptor
Version: 0.0.32
Severity: serious

Hi,

When trying to build the package I was first seeing the errors
from #290236, now instead it fails with:
trial2.3 --text --tbformat=emacs -R ldaptor
/usr/bin/trial2.3: Can't find anything named 'ldaptor' to run
make: *** [pre-build] Error 1


I assume some external package changed, I just have no idea which
one.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: reassign 289715 to openoffice.org, merging 289715 284096

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> reassign 289715 openoffice.org
Bug#289715: openoffice.org-bin: Impress single Word color modification is 
broken again
Bug reassigned from package `openoffice.org-bin' to `openoffice.org'.

> merge 289715 284096
Bug#284096: openoffice.org: writer crash in 'modify style' when selecting 
another tab
Bug#289715: openoffice.org-bin: Impress single Word color modification is 
broken again
Merged 284096 289715.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation

2005-01-21 Thread Martin Schulze 
Nathaniel W. Turner wrote:
> On Friday 21 January 2005 02:09 am, Martin Schulze wrote:
> > These problems have been discovered by Wouter Coekaerts in the konversation
> > IRC client.  Affected are version 0.15, CVS until 18-19/01/2005, and
> > some older versions too. They are fixed in 0.15.1.
> 
> Fixed in 0.15-3, which needs to be uploaded by a DD.  I mailed Riku Voipio 
> (who usually sponsors my konversation uploads) about it a couple days ago.  
> For now, the fixed package can be found at my repository:
> 
> deb http://debian.houseofnate.net/ unstable main
> deb-src http://debian.houseofnate.net/ unstable main

Great.  In case the new upload auto-closes this bug, please reopen it
for the release team as a note to take care of the package.

Regards,

Joey

-- 
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Please always Cc to me when replying to me on the lists.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291500: cryptsetup_20050111-2(arm): FTBS

2005-01-21 Thread Matt Taggart 
This package built fine on debussy so I uploaded it. I'll let the package 
maintainer figure out if the buildd failure was a package problem (like a 
missing build-dep) or a buildd problem.

-- 
Matt Taggart
[EMAIL PROTECTED]




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#267040: security

2005-01-21 Thread Justin Pryzby 
Showing a warning before running each applet is a good idea.  Using
debconf to display a warning is a bad idea, because only the
administrator will see it ("debconf is/was never mean for such
things").

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289715: Same already fixed bugs are back rendering Impress almost unusable

2005-01-21 Thread Chris Halls 
merge 289715 284096
tags 289715 + moreinfo unreproducible
thanks

On Monday 10 Jan 2005 18:07, Eric Valette wrote:
> Well done guys. Could you backup your erroneous patches once again...

I'm afraid that backing up will only delay things since these changes are 
backported from 2.0 so any bugs are likely to show up again then.

> 

Looking at the stack trace, this is the same crash as reported in 289715 so 
I'm merging the bug.  Looking at the code, OOo is dealing with font lists 
which are likely to be different on your machine to mine, which may be why I 
can't reproduce this here.  Please can you do the same as I asked the 
submitter of #284096 to do:
---
Please download this file:

http://people.debian.org/~halls/openoffice/test/libsvt645li.so.bz2

It is a version of the library that crashes with debugging symbols included.  
bunzip the file and copy into /usr/lib/openoffice/program, replacing the file 
that is there from the package.

Then, reproduce the crash.  When the crash dialog comes up, do not click it 
away but instead execute this from the command line (make sure you have gdb 
installed)

echo thread apply all bt > gdb.script
gdb -p $(pgrep -u $USER soffice.bin| head -1) < gdb.script | tee oo.log 

Please send oo.log to the bug report.

Thanks for your help
Chris

Processed: Re: Bug#289715: Same already fixed bugs are back rendering Impress almost unusable

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> merge 289715 284096
Bug#284096: openoffice.org: writer crash in 'modify style' when selecting 
another tab
Bug#289715: openoffice.org-bin: Impress single Word color modification is 
broken again
Mismatch - only Bugs in same state can be merged:
Values for `package' don't match:
 #284096 has `openoffice.org';
 #289715 has `openoffice.org-bin'

> tags 289715 + moreinfo unreproducible
Bug#289715: openoffice.org-bin: Impress single Word color modification is 
broken again
Tags were: moreinfo unreproducible
Tags added: moreinfo, unreproducible

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291585: downgrade and move setserial

2005-01-21 Thread Ola Lundqvist 
As the maintainer of this package, I can say that I agree that it
should have lowered priority to optional or extra.

Regards,

// Ola

On Fri, Jan 21, 2005 at 10:02:27AM -0700, Bdale Garbee wrote:
> Package: ftp.debian.org
> Severity: serious
> 
> The 'setserial' package remains problematic on many systems.  In the worst 
> cases, having the package installed with the default debconf choice taken 
> will cause a hard system crash on boot.  There seems to be general agreement 
> that this package, while still useful on some systems in some cases, is no 
> longer an appropriate package to have as part of Debian's 'base' install.
> 
> Please downgrade the priority of setserial from 'important' to 'extra'.  I
> would accept 'optional', but the "it can crash your system if you don't know
> what you're doing" aspect makes me suggest 'extra' as more appropriate.  A
> change to a priority lower than 'standard' is release-critical for sarge.
> 
> As supporting evidence for this request, I offer the changelog of debootstrap
> version 0.2.41, and the message thread it references attached to bug #212646.
> The change in debootstrap was necessary but not sufficient to solve the 
> problem, as 'important' priority causes tasksel, et al, to install setserial.
> We *must* fix this for sarge release!
> 
> Please also move the setserial package from 'base' to 'comm'.  This is not 
> absolutely required, but once the priority is lowered it would be less
> confusing to our users if setserial were no longer part of the 'base' section.
> 
> Bdale
> 

-- 
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering 
/  [EMAIL PROTECTED]   Annebergsslingan 37\
|  [EMAIL PROTECTED]   654 65 KARLSTAD|
|  http://www.opal.dhs.org   Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation

2005-01-21 Thread Joey Hess 
I'll sponsor this upload to get the security fix in quickly.

-- 
see shy jo


signature.asc
Description: Digital signature

Bug#291605: gcc-4.0: GCC4 internal compiler error: Segmentation fault

2005-01-21 Thread Falk Hueffner 
Daniel Silva <[EMAIL PROTECTED]> writes:

> configure:3100: gcc  -c -march=pentium3 -O2 -foptimize-sibling-calls
> -finline-functions -fmerge-constants -fmerge-all-constants
> -funroll-loops -fnew-ra -fprefetch-loop-arrays -ffast-math
> -fno-math-errno -funsafe-math-optimizations -ffinite-math-only
> -fno-trapping-math -fsignaling-nans -fsingle-precision-constant
> -ftree-loop-linear -funswitch-loops -fivopts -ftree-sra -ftree-vectorize
> -fweb -fvariable-expansion-in-unroller -freorder-blocks-and-partition
> -funit-at-a-time -fbranch-target-load-optimize  -DGC_LINUX_THREADS
> -D_GNU_SOURCE -D_REENTRANT conftest.c >&5
> conftest.c: In function 'main':
> conftest.c:55: internal compiler error: Segmentation fault
> Please submit a full bug report,
> with preprocessed source if appropriate.
> See http://gcc.gnu.org/bugs.html> for instructions.

Does this happen also without -fnew-ra? Or maybe you could otherwise
try to trim down the options?

-- 
Falk


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation

2005-01-21 Thread Nathaniel W. Turner 
On Friday 21 January 2005 02:09 am, Martin Schulze wrote:
> These problems have been discovered by Wouter Coekaerts in the konversation
> IRC client.  Affected are version 0.15, CVS until 18-19/01/2005, and
> some older versions too. They are fixed in 0.15.1.

Fixed in 0.15-3, which needs to be uploaded by a DD.  I mailed Riku Voipio 
(who usually sponsors my konversation uploads) about it a couple days ago.  
For now, the fixed package can be found at my repository:

deb http://debian.houseofnate.net/ unstable main
deb-src http://debian.houseofnate.net/ unstable main

-- 
Nathaniel W. Turner
Web Coordinator
Cancer Detection and Prevention
http://www.cancerprev.org/


pgpZ5VQXeEKsR.pgp
Description: PGP signature

Bug#291545: tetex-bin: initex fails to generate some etmf files

2005-01-21 Thread Frank Küster 
Margarita Manterola <[EMAIL PROTECTED]> schrieb:

> Package: tetex-bin
> Version: 2.0.2-25
> Severity: grave
> Justification: renders package unusable
>
[...]
> If I run these commands manually, this is what I get:
> 
> [EMAIL PROTECTED]:~$ sudo tex -ini  -jobname=latex -progname=latex latex.ini
> This is TeXk, Version 3.14159 (Web2C 7.4.5) (INITEX)
>  %&-line parsing enabled.
> (...)
> (/usr/share/texmf/tex/generic/hyphen/icehyph.tex
> ! TeX capacity exceeded, sorry [pattern memory=64000].
> l.3280 4skal

This is a really low value. For debugging, we need some more
information. Can you please send us the output of the following
commands:

grep trie_size /etc/texmf/texmf.d/95NonPath.cnf
grep trie_size /etc/texmf/texmf.cnf
kpsewhich --format='web2c files' texmf.cnf

Thank you in advance,
Frank




-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Bug#291362: Workaround for this bug

2005-01-21 Thread Jean-Yves LENHOF 
Use the sarge-i386-businesscard.iso to install debian.

Use expert26 to boot on the cd.


Configure apt and choose a repository near you.

When it will ask about which kernel version it should install, go
to vt2... Do an apt-get install dmsetup (if you have a proxy
do export http_proxy=http://myproxy:myport/ before)

Go back to installer and choose your kernel 2.6 you want.

Regards,


-- 
Jean-Yves LENHOF <[EMAIL PROTECTED]>



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#291603: zapping: FTBFS: Using static non fPIC lib to make a shared lib.

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> forwarded 291603 Michael Schimek <[EMAIL PROTECTED]>
Bug#291603: zapping: FTBFS: Using static non fPIC lib to make a shared lib.
Noted your statement that Bug has been forwarded to Michael Schimek <[EMAIL 
PROTECTED]>.

> severity 291603 normal
Bug#291603: zapping: FTBFS: Using static non fPIC lib to make a shared lib.
Severity set to `normal'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291599: marked as done (zvbi: FTBFS: wss.c:44:21: libzvbi.h: No such file or directory)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 14:32:12 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291599: fixed in zvbi 0.2.12-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 21 Jan 2005 18:32:29 +
>From [EMAIL PROTECTED] Fri Jan 21 10:32:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from poros.telenet-ops.be [195.130.132.44] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs3a9-0004iM-00; Fri, 21 Jan 2005 10:32:29 -0800
Received: from localhost (localhost.localdomain [127.0.0.1])
by poros.telenet-ops.be (Postfix) with SMTP id CE24E3BC279
for <[EMAIL PROTECTED]>; Fri, 21 Jan 2005 19:32:27 +0100 (MET)
Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217])
by poros.telenet-ops.be (Postfix) with ESMTP id A6D7C3BC27F
for <[EMAIL PROTECTED]>; Fri, 21 Jan 2005 19:32:27 +0100 (MET)
Received: by Q.roeckx.be (Postfix, from userid 501)
id 3679E26136; Fri, 21 Jan 2005 19:32:27 +0100 (CET)
Date: Fri, 21 Jan 2005 19:32:27 +0100
From: Kurt Roeckx <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: zvbi: FTBFS: wss.c:44:21: libzvbi.h: No such file or directory
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: zvbi
Version: 0.2.12-1
Severity: serious

Hi,

Your package is failing to build on all arches with the following
error:
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I..   -Wall -Wunused -Wmissing-prototypes 
-Wmissing-declarations -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libpng10  
-Wall -g -O2 -c `test -f 'wss.c' || echo './'`wss.c
wss.c:44:21: libzvbi.h: No such file or directory



Kurt


---
Received: (at 291599-close) by bugs.debian.org; 21 Jan 2005 19:35:57 +
>From [EMAIL PROTECTED] Fri Jan 21 11:35:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs4ZG-Ti-00; Fri, 21 Jan 2005 11:35:38 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs4Vw-0003Pj-00; Fri, 21 Jan 2005 14:32:12 -0500
From: Christian Marillat <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291599: fixed in zvbi 0.2.12-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 14:32:12 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: zvbi
Source-Version: 0.2.12-2

We believe that the bug you reported is fixed in the latest version of
zvbi, which is due to be installed in the Debian FTP archive:

libzvbi-common_0.2.12-2_all.deb
  to pool/main/z/zvbi/libzvbi-common_0.2.12-2_all.deb
libzvbi-dev_0.2.12-2_i386.deb
  to pool/main/z/zvbi/libzvbi-dev_0.2.12-2_i386.deb
libzvbi-doc_0.2.12-2_all.deb
  to pool/main/z/zvbi/libzvbi-doc_0.2.12-2_all.deb
libzvbi0_0.2.12-2_i386.deb
  to pool/main/z/zvbi/libzvbi0_0.2.12-2_i386.deb
zvbi_0.2.12-2.diff.gz
  to pool/main/z/zvbi/zvbi_0.2.12-2.diff.gz
zvbi_0.2.12-2.dsc
  to pool/main/z/zvbi/zvbi_0.2.12-2.dsc
zvbi_0.2.12-2_i386.deb
  to pool/main/z/zvbi/zvbi_0.2.12-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Marillat <[EMAIL PROTECTED]> (supplier of updated zvbi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Fri, 21 Jan 2005 20:07:15 +0100
Source:

Bug#291233: mozilla-firefox: does not start (seg fault)

2005-01-21 Thread Eric Dorland 
* Andres Junge ([EMAIL PROTECTED]) wrote:
> Package: mozilla-firefox
> Version: 1.0+dfsg.1-2
> Severity: grave
> Justification: renders package unusable
> 
> Just seg faults when I try to start it.
> 
> [EMAIL PROTECTED]:~$ firefox -V
> FIREFOX_DSP=
> APPLICATION_ID=firefox
> CMDLINE_DISPLAY=
> DISPLAY=:0.0
> REMOTE=0
> TRY_USE_EXIST=0
> OPTIONS=
> DEBUG=0
> DEBUGGER=
> Running: /usr/lib/mozilla-firefox/firefox-bin -a firefox -remote
> 'ping()'
> /usr/bin/firefox: line 352:  8096 Violación de segmento
> DISPLAY="${CMDLINE_DISPLAY}" ${MOZ_PROGRAM} -remote 'ping()' >/dev/null
> 2>&1
> PING_STATUS=139
> Running: /usr/lib/mozilla-firefox/firefox-bin -a firefox
> Violación de segmento

Can you try purging the package and reinstalling? Removing all
extensions? Moving your .mozilla directory out of the way? 

-- 
Eric Dorland <[EMAIL PROTECTED]>
ICQ: #61138586, Jabber: [EMAIL PROTECTED]
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
--END GEEK CODE BLOCK--


signature.asc
Description: Digital signature

Bug#291233: mozilla-firefox: does not start (seg fault)

2005-01-21 Thread Eric Dorland 
* Bruno Lellis ([EMAIL PROTECTED]) wrote:
> Package: mozilla-firefox
> Version: 1.0+dfsg.1-2
> 
> Just seg faults when it starts loading any site as a normal user.
> When I start it as root, I can browse any site (the same thing occurs
> with epiphany and mozilla).

Do all your fonts have 644 permissions on them (ie can all users read
them)?
 
> 
> [EMAIL PROTECTED]:~$ gdb /usr/lib/mozilla-firefox/firefox-bin
> (...)
> This GDB was configured as "i386-linux"...(no debugging symbols found)
> Using host libthread_db library "/lib/tls/libthread_db.so.1".
> 
> (gdb) run
> (no debugging symbols found)
> (...)
> (no debugging symbols found)
> [New Thread 1139461040 (LWP 5443)]
> [New Thread 1147849648 (LWP 5444)]
> (no debugging symbols found)
> (no debugging symbols found)
> (no debugging symbols found)
> /usr/lib/mozilla-firefox/firefox-bin: relocation error:
> /usr/lib/mozilla-firefox/components/libbrowsercomps.so: undefined
> symbol: NS_NewUnionEnumerator
> 
> Program exited with code 0177.
> (gdb) 
> 
> Debian sid 
> Architecture: i386 (i686)
> Kernel: Linux 2.6.7

-- 
Eric Dorland <[EMAIL PROTECTED]>
ICQ: #61138586, Jabber: [EMAIL PROTECTED]
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
--END GEEK CODE BLOCK--


signature.asc
Description: Digital signature

Processed: retitle 290650 to xserver-xfree86: [ati/atimisc] server won't start on Mach64 LN rev 100 [monitor sync ranges misconfigured] ...

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.6
> retitle 290650 xserver-xfree86: [ati/atimisc] server won't start on Mach64 LN 
> rev 100 [monitor sync ranges misconfigured]
Bug#290650: xserver-xfree86: Startup fails for clamshell iBook after jan15 
woody update: no valid Screen config
Changed Bug title.

>  # HorizSync 28-33 and VertRefresh 43-72 on an LCD?  Looks like the culprit 
> to me.
> severity 290650 normal
Bug#290650: xserver-xfree86: [ati/atimisc] server won't start on Mach64 LN rev 
100 [monitor sync ranges misconfigured]
Severity set to `normal'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 291595

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 291595 sid
Bug#291595: hwtools_0.8-4_i386.deb: fails to install
There were no tags set.
Tags added: sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291605: gcc-4.0: GCC4 internal compiler error: Segmentation fault

2005-01-21 Thread Daniel Silva 
Package: gcc-4.0
Version: 4.0-0pre2
Severity: grave
Tags: experimental
Justification: renders package unusable


While running configure for the Mono runtime:

configure:3030: checking for gcc option to accept ANSI C
configure:3100: gcc  -c -march=pentium3 -O2 -foptimize-sibling-calls
-finline-functions -fmerge-constants -fmerge-all-constants
-funroll-loops -fnew-ra -fprefetch-loop-arrays -ffast-math
-fno-math-errno -funsafe-math-optimizations -ffinite-math-only
-fno-trapping-math -fsignaling-nans -fsingle-precision-constant
-ftree-loop-linear -funswitch-loops -fivopts -ftree-sra -ftree-vectorize
-fweb -fvariable-expansion-in-unroller -freorder-blocks-and-partition
-funit-at-a-time -fbranch-target-load-optimize  -DGC_LINUX_THREADS
-D_GNU_SOURCE -D_REENTRANT conftest.c >&5
conftest.c: In function 'main':
conftest.c:55: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See http://gcc.gnu.org/bugs.html> for instructions.
For Debian GNU/Linux specific bug reporting instructions,
see .
configure:3106: $? = 1
configure: failed program was:
| /* confdefs.h.  */
|
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "mono"
| #define VERSION "1.1.3"
| /* end confdefs.h.  */
| #include 
| #include 
| #include 
| #include 
| /* Most of the following tests are stolen from RCS 5.7's src/conf.sh.
*/
| struct buf { int x; };
| FILE * (*rcsopen) (struct buf *, struct stat *, int);
| static char *e (p, i)
|  char **p;
|  int i;
| {
|   return p[i];
| }
| static char *f (char * (*g) (char **, int), char **p, ...)
| {
|   char *s;
|   va_list v;
|   va_start (v,p);
|   s = g (p, va_arg (v,int));
|   va_end (v);
|   return s;
| }
|
| /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
|function prototypes and stuff, but not '\xHH' hex character
constants.
|These don't provoke an error unfortunately, instead are silently
treated
|as 'x'.  The following induces an error, until -std1 is added to
get
|proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for
an
|array size at least.  It's necessary to write '\x00'==0 to get
something
|that's true only with -std1.  */
| int osf4_cc_array ['\x00' == 0 ? 1 : -1];
|
| int test (int i, double x);
| struct s1 {int (*f) (int a);};
| struct s2 {int (*f) (double a);};
| int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *,
int), int, int);
| int argc;
| char **argv;
| int
| main ()
| {
| return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
|   ;
|   return 0;
| }




$ env | grep DEB
DEBIAN_BUILDGCCVER=4.0
DEBIAN_BUILDARCH=pentium3
$ gcc --version
gcc-4.0 (GCC) 4.0.0 20041205 (experimental) (Debian 4.0-0pre2)
$ echo $CFLAGS
-march=pentium3 -O2 -foptimize-sibling-calls -finline-functions
-fmerge-constants -fmerge-all-constants -funroll-loops -fnew-ra
-fprefetch-loop-arrays -ffast-math -fno-math-errno
-funsafe-math-optimizations -ffinite-math-only -fno-trapping-math
-fsignaling-nans -fsingle-precision-constant -ftree-loop-linear
-funswitch-loops -fivopts -ftree-sra -ftree-vectorize -fweb
-fvariable-expansion-in-unroller -freorder-blocks-and-partition
-funit-at-a-time -fbranch-target-load-optimize



-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages gcc-4.0 depends on:
ii  binutils2.15-5   The GNU assembler, linker and bina
ii  cpp-4.0 4.0-0pre2The GNU C preprocessor
ii  gcc-4.0-base4.0-0pre2The GNU Compiler Collection (base 
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libgcc1 1:4.0-0pre2  GCC support library

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290960: gtk2-engines-gtk-qt: Crashes firefox and galeon

2005-01-21 Thread Christoffer Sawicki 
Hi, 

> I just played with the gnome-themes and found that none of the
> gtk2-engines-* is available.

I'm sorry but I don't get this.

> So I put this into $HOME/.gtkrc-2.0: 
> include "/usr/share/themes/Qt/gtk-2.0/gtkrc"
>
> which should make firefox look like QT app. Unfortunately all I get
> when starting firefox is a segfault.

* Do other GTK2 apps work for you?
* What Qt/KDE style are you using?

I can't reproduce your problem here, but I'll keep investigating.
Upstream has been notified and is taking a look at it.

Thanks,

*/ Christoffer Sawicki <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291566: marked as done (libavcodec-dev: Multiple integer overflows, some of them may lead to arbitrary code execution)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 14:17:08 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291566: fixed in ffmpeg 0.cvs20050121-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 8 Jan 2005 15:21:14 +
>From [EMAIL PROTECTED] Sat Jan 08 07:21:14 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CnIOv-0003Ra-00; Sat, 08 Jan 2005 07:21:13 -0800
Received: from pd9589acc.dip.t-dialin.net ([217.88.154.204] 
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with asmtp 
(TLS-1.0:RSA_ARCFOUR_SHA:16)
(Exim 4.34)
id 1CnIOr-0005cF-PE
for [EMAIL PROTECTED]; Sat, 08 Jan 2005 16:21:11 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.34)
id 1CnIOm-0001K5-4p; Sat, 08 Jan 2005 16:21:04 +0100
Content-Type: multipart/mixed; boundary="===0312202336=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libavcodec-dev: Multiple integer overflows,
 some of them may lead to arbitrary code execution
X-Mailer: reportbug 3.5
Date: Sat, 08 Jan 2005 16:21:03 +0100
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 217.88.154.204
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-10.9 required=4.0 tests=BAYES_00,HAS_PACKAGE,
MIME_SUSPECT_NAME,X_DEBBUGS_CC autolearn=ham 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

This is a multi-part MIME message sent by reportbug.

--===0312202336==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: libavcodec-dev
Version: 0.cvs20050106-1
Severity: grave
Tags: security
Justification: user security hole

[Cc'ing security@, as at least xine-lib embeds libavcodec, there may be
more, I haven't investigated whether they are affected, but I assume it's
the case]

The most recent ffmpeg-cvs-log message from ffmpeg maintainer Michael
Niedermayer mentions 

| integer overflows, heap corruption
| possible arbitrary code execution cannot be ruled out in some cases
| precautionary checks

Feel free to downgrade severity if it turns out not to be exploitable.

I've attached the complete commit message, which includes the fixes.

Cheers,
Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-386
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages libavcodec-dev depends on:
ii  liba52-0.7.4-dev [liba52-dev 0.7.4-1 Development library and headers fo
ii  libdts-dev   0.0.2-svn-1 development files for libdts
ii  libvorbis-dev1.0.1-1 The Vorbis General Audio Compressi
ii  zlib1g-dev   1:1.2.2-4   compression library - development

-- no debconf information

--===0312202336==
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="ffmpeg-overflow.txt"

Update of /cvsroot/ffmpeg/ffmpeg/libavformat
In directory mail:/var2/tmp/cvs-serv27074

Modified Files:
4xm.c allformats.c avidec.c aviobuf.c gifdec.c grab.c http.c 
img.c img2.c matroska.c mov.c nsvdec.c nut.c ogg.c segafilm.c 
sgi.c utils.c wc3movie.c avformat.h 
Log Message:
integer overflows, heap corruption
possible arbitrary code execution cannot be ruled out in some cases
precautionary checks


Index: 4xm.c
===
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/4xm.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- 4xm.c   19 Jun 2004 03:59:33 -  1.13
+++ 4xm.c   8 Jan 2005 14:21:32 -   1.14
@@ -185,6 +185,8 @@
 current_track = LE_32(&header[i + 8]);
 if (current_track + 1 > fourxm->track_count) {
 fourxm->track_count = current_track + 1;
+

Bug#291603: zapping: FTBFS: Using static non fPIC lib to make a shared lib.

2005-01-21 Thread Kurt Roeckx 
Package: zapping
Version: 0.8.0-2
Severity: serious

Hi, your package is failing to build because it's using a
static non fPIC lib to make a shared lib.

Here is an extract from the build log:
/bin/sh ../../libtool --mode=link x86_64-linux-gcc  -Wall -g -O2   -o 
libteletext.zapping.la -rpath /usr/lib/zapping/plugins  bookmark.lo export.lo 
main.lo preferences.lo search.lo toolbar.lo view.lo window.lo 
../../libvbi/libvbi.a  -lpng -lz -lm  -lpthread

*** Warning: Linking the shared library libteletext.zapping.la against the
*** static library ../../libvbi/libvbi.a is not portable!
x86_64-linux-gcc -shared  .libs/bookmark.o .libs/export.o .libs/main.o 
.libs/preferences.o .libs/search.o .libs/toolbar.o .libs/view.o .libs/window.o 
../../libvbi/libvbi.a -lpng -lz -lm -lpthread  -Wl,-soname 
-Wl,libteletext.zapping.so.0 -o .libs/libteletext.zapping.so.0.0.0
/usr/bin/ld: ../../libvbi/libvbi.a(cache.o): relocation R_X86_64_32 can not be 
used when making a shared object; recompile with -fPIC
../../libvbi/libvbi.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make[4]: *** [libteletext.zapping.la] Error 1

The previous version (0.8.0-1) build without problems and
the changelog doesn't seem to indicate why this would now
fail.  It seems that previously it didn't try to make the
libteletext.zapping.so but does now.

A static library should be build without -fPIC and a
shared library should be build using -fPIC.  If you need
the static library too you will have to build all those
files twice, once using -fPIC, once not using it.

>From the build log it looks like the libvbi.a isn't used
for anything other than linking the libteletext.zapping.so
so I suggest you just build those files once using -fPIC.


Note: this is a build log from amd64, it should fail on
some other arches (like hppa) too but they failed for an
other reason so far.  If it happens to only affect amd64
please lower the severity.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291599: zvbi: FTBFS: wss.c:44:21: libzvbi.h: No such file or directory

2005-01-21 Thread Christian Marillat 
Kurt Roeckx <[EMAIL PROTECTED]> writes:

> Package: zvbi
> Version: 0.2.12-1
> Severity: serious
>
> Hi,

Hi,

> Your package is failing to build on all arches with the following
> error:
> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I..   -Wall -Wunused -Wmissing-prototypes 
> -Wmissing-declarations -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libpng10  
> -Wall -g -O2 -c `test -f 'wss.c' || echo './'`wss.c
> wss.c:44:21: libzvbi.h: No such file or directory

Michael, I did the patch below. Coul you apply, if this is the right fix ?

Christian

--- test/wss.c.orig 2005-01-21 20:05:20.0 +0100
+++ test/wss.c  2005-01-21 20:05:45.0 +0100
@@ -41,7 +41,7 @@
 #include 
 #endif
 
-#include "libzvbi.h"
+#include "src/libzvbi.h"
 
 #include  /* for videodev2.h */
 #include "src/videodev2k.h"


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: retitle 288672 to Causes scripts to fail in undebugable ways

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> retitle 288672 Causes scripts to fail in undebugable ways
Bug#288672: php4 4.3.10-2 cuases scripts to fail in undebugable ways
Changed Bug title.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tags 291380 + pending
Bug#291380: [EMAIL PROTECTED]: iDEFENSE Security Advisory 01.19.05: MySQL MaxDB 
Web Agent Multiple Denial of Service Vulnerabilities]
Tags were: sarge security
Tags added: pending

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#286756: udev tmpfs test

2005-01-21 Thread Justin Pryzby 
Couldn't we just use a dummy mount?  Bind mount /bin/ as /tmp/`mktemp
-d`/, then test retval=diropen(/tmp/`mktemp`)?  (Or
fopen("/tmp/`mktemp`/ls") or sth similar).

(I didn't say it was clean ... :)  But this test is probably better
than nothing, as it prevents /dev/ from being unusable.  Just abstract
the test to some bashscript or a few lines of C, stick it in
/usr/lib/udev/ until some point when the kernel tells the truth.

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291600: FTBFS: Attempts to use 'apt-get source'

2005-01-21 Thread Justin Pryzby 
On Fri, Jan 21, 2005 at 06:37:47PM +, Stephen Quinney wrote:
> Package: gibraltar-bootcd
> Severity: serious
> 
> I was just attempting to build gibraltar-bootcd version 0.40 from the
> source using pbuilder and it failed horribly.
> 
> Upon investigation I found that debian/rules is calling two scripts:
> build-discover (which attempts to download the source for curl, expat
> and discover) and build-paste (which attempts to grab the source for
> coreutils). This is total and utter madness, I've never come across
> anything so odd before in my experience of Debian packaging.
[...]

Agree, there must be a better way.  However, developers reference (I
think) does recommend a makefile rule to download the source, which I
think is a great idea.  So, this download should turn into a
completely optional Makefile rule on which nothing depends.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: change bug severity

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> severity #291560 important
Bug#291560: Doesn't work behind a firewall
Severity set to `important'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: bug 291599 is forwarded to Michael Schimek

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.10
> forwarded 291599 Michael Schimek <[EMAIL PROTECTED]>
Bug#291599: zvbi: FTBFS: wss.c:44:21: libzvbi.h: No such file or directory
Noted your statement that Bug has been forwarded to Michael Schimek <[EMAIL 
PROTECTED]>.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291600: FTBFS: Attempts to use 'apt-get source'

2005-01-21 Thread Stephen Quinney 
Package: gibraltar-bootcd
Severity: serious

I was just attempting to build gibraltar-bootcd version 0.40 from the
source using pbuilder and it failed horribly.

Upon investigation I found that debian/rules is calling two scripts:
build-discover (which attempts to download the source for curl, expat
and discover) and build-paste (which attempts to grab the source for
coreutils). This is total and utter madness, I've never come across
anything so odd before in my experience of Debian packaging.

You must not assume even the existence of a network connection from a
buildd never mind the ability to run apt-get. It must be possible to
build a package inside a self-contained chroot. You should also note
that there is a high chance that the apt source urls will not be
listed in typical chroots.

I am absolutely certain that you really do not need to download the
source code for each of these packages and then build them. There must
be a better way to achieve what you are trying to do here.

Stephen Quinney

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291599: zvbi: FTBFS: wss.c:44:21: libzvbi.h: No such file or directory

2005-01-21 Thread Kurt Roeckx 
Package: zvbi
Version: 0.2.12-1
Severity: serious

Hi,

Your package is failing to build on all arches with the following
error:
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I..   -Wall -Wunused -Wmissing-prototypes 
-Wmissing-declarations -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libpng10  
-Wall -g -O2 -c `test -f 'wss.c' || echo './'`wss.c
wss.c:44:21: libzvbi.h: No such file or directory



Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 266707

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 266707 security
Bug#266707: provides no security
Tags were: patch
Tags added: security

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 291503

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.10
> tags 291503 + pending
Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation
Tags were: patch sarge security sid
Tags added: pending

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: retitle 288274 to Please remove obsolete astats package

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> retitle 288274 Please remove obsolete astats package
Bug#288274: ftp.debian.org: remove astats package, better package replace it
Changed Bug title.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#284096: openoffice.org: writer crash in 'modify style' when selecting another tab

2005-01-21 Thread Chris Halls 
On Friday 03 Dec 2004 16:10, Pontus Lidman wrote:
> Package: openoffice.org
> Version: 1.1.3-3
> Severity: grave
> Justification: renders package unusable
>
> Writer crashes in the style edit dialog. How to reproduce:
> 1) start oowriter
> 2) select any style in the stylist, right-click, select 'modify'
>from drop-down menu
> 3) Use left mouse button to click on any tab in the dialog. writer crashes.

I still can't reproduce this problem on my system, so I need your help.  
Please download this file:

http://people.debian.org/~halls/openoffice/test/libsvt645li.so.bz2

It is a version of the library that crashes with debugging symbols included.  
bunzip the file and copy into /usr/lib/openoffice/program, replacing the file 
that is there from the package.

Then, reproduce the crash.  When the crash dialog comes up, do not click it 
away but instead execute this from the command line (make sure you have gdb 
installed)

echo thread apply all bt > gdb.script
gdb -p $(pgrep -u $USER soffice.bin| head -1) < gdb.script | tee oo.log 

Please send oo.log to the bug report.

Thanks
Chris


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291592: kbugbuster: Please rebuild against libkcal2a

2005-01-21 Thread Aaron M. Ucko 
Package: kbugbuster
Version: 4:3.3.1-2
Severity: grave
Justification: renders package unusable (uninstallable)

kbugbuster still depends on libkcal2, which has recently been
superseded by the binary-incompatible (sigh) libkcal2a.  Could you
please rebuild it against libkcal2-dev (>= 4:3.3.2)?

Thanks.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages kbugbuster depends on:
ii  kdelibs4 4:3.3.2-1   KDE core libraries
ii  ktnef4:3.3.2-1   KDE TNEF viewer
ii  libart-2.0-2 2.3.16-6Library of functions for 2D graphi
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii  libgamin0 [libfam0c102]  0.0.12-1Library for the gamin file and dir
ii  libgcc1  1:3.4.3-7   GCC support library
ii  libice6  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libidn11 0.5.2-3 GNU libidn library, implementation
ii  libjpeg626b-9The Independent JPEG Group's JPEG 
ii  libkcal2 4:3.3.1-3   KDE calendaring library
ii  libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii  libpng12-0   1.2.8rel-1  PNG library - runtime
ii  libqt3c102-mt3:3.3.3-8   Qt GUI Library (Threaded runtime v
ii  libsm6   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5   1:3.3.5-6   The GNU Standard C++ Library v3
ii  libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxrender1  0.8.3-7 X Rendering Extension client libra
ii  xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  zlib1g   1:1.2.2-4   compression library - runtime

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291595: hwtools_0.8-4_i386.deb: fails to install

2005-01-21 Thread AR 
Package: hwtools_0.8-4_i386.deb
Version: hwtools
Severity: grave
Justification: renders package unusable

This is what I get when trying to install it:
Preparing to replace hwtools 0.8-3 (using .../hwtools_0.8-4_i386.deb)
...
Unpacking replacement hwtools ...
dpkg: error processing /var/cache/apt/archives/hwtools_0.8-4_i386.deb
(--unpack):
 trying to overwrite `/usr/share/man/man1/buffer.1.gz', which is also in
 package buffer
 dpkg-deb: subprocess paste killed by signal (Broken pipe)
 Errors were encountered while processing:
  /var/cache/apt/archives/hwtools_0.8-4_i386.deb
  E: Sub-process /usr/bin/dpkg returned an error code (1)
  Ack!  Something bad happened while installing packages.  Trying to
  recover:


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7.13122004
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity of 261873 is serious, merging 261873 291585

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> severity 261873 serious
Bug#261873: Move setserial out of base (?)
Severity set to `serious'.

> merge 261873 291585
Bug#261873: Move setserial out of base (?)
Bug#291585: downgrade and move setserial
Merged 261873 291585.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291233: mozilla-firefox: does not start (seg fault)

2005-01-21 Thread Bruno Lellis 
Package: mozilla-firefox
Version: 1.0+dfsg.1-2

Just seg faults when it starts loading any site as a normal user.
When I start it as root, I can browse any site (the same thing occurs
with epiphany and mozilla).


[EMAIL PROTECTED]:~$ gdb /usr/lib/mozilla-firefox/firefox-bin
(...)
This GDB was configured as "i386-linux"...(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) run
(no debugging symbols found)
(...)
(no debugging symbols found)
[New Thread 1139461040 (LWP 5443)]
[New Thread 1147849648 (LWP 5444)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
/usr/lib/mozilla-firefox/firefox-bin: relocation error:
/usr/lib/mozilla-firefox/components/libbrowsercomps.so: undefined
symbol: NS_NewUnionEnumerator

Program exited with code 0177.
(gdb) 

-- System Information:
Debian sid 
Architecture: i386 (i686)
Kernel: Linux 2.6.7


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291585: downgrade and move setserial

2005-01-21 Thread Bdale Garbee 
Package: ftp.debian.org
Severity: serious

The 'setserial' package remains problematic on many systems.  In the worst 
cases, having the package installed with the default debconf choice taken 
will cause a hard system crash on boot.  There seems to be general agreement 
that this package, while still useful on some systems in some cases, is no 
longer an appropriate package to have as part of Debian's 'base' install.

Please downgrade the priority of setserial from 'important' to 'extra'.  I
would accept 'optional', but the "it can crash your system if you don't know
what you're doing" aspect makes me suggest 'extra' as more appropriate.  A
change to a priority lower than 'standard' is release-critical for sarge.

As supporting evidence for this request, I offer the changelog of debootstrap
version 0.2.41, and the message thread it references attached to bug #212646.
The change in debootstrap was necessary but not sufficient to solve the 
problem, as 'important' priority causes tasksel, et al, to install setserial.
We *must* fix this for sarge release!

Please also move the setserial package from 'base' to 'comm'.  This is not 
absolutely required, but once the priority is lowered it would be less
confusing to our users if setserial were no longer part of the 'base' section.

Bdale


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289950: hydrogen: please rebuild against latest libflac-dev

2005-01-21 Thread Stephen Quinney 
On Wed, 12 Jan 2005 01:16:28 +0100 Adeodato =?iso-8859-1?Q?Sim=F3?= <[EMAIL 
PROTECTED]> wrote:

> hydrogen needs to be rebuilt against the latest libflac-dev in order to
> link to libflac6 instead of libflac4 and become functional again. See:
>
>http://lists.debian.org/debian-devel/2005/01/msg00434.html
>
> Please don't forget to version the build-dependency on libflac-dev to
> (>= 1.1.1-3).

I have now done the package rebuild according to the instructions and
uploaded to DELAYED+3 days to give the maintainer a chance to verify
my changes and upload there own package if they would prefer to do it
that way.

Stephen Quinney



signature.asc
Description: Digital signature

Bug#291501: marked as done (policycoreutils_1.20-2(ia64/unstable): FTBFS: missing build-depend)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 12:02:14 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291501: fixed in policycoreutils 1.20-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 21 Jan 2005 06:48:50 +
>From [EMAIL PROTECTED] Thu Jan 20 22:48:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mmjgroup.com [192.34.35.33] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Crsb6-0001CY-00; Thu, 20 Jan 2005 22:48:44 -0800
Received: from mix.mmjgroup.com (mix.mmjgroup.com [192.34.35.16])
by mmjgroup.com (Postfix) with ESMTP id CB29216E4F
for <[EMAIL PROTECTED]>; Thu, 20 Jan 2005 23:48:43 -0700 (MST)
Received: by mix.mmjgroup.com (Postfix, from userid 1000)
id F08748F30B; Thu, 20 Jan 2005 23:48:44 -0700 (MST)
Date: Thu, 20 Jan 2005 23:48:44 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: policycoreutils_1.20-2(ia64/unstable): FTBFS: missing build-depend
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: policycoreutils
Version: 1.20-2
Severity: serious

There was an error while trying to autobuild your package:

> Automatic build of policycoreutils_1.20-2 on caballero by sbuild/ia64 1.170.5
> Build started at 20050121-0631

[...]

> ** Using build dependencies supplied by package:
> Build-Depends: libselinux1-dev (>= 1.14-1), libpam0g-dev, libsepol1-dev, file

[...]

> make[2]: Entering directory `/build/buildd/policycoreutils-1.20/audit2allow'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/build/buildd/policycoreutils-1.20/audit2allow'
> make[2]: Entering directory `/build/buildd/policycoreutils-1.20/scripts'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/build/buildd/policycoreutils-1.20/scripts'
> make[2]: Entering directory `/build/buildd/policycoreutils-1.20/po'
> file=./`echo da | sed 's,.*/,,'`.gmo \
>   && rm -f $file && PATH=$PATH /usr/bin/msgfmt -o $file da.po
> /bin/sh: /usr/bin/msgfmt: No such file or directory
> make[2]: *** [da.gmo] Error 127
> make[2]: Leaving directory `/build/buildd/policycoreutils-1.20/po'
> make[1]: *** [all] Error 1
> make[1]: Leaving directory `/build/buildd/policycoreutils-1.20'
> make: *** [build/policycoreutils] Error 2

A full build log can be found at:
http://buildd.debian.org/build.php?arch=ia64&pkg=policycoreutils&ver=1.20-2


---
Received: (at 291501-close) by bugs.debian.org; 21 Jan 2005 17:06:06 +
>From [EMAIL PROTECTED] Fri Jan 21 09:06:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs2EY-Yr-00; Fri, 21 Jan 2005 09:06:06 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs2Ao-0005dZ-00; Fri, 21 Jan 2005 12:02:14 -0500
From: Manoj Srivastava <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291501: fixed in policycoreutils 1.20-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 12:02:14 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: policycoreutils
Source-Version: 1.20-3

We believe that the bug you reported is fixed in the latest version of
policycoreutils, which is due to be installed in the Debian FTP archive:

policycoreutils_1.20-3.diff.gz
  to pool/main/p/policycoreutils/policycoreutils_1.20-3.diff.gz
policycoreutils_1.20-3.dsc
  to pool/main/p/policycoreutils/policycoreutils_1.20-3.dsc
policycoreutils_1.20-3_i386.deb
  to p

Processed: Re: Bug#291470: mozilla-thunderbird-enigmail: Enigmail fails to initiate unless other global extension installed afterwards

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> severity 291470 important
Bug#291470: mozilla-thunderbird-enigmail: Enigmail fails to initiate unless 
other global extension installed afterwards
Severity set to `important'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290966: Uploaded to delayed+3days

2005-01-21 Thread Stephen Quinney 
On Tue, 18 Jan 2005 00:15:00 +0100 Kurt Roeckx wrote:
> 
> Your package is failing to build with the following error:
> g++  -O2 -g -c `wx-config --cflags` -o sffview.o sffview.cpp
> In file included from sffview.cpp:36:
> common.h:36:37: boost/filesystem/path.hpp: No such file or directory
> sffview.cpp: In member function `void SffView::CalcScale()':
> sffview.cpp:123: warning: passing `double' for converting 4 of `virtual void
>wxScrolledWindow::SetScrollbars(int, int, int, int, int, int, bool)'
> sffview.cpp:128: warning: passing `double' for converting 3 of `virtual void
>wxScrolledWindow::SetScrollbars(int, int, int, int, int, int, bool)'
> make[1]: *** [sffview.o] Error 1
> 
> This looks like a missing build dependency on
> libboost-filesystem-dev.  When adding it it builds fine.
> 

I have confirmed this problem and that the simple fix works inside my
pbuilder chroot. I have uploaded a corrected package to DELAYED+3
days. If the maintainer would rather fix this themselves they have
some time to upload their own corrected package.

Stephen Quinney





signature.asc
Description: Digital signature

Processed: tagging 287347

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 287347 - experimental
Bug#287347: ngspice: legal issue
Tags were: experimental
Tags removed: experimental

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#280186: marked as done (ml-yacc: FTBFS: File missing)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 16:55:12 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Source package gone
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 7 Nov 2004 21:46:14 +
>From [EMAIL PROTECTED] Sun Nov 07 13:46:13 2004
Return-path: <[EMAIL PROTECTED]>
Received: from pd9e7fea0.dip.t-dialin.net (stigge.org) [217.231.254.160] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CQurV-0001XL-00; Sun, 07 Nov 2004 13:46:13 -0800
Received: (qmail 13812 invoked from network); 7 Nov 2004 21:46:10 -
Received: from unknown (HELO atari.stigge.org) (192.168.1.99)
  by sbo.stigge.org with SMTP; 7 Nov 2004 21:46:10 -
Received: from [192.168.1.99] (localhost [127.0.0.1])
by atari.stigge.org (Postfix) with ESMTP id E1D531004432E;
Sun,  7 Nov 2004 22:46:09 +0100 (CET)
From: Roland Stigge <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: ml-yacc: FTBFS: File missing
Message-Id: <[EMAIL PROTECTED]>
Date: Sun,  7 Nov 2004 22:46:09 +0100 (CET)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: ml-yacc
Version: 110.42-1
Severity: serious

Hi,

building the package ml-yacc in a clean build environment
(with pbuilder) on i386 results in:

=
[...]
Standard ML of New Jersey v110.49 [FLINT v1.5], September 13, 2004
[scanning ml-yacc.cm]
[scanning $/ml-yacc-lib.cm]
ml-yacc.cm:7.3-7.19 Error: Io: openIn failed on 
"/home/he/Projects/Debian/Sponsoring/Aaron_Read/smlnj-110.49/sml.boot.x86-unix/ml-yacc-lib.cm/ml-yacc-lib.cm",
 No such file or directory
[parsing (ml-yacc.cm):sigs.sml]
[creating directory .cm/SKEL]
[parsing (ml-yacc.cm):utils.sig]
[parsing (ml-yacc.cm):hdr.sml]
[parsing (ml-yacc.cm):yacc.grm.sig]
[parsing (ml-yacc.cm):yacc.grm.sml]
[parsing (ml-yacc.cm):yacc.lex.sml]
[parsing (ml-yacc.cm):parse.sml]
[parsing (ml-yacc.cm):utils.sml]
[parsing (ml-yacc.cm):grammar.sml]
[parsing (ml-yacc.cm):core.sml]
[parsing (ml-yacc.cm):coreutils.sml]
[parsing (ml-yacc.cm):graph.sml]
[parsing (ml-yacc.cm):look.sml]
[parsing (ml-yacc.cm):lalr.sml]
[parsing (ml-yacc.cm):mklrtable.sml]
[parsing (ml-yacc.cm):mkprstruct.sml]
[parsing (ml-yacc.cm):shrink.sml]
[parsing (ml-yacc.cm):verbose.sml]
[parsing (ml-yacc.cm):absyn.sig]
[parsing (ml-yacc.cm):absyn.sml]
[parsing (ml-yacc.cm):yacc.sml]
[parsing (ml-yacc.cm):link.sml]
[parsing (ml-yacc.cm):export-yacc.sml]
Compilation failed.
make: *** [ml-yacc.] Error 1
=

Thanks for considering.

---
Received: (at 280186-done) by bugs.debian.org; 21 Jan 2005 15:57:46 +
>From [EMAIL PROTECTED] Fri Jan 21 07:57:46 2005
Return-path: <[EMAIL PROTECTED]>
Received: from higgs.djpig.de [213.133.98.126] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs1AQ-0004Lw-00; Fri, 21 Jan 2005 07:57:46 -0800
Received: from djpig by higgs.djpig.de with local (Exim 4.34)
id 1Cs17w-0001LH-MN
for [EMAIL PROTECTED]; Fri, 21 Jan 2005 16:55:12 +0100
Date: Fri, 21 Jan 2005 16:55:12 +0100
From: Frank Lichtenheld <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Source package gone
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

There is no ml-yacc source package anymore.

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291566: libavcodec-dev: Multiple integer overflows, some of them may lead to arbitrary code execution

2005-01-21 Thread Moritz Muehlenhoff 
Package: libavcodec-dev
Version: 0.cvs20050106-1
Severity: grave
Tags: security
Justification: user security hole

[Cc'ing security@, as at least xine-lib embeds libavcodec, there may be
more, I haven't investigated whether they are affected, but I assume it's
the case]

The most recent ffmpeg-cvs-log message from ffmpeg maintainer Michael
Niedermayer mentions 

| integer overflows, heap corruption
| possible arbitrary code execution cannot be ruled out in some cases
| precautionary checks

Feel free to downgrade severity if it turns out not to be exploitable.

I've attached the complete commit message, which includes the fixes.

Cheers,
Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-386
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages libavcodec-dev depends on:
ii  liba52-0.7.4-dev [liba52-dev 0.7.4-1 Development library and headers fo
ii  libdts-dev   0.0.2-svn-1 development files for libdts
ii  libvorbis-dev1.0.1-1 The Vorbis General Audio Compressi
ii  zlib1g-dev   1:1.2.2-4   compression library - development

-- no debconf information
Update of /cvsroot/ffmpeg/ffmpeg/libavformat
In directory mail:/var2/tmp/cvs-serv27074

Modified Files:
	4xm.c allformats.c avidec.c aviobuf.c gifdec.c grab.c http.c 
	img.c img2.c matroska.c mov.c nsvdec.c nut.c ogg.c segafilm.c 
	sgi.c utils.c wc3movie.c avformat.h 
Log Message:
integer overflows, heap corruption
possible arbitrary code execution cannot be ruled out in some cases
precautionary checks


Index: 4xm.c
===
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/4xm.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- 4xm.c	19 Jun 2004 03:59:33 -	1.13
+++ 4xm.c	8 Jan 2005 14:21:32 -	1.14
@@ -185,6 +185,8 @@
 current_track = LE_32(&header[i + 8]);
 if (current_track + 1 > fourxm->track_count) {
 fourxm->track_count = current_track + 1;
+if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+return -1;
 fourxm->tracks = av_realloc(fourxm->tracks, 
 fourxm->track_count * sizeof(AudioTrack));
 if (!fourxm->tracks) {

Index: allformats.c
===
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/allformats.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- allformats.c	4 Jan 2005 14:38:52 -	1.42
+++ allformats.c	8 Jan 2005 14:21:32 -	1.43
@@ -125,8 +125,8 @@
 #endif
 av_register_image_format(&jpeg_image_format);
 #endif
-av_register_image_format(&gif_image_format);
-av_register_image_format(&sgi_image_format);
+av_register_image_format(&gif_image_format);  
+//av_register_image_format(&sgi_image_format); heap corruption, dont enable
 #endif //CONFIG_ENCODERS
 
 /* file protocols */

Index: avidec.c
===
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/avidec.c,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- avidec.c	19 Dec 2004 02:55:40 -	1.58
+++ avidec.c	8 Jan 2005 14:21:32 -	1.59
@@ -302,9 +302,11 @@
 get_le32(pb); /* ClrUsed */
 get_le32(pb); /* ClrImportant */
 
+ if(size > 10*4 && size<(1<<30)){
 st->codec.extradata_size= size - 10*4;
 st->codec.extradata= av_malloc(st->codec.extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
 get_buffer(pb, st->codec.extradata, st->codec.extradata_size);
+ }
 
 if(st->codec.extradata_size & 1) //FIXME check if the encoder really did this correctly
 get_byte(pb);
@@ -549,6 +551,8 @@
 nb_index_entries = size / 16;
 if (nb_index_entries <= 0)
 return -1;
+if(nb_index_entries + 1 >= UINT_MAX / sizeof(AVIIndexEntry))
+return -1;
 
 /* read the entries and sort them in each stream component */
 for(i = 0; i < nb_index_entries; i++) {

Index: aviobuf.c
===
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/aviobuf.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- aviobuf.c	8 Oct 2004 20:09:52 -	1.22
+++ aviobuf.c	8 Jan 2005 14:21:32 -	1.23
@@ -629,11 +629,13 @@
 /* reallocate buffer if needed */
 new_size = d->pos + buf_size;
 new_allocated_size = d->allocated_size;
+if(new_size < d->pos || new_size > INT_MAX/2)
+return -1;
 while (new_size > new_allocated_size) {
 if (!new_allocated_size)
 new_allocated_size = new_size;

Bug#289856: mdnsresponder: Wrong license

2005-01-21 Thread Loïc Minier 
Steve Langasek <[EMAIL PROTECTED]> - Fri, Jan 21, 2005:

> I don't really think it's acceptable to move half of gnome into contrib.
> Fortunately, if the package dependencies of libhowl0 are accurate, this
> shouldn't be required; mdnsresponder isn't a dependency of libhowl0, only a
> recommends: which could in theory be weakened to a suggests:.

 Err of course GNOME would have to rebuild gnomevfs and packages built
 with the howl enabled gnomevfs.
   I never meant to move GNOME in contrib!

> You indicated on IRC that the library functionality isn't very useful
> without the mdnsresponder package.  I think it isn't very useful to a lot of
> users even *with* the mdnsresponder package, so I don't think we'd be lying
> to ourselves by weakening this to a suggests:.

 I think howl is great and would really do some good to usability in
 some programs.  But sure, we lived without it in the past.

   Bye,

-- 
Loïc Minier <[EMAIL PROTECTED]>

Bug#290597: fails to configure because gs-common is not configured

2005-01-21 Thread Frank Lichtenheld 
On Fri, Jan 14, 2005 at 02:16:45PM -0800, Matt Kraai wrote:
> The Desktop task failed to install while installing Debian because
> gs-gpl failed to configure because gs-common was not configured:
> 
>  dpkg: dependency problems prevent configuration of gs-gpl:
>   gs-gpl depends on gs-common (>= 0.2); however:
>Package gs-common is not configured yet.
>  dpkg: error processing gs-gpl (--configure):
>   dependency problems - leaving unconfigured

I don't quite understand how this would be gs-gpl's fault, it's either
gs-common (because of an error during the configuration) or apt/dpkg,
isn't it? Do you have a complete log of the install, I suspect there
was an error during configuring gs-common.

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 290597

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 290597 moreinfo
Bug#290597: fails to configure because gs-common is not configured
There were no tags set.
Tags added: moreinfo

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity of 290890 is normal

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> severity 290890 normal
Bug#290890: Please remove distributed-net-pproxy.
Severity set to `normal'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: retitle 291006 to installation-reports: LVM install failed due to missing dmsetup

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> retitle 291006 installation-reports: LVM install failed due to missing dmsetup
Bug#291006: Package: installation-reports
Changed Bug title.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#262035: marked as done (cdimage.debian.org: I am using the daily sarge iso images to create a local mirror. Instalation fails attempting to partition a disk)

2005-01-21 Thread Debian Bug Tracking System 
Your message dated Fri, 21 Jan 2005 16:23:20 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Duplicate
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 29 Jul 2004 13:57:12 +
>From [EMAIL PROTECTED] Thu Jul 29 06:57:12 2004
Return-path: <[EMAIL PROTECTED]>
Received: from dpvc-68-162-250-117.bos.east.verizon.net (mail.is-cs.com) 
[68.162.250.117] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BqBPE-00035x-00; Thu, 29 Jul 2004 06:57:12 -0700
Received: from debian.is-cs.com ([EMAIL PROTECTED] [10.0.3.11])
by mail.is-cs.com (8.12.8/8.12.8) with ESMTP id i6TDv4Xd028169;
Thu, 29 Jul 2004 09:57:04 -0400
Received: from debian.is-cs.com ([EMAIL PROTECTED] [127.0.0.1])
by debian.is-cs.com (8.12.3/8.12.3/Debian-6.6) with ESMTP id 
i6TDiYU9027941;
Thu, 29 Jul 2004 09:44:34 -0400
Received: (from [EMAIL PROTECTED])
by debian.is-cs.com (8.12.3/8.12.3/Debian-6.6) id i6TDiYDL027939;
Thu, 29 Jul 2004 09:44:34 -0400
Message-Id: <[EMAIL PROTECTED]>
From: root <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: cdimage.debian.org: I am using the daily sarge iso images to create a 
local mirror. Instalation fails attempting to partition a disk
X-Mailer: reportbug 1.50
Date: Thu, 29 Jul 2004 09:44:34 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: cdimage.debian.org
Version: N/A; reported 2004-07-29
Severity: critical
Justification: breaks the whole system



-- System Information
Debian Release: 3.0-bunk-kernel26
Architecture: i386
Kernel: Linux debian 2.2.20-idepci #1 Sat Apr 20 12:45:19 EST 2002 i686
Locale: LANG=C, LC_CTYPE=C

I am creating an install lab that must be disconnected from the net.
I download the daily netinstall files (Kernel and initrd) and use
these to PXE boot by target system.

T also download the daily (and beta4) iso images and mount them on a directory
accessable via http. 

When I pxe boot I am able to get through the Mirror specification prompt.
If I choose a real mirror I am able to fully install the system. If I 
specify my local mirror then I install up to partitioning the disk. 
I am unable to get further than that. No disk is recognized. I have tried this 
with a target system with IDE and SCSI disks. 

I believe this to be a problem with the CD image not with the installer.

Please respond to [EMAIL PROTECTED] - this system is behind a firewall and does 
not recieve mail.

Thanks
SG


---
Received: (at 262035-done) by bugs.debian.org; 21 Jan 2005 15:25:54 +
>From [EMAIL PROTECTED] Fri Jan 21 07:25:54 2005
Return-path: <[EMAIL PROTECTED]>
Received: from higgs.djpig.de [213.133.98.126] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs0fZ-0007eY-00; Fri, 21 Jan 2005 07:25:54 -0800
Received: from djpig by higgs.djpig.de with local (Exim 4.34)
id 1Cs0d6-0005xY-L8
for [EMAIL PROTECTED]; Fri, 21 Jan 2005 16:23:20 +0100
Date: Fri, 21 Jan 2005 16:23:20 +0100
From: Frank Lichtenheld <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Duplicate
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

This is an exact duplicate of 262043, thus closing.

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#283896: libdbd-sqlite-perl: version mismatch with sqlite package.

2005-01-21 Thread Marcelo E. Magallon 
Hi Steve,

On Sat, Jan 08, 2005 at 04:44:22AM -0800, Steve Langasek wrote:

 > - First, this bug is not critical: it does not break "unrelated
 >   packages or the whole system".  It is at most grave (if it makes
 >   the package unusable), or serious (if it's your opinion that this
 >   bug makes the package unsuitable for release for other reasons).

 It depends on how you understand "unrelated packages".  It breaks
 existing scripts because the backend is changed from SQLite 2 to 3.
 SQLite 3 can't read files written by SQLite 2 and the error message
 that DBD outputs is rather confusing (much more generic than "can't
 read files in SQLite 2 format").

 The package itself is usable, one must only pay attention to what one
 is doing.

 It's unsuitable for release with sarge because we don't know what
 upstream's plan is (maybe Krzysztof has already figured out something
 with upstream, but there's no record of that on the BTS).  I would very
 much prefer _not_ to release these packages with sarge unless this is
 fixed and an upgrade path is provided.  SQLite provides such path, only
 the Perl DBD is a mess.

 Marcelo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#283896: libdbd-sqlite-perl: version mismatch with sqlite package.

2005-01-21 Thread Marcelo E. Magallon 
Hi Krzysztof,

On Mon, Jan 10, 2005 at 09:33:16AM +0100, Krzysztof Krzyzaniak wrote:

 > Take look at
 > ,
 >  (and below).
 > 
 > Question is in upstream changes and very confusing schema names. I'll
 > try to work out this issue as soon as possible.

 any word on this?  I'm getting a bit tickled but this.  I've got the
 feeling that everytime I write a perl script using DBD::SQLite it's
 going to break without warning...

 Marcelo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 290291

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 290291 patch
Bug#290291: evolution: Evolution does not authenticate using MD5 methods 
(DIGEST/CRAM) and remains plaintext
There were no tags set.
Tags added: patch

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 290974

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 290974 - sid
Bug#290974: apache: Temporary usage bugs that can be used in symlink attacks
Tags were: sarge security sid
Tags removed: sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290999: depends on wvstreams3, not wvstreams4

2005-01-21 Thread Frank Lichtenheld 
On Fri, Jan 21, 2005 at 09:18:40AM -0500, Simon Law wrote:
> Odd.  I didn't ask for libwvstreams3 to get yoinked.

You don't need to. If you upload a new version of a source package
that builds different binary packages than the one before the old
ones will be removed semi-automatically (next time a ftp-master runs
the rene script that detects such issues).

Gruesse,
-- 
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 291033, tagging 291033

2005-01-21 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.5
> tags 291033 fixed
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: sarge security patch
Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Tags added: fixed

>  # fixed version reached testing
> tags 291033 - sarge
Bug#291033: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow 
Vulnerability
Tags were: fixed sarge security patch
Bug#291118: vulnerable to CAN-2005-0005, buffer overflow in PSD decoder
Tags removed: sarge

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#290999: depends on wvstreams3, not wvstreams4

2005-01-21 Thread Simon Law 
On Fri, Jan 21, 2005 at 08:43:41AM -0500, Patrick Patterson wrote:
> On Friday 21 January 2005 08:09, Frank Lichtenheld wrote:
> > On Tue, Jan 18, 2005 at 01:00:47AM -0500, Joe Mason wrote:
> > > libwvstreams3 seems to have disappeared from Debian unstable, but
> > > retchmail still depends on it instead of libwvstreams4:
> >
> > Just a quick note: I investigated if this would be a simple recompile,
> > but apparently the program uses WvStreamList which disappeared in
> > WvStreams 4.0. This issue seems to be fixed in the upstream CVS but
> > the patch was too invasive to be considered for a NMU. I will remove
> > retchmail from testing for now so that the new wvstreams can enter it.
> >
> Frank:
> 
> As I am still waiting for keyring-maint to get my key in shape to do a proper 
> upload, if you want to do an upload of retchmail with what is in CVS instead 
> of as an NMU, then I'm cool with that... alternatively, let me know, and I'll 
> have the WvStreams maintainer (sfllaw) do the upload, since he broke it in 
> the first place :)

Odd.  I didn't ask for libwvstreams3 to get yoinked.

Simon


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

  1   2   >