Bug#778449: botch FTBFS on architectures without ocamlopt due to timeout
Package: botch Version: 0.6-1~experimental1 Severity: serious Justification: fails to build from source Hi, botch FTBFS on arm64, mips, mipsel and s390x because the testsuite run is killed after a timeout. This is because these platforms do not provide native ocaml and thus running the testsuite will take several hours. cheers, josch -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778448: rt-extension-calendar: Unneeded dependency on libdigest-sha-perl
Source: rt-extension-calendar Version: 0.17-1 Severity: normal Hi rt-extension-calendar (Build-)Depends(-Indep) on libdigest-sha-perl. But Digest::SHA is in Perl core since v5.9.3 and 'RTx-Calendar does not seem to require an newer version of Digest::SHA as it is in perl core, thus the extra dependency on libdigest-sha-perl is acutally not needed unless an explicit newer version is required (in such a case an alternate dependency on both a versioned libdigest-sha-perl and the perl including that version would be needed). Thanks for maintaining this rquest-tracker extension in Debian. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778375: apt-transport-https: segfaults
Package: apt-transport-https Version: 1.0.9.6 Severity: serious Hi, When I try to download something over https apt just segfaults: https[7809]: segfault at 69 ip 7f523b8cbb03 sp 7fff432589e0 error 4 in https[7f523b8c+12000] Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773634: lazarus: Fails any execution due to missing LConvEncoding
Hi Rainer, Looks like you did not install LCL. LCL is recommended by lazarus, so if your package manager does not pull recommended packages you may fall in this issue. Can you please ensure LCL is installed and let me know? Cheers, Abou Al Montacir signature.asc Description: This is a digitally signed message part
Bug#778341: procmail: CVE-2014-9681: unsafe handling of TZ environment variable
On Sat, Feb 14, 2015 at 07:47:14AM +0100, Salvatore Bonaccorso wrote: I see, I have missed #772706 somehow apparently, sorry about that. I have merged both reports. But this is still not a bug! procmail may be seen as a shell or as a special purpose programming language. The bash shell allows the user to read arbitrary files, but nobody would say that it is insecure because of that. What is insecure is giving untrusted users shell access. The same happens for procmail. You would never give an untrusted user the ability to write an arbitrary .procmailrc file because that would be nearly the same as giving shell access. Can you explain this to whoever assigned a CVE number for this? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778357: audit 'apt-get update' exit codes
Am 14.02.2015 01:45 schrieb Patrick Schleizer adrela...@riseup.net: Package: apt Severity: important X-Debbugs-CC: hol...@layer-acht.org,p...@debian.org When apt-get update fails the program under some conditions exits with a 0 status. It would be useful if it exited with a non-zero status in that case (or if there were a switch to tell it to do so). Since there is already... - provide meaningful exit codes for network failures https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776152 and - apt: Provide meaningful exit codes for gpg failures https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745735 That have been found more or less by trial and error... I am wondering, if there are any other situations, where this could happen. Perhaps while you're at #776152 and #745735, could you please check if there are other cases, where apt-get exits with a 0 status, where it should exit with a non-zero status? Cheers, Patrick The results are meaningful. 0 indicates success or transient error, whereas other values indicate a persistent error. Stuff like gpg errors are transient, they are expected to happen during mirror updates due to the repository format.
Bug#774428: unblock: simpleburn/1.7.0-2
On 02/11/2015 12:34 AM, Mehdi Dogguy wrote: Looks like a sensible plan. Can we help to make that happen? Sure. I am just waiting for Mateusz to make another upload to mentors. Mateusz, ping? Otherwise I'd be happy to NMU. -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777346: grep-excuses: Search autoremovals too
James McCoy writes (Re: Bug#777346: grep-excuses: Search autoremovals too): On Sat, Feb 07, 2015 at 03:42:14PM +, Ian Jackson wrote: Subject: [PATCH 2/3] grep-excuses: --debug option This should be 3/3. I reviewed the actual patch in your git repo. It and the rest in the series look fine. I'll commit them soon. Not sure how the number became wrong. Anyway, thanks. Ian. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777540: policy violation in libhtp
Control: retitle -1 policy violation - SONAME mismatch Hi Hlko, thx for confirming. Should I also file a bug against lintian to remove the upstream soname version is not correct override? Best regards rm -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#666272: [keepnote] You can not change language.
It may be duplicated with #572. A locale env is '*.UTF-8' and resources are named '*.UTF8' on Python 2.7 environment, Debian wheezy. Yes, I confirm this bug: cd /usr/lib/python2.7/dist-packages/keepnote/rc/locale cp -r de_DE.UTF8 de_DE.UTF-8 (and all other languages) After start language is accepted and working!! Please fix it somehow!
Bug#778379: kcollectd should not hard depend on collectd
Package: kcollectd Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I want to install kcollectd on my laptop to view rrd files from my server. I can mount the folder with the rrd files with e.g. NFS or sshfs. In this case it's annoying to install collectd on my laptop although I don't intend to use it there. Maybe it might be better to just recommend collectd? Thank you, Thomas Koch -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU3zoiAAoJEAf8SJEEK6ZaQHAP/AmROhuYhw3CpiNC+0Vm68FY 4Y1kp9IYCOy/s4nPrMGYKn4ubz4lyYpHOqpToyKTG+a6WcAtDsrdjmtEhELu98SE rHd3r0ZYr41nNBmhCLktaE9hp506/NYXgL9CIolvzMQRV2LriF/gWvFPZqpHFXIo 6ZLJw5sVp6C18X4z25X4r6J2AufIDNdhiu90CRCN7HV/UCtsqWOi/tqSEzIJUTaU OBRcYr5eFL0QQI7rk/HdidCEZy8rdtSaSi6m0YCio0aZJN5Cs7HLvUeCsG+rwLhb kUCGwdk0oARDmt5GnwNyq/6zLr/+vUE9C5ZviyDp6ZnirAFw8XipNMxheE3OnfYU M3qtkcrGNFKv32gc0K+wMZwCTfCW0rqabujTN1g88JU8u0omdqvpEG1LuconM3zu 5efVaLA/CVog+j1MzRs0zhEFKvmhtw6nI4a9lw2j4omYI5kltG+rAHF86u9ZUABZ 8JmIkJPxGSS1x72QSQK8JQ/m1EP2nzRFtKI545wH6K2BObRf2UtQ1ur6KHP/hNX0 3kfeWR24M0Hvd8FbvVgvYqojkjbuhcYA6t5pzqeANO3CgMkP3TUkxKMlgHrDP0AL TkFfAYAEkUkkW+MCXbBNZ5ZJKvIgBomPgB3zXLcFw2VzKgh4qz3tq0Hxs3dmBGSa lozeNYp8PqbZ2a0aRTxd =js8a -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777664: [Pkg-salt-team] Bug#777664: Bug#777664: salt-minion: Make log file readable by adm group
Hi Ben, On Wed, Feb 11, 2015 at 9:18 PM, Benjamin Drung benjamin.dr...@profitbricks.com wrote: I'll make these changes. You are partially right - I/we do need a sponsor, but I haven't asked for one yet as I want to make sure the latest addition to the packaging (salt-api) is ok before I do (hence the -3...). Working through the patch, setting the directory mode to 2750 causes the lintian issue non-standard-dir-perm. Is this needed? I'm not sure I follow the reason for it (the directory permission change). Thanks, Joe
Bug#778376: pkgconfig libgcj.pc link points to non existent file
Package: gcj-jdk Severity: normal Tags: patch # dpkg -L gcj-jdk | grep libgcj.pc /usr/lib/pkgconfig/x86_64-linux-gnu/libgcj.pc # ls -la /usr/lib/pkgconfig/x86_64-linux-gnu/libgcj.pc lrwxrwxrwx 1 root root 11 Oct 18 09:03 /usr/lib/pkgconfig/x86_64-linux-gnu/libgcj.pc - libgcj15.pc # ls -la /usr/lib/pkgconfig/x86_64-linux-gnu/libgcj15.pc ls: cannot access /usr/lib/pkgconfig/x86_64-linux-gnu/libgcj15.pc: No such file or directory # ls -la /usr/lib/x86_64-linux-gnu/pkgconfig/libgcj15.pc lrwxrwxrwx 1 root root 13 Oct 24 16:49 /usr/lib/x86_64-linux-gnu/pkgconfig/libgcj15.pc - libgcj-4.9.pc Switching from /usr/lib/pkgconfig/x86_64-linux-gnu/ to /usr/lib/x86_64-linux-gnu/pkgconfig/ will solve the problem. -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- debian/rules.orig 2015-02-14 10:44:11.0 +0100 +++ debian/rules 2015-02-14 10:43:37.0 +0100 @@ -700,8 +700,8 @@ /usr/share/java/libgcj-$(PV_GCJ).jar /usr/share/java/libgcj.jar ifeq ($(with_multiarch_lib),yes) dh_link -pgcj-jdk \ - /usr/lib/pkgconfig/$(DEB_HOST_MULTIARCH)/$(LIBGCJ_PC) \ - /usr/lib/pkgconfig/$(DEB_HOST_MULTIARCH)/libgcj.pc + /usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/$(LIBGCJ_PC) \ + /usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libgcj.pc else dh_link -pgcj-jdk \ /usr/lib/pkgconfig/$(LIBGCJ_PC) /usr/lib/pkgconfig/libgcj.pc
Bug#778364: unblock: glibc/2.19-15
Control: tags -1 d-i Hi, On Fri, Feb 13, 2015 at 09:11:20PM -0500, Michael Gilbert wrote: Please consider unblocking glibc. It fixes 5 security issues: https://security-tracker.debian.org/tracker/source-package/glibc unblock glibc/2.19-15 unblock-udeb glibc/2.19-15 Unblocked, but need d-i ack. Cheers, Ivo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775691: matplotlib: printf buffer overrun
how about using a delayed queue instead of having uploaded straight to unstable? On Sat, Feb 14, 2015 at 1:35 AM, Michael Gilbert mgilb...@debian.org wrote: Hi, I've uploaded an nmu fixing this issue. Please see attached patch. Best wishes, Mike -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778382: knews: [INTL:it] Italian translation of debconf messages
Package: knews Severity: wishlist Tags: patch l10n Hi. Please find attached the Italian translation of knews debconf messages proofread by the Italian localization team. Please include it in your next upload. Thanks, Beatrice # Italian translation of knews debdonf messages. # Copyright (C) 2014 knews package's copyright holder # This file is distributed under the same license as the knews package. # Beatrice Torracca beatri...@libero.it, 2015. msgid msgstr Project-Id-Version: knews\n Report-Msgid-Bugs-To: kn...@packages.debian.org\n POT-Creation-Date: 2007-11-12 10:53+\n PO-Revision-Date: 2015-02-14 13:42+0200\n Last-Translator: Beatrice Torracca beatri...@libero.it\n Language-Team: Italian debian-l10n-ital...@lists.debian.org\n Language: it\n MIME-Version: 1.0\n Content-Type: text/plain; charset=UTF-8\n Content-Transfer-Encoding: 8bit\n Plural-Forms: nplurals=2; plural=(n != 1);\n X-Generator: Virtaal 0.7.1\n #. Type: string #. Description #: ../templates:1001 msgid What news server should be used for reading and posting news? msgstr Quale server di newsgroup deve essere usato per leggere e inviare i messaggi? #. Type: string #. Description #: ../templates:1001 msgid knews is configured to read news via an NNTP connection, and needs to know the fully-qualified host name of the server (such as news.example.com). If you have a local news spool, you should consider installing some NNTP server like inn2; in that case, enter \localhost\ as your news server. msgstr knews è configurato per leggere i newsgroup attraverso una connessione NNTP e ha bisogno di sapere il nome host pienamente qualificato del server (come news.example.com). Se si ha uno spool di messaggi locale, si dovrebbe considerare l'installazione di un qualche server NNTP come inn2; in quel caso inserire «localhost» come server di newsgroup. #. Type: string #. Description #: ../templates:2001 msgid What is your system's mail name? msgstr Qual è il nome di posta del sistema? #. Type: string #. Description #: ../templates:2001 msgid Please enter the 'mail name' of your system. This is the hostname portion of the address to be shown on outgoing news and mail messages, and is used by many packages. msgstr Inserire il «nome di posta» del sistema. Questa è la porzione del nome host dell'indirizzo che deve essere mostrato nei messaggi in uscita per i newsgroup e per la posta ed è usato da molti pacchetti.
Bug#778380: update check-mk-server to 1.2.4p5
Package: check-mk-server Version: 1.2.2p3-1~bpo70+1 Hello, We are currently using the 1.2.2p3-1~bpo70+1 version of check-mk-server, however since, as indicated here [1], check-mk has a newer version, it would be great if you can update packate to 1.2.4p5. It has been released almost 1 year ago. Thanks, regards. [1] https://packages.qa.debian.org/c/check-mk.html
Bug#778381: macchanger: [INTL:it] Italian translation of debconf messages
Package: macchanger Severity: wishlist Tags: patch l10n Hi. Please find attached the Italian translation of macchanger debconf messages proofread by the Italian localization team. Please include it in your next upload. Thanks, Beatrice # Italian translation of macchanger debconf messages # Copyright (C) 2014 macchanger package's copyright holder. # This file is distributed under the same license as the macchanger package. # Beatrice Torracca beatri...@libero.it, 2015. msgid msgstr Project-Id-Version: macchanger\n Report-Msgid-Bugs-To: macchan...@packages.debian.org\n POT-Creation-Date: 2014-12-18 13:38+0100\n PO-Revision-Date: 2015-02-14 13:38+0200\n Last-Translator: Beatrice Torracca beatri...@libero.it\n Language-Team: Italian debian-l10n-ital...@lists.debian.org\n Language: it\n MIME-Version: 1.0\n Content-Type: text/plain; charset=UTF-8\n Content-Transfer-Encoding: 8bit\n Plural-Forms: nplurals=2; plural=(n != 1);\n X-Generator: Virtaal 0.7.1\n #. Type: boolean #. Description #: ../templates:1001 msgid Change MAC automatically? msgstr Cambiare MAC automaticamente? #. Type: boolean #. Description #: ../templates:1001 msgid Please specify whether macchanger should be set up to run automatically every time a network device is brought up or down. This gives a new MAC address whenever you attach an ethernet cable or reenable wifi. msgstr Specificare se macchanger debba essere impostato per l'esecuzione automatica ogni volta che un dispositivo di rete viene attivato o disattivato. Ciò fornisce un nuovo indirizzo MAC ogni volta che si inserisce un cavo Ethernet o si riattiva il Wi-Fi.
Bug#778385: lyskom-server: [INTL:it] Italian translation of debconf messages
Package: lyskom-server Severity: wishlist Tags: l10n patch Hi. Please find attached the Italian translation of lyskom-server debconf messages proofread by the Italian localization team. Please include it in your next upload. Thanks, Beatrice # Italian translation of lyskom-server debconf messagges # Copyright (C) 2014, the lyskom-server package's copyright holder # This file is distributed under the same license as the lyskom-server package. # Beatrice Torracca beatri...@libero.it, 2015. msgid msgstr Project-Id-Version: lyskom-server\n Report-Msgid-Bugs-To: pet...@debian.org\n POT-Creation-Date: 2007-05-19 22:49+0100\n PO-Revision-Date: 2015-02-14 13:37+0200\n Last-Translator: Beatrice Torracca beatri...@libero.it\n Language-Team: Italian debian-l10n-ital...@lists.debian.org\n Language: it\n MIME-Version: 1.0\n Content-Type: text/plain; charset=UTF-8\n Content-Transfer-Encoding: 8bit\n Plural-Forms: nplurals=2; plural=(n != 1);\n X-Generator: Virtaal 0.7.1\n #. Type: select #. Choices #: ../lyskom-server.templates:1001 msgid English, Swedish msgstr Inglese, Svedese #. Type: select #. Default #. Do not translate this field. You may change the default value to #. one of the allowed values, however: English or Swedish. #: ../lyskom-server.templates:1002 msgid English msgstr English #. Type: select #. Description #: ../lyskom-server.templates:1003 msgid Select the language of the initial database: msgstr Selezionare la lingua per il database iniziale: #. Type: select #. Description #: ../lyskom-server.templates:1003 msgid The LysKOM server comes with two pre-defined databases, one with English names for conferences and the administrator account, and one in Swedish. Please select the one you want to install on your machine. msgstr Il server LysKOM viene fornito con due database, uno con i nomi in inglese per le conferenze e l'account di amministrazione e uno in svedese. Selezionare quello da installare sulla macchina. #. Type: select #. Description #: ../lyskom-server.templates:1003 msgid The database is only installed once, and when you have installed it you cannot switch. You can, of course, rename the conferences and accounts if you wish. msgstr Il database viene installato una sola volta e una volta installato non può essere cambiato. Si può, ovviamente, cambiare il nome delle conferenze e degli account a proprio piacimento.
Bug#777195: [squid3] tcp_outgoing_address ignored
On Fri, 6 Feb 2015 11:45:05 +0500 Roman Mamedov wrote: Hello, On some occasions I was using the directive tcp_outgoing_address 0.0.0.0 to force Squid on a dual-stack host to be IPv4-only. This works fine on 3.1.20-2.2+deb7u2 currently in Wheezy. That behaviour was a bug. It caused Squid to use :::0.0.0.0 on the connections it made to IPv6 hosts. In dual-stack machines that is sometimes an alias-IP for localhost. The forwarding loop this sets up inside the TCP stack goes to a port which is probably closed on your machine. But not necesarily. However, this directive is ignored on the 3.4 version from backports. Even setting tcp_outgoing_address [actual IPv4 address of the host] does not help, Squid still makes outgoing connections from IPv6 as well. The bug above was fixed in Squid-3.2. IPv4 outgoing addresses are only used for outgoing IPv4 connections. IPv6 outgoing addresses are only used for outgoing IPv6 connections. Amos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778374: [pkg-horde] Bug#778374: php5 5.6.5 fully breaks Horde packages in Debian jessie
Hi, The attached patch against php5 allows Horde to start again. With that patched php5 version on my Debian jessie system, IMP (Horde's mail client) seems to work ok again. However, I also see regressions in Kronolith (calenadaring tool), Turba (address book) and Nag (task planner). I will investigate this further later today. Just a short update notice. After having given my Horde instance some time to recover (invalidate cashes and such stuff), the complete Horde system is back in play and works nicely with my patch 5.6.5. Please dearly consider reverting my sent-in patch in the current php5 version in jessie/unstable. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpW_5gdsSqAD.pgp Description: Digitale PGP-Signatur
Bug#778370: unblock: graphicsmagick/1.3.20-3+deb8u1
On Sat, Feb 14, 2015 at 12:41 PM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On Sat, 2015-02-14 at 09:24 +0100, László Böszörményi wrote: Please unblock the recent upload of graphicsmagick, which fixes CVE-2014-8355, bug #778238 [1]. Why is a fix via unstable versioned as -3+deb8u1? That should have just been -4. -4 exists in experimental. Unblocked. Thanks, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777540: policy violation in libhtp
* Ralph J.Mayer: Should I also file a bug against lintian to remove the upstream soname version is not correct override? No, the wrong override that hides the problem from Lintian is part of the libhtp source package itself: ,[ libhtp-0.5.15/debian/overrides/libhtp1 ] | # upstream soname version is not correct ... | libhtp1: package-name-doesnt-match-sonames libhtp-0.5.15-1 ` Cheers, -Hilko -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue
forwarded 778367 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243 tags 778367 + moreinfo thanks Hi, Michael Gilbert wrote: Note that the versions mentioned in the advisory are really old (freebsd 5.4), but unfortunately there aren't enough details yet to actually check. There are barely any details at all: http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000134.html It is an issue in the handling of the TCP session timer, which may lead to a denial-of-service. When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur. https://jvn.jp/en/jp/JVN07930208/index.html This JVN publication was delayed to 2014/11/21 after developer fixes were developed; only a few proprietary systems are mentioned as 'not vulnerable'. On the day of publication, the FreeBSD bug was opened by a third party with still no additional details. It doesn't seem that JVN notified OpenBSD either. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776747: iceweasel: cannot reproduce
Control: severity -1 important Hi, I've installed Iceweasel 35.0.1-1 this morning, and so far I didn't get a single crash. I believe the severity of this should be downgraded to, at least important (as it doesn't affect everyone). Please be aware that this bug shows up from apt-listbugs when upgrading Iceweasel (hence my request of lowering the severity). Thanks, Claudio Control: severity -1 importantHi,Ive installed Iceweasel 35.0.1-1 this morning, and so far I didnt get a single crash.I believe the severity of this should be downgraded to, at least important (as it doesnt affect everyone).Please be aware that this bug shows up from apt-listbugs when upgrading Iceweasel (hence my request of lowering the severity).Thanks,Claudio signature.asc Description: Digital signature
Bug#778352: (pre-approval) unblock: xymon/4.3.17-6
Hi Adam, Adam D. Barratt wrote: I've just uploaded xymon/4.3.17-6 to DELAYED/15 (see https://ftp-master.debian.org/deferred.html) with: [...] As soon as I've got your approval for the debdiff below, I'll fast-forward the upload to unstable. Please go ahead, and Thanks! Rescheduled. remove the moreinfo tag once that's been done. Will remove it as soon as I got the ACCEPTED mail. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778383: flashybrid: [INTL:it] Italian translation of debconf messages
Package: flashybrid Severity: wishlist Tags: l10n patch Hi. Please find attached the Italian translation of flashybrid debconf messages proofread by the Italian localization team. Please include it in your next upload. Thanks, Beatrice # Italian translation of flashybrid debconf messages. # Copyright (C) 2014 flashybrid package's copyright holder # This file is distributed under the same license as the flashybrid package. # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # Developers do not need to manually edit POT or PO files. # Beatrice Torracca beatri...@libero.it, 2015. msgid msgstr Project-Id-Version: flashybrid\n Report-Msgid-Bugs-To: \n POT-Creation-Date: 2011-12-30 09:38+0100\n PO-Revision-Date: 2015-02-14 13:43+0200\n Last-Translator: Beatrice Torracca beatri...@libero.it\n Language-Team: Italian debian-l10n-ital...@lists.debian.org\n Language: it\n MIME-Version: 1.0\n Content-Type: text/plain; charset=UTF-8\n Content-Transfer-Encoding: 8bit\n Plural-Forms: nplurals=2; plural=(n != 1);\n X-Generator: Virtaal 0.7.1\n #. Type: note #. Description #: ../templates:1001 msgid Note about removal of flashybrid package msgstr Nota sulla rimozione del pacchetto flashybrid #. Type: note #. Description #: ../templates:1001 msgid Please be warned, this package changes the way your system behaves in a really intrusive way. This package is not enabled by default so it should not make any problems by just installing it. If you want to enable it, please read the documentation. msgstr Tenere bene a mente che questo pacchetto cambia in maniera molto invasiva il modo in cui il sistema si comporta. Questo pacchetto non è abilitato in modo predefinito perciò non si dovrebbero creare problemi con la sola installazione. Se si desidera abilitarlo, leggere la documentazione. #. Type: note #. Description #: ../templates:1001 msgid If you want to remove this package, you should first disable it, boot the machine, and ONLY WHEN THE MACHINE HAS BEEN REBOOTED WITHOUT FLASHYBRID RUNNING YOU CAN REMOVE THE PACKAGE ITSELF. If you do not to do it this way, you can potentially lose data (things like configuration files in /etc/ will not get synced to the real drive, stay only in the tmpfs and lost on reboot). msgstr Se si desidera rimuovere questo pacchetto, è necessario prima disabilitarlo, riavviare la macchina e SOLO DOPO CHE LA MACCHINA È STATA RIAVVIATA SENZA L'ESECUZIONE DI FLASHYBRID SI PUÒ RIMUOVERE IL PACCHETTO STESSO. Se non si procede in questo modo si possono potenzialmente avere perdite di dati (cose come file di configurazione in /etc/ non verranno sincronizzate con il dispositivo reale, rimarranno solo nel tempfs e verranno perse al riavvio). #. Type: note #. Description #: ../templates:1001 msgid Please read the Debian documentation found in /usr/share/doc/flashybrid/ specially README.Debian msgstr Leggere la documentazione Debian in /usr/share/doc/flashybrid/ specialmente README.Debian
Bug#778384: fookebox: [INTL:it] Italian translation of debconf messages
Package: fookebox Severity: wishlist Tags: l10n patch Hi. Please find attached the Italian translation of fookebox debconf messages proofread by the Italian localization team. Please include it in your next upload. Thanks, Beatrice # Italian translation of fookebox debconf messages # Copyright (C) 2014 fookebox package's copyright holder # This file is distributed under the same license as the fookebox package. # Beatrice Torracca beatri...@libero.it, 2015. msgid msgstr Project-Id-Version: fookebox\n Report-Msgid-Bugs-To: fooke...@packages.debian.org\n POT-Creation-Date: 2014-11-02 06:06+0100\n PO-Revision-Date: 2015-01-23 08:34+0200\n Last-Translator: Beatrice Torracca beatri...@libero.it\n Language-Team: Italian debian-l10n-ital...@lists.debian.org\n Language: it\n MIME-Version: 1.0\n Content-Type: text/plain; charset=UTF-8\n Content-Transfer-Encoding: 8bit\n Plural-Forms: nplurals=2; plural=(n != 1);\n X-Generator: Virtaal 0.7.1\n #. Type: boolean #. Description #: ../templates:1001 msgid Remove old fookebox database? msgstr Rimuovere il vecchio database di fookebox? #. Type: boolean #. Description #: ../templates:1001 msgid Previous versions of fookebox used a database to store schedule information. This database is no longer used and can be safely removed. msgstr Le versioni precedenti di fookebox usavano un database per memorizzare le informazioni sulla pianificazione. Questo database non è più usato e può essere rimosso senza problemi.
Bug#775116: openntpd: Can't remove or purge package
Hi,
I did a quick test with the following changes to deb-systemd-helper
--- deb-systemd-helper.dist 2015-02-14 10:38:45.058351945 +0100
+++ deb-systemd-helper 2015-02-14 11:10:24.550995696 +0100
@@ -325,7 +325,7 @@
if (is_purge() || -l $link) {
my $link_state = $link;
$link_state =~ s,^/etc/systemd/system/,$enabled_state_dir/,;
-unlink($link_state);
+unlink($link_state) if -l $link_state;
}
next unless -l $link;
@@ -386,8 +386,12 @@
}
make_path(dirname($mask_link));
-symlink('/dev/null', $mask_link) or
-error(unable to link $mask_link to /dev/null: $!);
+if (-l $mask_link) {
+ debug $mask_link exists;
+ unlink ($mask_link) or error(unable to unlink $mask_link: $!);
+}
+symlink(/dev/null, $mask_link) or
+ error(unable to link $mask_link to /dev/null: $!);
$changed_sth = 1;
my $statefile = $mask_link;
Now the openntpd package purged. I do not know if this is a correct fix or
if something else is needed.
/Jörgen
On Wed, Jan 14, 2015 at 9:09 PM, Dererk der...@debian.org wrote:
On 11/01/15 14:01, Jörgen Tegnér wrote:
Package: openntpd
Version: 20080406p-10
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where
appropriate ***
* What led up to the situation?
I wished to use ntpd instead of openntpd
* What exactly did you do (or not do) that was effective (or
ineffective)?
apt-get purge openntpd
* What was the outcome of this action?
#aot-get purge openntpd
0 upgraded, 0 newly installed, 1 to remove and 559 not upgraded.
1 not fully installed or removed.
After this operation, 201 kB disk space will be freed.
Do you want to continue? [Y/n]
(Reading database ... 263377 files and directories currently installed.)
Removing openntpd (20080406p-10) ...
/usr/bin/deb-systemd-helper: error: unable to link
/etc/systemd/system/openntpd.service to /dev/null: File exists
dpkg: error processing package openntpd (--remove):
subprocess installed post-removal script returned error exit status 1
Errors were encountered while processing:
openntpd
E: Sub-process /usr/bin/dpkg returned an error code (1)
* What outcome did you expect instead?
package purged
*** End of the template - remove these template lines ***
Hi JörgenTegnér!
Thanks for contributing and reporting this issue!
At first glance, It appears to be an issue with the dh_systemd helpers
at postrm scripts, let me dig a little bit into it and confirm.
Thanks,
Dererk
--
BOFH excuse #55:
Plumber mistook routing panel for decorative wall fixture
Bug#778351: unblock: isc-dhcp/4.3.1-6
Control: tags -1 + confirmed d-i On Fri, 2015-02-13 at 16:54 -0500, Michael Gilbert wrote: Please consider unblocking isc-dhcp. It fixes a regression in init script error handling (bug #755834, unfortunate bug # typo in the changelog). Done. There are no changes to the udebs. Nevertheless, it still needs an ack. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778352: (pre-approval) unblock: xymon/4.3.17-6
Control: tags -1 + confirmed moreinfo On Fri, 2015-02-13 at 23:12 +0100, Axel Beckert wrote: Upstream recently fixed two memory leaks in xymond, xymon's main daemon. Without these fixes leakages of 2 GB memory per day have been observed under production conditions. I've just uploaded xymon/4.3.17-6 to DELAYED/15 (see https://ftp-master.debian.org/deferred.html) with: [...] As soon as I've got your approval for the debdiff below, I'll fast-forward the upload to unstable. Please go ahead, and remove the moreinfo tag once that's been done. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689083: [Pkg-phototools-devel] Bug#689083: libgphoto2-2-dev is not Multi-Arch compatible
On Thu, 12 Feb 2015 23:39:42 +0100
Francois Gouget fgou...@free.fr wrote:
Package: libgphoto2-dev
Version: 2.5.4-1.1+b2
Followup-For: Bug #689083
Dear Maintainer,
Hi Francois,
Here is a proposed patch to make it possible to make libgphoto2-dev as
Multi-Arch: same.
The trick is that on Debian it's not necessary to use -L to link with
libraries that
are in /usr/lib/triplet. This means it should be ok to remove this option
from the
xxx-config scripts which in turn solves the conflict for libgphoto2-dev.
Is that approach ok?
Thanks for the patches.
I'm working on next Debian package(2.5.7) and maybe those scripts will not
be part of the package. We can use pkg-config to do the job and as in
libgphoto2-2.5.7/README.packaging:
...we consider this mechanism obsolete.
I'm checking with my sponsor.
regards,
Herbert
diff -ur a/debian/control b/debian/control
--- a/debian/control 2014-08-25 21:47:22.0 +0200
+++ b/debian/control 2015-02-12 23:10:00.414367888 +0100
@@ -30,6 +30,7 @@
Package: libgphoto2-dev
Section: libdevel
Architecture: any
+Multi-Arch: same
Depends:
libgphoto2-6 (= ${binary:Version})
, libexif-dev
diff -ur a/debian/patches/series b/debian/patches/series
--- a/debian/patches/series 2014-01-06 01:37:00.0 +0100
+++ b/debian/patches/series 2015-02-12 23:23:08.251291406 +0100
@@ -1,3 +1,4 @@
#10_disable_cache
#11_hurd_no_path_max_bsdsource
+30_multiarch.patch
kFreeBSD-ENODATA.patch
--- /dev/null 2015-01-27 12:27:17.181130653 +0100
+++ b/debian/patches/30_multiarch.patch 2015-02-12 23:22:24.959450232
+0100
@@ -0,0 +1,40 @@
+--- a/gphoto2-config.in
b/gphoto2-config.in
+@@ -2,7 +2,7 @@
+
+ # leave these definitions here
+ # they are required for correct interpolation of
+-# @libdir@ and @includedir@ later on
++# libdir and includedir later on
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+
+@@ -59,7 +59,7 @@
+ ;;
+
+ --libs)
+-echo -L@libdir@ -lgphoto2 -lgphoto2_port -lm
++echo -lgphoto2 -lgphoto2_port -lm
+ ;;
+
+ *)
+--- a/libgphoto2_port/gphoto2-port-config.in
b/libgphoto2_port/gphoto2-port-config.in
+@@ -2,7 +2,7 @@
+
+ # leave these definitions here
+ # they are required for correct interpolation of
+-# @libdir@ and @includedir@ later on
++# libdir and includedir later on
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+
+@@ -59,7 +59,7 @@
+ ;;
+
+ --libs)
+-echo -L@libdir@ -lgphoto2_port
++echo -lgphoto2_port
+ ;;
+
+ *)
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libgphoto2-dev depends on:
ii libexif-dev 0.6.21-2
ii libgphoto2-6 2.5.4-1.1+b2
ii pkg-config0.28-1
libgphoto2-dev recommends no packages.
libgphoto2-dev suggests no packages.
-- no debconf information
___
Pkg-phototools-devel mailing list
pkg-phototools-de...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
--
Herbert Parentes Fortes Neto (hpfn)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778377: 2.4 regression: /etc/zabbix/zabbix_*.conf.d is ignored
Package: zabbix_agent Version: 2.4.3+dfsg-1 Since 2.4 it seems that the /etc/zabbix/zabbix_*.conf.d directories are silently ignored. Thats pretty painful, esp. for the upgrade of the zabbix_agent package: I have to edit zabbix_agentd.conf on each and every client. Its a lot of work, and it gives me a dirty config file on the next upgrade. I would suggest to use Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf Same goes for zabbix_proxy* and zabbix_server* Thanx in advance. Keep on your good work Harri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778349: pre-approval request - unblock: python-softlayer/3.2.0-2
Control: tags -1 + confirmed moreinfo On Fri, 2015-02-13 at 16:45 -0500, Scott Kitterman wrote: RC bug fix. Requesting approval before upload since I propose including also a fix for an important bug as well as changes related to the new maintainer. The last is administrative, but given I'm doing an upload it seemed better to include it so Jessie users know who the maintainer is. The important bug fix is just renaming the postinst/prerm so they acutally get used. There's no changes in the contents of the file. +python-softlayer (3.2.0-2) unstable; urgency=medium + + * Fix docopt version in requires to SL will start (Closes: #778344) + * Fix python-softlayer postinst/postrm file names to that alternatives works [...] +++ python-softlayer-3.2.0/debian/patches/docopt-versions.patch 2015-02-13 16:30:31.0 -0500 @@ -0,0 +1,17 @@ +Description: Fix docopt version in requires to SL will start (Closes: #778344) s/ to / so /g Please go ahead, and remove the moreinfo tag once the package is in unstable. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778352: (pre-approval) unblock: xymon/4.3.17-6
Control: tags -1 - moreinfo Hi, the upload reached unstable: https://packages.qa.debian.org/x/xymon/news/20150214T123351Z.html Adam D. Barratt wrote: Please go ahead, and remove the moreinfo tag once that's been done. Done herewith. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777681: slapd deleting attributes fills mdb backend
found 777681 2.4.31-1+nmu2 notfound 777681 2.4.31+really2.4.40-3~bpo70+1 thanks Yes, I messed up with the first testing. I could not reproduce the problem with 2.4.40 only with 2.4.31 and 2.4.39 Knowing this I think there is no point in asking it on openldap-technical, as their opinion is usually use the lastest stable. Dancsa On 02/11/2015 11:03 PM, GALAMBOS Daniel wrote: I done some more testing, built from upstream git branch OPENLDAP_REL_ENG_2_4 tag OPENLDAP_REL_ENG_2_4_40 with config options: ./configure --with-tls=gnutls --enable-ppolicy=yes --enable-overlays=yes I could not reproduce the problem with these. 2.4.39 reproducibly has the problem (we recompiled on wheezy the jessie's openldap when -backports didn't have slapd yet) I couldn't make wheezy-backports version of slapd to fail like afternoon. Maybe I missed something afternoon when changed the installed versions on the test box, or maybe some lib stuck then. I'll clone a fresh VM and test again. Dancsa On 02/11/2015 05:49 PM, Ryan Tandy wrote: Hi, Sorry, I don't know LMDB well enough to answer your question. I recommend asking on the openldap-technical list. I guess they'll suggest simply increasing the mapsize, but it would be interesting to know whether this is expected and what causes it. You may want to try building the OPENLDAP_REL_ENG_2_4 upstream git branch (2.4.41 release candidate) to see if it has the same behaviour. thanks, Ryan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778366: unblock: kfreebsd-10/10.1~svn274115-2
Hi,
Michael Gilbert wrote:
Please consider unblocking kfreebsd-10. It fixes 2 security issues:
https://security-tracker.debian.org/kfreebsd-10
A debdiff is attached.
The other change is to limit the arch-dep packages to kfreebsd-any
(which was forgotten in the previous upload).
Thanks,
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
diff -Nru kfreebsd-10-10.1~svn274115/debian/changelog
kfreebsd-10-10.1~svn274115/debian/changelog
--- kfreebsd-10-10.1~svn274115/debian/changelog 2014-12-28 11:41:23.0
+
+++ kfreebsd-10-10.1~svn274115/debian/changelog 2015-01-28 01:18:06.0
+
@@ -1,3 +1,16 @@
+kfreebsd-10 (10.1~svn274115-2) unstable; urgency=high
+
+ * Pick SVN r277808 from FreeBSD 10.1-RELEASE to fix:
+- SA-15:02: SCTP SCTP_SS_VALUE kernel memory corruption and
+ disclosure vulnerability (CVE-2014-8612) (Closes: #776415)
+- SA-15:03: SCTP stream reset vulnerability (CVE-2014-8613)
+ (Closes: #776416)
+ * Build kernel images only on kfreebsd-any arches, so that any
+security or other RC-severity kernel bugs will not affect the
+official jessie release
+
+ -- Steven Chamberlain ste...@pyro.eu.org Tue, 27 Jan 2015 20:02:52 +
+
kfreebsd-10 (10.1~svn274115-1) unstable; urgency=medium
[ Steven Chamberlain ]
@@ -6,9 +19,6 @@
(CVE-2014-8476) (Closes: #768108)
* Replace non-DFSG-free ar9300_devid.h with a 3-clause BSD substitute
derived from Linux ath9k driver (Closes: #767583)
- * Build kernel images only on kfreebsd-any arches, so that any
-security or other RC-severity kernel bugs will not affect the
-official jessie release
[ Christoph Egger ]
* Upload to unstable
diff -Nru kfreebsd-10-10.1~svn274115/debian/control
kfreebsd-10-10.1~svn274115/debian/control
--- kfreebsd-10-10.1~svn274115/debian/control 2014-10-20 22:19:28.0
+0100
+++ kfreebsd-10-10.1~svn274115/debian/control 2015-01-27 20:40:49.0
+
@@ -51,7 +51,7 @@
Package: kfreebsd-image-10.1-0-amd64
-Architecture: any-amd64
+Architecture: kfreebsd-amd64
Depends: ${misc:Depends},
freebsd-utils (= 8.1-5) [kfreebsd-any], kldutils (= 7.1) [kfreebsd-any],
devd [kfreebsd-any] | freebsd-utils ( 8.2+ds2-9) [kfreebsd-any],
@@ -79,7 +79,7 @@
This package is compiled for a amd64-class machine.
Package: kfreebsd-image-10-amd64
-Architecture: any-amd64
+Architecture: kfreebsd-amd64
Depends: kfreebsd-image-10.1-0-amd64, ${misc:Depends}
Description: kernel of FreeBSD 10 image (meta-package)
This package depends on the latest binary image for kernel of FreeBSD 10 on
@@ -496,7 +496,7 @@
This package contains zlib modules.
Package: kfreebsd-image-10.1-0-486
-Architecture: any-i386
+Architecture: kfreebsd-i386
Depends: ${misc:Depends},
freebsd-utils (= 8.1-5) [kfreebsd-any], kldutils (= 7.1) [kfreebsd-any],
devd [kfreebsd-any] | freebsd-utils ( 8.2+ds2-9) [kfreebsd-any],
@@ -524,7 +524,7 @@
This package is compiled for a 486-class machine.
Package: kfreebsd-image-10-486
-Architecture: any-i386
+Architecture: kfreebsd-i386
Depends: kfreebsd-image-10.1-0-486, ${misc:Depends}
Description: kernel of FreeBSD 10 image (meta-package)
This package depends on the latest binary image for kernel of FreeBSD 10 on
@@ -549,7 +549,7 @@
486-class machines.
Package: kfreebsd-image-10.1-0-686
-Architecture: any-i386
+Architecture: kfreebsd-i386
Depends: ${misc:Depends},
freebsd-utils (= 8.1-5) [kfreebsd-any], kldutils (= 7.1) [kfreebsd-any],
devd [kfreebsd-any] | freebsd-utils ( 8.2+ds2-9) [kfreebsd-any],
@@ -577,7 +577,7 @@
This package is compiled for a 686-class machine.
Package: kfreebsd-image-10-686
-Architecture: any-i386
+Architecture: kfreebsd-i386
Depends: kfreebsd-image-10.1-0-686, ${misc:Depends}
Description: kernel of FreeBSD 10 image (meta-package)
This package depends on the latest binary image for kernel of FreeBSD 10 on
@@ -602,7 +602,7 @@
686-class machines.
Package: kfreebsd-image-10.1-0-xen
-Architecture: any-i386
+Architecture: kfreebsd-i386
Depends: ${misc:Depends},
freebsd-utils (= 8.1-5) [kfreebsd-any], kldutils (= 7.1) [kfreebsd-any],
devd [kfreebsd-any] | freebsd-utils ( 8.2+ds2-9) [kfreebsd-any],
@@ -630,7 +630,7 @@
This package is compiled for a xen-class machine.
Package: kfreebsd-image-10-xen
-Architecture: any-i386
+Architecture: kfreebsd-i386
Depends: kfreebsd-image-10.1-0-xen, ${misc:Depends}
Description: kernel of FreeBSD 10 image (meta-package)
This package depends on the latest binary image for kernel of FreeBSD 10 on
diff -Nru kfreebsd-10-10.1~svn274115/debian/patches/SA-15_02.kmem.patch
kfreebsd-10-10.1~svn274115/debian/patches/SA-15_02.kmem.patch
--- kfreebsd-10-10.1~svn274115/debian/patches/SA-15_02.kmem.patch
1970-01-01 01:00:00.0 +0100
+++ kfreebsd-10-10.1~svn274115/debian/patches/SA-15_02.kmem.patch
2015-01-27 20:37:34.0 +
@@ -0,0 +1,51 @@
+Description:
+ Fix SCTP SCTP_SS_VALUE kernel memory corruption and
+
Bug#778408: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: newlib Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775456: applying into debian-edu
Hello David, David Prévot a écrit : [...] On Fri, Jan 16, 2015 at 12:11:08PM +0100, Georges Khaznadar wrote: I am enthusiastic about your ITP. If I can help, please tell me! Thanks, do not hesitate to apply into Debian Edu team membership on Alioth, where I initially intend to share the packaging work (I’m of course open to other ideas), if you’re not already there. I’d like to recycle as much work as possible from the initial intent by Miriam and Mike, and rebase it on the latest upstream version, then we may share the various packaging bits (license checking, code patching for DFSG-compliance, make it actually buildable and usable, test it, etc.) I am subscribing my e-mail address to debian-...@lists.debian.org ... then, what next ? Feel free to forward this e-mail to any person able to help me to join Debian Edu team. Best regards, Georges. -- Georges KHAZNADAR et Jocelyne FOURNIER 22 rue des mouettes, 59240 Dunkerque France. Téléphone +33 (0)3 28 29 17 70 signature.asc Description: Digital signature
Bug#771944: closed by Michael Gilbert mgilb...@debian.org (Re: Bug#771944: Following FusionForge 5.3 stable branch)
On Sat, Feb 14, 2015 at 8:24 AM: You got it all wrong. So other than the typo s/font/fusion/, I don't really understand that statement. There were two unstable fusionforge uploads post-freeze that were in fact accepted into testing [0], and there are no other proposed changes currently to review, so I'm not sure what you're asking for. If you want more changes to be considered, don't they need to be uploaded first? In that case, now is quite late. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777573: alsa-base: Sound works, then stops working
* Tim Dowd mrdowdsouthmo...@gmail.com [2015-02-14 09:21 -0600]: Please close this bug. It was a fault with a component in my audio system. Apologies for the trouble. Bug closed hereby. Elimar -- what IMHO then? IMHO - Inhalation of a Multi-leafed Herbal Opiate ;) --posting from alex in debian-user-- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778391: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: llvm-toolchain-3.4 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778400: okular: Filename suggestion in Save As dialog truncates filenames ending in '?.pdf'
Package: okular Version: 4:4.14.2-2 Severity: normal Dear Maintainer, * What led up to the situation? 1) Open a PDF document the filename of which ends in the ?.pdf sequence, for example: 'What do?.pdf'. 2) Select the FileSave As command. 3) The filename suggestion is being truncated to What do. * What outcome did you expect instead? In the case of any other filename that is not ending in ?.pdf, the filename suggestion is the original filename of the opened document. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages okular depends on: ii kde-runtime 4:4.13.3-1 ii libc6 2.19-13 ii libfreetype62.4.9-1.1 ii libjpeg62-turbo 1:1.3.1-11 ii libkactivities6 4:4.13.3-1 ii libkdecore5 4:4.14.2-4 ii libkdeui5 4:4.14.2-4 ii libkexiv2-114:4.14.0-1+b1 ii libkio5 4:4.14.2-4 ii libkparts4 4:4.14.2-4 ii libkprintutils4 4:4.14.2-4 ii libkpty44:4.14.2-4 ii libokularcore5 4:4.14.2-2 ii libphonon4 4:4.7.2-1 ii libpoppler-qt4-40.26.5-1+b1 ii libqca2 2.0.3-6 ii libqimageblitz4 1:0.0.6-4 ii libqmobipocket1 4:4.12.2-2 ii libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-declarative 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-svg 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-2+b1 ii libsolid4 4:4.14.2-4 ii libspectre1 0.2.7-2 ii libstdc++6 4.9.2-9 ii phonon 4:4.7.2-1 ii zlib1g 1:1.2.8.dfsg-2+b1 okular recommends no packages. Versions of packages okular suggests: ii ghostscript9.06~dfsg-2 pn jovie none ii okular-extra-backends 4:4.14.2-2 ii poppler-data 0.4.7-1 ii texlive-binaries 2014.20140926.35254-2 ii unrar 1:5.2.5-1 -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778401: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: knews Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778398: [pkg-xtuple-maintainers] Bug#778398: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Thanks for reporting this. I'm not able to look at the issue this weekend. Can you please let me know if it has been reported upstream or if you have a moment could you file the report in the upstream bug tracker at http://www.xtuple.org ? I don't believe the package is in stable, but it is in testing and backports On 14/02/15 15:30, Luciano Bello wrote: Package: openrpt Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano ___ pkg-xtuple-maintainers mailing list pkg-xtuple-maintain...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xtuple-maintainers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778404: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: ptlib Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778405: wrong version used for BUILD_USING lookup
Package: gcc-arm-none-eabi
Version: 4.8.3-9+11
Severity: normal
Hi,
I'm trying to build gcc-arm-none-eabi using gcc-4.9-source. The
debian/rules files nicely defines GCC_VERSION at the top and I thought
that would be all that I need to change. But a few lines later the
BUILT_USING lookup has gcc-4.8-source hardcoded instead of using
gcc-$(GCC_VERSION)-source. The attached patch fixes that.
MfG
Goswin
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages gcc-arm-none-eabi depends on:
ii binutils-arm-none-eabi 2.24.51.20140604-3+5
ii libc6 2.19-13
ii libcloog-isl4 0.18.2-1+b2
ii libgcc1 1:4.9.2-2
ii libgmp102:6.0.0+dfsg-6
ii libisl100.12.2-2
ii libmpc3 1.0.2-2
ii libmpfr43.1.2-3
ii libstdc++6 4.9.2-2
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages gcc-arm-none-eabi recommends:
pn libnewlib-arm-none-eabi none
gcc-arm-none-eabi suggests no packages.
-- no debconf information
--- debian/rules.old 2015-02-14 15:57:48.452778015 +0100
+++ debian/rules 2015-02-14 15:57:17.524797134 +0100
@@ -19,7 +19,7 @@
deb_version := $(source_version)+$(shell dpkg-parsechangelog | sed -ne s/^Version: \(.*\)/\1/p)
deb_upstream_version := $(shell echo $(deb_version) | cut -d- -f1)
base_version := $(shell echo $(deb_version) | sed -e 's/\([1-9]\.[0-9]\).*-.*/\1/')
-BUILT_USING := $(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W gcc-4.8-source)
+BUILT_USING := $(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W gcc-$(GCC_VERSION)-source)
upstream_dir=gcc-$(deb_upstream_version)
Bug#776412: Report upstream
I believe it's an upstream issue, i created the following issue; https://code.google.com/p/chromium/issues/detail?can=2q=colspec=ID%20Pri%20M%20Week%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modifiedid=458780thanks=458780ts=1423926891 Sylvain -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778386: Main Menu: unable to move up/down items
Package: gnome-menus Version: 3.4.2-5 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? Go to panel menu Applications: Choose Accessories - Main Menu In the middle part of window Main Menu you get listed items. If you highlight an item via mouse-click, buttons Move Up, Move Down get enabled. * What exactly did you do (or not do) that was effective (or ineffective)? Activating buttons Move Up or Move Down by mouse-click has no effect. * What was the outcome of this action? Activating buttons Move Up or Move Down by mouse-click has no effect. * What outcome did you expect instead? Highlighted item should move up or down within the list of items when button Move Up or button Move Down is pressed. *** End of the template - remove these lines *** -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnome-menus depends on: ii dpkg1.16.15 ii python 2.7.3-4+deb7u1 gnome-menus recommends no packages. gnome-menus suggests no packages. -- no debconf information
Bug#777893: gyoto: ftbfs with GCC-5
Hi, It's easy to get Gyoto to compile with gcc 5: simply add -P to CPPFLAGS. The configure script will be fixed upstream in the next release. By the way, does a-one (reading this bug) know whether -P is safe, i.e. accepted by all the relevant C preprocessors? I don't intend on pushing any new version during the freeze, except for RC bugs. Kind regards, Thibaut. signature.asc Description: OpenPGP digital signature
Bug#778388: ccache: scanner confused by comment signs in strings
Package: ccache Version: 3.1.10-1 Severity: normal i have this fine piece of code: *outStr += fL1S( /* \\u) + QString::number(maskedTok, 16) + fL1S( */); if i change anything between the /* parts, ccache will think that nothing changed ... even though the comment chars are obviously quoted, so they do not denote a section that is irrelevant for comparison. as expected, the problem goes away when the line is changed to: *outStr += fL1S( /* \\u) + QString::number(maskedTok, 16) + fL1S( */); -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ccache depends on: ii libc6 2.19-7 ii zlib1g 1:1.2.8.dfsg-1 ccache recommends no packages. Versions of packages ccache suggests: pn distcc none -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774333: sane plustek backend not working
tags 774333 - moreinfo tags 774333 sane-backends/1.0.25+git20150102-1 thanks Hello Mark, hello Jeremy, many thanks for your testing. So I can close this bug. CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54526 Niederkail Threema: SYR8SJXB IRC: j_...@freenode.net j_...@oftc.net My wish list: - Please send me a picture from the nature at your home. signature.asc Description: This is a digitally signed message part
Bug#778389: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: php5 Severity: important Tags: security The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778398: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: openrpt Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778407: ITP: golang-glog -- Leveled execution logs for Go
Package: wnpp Severity: wishlist Owner: Martín Ferrari tin...@debian.org * Package name: golang-glog Version : 0.1~git20150214.44145f0 Upstream Author : Google Inc. * URL : https://github.com/golang/glog * License : Apache-2.0 Programming Lang: Go Description : Leveled execution logs for Go This is an efficient pure Go implementation of leveled logs in the manner of the open source C++ package http://code.google.com/p/google-glog -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778414: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: efl Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778396: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: cups Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778397: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: librcsb-core-wrapper Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778394: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: llvm-toolchain-snapshot Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778395: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: haskell-regex-posix Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778403: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: vnc4 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774428: unblock: simpleburn/1.7.0-2
On 14.02.2015 11:52 AM, John Paul Adrian Glaubitz wrote: On 02/11/2015 12:34 AM, Mehdi Dogguy wrote: Looks like a sensible plan. Can we help to make that happen? Sure. I am just waiting for Mateusz to make another upload to mentors. Mateusz, ping? Otherwise I'd be happy to NMU. I think now it's done: http://mentors.debian.net/debian/pool/main/s/simpleburn/simpleburn_1.7.0-3.dsc Mateusz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: clamav Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776172: vlc: crash (segmentation fault) on a webm file
Control: tags -1 + unreproducible Control: severity -1 normal On 2015-02-14 00:58:27, Vincent Lefevre wrote: On 2015-01-25 02:18:52 +0100, Sebastian Ramacher wrote: Does avprobe / avplay crash too? I couldn't reproduce the crash with it. But I could reproduce the crash with VLC only be playing the file faster: $ vlc Nosferatu_a_Venezia_-_Pelicula_Completa_audio_espa_ol.webm then Playback → Speed → Faster, done 2 or 3 times. The crash occurs almost immediately or no more than 20 seconds later. Note: for some reason, I can't give you any information on the webm file in question before a few days. Well, let's us know once you can tell us more about the file … It's the webm file downloaded from https://www.youtube.com/watch?html5=1v=BJj8twOFwkM Nosferatu a Venezia - Pelicula Completa (audio español) with DownloadHelper. I can't reproduce it. I've tried to play the URL directly with vlc, downloaded it with youtube-dl and downloaded the webm. It never crashed on normal speed or higher speed. So without a minimal sample that causes the clash, the traceback with -dbg packages installed and a verbose vlc log, there is not much we can do. Cheers -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#778411: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: sma Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778410: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: yap Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778362: Periodic (90s) restart of KDM by systemd on jessie
Thanks for the hints, Alexandre. Adjusting getty counts (I like 4 ttys ready to go, not the default 6) is something else I need to learn how to control in a post-innittab world, along with understanding how no kdm.service works better than kdm.service being present. Fun times ahead! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771944: closed by Michael Gilbert mgilb...@debian.org (Re: Bug#771944: Following FusionForge 5.3 stable branch)
Hi, You got it all wrong. I wrote: So, I take it we need to maintain a branch off the upstream stable branch, that will not include most user-related bugfixes (but include the piupart-related nitpicks ;))? Short of an answer from you, that's exactly what happened, and Jessie has a sub-par version of FusionForge (btw, not fontforge). But I see that PostgreSQL got frozen as a beta, and was allowed to follow its stable branch during the freeze, so next time I'm going to push betas in testing for all my packages ;) - Sylvain On Sat, Feb 14, 2015 at 03:51:06AM +, Debian Bug Tracking System wrote: This is an automatic notification regarding your Bug report which was filed against the release.debian.org package: #771944: Following FusionForge 5.3 stable branch It has been closed by Michael Gilbert mgilb...@debian.org. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Michael Gilbert mgilb...@debian.org by replying to this email. -- 771944: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771944 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems Date: Fri, 13 Feb 2015 22:46:19 -0500 From: Michael Gilbert mgilb...@debian.org To: 771944-cl...@bugs.debian.org Subject: Re: Bug#771944: Following FusionForge 5.3 stable branch On Thu, Dec 4, 2014 at 5:12 AM: I already read the policy, and since it sounds sensible to follow the upstream Stable branch for the debian Stable release, I'm asking. It looks like your fontforge updates were accepted into testing. Best wishes, Mike Date: Wed, 3 Dec 2014 18:52:26 +0100 From: b...@debian.org To: sub...@bugs.debian.org Cc: lola...@debian.org Subject: Following FusionForge 5.3 stable branch User-Agent: Mutt/1.5.21 (2010-09-15) Package: release.debian.org User: release.debian@packages.debian.org Severity: normal Hi, We're (upstream-ly) maintaining a stable branch for FusionForge, called 5.3, which the Debian package currently follows. (incidentally Lolando and I are both upstream and debian devs) We're currently pushing only bugfixes to this branch (some of them qualify as RC, some don't), because it's deployed at several large client installs already and we want to make sure we don't break anything. It makes sense that users benefit from the quality of this branch, so we'd like to know to what extent following this branch is compatible with the Freeze. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778387: CVE-2014-9679
Package: cups Severity: grave Tags: security This was assigned CVE-2014-9679 and is fixed in experimental already: https://www.cups.org/str.php?L4551 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774020: systemd: black screen with backlight on start. rescue mode plus Ctrl-D allows normal boot
And, more interesting info: Switching to Nvidia's driver today resolved the issue for me, but it appears X is trying to start before nouveau finishes initializing. I think this may still be systemd, as reducing the number of active cores on the machine also resolves the issue.
Bug#778390: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: olsrd Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778392: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: llvm-toolchain-3.5 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#776094: dovecot-imapd: corrupts mailbox after trying to retrieve it (fwd)
Hello. I wrote about this three weeks ago but got no answer. I'm going to officially forward the Debian bug this time, with all the details. The test case is just 840 bytes long. Please give it a try. -- Forwarded message -- From: Santiago Vila sanv...@unex.es To: sub...@bugs.debian.org Date: Fri, 23 Jan 2015 22:32:28 +0100 (CET) Subject: dovecot-imapd: corrupts mailbox after trying to retrieve it Package: dovecot-imapd Version: 1:2.2.13-11 Severity: serious The following mbox folder, when put in $HOME/mail, becomes corrupted after trying to retrieve it with fetchmail. The problem may be reproduced by using the same machine as server and client: * Put inbox-b in $HOME/mail * Put this in $HOME/.fetchmailrc server localhost proto imap port 143: user someuser pass thepassword * Retrieve email using this command line: fetchmail -a localhost --folder inbox-b -m true Note: By looking at the true above it is clear that whatever fetchmail does with the message is not important at all. You will see something like this: 12 messages for someuser at localhost (folder inbox-b). reading message someuser@localhost:1 of 12 (171 header octets) (3 body octets) flushed reading message someuser@localhost:2 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:3 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:4 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:5 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:6 of 12 (171 header octets) (3 body octets) flushed reading message someuser@localhost:7 of 12 (171 header octets) (3 body octets) flushed reading message someuser@localhost:8 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:9 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:10 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:11 of 12 (245 header octets) (3 body octets) flushed reading message someuser@localhost:12 of 12 (273 header octets)fetchmail: incorrect header line found - see manpage for bad-header option not flushed And in fact inbox-b in the server is now like this: [...] From r...@example.com Tue Jan 13 10:18:20 2015 rstuvwxyzabcdefghijklmnopqrstuvw...@example.com To: a...@example.com Subject: a MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: 20150113091737.b5ada5f...@example.com Date: Tue, 13 Jan 2015 10:17:25 +0100 (CET) X-UID: 16035 Status: O a Note how the From: line has been truncated from its original state. I have been suffering from this problem for months. At first I believed it was some misbehaving procmail/formail recipe I had on the server, but that's not the case as this example shows. Thanks. inbox-b.gz Description: application/gzip
Bug#778374: Is php5 a good candidate for “minor” release bump? (was: [php-maint] Bug#768509: debian-edu-config: After upgrading a Wheezy main-server to Debian 7.7 the Gosa gui fails to connect to LDAP
Hi, [Bug#778374: php5 5.6.5 fully breaks Horde packages in Debian jessie] reminded me of this not so old message: Le 18/11/2014 12:36, Ondřej Surý a écrit : On Tue, Nov 18, 2014, at 03:28, David Prévot wrote: [ Adding php maintainers, security team and release team to the loop. ] Le 09/11/2014 17:45, Wolfgang Schweer a écrit : [ About a severe issue that recently popped up. ] Seems to be that the update from php version 5.4.4 to 5.4.34 (new upstream release) caused the problem. […] I do understand that safely backporting (security) patches may be hard sometime, but that’s part of what (used to) make the quality and robustness reputation of Debian, and it would be nice to only use such upgrade to new (minor) version as a last resort only. Potentially breaking user scripts on security updates is bad, but risking to break package distributed in stable sounds even worse. […] Upgrading to the last minor version is not a last resort Can this be revised, please? Regards David signature.asc Description: OpenPGP digital signature
Bug#778393: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: llvm-toolchain-3.6 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778399: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: z88dk Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778402: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: radare2 Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778409: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: vigor Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778412: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: nvi Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778413: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Package: alpine Severity: important Tags: security patch The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report. The patch is available here: http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778415: ntp: NetworkManager breaks dhcp hook
Package: ntp Version: 1:4.2.6.p5+dfsg-2+deb7u3 Severity: normal Tags: patch Usually, ntp obtains its servers via dhcp. As soon as network-manager is installed, this is broken, because NetworkManager disables the dhcp hooks. This issue is known for a long time and known as #537358. The network-manager maintainers do not view this as a bug in NetworkManager, and asked to fix this in the respective packages instead. ntp is one such package. This is broken in wheezy, jessie and sid. I am attaching a patch against sid, that adds the relevant integration into NetworkManager by reusing the dhcp hook. Helmut diff -Nru ntp-4.2.6.p5+dfsg/debian/changelog ntp-4.2.6.p5+dfsg/debian/changelog --- ntp-4.2.6.p5+dfsg/debian/changelog 2015-02-07 12:20:56.0 +0100 +++ ntp-4.2.6.p5+dfsg/debian/changelog 2015-02-14 17:14:10.0 +0100 @@ -1,3 +1,10 @@ +ntp (1:4.2.6.p5+dfsg-5.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Hook into NetworkManager to update ntp servers from dhcp. (Closes: #-1) + + -- Helmut Grohne hel...@subdivi.de Sat, 14 Feb 2015 17:13:48 +0100 + ntp (1:4.2.6.p5+dfsg-5) unstable; urgency=high * Add missing fix for CVE-2014-9297 diff -Nru ntp-4.2.6.p5+dfsg/debian/ntp.networkmanager ntp-4.2.6.p5+dfsg/debian/ntp.networkmanager --- ntp-4.2.6.p5+dfsg/debian/ntp.networkmanager 1970-01-01 01:00:00.0 +0100 +++ ntp-4.2.6.p5+dfsg/debian/ntp.networkmanager 2015-02-14 17:12:56.0 +0100 @@ -0,0 +1,12 @@ +#!/bin/sh + +old_ntp_servers=unknown and invalid +new_ntp_servers=$DHCP4_NTP_SERVERS +case $2 in + up|vpn-up) reason=BOUND; ;; + down|vpn-down) reason=RELEASE; ;; + *) exit 0; ;; +esac + +test -f /etc/dhcp/dhclient-exit-hooks.d/ntp || exit 0 +. /etc/dhcp/dhclient-exit-hooks.d/ntp diff -Nru ntp-4.2.6.p5+dfsg/debian/rules ntp-4.2.6.p5+dfsg/debian/rules --- ntp-4.2.6.p5+dfsg/debian/rules 2014-07-16 18:49:08.0 +0200 +++ ntp-4.2.6.p5+dfsg/debian/rules 2015-02-14 17:13:45.0 +0100 @@ -60,6 +60,7 @@ install -D -m 0755 scripts/ntpsweep debian/ntp/usr/bin/ntpsweep install -D -m 0644 debian/ntp.dhcp debian/ntp/etc/dhcp/dhclient-exit-hooks.d/ntp + install -D -m 0755 debian/ntp.networkmanager debian/ntp/etc/NetworkManager/dispatcher.d/ntp install -D -m 0644 debian/ntpdate.dhcp debian/ntpdate/etc/dhcp/dhclient-exit-hooks.d/ntpdate install -D -m 0755 debian/ntpdate-debian debian/ntpdate/usr/sbin/ntpdate-debian
Bug#778349: pre-approval request - unblock: python-softlayer/3.2.0-2
On Saturday, February 14, 2015 11:55:50 AM Adam D. Barratt wrote: Control: tags -1 + confirmed moreinfo On Fri, 2015-02-13 at 16:45 -0500, Scott Kitterman wrote: RC bug fix. Requesting approval before upload since I propose including also a fix for an important bug as well as changes related to the new maintainer. The last is administrative, but given I'm doing an upload it seemed better to include it so Jessie users know who the maintainer is. The important bug fix is just renaming the postinst/prerm so they acutally get used. There's no changes in the contents of the file. +python-softlayer (3.2.0-2) unstable; urgency=medium + + * Fix docopt version in requires to SL will start (Closes: #778344) + * Fix python-softlayer postinst/postrm file names to that alternatives works [...] +++ python-softlayer-3.2.0/debian/patches/docopt-versions.patch 2015-02-13 16:30:31.0 -0500 @@ -0,0 +1,17 @@ +Description: Fix docopt version in requires to SL will start (Closes: #778344) s/ to / so /g Please go ahead, and remove the moreinfo tag once the package is in unstable. Regards, Adam Uploaded and untagged. Scott K -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777518: Changes in patch block fixing u-boot FTBFS
Control: block 777518 by 777520 Well, mostly block. There may be a workaround by fixing the patch, but it's unclear weather the workaround has other impacts... live well, vagrant signature.asc Description: PGP signature
Bug#776717: hwinfo build is not reproducible
This has been fixed in the git and will be a part of the new upload. Tomasz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#248397: Contributions
Hello, Is help still requested for this package?
Bug#778326: quilt: new upstream release 0.64 (2015-02-09)
Thanks for the reminder. I will however wait for jessie to be released before packaging the new version. The changes are not really fundamental and quilt is quite high in the dependency chain. I don't want to mess with the release. Thanks anyway, Mt. On Fri, Feb 13, 2015 at 05:46:36PM +0200, Jari Aalto wrote: Package: quilt Version: 0.63-3 Severity: wishlist There is new upstream available: http://download.savannah.gnu.org/releases/quilt -- System Information Debian Release: jessie/sid APT Prefers testing APT policy: (990, testing) (500, unstable) Architecture: amd64 Kernel: Linux picasso 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux Locale: LANG=en_DK.UTF-8 -- Versions of packages `quilt depends on'. Depends: patch 2.7.4-1 Apply a diff file to an original diffstat1.58-1 produces graph of changes introduced by a dif bzip2 1.0.6-7+b2 high-quality block-sorting file compressor - gettext 0.19.3-2GNU Internationalization utilities bsdmainutils9.0.6 collection of more utilities from FreeBSD perl5.20.1-5Larry Wall's Practical Extraction and Report -- Ouvrir une école, c'est fermer une prison. -- Victor Hugo [Openning a school comes down to close a jail] signature.asc Description: Digital signature
Bug#776683: snmpd: SNMPd still tries to query PCI Bus
Control: tag -1 + unreproducible moreinfo On Sat, 31 Jan 2015 00:25:00 +0100, Piotr Gorski wrote: I have VPS form OVH running Debian Jessie. Few hours ago I've installed snmpd to monitor my network interfaces but snmpd can't start. When I try starting it with /etc/init.d/snmpd start it says: root@vps:~# /etc/init.d/snmpd restart [] Restarting SNMP services::pcilib: Cannot open /proc/bus/pci I've tried this now on a machine without /proc/bus/pci [0], and I get the same message but ... After some research I've found that this bug was submitted to Debian Bugs as #745956 and #745919. Each bug is closed but error remains active making snmpd unusable on systems without PCI bus (each VPS server for example). ... unlike these reports, there's only this one error and not two; and snmpd is running; and I can talk to it. [1] So it looks like this is a bit ugly and confusing but not a real problem. Could you please check again if snmpd is actually not running/working for your? Cheers, gregor [0] Raspberry Pi B, admittedly running Raspbian not Debian but snmpd has the same version [1] % snmpwalk -Os -c public -v 1 localhost .1.3.6.1.2.1.1.1 iso.3.6.1.2.1.1.1.0 = STRING: Linux guinan 3.12.20+ #14 PREEMPT Sun Jun 1 16:09:41 CEST 2014 armv6l -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: Anouar Brahem: Les ailes du Bourak signature.asc Description: Digital Signature
Bug#679249: Contributions
Hello, I'm looking to get my foot in the door as a contributor. Many years as a developer (c++)..autotools and debian packaging experience (nothing too advanced with regards to debian packaging yet...just simple multi-binary package with conf and init). Not sure if any of that helps (above). This package is listed in 'how-can-i-help' package as a good choice for newcommers. Are you still looking for help? Best, Rik
Bug#777518: Bug#777520: patch: regression causes u-boot to FTBFS
Hi Vagrant, On Mon, Feb 9, 2015 at 4:27 AM, Vagrant Cascadian vagr...@debian.org wrote: Package: patch Version: 2.7.4-1 Severity: serious Justification: causes FTBFS in other packages Control: affects -1 u-boot $ dpkg-source -x u-boot_2014.10+dfsg1-2.dsc dpkg-source: warning: failed to verify signature on ./u-boot_2014.10+dfsg1-2.dsc [...] dpkg-source: info: restoring quilt backup files for cubox-i/cubox-i-support.diff dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -g0 -E -b -B .pc/cubox-i/cubox-i-support.diff/ --reject-file=- u-boot-2014.10+dfsg1/debian/patches/cubox-i/cubox-i-support.diff gave error exit status 1 [...] I may be able to work around the issue in u-boot by adjusting the patch, but this may affect other packages as well and result in FTBFS in security updates and binNMUs. Still, I think it's u-boot that should fix its Debian patch. The relevant part of 'cubox-i-support.diff': -- cut -- diff --git a/tools/logos/solidrun.bmp b/tools/logos/solidrun.bmp new file mode 100644 index 000..93db1f8 Binary files /dev/null and b/tools/logos/solidrun.bmp differ -- cut -- In this case patch is right, as tools/logos/solidrun.bmp is already exists while the patch file segment states the previous state should be a non-existent file (/dev/null). Please fix your patch file. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778356: Subtitles unreadable in 0.7.3
On sab, feb 14, 2015 at 12:33:55 +0100, Juliusz Chroboczek wrote: Package: mpv Version: 0.7.3-1 In both 0.7.3-1 and 0.7.3-1ffmpeg, SRT subtitles appear as opaque white squares, one per character. The same video shows the subtitles just fine with 0.6.2-2. This is a netbook using the N450 integrated GPU (GMA 3150, I believe), with the X.Org Intel driver version 2.3.3 and kernel 3.16.0-4-amd64. Does this happen with all files or just some specific ones? If the latter, could you please send one of them too? Also, please provide the output of mpv -vvv when playing one of those files. Cheers signature.asc Description: Digital signature
Bug#764692: Bug#778418: ndisc6: fails to build on kfreebsd
Control: block -1 by 764692 Hi, Michael Gilbert wrote: This package no longer builds on the freebsd architectures: https://buildd.debian.org/ndisc6 This is another effect of #764692; we should be able to fix it in glibc post-jessie release, by updating the glibc-bsd copy of tcp.h (and others) with union of Linux and BSD-like struct tcphdr members. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#777439: Jessie DI-rc1 amd64 after installation no network interfaces
Hi, Heiko Ernst gipfelsturm...@gmx.net wrote: this is my installer syslog [...] Feb 10 07:52:49 debootstrap: Creating /etc/network/interfaces. Hmm, at the beginning of the installation, /etc/network/interfaces is created and apparently works (OP did not complain about network problems _during_installation_ ). But at the end of install: Feb 10 08:14:44 finish-install: info: Running /usr/lib/finish- install.d/55netcfg-copy-config Feb 10 08:14:45 netcfg[29439]: INFO: Starting netcfg v.1.127 (built 20150104-2209) Feb 10 08:14:45 netcfg[29439]: INFO: Starting netcfg v.1.127 (built 20150104-2209) Feb 10 08:14:45 netcfg[29439]: DEBUG: No interface given; clearing /etc/network/interfaces Feb 10 08:14:45 netcfg[29439]: DEBUG: Writing informative header Feb 10 08:14:45 netcfg[29439]: DEBUG: Success! Feb 10 08:14:45 netcfg[29439]: DEBUG: Writing loopback interface Feb 10 08:14:45 netcfg[29439]: DEBUG: Success! /etc/network/interfaces is wiped out! This shouldn't have happened in a shell-only install ... Holger -- Created with Sylpheed 3.2.0 under D E B I A N L I N U X 7 . 0 W H E E Z Y ! Registered Linux User #311290 - https://linuxcounter.net/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775691: matplotlib: printf buffer overrun
On Sat, Feb 14, 2015 at 5:01 PM, Michael Gilbert mgilb...@debian.org wrote: On Sat, Feb 14, 2015 at 4:59 AM, Sandro Tosi wrote: how about using a delayed queue instead of having uploaded straight to unstable? Don't the NMU guidelines [0] say otherwise when there is no maintainer activity for more than 7 days? like they say Have you clearly expressed your intention to NMU, at least in the BTS? It is also a good idea to try to contact the maintainer by other means (private email, IRC). -- Sandro Tosi (aka morph, morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778340: RFS: sudoku/1.0.3-1 ITA
Hi Peter, I can't sponsor your package but nevertheless I wanted to say thanks for taking care of sudoku. The package looks very good and for a ncurses game it is also well integrated into desktop environments. I hope you will find a sponsor soon. Here are only two minor points: debian/control: Instead of: Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/sudoku.git;a=summary you can use the new canonical Browser-URL which is also shorter. Vcs-Browser: http://anonscm.debian.org/cgit/collab-maint/sudoku.git sudoku.desktop: _super nitpick_: The comment in German should read textbasiertes Sudoku-Spiel or textbasiertes Sudokuspiel instead of textbasiertes Sudoku Spiel ;) Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#775691: matplotlib: printf buffer overrun
On Sat, Feb 14, 2015 at 12:03 PM, Sandro Tosi wrote: Don't the NMU guidelines [0] say otherwise when there is no maintainer activity for more than 7 days? like they say Have you clearly expressed your intention to NMU, at least in the BTS? It is also a good idea to try to contact the maintainer by other means (private email, IRC). devref also says [1] When someone NMUs your package, this means they want to help you to keep it in good shape. This gives users fixed packages faster. I intended no offense with the NMU, the goal was simply to fix yet another longstanding unfixed jessie security issue [2], but I will try to keep it in mind the next time I look into a matplotlib issue. Best wishes, Mike [1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu-maintainer [2] https://security-tracker.debian.org/tracker/status/release/testing -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#332498: Contributions
Hello, Is help still requested for this package?
Bug#776713: tiptop: package is not reproducible
This now fixed in the git repository and will be released with the new upload. Tomasz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#532097: Contributions
Hello, I 'm in the same boat as the last person to reply about a year ago...cups is the top listed package for new-commers in the 'how-can-i-help' package. I've also offered help to nodejs, grub2, icu, and openssl. The debian-js team replied to me, but I had to email the guys directly :P They told me security bugs were the most important these days...not really seeing anything on their list that is appropriate for a newcommer or that has to do with security updates- unless I'm missing something on how to find those bugs. The guy that took over ICU never replied to me, but to others regarding other topics - so it appears he doesn't need help. grub2, and openssl have not yet replied to me. If you need any help let me know, I'd like to start contributing to debian. I use testing atm but Id be more than happy to dist-upgrade to unstable on my laptop for the purpose of helping out. I have a brother all-in-one and use the cups wrapper from their site - since the built-in packages to debian do not work. One issue I've found is scanning when the printer is hooked up to a usb3 port - guessing that's brothers problem though? But if there's something I can do, please let me know. I'm a c++ developer of over 10 years...I'm good with autotools, and have some experience building a debian package (nothing too advanced). Basically I'm hoping to find an in somewhere appropriate for a newbie to debian to contribute with my skill sets. The request seems very old...so please excuse me not just searching for your bug list and 'going for it'.
Bug#749321: Poor transition path
On Sat, 27 Sep 2014 14:07:18 +0200 =?UTF-8?B?SmVyZW15IExhaW7DqQ==?= jeremy.la...@m4x.org wrote: I think the transition to pypdf2 was handled rather poorly. This issue manage to make the way up in my ToDo list this week, after way too much time. I'm sorry for the long delay. Since I'm a bit out-of-sync here, I will like to know if I missing something here. I mean, the transition didn't happen yet, so there is still time to do it correctly, right? Some clarifications: - The python-pypdf packages did not migrated to PyPDF2. PyPDF2 is a fully independent package: python-pypdf2. Maybe I'm understanding something wrong, I don't know what Elena means with https://bugs.debian.org/749321#15 - pypdf and pypdf2 are fully compatible API wise. They are imported as pyPdf and PyPDF2 respectably. - I submitted bugs against the reversed dependencies (Oct 2014). This still look pending: bookletimposer: #763974 kraft: #763980 pdfshuffle: #763973 pisa: #763981 w3af: #763975 I see two possible ways here: 1. Follow the Jeremy's advice: Upload a dummy python-pypdf, which will depend on python-pypdf2 and expose the pypdf2 interface. 2. NMU the revers dependencies to import PyPDF2 in them, since not much action was taken from the maintainers in the last months. The module name is different, so I would expect a python-pypdf2 package instead of a misleading python-pypdf .. which does not contain a pypdf module. I don't getting your comment here. python-pypdf contains the module pyPdf. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778417: ITP: netcdf-python -- python interface to the netCDF4 (network Common Data Form) library
Package: wnpp Severity: wishlist Owner: Ross Gammon rossgam...@mail.dk * Package name: netcdf-python Version : 1.1.3 Upstream Author : University Corporation for Atmospheric Research/Unidata * URL : http://unidata.github.io/netcdf4-python/ * License : ISC, Expat Programming Lang: Python Description : python interface to the netCDF4 (network Common Data Form) library NetCDF version 4 has many features not found in earlier versions of the library and is implemented on top of HDF5. This module can read and write files in both the new netCDF 4 and the old netCDF 3 format, and can create files that are readable by HDF5 clients. The API is modelled after Scientific.IO.NetCDF, and should be familiar to users of that module. Most new features of netCDF 4 are implemented, such as multiple unlimited dimensions, groups and zlib data compression. All the new numeric data types (such as 64 bit and unsigned integer types) are implemented. Compound and variable length (vlen) data types are supported, but the enum and opaque data types are not. Mixtures of compound and vlen data types (compound types containing vlens, and vlens containing compound types) are not supported. The University Corporation for Atmospheric Research (Unidata) also provide C++ and Fortran interfaces to the NetCDF C library. This is their python interface. There is already python-netcdf packaged for Debian as part of the Scientific Python source. However, netcdf-python implements different parts of the interface and is supported by the organisation that controls the NetCDF library. The package will be maintained within the Debian GIS Team (as well as the NetCDF C, C++, and Fortran libraries). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
