Bug#736958: [oss-security] Re: CVE request: temporary file issue in Passenger rubygem

[Tomas Hoger]

On Thu, 30 Jan 2014 09:26:33 -0500 (EST) cve-ass...@mitre.org wrote:

> > If a local attacker can predict this filename, and precreates a
> > symlink with the same filename that points to an arbitrary directory
> > with mode 755, owner root and group root, then the attacker will
> > succeed in making Phusion Passenger write files and create
> > subdirectories inside that target directory.
> > 
> > It is fixed in upstream version 4.0.33.
> > 
> > https://github.com/phusion/passenger/commit/34b1087870c2bf85ebfd72c30b78577e10ab9744

...

> Use CVE-2014-1831 for the vulnerability with the "before 4.0.33"
> affected versions.
> 
> Use CVE-2014-1832 for the vulnerability with the "4.0.33 and earlier"
> affected versions.

Note that while the original CVE request mentions version 4.0.33, that
seems like a typo as upstream NEWS file indicates: Fixed versions:
4.0.37.  Consequently, the above should be "before 4.0.37" and "4.0.37
and earlier" (or "before 4.0.38").

-- 
Tomas Hoger / Red Hat Security Response Team


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#623546: Double free / use-after-free bugs in dumper.c

[Tomas Hoger]

Hey!

Fedora / Red Hat amanda packages maintainer pointed out that amfree is
a macro that does:

  amfree(ptr) -- if allocated, release space and set ptr to NULL. 

http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/trunk/common-src/amanda.h?revision=3457&view=markup#l461

which should make this false-positive / not-a-bug.

HTH

th.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#607497: midori: Loads HTTPS with SSL errors without any notice

[Tomas Hoger]

Hi Mike!

What Witold reports is actually post-CVE-2010-3900 behavior.  Does any
webkitgtk-based epiphany version offer any more protection than after
connect / fetch warning?

th.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#513266: imp4: XSS via {smime,pgp}.php

[Tomas Hoger]

Hi!

Upstream changelog and announcement also mentions message.php:
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1&r2=1.699.2.301.2.4&ty=h

So probably this one too:
http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56&r2=2.560.4.56.4.1

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#508595: CVE-2008-5380: allows local users to overwrite arbitrary files via a symlink attack

[Tomas Hoger]

Hi Hamish!

It seems that upstream fix for this issue is far from being ideal.

> TMP=`tempfile -d /tmp -p geo. -s .code`

[...]

> so calling this "fixed-upstream" and hoping that tempfile is somewhat
> portable beyond Debian.

Any particular reason for using Debian-specific tempfile, instead of
generally available mktemp?

Apart from the portability issues of the fix, the fix is not address
the flaw properly as well.  Even though TMP file (never used, IIRC) is
created in a secure way, all other temporary files are not (STYLE,
COORDS, OUTWAY, MAP for geo-code).  So when TMP is created, local user
can see its name and can create malicious symlinks
TMP.style, .coords, .way, .gif before script will attempt to use them
for the first time (or guess or brute-force TMP name in advance).  You
either have to create all temporary files using mktemp, or make TMP a
temporary directory (or dot-directory in user's home dir and you do not
have to care about creating it securely at all).

There are still few other issues in geo-nearest, like:

  cp "$GEOWAY" /tmp/geocaching.loc

and

  filter1="tee $TMP.page"
  filter2="tee $TMP.bulk"

See following bugs for the patch that is in preparation for Fedora
packages:

  https://bugzilla.redhat.com/show_bug.cgi?id=470241
  https://bugzilla.redhat.com/show_bug.cgi?id=475478

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#508030: ruby: CVE-2008-4310 denial of service flaw

[Tomas Hoger]

Hi!

That one is Red Hat-specific, as was publicly stated here:
  http://www.openwall.com/lists/oss-security/2008/12/04/2

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#496383: xastir - broken temp file patch (#496383)

[Tomas Hoger]

Hi Joop!

You probably wanted to use:

  TMPFILE=`mktemp -t`

instead of

  TMPFILE = 'mktemp -t'

in your patch for #496383, right?

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#496403: mgetty insecure temp file usage

[Tomas Hoger]

Hi Thijs!

> # get unique directory name, using faxq-helper

This does not seem to be much of an issue beyond DoS, right?  mkdir
returns an error when $spooldir already exists.  Yeah, 'mktemp -t -d'
looks like a better alternative though...

> # if filename is "-", use stdin

I noticed that following patch is used in all Fedora / Red Hat mgetty
packages for quite some time now:

http://cvs.fedoraproject.org/viewvc/rpms/mgetty/devel/mgetty-1.1.30-mktemp.patch?view=markup

(it can possibly benefit from few more Xes in file name template too ;)

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#496406: here's a patch (fwbuilder, #496406)

[Tomas Hoger]

Hi Thijs!

Just out of curiosity, why bother with temp file and not use:

  eval `ssh-agent -s` > /dev/null

?  (I haven't checked the actual script, just the patch, so apologies
if I'm missing some important bits.)

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#493797: python2.5: CVE-2008-2316 integer overflow in _hashopenssl.c

[Tomas Hoger]

Hi Nico!

> Upstream patch:
> https://bugzilla.redhat.com/attachment.cgi?id=313350

That's the patch proposed by reporter - David Remahl of the Apple
Product Security team, but it does not seem to be applied upstream yet,
either in trunk or 2.5-maint:

http://svn.python.org/view/python/trunk/Modules/_hashopenssl.c?view=log
(last rev 64048)

http://svn.python.org/view/python/branches/release25-maint/Modules/_hashopenssl.c?view=log
(last rev 51333)

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#488523: smarty: CVE-2007-2326 Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...

[Tomas Hoger]

Hi Thomas!

Have you managed to reproduce this, even with Smarty in webroot and
register_globals enabled?  Your report mentions _get_plugin_filepath,
but that does seem to be a different vector that one described in the
original report.  $type and $name can not be spoofed with
register_globals, as those are function arguments.  Moreover, in most
cases where _get_plugin_filepath is called, both arguments are fixed
strings or values read from the (trusted) file.

Reported attack vector is:
  Smarty_Compiler.class.php?plugin_file=http://shell

However, $plugin_file is always initialized before use in
Smarty_Compiler.class.php.  Is the original report bogus or does HYIP
use some old or customized Smarty version?  (Well, I guess you don't
know the real answer to this, just like me ;).

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#480292: CVE-2008-2079: mysql allows local users to bypass certain privilege checks

[Tomas Hoger]

Hi Devin!

Looks like upstream patch is incomplete.  Have you already notified
upstream about the problem?

> In terms of exploitability, this allows any user with permissions to
> create tables in a db the ability to read from, write to and delete
> tables from any other database within the same mysql instance.

Can you possibly explain this a little closer?  MySQL should not allow
you to overwrite existing tables via DATA/INDEX DIRECTORY directives.
So you can only get access to tables created in the future, if you can
predict their names.  Or have you managed to escalate privileges to
already existing tables using this flaw?

Thanks!

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#483874: clamav-daemon: initscript in 0.93 breaks daemon start in supervised mode

[Tomas Hoger]

Package: clamav-daemon
Version: 0.93~dfsg-volatile1
Severity: normal
Tags: patch

After installing clamav-daemon-0.93~dfsg-volatile1 running
/etc/init.d/clamav-daemon start fails to finish as clamd is now started in
the foreground.

Further investigations shows that initscript in 0.93 changed the way
clamd.conf file is scanned for important config options.  'Foreground' is
exported to environment by slurp_config() with the value read from
clamd.conf.

Later, it's compared to 'true' to check, if supervised mode should be used:
  if [ "$Foreground" = 'true' ]; then

However, clamd.conf(5) says:

  Foreground BOOL
Don’t fork into background.
Default: no

  BOOL   Boolean value (yes/no or true/false or 1/0).

My config had: Forground yes, which was not expected.

So probably something like this should be used instead:

--- clamav-daemon   2008-05-03 14:55:00.0 +0200
+++ /etc/init.d/clamav-daemon   2008-05-31 21:09:26.0 +0200
@@ -145,7 +145,7 @@
   exit 0
 fi

-if [ "$Foreground" = 'true' ]; then
+if [ "$Foreground" = 'true' -o "$Foreground" = 'yes' -o "$Foreground" = '1' ]; 
then
   if [ ! -x "$SUPERVISOR" ] ; then
  log_failure_msg "Foreground specified, but $SUPERVISORNAME not found"
  exit 0


th.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=sk_SK.UTF-8, LC_CTYPE=sk_SK.UTF-8 (charmap=UTF-8)

Versions of packages clamav-daemon depends on:
ii  clamav-base  0.93~dfsg-volatile1 anti-virus utility for Unix - base
ii  clamav-freshclam [cl 0.93~dfsg-volatile1 anti-virus utility for Unix - viru
ii  libc62.3.6.ds1-13etch5   GNU C Library: Shared libraries
ii  libclamav4   0.93~dfsg-volatile1 anti-virus utility for Unix - libr
ii  lsb-base 3.1-23.2etch1   Linux Standard Base 3.1 init scrip
ii  ucf  2.0020  Update Configuration File: preserv

clamav-daemon recommends no packages.

-- no debconf information



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#480059: vorbis-tools vulnerable to CVE-2008-1686

[Tomas Hoger]

Hi Jamie!

I've noticed your USN-611-[123], which patch speex, vorbis-tools and
gstreamer plugins.  However, I believe fix in libspeex/speex_header.c
should be sufficient to address this issue in all affected
applications, as they call speex_packet_to_header().  With patch
applied, it'll return NULL for malformed speex files and the mode check
in speexdec / ogg123 / ...  is not reached at all.  Or have I missed
anything?

skx, vorbis-tools do not embed whole speex library, only sample client
implementation code.  Previous versions of speex required client to
perform part of the sanity checks (and many clients did not do that
properly), so the check was now moved directly to speex library.

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#479034: CVE-2008-2033: Multiple vulnerabilities

[Tomas Hoger]

Hi!

This is a duplicate of CVE-2008-1381.  See references for CVE-2008-1381
for details.

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#477808: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file

[Tomas Hoger]

Hi!

Upstream patch:

svn diff -r14431:14461
https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c

http://cvs.fedoraproject.org/viewcvs/rpms/blender/devel/blender-2.45-cve-2008-1102.patch

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#477805: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing

[Tomas Hoger]

Hi!

Should be fixed in 0.8.6f, for patch see:

http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff;h=94baded6eff88e39c98b6e3572826f16f21ceec3
http://bugs.gentoo.org/show_bug.cgi?id=214277#c2

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#476419: libpcre3: stack overflow via certain regular expressions

[Tomas Hoger]

Hi Florian!

On Tue, 22 Apr 2008 22:45:40 +0200 Florian Weimer <[EMAIL PROTECTED]>
wrote:

> > Default recursion limit assumed by pcre seems to be set way too
> > high. Rebuilding pcre with --with-match-limit-recursion set to
> > lower value avoids SEGVs.
> 
> Ah, I wasn't ware of that option, thanks.  Hopefully it's not
> necessary to specify --disable-stack-for-recursion.

That actually may not be a very good advice after all, as was pointed to
my by Fedora pcre maintainer.  Setting some low fixed recursion limit
may cause problems to users that faced this problem and addressed it by
increasing process stack size (either via ulimit or setrlimit).

Also note that pcrestack(3) already documents this problem quite well.
Besides that ~500 byte suggestion, which seems too small for the systems
I tested on.  Sorry, I've missed that man page before.

> There's also a konqueror/KDE Javascript bug report related to this, I
> think.

Yes, that's very likely, as KDE uses pcre to for JavaScript regular
expressions.

> We should test this flag in unstable for a while, and if it works,
> apply it to a stable update.

As mentioned above, can cause regression for some users.  Probably
trying to provide match_limit_recursion during pcre_exec call may be a
better start, with some ( ( 'ulimit -s' - stack_used_by_konqueror ) /
500) - some_constant ) guesswork.

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#476419: libpcre3: stack overflow via certain regular expressions

[Tomas Hoger]

retitle 476419 libpcre3: stack overflow via certain regular expressions
thanks

Hi!

This really seems to be what valgrind says it is -- Stack overflow.
Kai's regular expression triggers deep recursion in match(), finally
leading to a stack overflow after ~8000 nested calls (on Debian).

Attached is a simple pcre-only reproducer.  Should SEGV with arguments
~4100.

Default recursion limit assumed by pcre seems to be set way too high.
Rebuilding pcre with --with-match-limit-recursion set to lower value
avoids SEGVs.

-- 
Tomas Hoger


deb476419.sh
Description: application/shellscript

Bug#464056: CVE-2008-0554: buffer overflow in giftopnm

[Tomas Hoger]

Hi!

Please note that Mitre has decided to use separate CVE id for each
affected project:

CVE-2006-4484 - gd
CVE-2007-6697 - SDL_image
CVE-2008-0553 - tk
CVE-2008-0554 - netpbm

netpbm was fixed in upstream version 10.27.

http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/converter/other/giftopnm.c?revision=1&view=markup#l_1052

-- 
Tomas Hoger




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#463011: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010

[Tomas Hoger]

Hi!

According to our OpenSSH maintainer, this issue was fixed in
RHEL / Fedora packages few years ago without realizing security
consequences of this bug.  You may want to check following patch:

http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup

which should address this problem.

HTH

-- 
Tomas Hoger




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#456770: Security fix in clamav 0.92

[Tomas Hoger]

tag 456770 + security
thanks

Hi!

New upstream version seems to address one security issue too:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634

-- 
Tomas Hoger




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#456148: Current upstream fix for CVE-2007-6306 introduced regression

[Tomas Hoger]

Hi!

This has been brought to our attention:

http://sourceforge.net/tracker/index.php?func=detail&aid=1849333&group_id=15494&atid=115494

Upstream author is looking into the issue and expects to release update
soon.

HTH

-- 
Tomas Hoger




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#453239: scanbuttond: CVE-2007-6131 possible symlink attack

[Tomas Hoger]

Hi!

From my previous mail regarding this issue sent elsewhere:

  This issue may not affect other vendors.  From quick look over
  Debian/Ubuntu packages, they do not seem affected, as default
  buttonpressed.sh script has almost all content commented out (just
  a template / example) and daemon does not seem to be run.

buttonpressed.sh in Debian package contains examples, which, when
uncommented by system administrator, can introduce this problem.

HTH

-- 
Tomas Hoger

Bug#449222: CVE-2007-4476: Buffer overflow

[Tomas Hoger]

Hi!

In Fedora/RHEL, both cpio 2.6 and 2.9 versions were affected.  You may
want to check:

  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-4476
  http://koji.fedoraproject.org/koji/packageinfo?packageID=637
  http://cvs.fedora.redhat.com/viewcvs/rpms/cpio/F-8/

for patches that were used in Fedora cpio packages.

Also note that cpio 2.9 seems to assume --absolute-filenames by default.

HTH

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#446354: OpenBSD patch for CVE-2007-5365 is insufficient

[Tomas Hoger]

Hi!

During testing of our updated dhcp packages, we have found out that
patch for CVE-2007-5365 used by OpenBSD was not sufficient and it was
still possible to crash dhcpd.  Your dhcp packages released in DSA
1388-1 also seem affected. You can find better patch based on dhcp-3.x
code here:

  https://bugzilla.redhat.com/show_bug.cgi?id=327781#c5

Note: [EMAIL PROTECTED] was notified on 2007-10-23.
Updated DSA 1388-3 released on 2007-10-29.

-- 
Tomas Hoger
Red Hat Security Response Team



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#440100: CVE-2007-4558 rejected as duplicate of CVE-2007-4134

[Tomas Hoger]

Hi!

CVE name CVE-2007-4558 was rejected on 2007-08-30 as duplicate of
previously assigned name CVE-2007-4134.

Please consider using name CVE-2007-4134 to avoid confusion.

-- 
Tomas Hoger


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#206843: About your bug: "ktalkd does not work correctly when run under user nobody" on the Debian BTS

[Tomas Hoger]

merge 386334
thanks


Hi Ana!

On Fri, Jan 12, 2007 at 02:02:30PM +0100, Ana Guerrero wrote:
> You filed the bug
>  #206843 "ktalkd does not work correctly when run under user nobody"
> some time ago, you can read the bug report at:
> http://bugs.debian.org/206843

I have not been using ktalkd for several years now and I do not have
Debian Etch / Sid machine to test at the moment.

I only had opportunity to test on the Ubuntu Edgy machine with KDE 3.5.5.
Tests show same results as I described in my original post.  When ktalkd is
started as root, it works as expected, however it's probably not best idea
from security point of view (and that's the reason why it is configured to
run under nobody by default, as was requested in #147762).  When ktalkd is
run as nobody, it's only possible to leave message on answering machine.

Therefore, I assume problem has not been fixed (or worked on) upstream.
I'm not sure if upstream ever intended to make it usable under non-root
user.  Debian changelog does not mention any Debian-specific fix either and
latest Debian version (3.5.5-4) still runs ktalkd as nobody according to
postinst.

Few other Debian bugs have been filed for this issue after my report:

#354073, for version 4:3.3.2-5
  closed by Christopher Martin claiming it's no longer present in 4:3.5.1-2

#386334, for version 4:3.5.4-2
  provides more detailed info, with relevant error messages from log


Btw: Reading Debian changelog I've noticed there's been switch from nobody
to root in 4:2.1.1-3 and then back to nobody in 4:3.1.2-1.

I'm merging this bug with already mentioned #386334.

Regards,

th.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#308853: debconf: should honor LC_MESSAGES for displaying templates

[Tomas Hoger]

On Tue, May 17, 2005 at 10:30:38PM -0400, Joey Hess wrote:
> Denis Barbier wrote:
> > See http://www.opengroup.org/onlinepubs/007908799/xbd/locale.html
> >   If different character sets are used by the locale categories, the
> >   results achieved by an application utilising these categories are
> >   undefined.
> 
> Trying to match undefined behavior in glibc seems like a waste of time.
> Unless glibc defines its bahavior somewhere (other than the code), or
> someone finds another reason, I'm inclined not to do it.

Sorry for late reply...

Yes, in that case, I think this bug can be closed.  Main problem showed to
be misconfiguration on my side.

Thanks for your help!

th.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#316115: qmail-src: please consider adding mfcheck patch

[Tomas Hoger]

Package: qmail-src
Version: 1.03-38
Severity: wishlist
Tags: patch

Hi Jon!

Please consider adding mfcheck (or similar) patch to debian-qmail.  It's
short patch, which adds capability to check validity of envelope sender's
domain (DNS lookup).  It's behavior is controlled by control file and
environment variable (disabled by default).

Patch is available from:
  http://www.jms1.net/qmail/patches/qmail-1.03-mfcheck.3.patch

Short description can be found at:
  http://www.jms1.net/qmail/patches/combined.shtml#details

Patch modified to apply cleanly to debian-qmail is in attachment.

Similar patch is also part of Spamcontrol.

Thanks!

th.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-grsec
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)

Versions of packages qmail-src depends on:
ii  debconf  1.4.30.13   Debian configuration management sy
ii  dpkg-dev 1.10.28 Package building tools for Debian
ii  fakeroot 1.2.10  Gives a fake root environment
ii  gcc  4:3.3.5-3   The GNU C compiler
ii  groff-base   1.18.1.1-7  GNU troff text-formatting system (
ii  make 3.80-9  The GNU version of the "make" util
ii  patch2.5.9-2 Apply a diff file to an original
ii  sudo 1.6.8p7-1.1 Provide limited super user privile

-- debconf information excluded

diff -ruN qmail-1.03-orig/Makefile qmail-1.03/Makefile
--- qmail-1.03-orig/Makefile2005-06-20 13:43:48.0 +0200
+++ qmail-1.03/Makefile 2005-06-20 13:48:23.0 +0200
@@ -1536,13 +1536,13 @@
 timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \
 date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \
 open.a sig.a case.a env.a stralloc.a alloc.a strerr.a substdio.a error.a str.a 
\
-fs.a auto_qmail.o socket.lib
+fs.a auto_qmail.o socket.lib dns.o dns.lib
./load qmail-smtpd qregex.o rcpthosts.o commands.o timeoutread.o \
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
alloc.a strerr.a substdio.a error.a str.a fs.a auto_qmail.o  `cat \
-   socket.lib`
+   socket.lib` dns.o `cat dns.lib`
 
 qmail-smtpd.0: \
 qmail-smtpd.8
diff -ruN qmail-1.03-orig/qmail-control.9 qmail-1.03/qmail-control.9
--- qmail-1.03-orig/qmail-control.9 2005-06-20 13:43:48.0 +0200
+++ qmail-1.03/qmail-control.9  2005-06-20 13:44:36.0 +0200
@@ -63,6 +63,7 @@
 .I idhost  \fIme   \fRqmail-inject
 .I localiphost \fIme   \fRqmail-smtpd
 .I locals  \fIme   \fRqmail-send
+.I mfcheck \fR0\fRqmail-smtpd
 .I morercpthosts   \fR(none)   \fRqmail-smtpd
 .I percenthack \fR(none)   \fRqmail-send
 .I plusdomain  \fIme   \fRqmail-inject
diff -ruN qmail-1.03-orig/qmail-smtpd.8 qmail-1.03/qmail-smtpd.8
--- qmail-1.03-orig/qmail-smtpd.8   2005-06-20 13:43:48.0 +0200
+++ qmail-1.03/qmail-smtpd.82005-06-20 13:44:36.0 +0200
@@ -138,6 +138,12 @@
 This is done before
 .IR rcpthosts .
 .TP 5
+.I mfcheck
+If set,
+.B qmail-smtpd
+tries to resolve the domain of the envelope from address.  It can be
+handy when you want to filter out spamhosts.
+.TP 5
 .I morercpthosts
 Extra allowed RCPT domains.
 If
diff -ruN qmail-1.03-orig/qmail-smtpd.c qmail-1.03/qmail-smtpd.c
--- qmail-1.03-orig/qmail-smtpd.c   2005-06-20 13:43:48.0 +0200
+++ qmail-1.03/qmail-smtpd.c2005-06-20 14:06:59.0 +0200
@@ -25,6 +25,7 @@
 #include "commands.h"
 #include "qregex.h"
 #include "strerr.h"
+#include "dns.h"
 
 #define BMCHECK_BMF 0
 #define BMCHECK_BMFNR 1
@@ -35,6 +36,7 @@
 
 #define MAXHOPS 100
 unsigned int databytes = 0;
+unsigned int mfchk = 0;
 int timeout = 1200;
 
 int safewrite(fd,buf,len) int fd; char *buf; int len;
@@ -61,6 +63,8 @@
 void err_bmf() { out("553 sorry, your envelope sender has been denied 
(#5.7.1)\r\n"); }
 void err_bmt() { out("553 sorry, your envelope recipient has been denied 
(#5.7.1)\r\n"); }
 void err_bhelo() { out("553 sorry, your HELO host name has been denied 
(#5.7.1)\r\n"); }
+void err_hmf() { out("553 sorry, your envelope sender domain must exist 
(#5.7.1)\r\n"); }
+void err_smf() { out("451 DNS temporary failure (#4.3.0)\r\n"); }
 void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed 
rcpthosts (#5.7.1)\r\n"); }
 void err_unimpl(arg) char *arg; { out("502 unimplemented (#5.5.1)\r\n"); }
 void err_syntax() { out("555 syntax error (#5.5.4)\r\n"); }
@@ -135,6 +139,10 @@
 
   if (rcpthosts_init() == -1) die_control();
 
+  if (control_readint(&mfchk,"control/mfcheck") == -1) die_control();
+  x = env_get("MFCHECK");
+  if (x) { scan_ulong(x,&u); mfchk = u; }
+
   bmfok = control_readfile(&bmf,"control/badmailfrom",0);
   if (bmfok == -1) die_control();
 
@

Bug#316114: qmail: qmail not started on install/reconfigure

[Tomas Hoger]

Package: qmail
Version: 1.03-38
Severity: minor
Tags: patch

Hi Jon!

Due to incorrect communication of postinst script with debconf, it does not
matter what answer is provided for "qmail/start" debconf question, qmail is
not started anyway.

I attach patch with update of qmail.templates file and postinst script.  It
also changes type of this question from select to boolean (seems to be more
appropriate here).  If you prefer to keep current template type, compare
$ret[1] in postinst with "yes" instead of "true".

postrm file was updated similarily for "qmail/userpurge" template.

th.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-grsec
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)

Versions of packages qmail depends on:
ii  debconf 1.4.30.13Debian configuration management sy
ii  libc6   2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  netbase 4.21 Basic TCP/IP networking system
ii  perl-modules5.8.4-8  Core Perl modules
ii  procmail3.22-11  Versatile e-mail processor
ii  ucspi-tcp   0.88-9   tools for building TCP client-serv

-- debconf information excluded

diff -ruN qmail-1.03.orig/debian/postinst qmail-1.03/debian/postinst
--- qmail-1.03.orig/debian/postinst 2005-06-28 00:02:42.0 +0200
+++ qmail-1.03/debian/postinst  2005-06-28 00:07:42.0 +0200
@@ -52,8 +52,10 @@
 
   input ("medium","qmail/qlist");
   input ("medium","qmail/start");
-  my @ret=go();
-  if ( $ret[0] eq "" ||  $answer =~ /^\s*[yY]/ ) {
+  go();
+  
+  my @ret= get("qmail/start");
+  if ( $ret[0] == 0  &&  $ret[1] eq "true" ) {
 debug("Starting qmail . . .\n");
 system("/etc/init.d/qmail start 1>&2");
   } 
diff -ruN qmail-1.03.orig/debian/postrm qmail-1.03/debian/postrm
--- qmail-1.03.orig/debian/postrm   2005-06-28 00:02:42.0 +0200
+++ qmail-1.03/debian/postrm2005-06-28 00:06:13.0 +0200
@@ -15,8 +15,10 @@
 # This is not -*quite*- so evil ...
 system("rm -rf /etc/qmail/users");
 input ("medium","qmail/userpurge");
-my @ret=go();
-if ( $ret[0] eq "" ||  $answer =~ /^\s*[yY]/ ) {
+   go();
+   
+my @ret= get("qmail/userpurge");
+if ( $ret[0] == 0  &&  $ret[1] eq "true" ) {
system('userdel alias >/dev/null');
system('userdel qmaild >/dev/null');
system('userdel qmails >/dev/null');
diff -ruN qmail-1.03.orig/debian/qmail.templates 
qmail-1.03/debian/qmail.templates
--- qmail-1.03.orig/debian/qmail.templates  2005-06-28 00:02:42.0 
+0200
+++ qmail-1.03/debian/qmail.templates   2005-06-28 00:04:24.0 +0200
@@ -14,8 +14,8 @@
  can be found in /usr/doc/qmail
 
 Template: qmail/start
-Type: select
-Choices: yes, no
+Type: boolean
+Default: true
 Description: Do you want to start qmail now?
 
 Template: qmail/reboot
@@ -25,8 +25,8 @@
  you are ready by typing (as root) "/etc/init.d/qmail start" at a shell prompt.
 
 Template: qmail/userpurge
-Type: select
-Choices: yes, no
+Type: boolean
+Default: true
 Description: Remove qmail users during a purge?
 
 Template: qmail/recipientmap

Bug#315428: openoffice.org-debian-files: Incorrect nametemplates in mailcap file

[Tomas Hoger]

Package: openoffice.org-debian-files
Version: 1.1.3-8+1
Severity: minor

Hi!

Mailcap file /usr/lib/mime/packages/openoffice.org-debian-files contains
incorrect nametemplates for native (open|star)office file formats.
Templates are %.ext instead of %s.ext.  Nametemplates for MS Office and
WordPerfect file types are correct.

Since OOo is able to correctly detect file format even when extenstion is
incorrect or missing, severity of this problem is pretty low.

th.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)

Versions of packages openoffice.org-debian-files depends on:
ii  debianutils   2.8.4  Miscellaneous utilities specific t
ii  openoffice.org1.1.3-9high-quality office productivity s
ii  openoffice.org-bin1.1.3-9OpenOffice.org office suite binary

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#253153: alsaplayer-(gtk|text): Please use nametemplates in mailcap file

[Tomas Hoger]

tags 253153 patch
thanks

Package: alsaplayer-gtk
Version: 0.99.76-0.3
Severity: wishlist
Tags: patch

Hi!

I wanted to report this bug separatly for alsaplayer-gtk, but than I
noticed same report for alsaplayer-text, so adding more info to this bug
and not creating duplicate...

Request is simple: please add nametemplate entries to mailcap file for
alsaplayer-(gtk|text).

Reason: alsaplayer seems to only use filename extension to detect file
type.  It does not play file in supported format, if it has incorrect or no
extension.  Problem can occur, when you open/play file using run-mailcap
script (e.g. from mc).  If filename contains dangerous characters (e.g.
"'"), run-mailcap creates randomly-named symlink in /tmp pointing to
original file and uses that link as argument for started viewer/editor.
Since such symlink has no extension, alsaplayer refuses to play it.  If
nametemplate is provided in mailcap file, run-mailcap will add specified
extension to created symlink, which makes alsaplayer happy ;).

Attached updated mailcap file for alsaplayer-gtk.  Same changes can be
applied for alsaplayer-text.

th.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)

Versions of packages alsaplayer-gtk depends on:
ii  alsaplayer-common0.99.76-0.3 PCM player designed for ALSA (comm
ii  libc62.3.2.ds1-22GNU C Library: Shared libraries an
ii  libgcc1  1:3.4.3-13  GCC support library
ii  libglib1.2   1.2.10-9The GLib library of C routines
ii  libgtk1.21.2.10-17   The GIMP Toolkit set of widgets fo
ii  libstdc++5   1:3.3.5-13  The GNU Standard C++ Library v3
ii  libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-14 X Window System miscellaneous exte
ii  libxi6   4.3.0.dfsg.1-14 X Window System Input extension li
ii  xlibmesa-gl [libgl1] 4.3.0.dfsg.1-14 Mesa 3D graphics library [XFree86]
ii  xlibs4.3.0.dfsg.1-14 X Keyboard Extension (XKB) configu

-- no debconf information

audio/mpeg; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.mp3; priority=7
audio/mpegurl; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.m3u; priority=7
audio/x-scpls; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.pls; priority=7
audio/x-wav; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.wav; priority=7
application/x-ogg; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.ogg; priority=7
application/ogg; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.ogg; priority=7
audio/x-flac; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.flac; priority=7
application/x-flac; alsaplayer -i gtk '%s'; test=test "$DISPLAY" != ""; 
nametemplate=%s.flac; priority=7

Bug#308853: debconf: should honor LC_MESSAGES for displaying templates

[Tomas Hoger]

Hi Denis!

Thanks for further information!

> See http://www.opengroup.org/onlinepubs/007908799/xbd/locale.html
>   If different character sets are used by the locale categories, the
>   results achieved by an application utilising these categories are
>   undefined.

Ok, it seems I'm entring "undefined behavior" areas here.  So I have to
agree with you, that it's not a bug.

I will keep this bug open to wait for feedback from debconf maintainers
to see if they prefer to keep current state or want to implement language
choosing mechanism, which more closely mimic behavior of libc.
Nevertheless, I have no problem with "wontfix" resolution of this bug.

th.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#308853: debconf: should honor LC_MESSAGES for displaying templates

[Tomas Hoger]

Hi Denis!

Thanks for your reply!

On Sun, May 15, 2005 at 06:42:21PM +0200, Denis Barbier wrote:

[...]

> I cannot reproduce this behavior, I guess that you also set LANGUAGE to
> sk_SK.  You can perform similar checks with 'cp --help', and normally
> you should see no differences between debconf and libc applications,
> which demonstrates that there is no bug in debconf.  Can you please
> make these tests and report your conclusions?

Yes, this was good guess.  I do have LANGUAGE set to sk_SK.  After
unsetting LANGUAGE templates are displayed in English as expected.

Regarding that 'cp --help' tests, when I have locale variables set as
described in previous mail (LANG set to sk_SK; LC_TIME, LC_COLLATE and
LC_MESSAGES set to C) and aslo LANGUAGE set to sk_SK, 'cp --help' is
displayed in English.  I get similar behavior for other programs (e.g. mc,
mutt, vim, ...).

I did few more tests with debconf.  I've unset all LC_* variables and also
LANG and LANGUAGE to get clean environment.  Then I tried following
commands:

  LC_MESSAGES=sk_SK dpkg-reconfigure 
  -> Slovak "window" label and button labels, English template text

  LC_MESSAGES=sk_SK LC_CTYPE=sk_SK dpkg-reconfigure 
  -> labels and template text in Slovak

I believe this test and its results should be easily reproducible.  Hope I
haven't made any mistake now ;).

As you can see, there is not only difference in interpretation of locale
settings among debconf and "other libc apps", but also among "parts of
debconf".

th.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#308853: debconf: should honor LC_MESSAGES for displaying templates

[Tomas Hoger]

Package: debconf
Version: 1.4.30.13
Severity: minor

Hi!

I have following locale settings on my system:

LANG=sk_SK
LC_CTYPE="sk_SK"
LC_NUMERIC="sk_SK"
LC_TIME=C
LC_COLLATE=C
LC_MONETARY="sk_SK"
LC_MESSAGES=C
LC_PAPER="sk_SK"
LC_NAME="sk_SK"
LC_ADDRESS="sk_SK"
LC_TELEPHONE="sk_SK"
LC_MEASUREMENT="sk_SK"
LC_IDENTIFICATION="sk_SK"
LC_ALL=

Environment variables LANG, LC_TIME, LC_COLLATE and LC_MESSAGES are set.

Despite of LC_MESSAGES settings, debconf displays slovak templates (if
available).  However, buttons like "yes" and "no" are shown correctly, they
are not translated.  After setting LC_MESSAGES to sk_SK, those buttons have
slovak labels too.

Experiment with LANG set to C and LC_MESSAGES to sk_SK results in not
translated template and translated buttons (some characters not displayed
correctly, due to LC_CTYPE being C too).

Further experiments showed that debconf is probably using LC_CTYPE instead
of LC_MESSAGES to choose template langauge, which (I believe) is not
correct:

LANG=C LC_MESSAGES=sk_SK LC_CTYPE=sk_SK dpkg-reconfigure 
 -> slovak template and button labels

LANG=C LC_CTYPE=sk_SK dpkg-reconfigure 
 -> slovak template, english button labels

I also tried with sk_SK.ISO-8859-2 instead of sk_SK with same results.  So
this problem does not seem to be related to locale aliases problem
described in #232044.

HTH

th.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)

Versions of packages debconf depends on:
ii  debconf-i18n  1.4.30.13  full internationalization support
ii  perl-base 5.8.4-8The Pathologically Eclectic Rubbis

-- debconf information:
* debconf/frontend: Dialog
* debconf/priority: medium



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#302677: qmail: FTBFS: Missing Build-Depends on 'groff-base' and missing users and groups

[Tomas Hoger]

Hi!

> I think it is an FTBFS bug. The following should generally work:
> 
> apt-get source qmail
> cd qmail-*
> dpkg-buildpackage
> 
> For qmail, this does not work because of the missing Build-Depends on 
> groff-base and because of the missing users/groups. 
> Those are needed to create 'qmail-src'. It should be possible to 
> build the 'qmail-src' package. 

Yes, you're right.  I missed one point:  it's also FTBFS for qmail-src,
not only for qmail (and caused by qmail).  My mistake!

Hopefully, someone will be able to upload new version soon.

th.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#302677: qmail: FTBFS: Missing Build-Depends on 'groff-base' and missing users and groups

[Tomas Hoger]

Hi Andreas!

I'm not sure if this really is FTBFS bug.  There is no official qmail binary
package in Debian, there's only qmail source package, from which qmail-src
package is built.  build-qmail script from qmail-src package should be used
to build qmail binary package.  Also note, that qmail-src does depend on
groff-base and also does create appropriate users/groups.  So no FTBFS when
building qmail package this (supported) way.  I guess autobuilders are not
trying to build qmail, just qmail-src.

Regarding your patch, no objections against Build-Depends, probably whole
Depends line of qmail-src should be used as Build-Depends for qmail:

dpkg-dev (>= 1.4.0.20), patch (>= 2.5-0bo1), gcc, make, fakeroot | sudo,
groff-base, debconf

However, part creating users/groups is bit bogus.  Qmail expects UIDs (not
user names!) of its users to be constant since compilation.  If you would
try to install such package on other machine with no qmail users, they will
be created by preinst script (see debian/preinst) with Debian default UIDs.
Qmail will not start on such machine and will complain about non-existent
users.

So users/groups should be created with appropriate UIDs/GIDs  OR  attached
patch can be applied.  It disables generation of auto_uids.c file
(specifies UIDs which are compiled into qmail binaries) at build time and
uses static file with Debian default UIDs.  It's just a copy of
debian/debian-default_uids.c.  I consider latter approach to be better (no
account creation/deletion needed on build machine), however maybe Jon is
aware of significant problems with this approach, because of which it is
not used (apart from problems in enviroment with existing qmail users with
different UIDs, which should IMHO be handled in preinst script).

But is it really RC FTBFS bug?

th.

diff -ruN qmail-1.03-orig/Makefile qmail-1.03/Makefile
--- qmail-1.03-orig/Makefile2005-05-04 15:30:03.0 +0200
+++ qmail-1.03/Makefile 2005-05-04 14:09:48.0 +0200
@@ -110,19 +110,19 @@
 compile auto_split.c
./compile auto_split.c
 
-auto_uids.c: \
-auto-uid auto-gid conf-users conf-groups
-   ( ./auto-uid auto_uida `head -1 conf-users` \
-   &&./auto-uid auto_uidd `head -2 conf-users | tail -1` \
-   &&./auto-uid auto_uidl `head -3 conf-users | tail -1` \
-   &&./auto-uid auto_uido `head -4 conf-users | tail -1` \
-   &&./auto-uid auto_uidp `head -5 conf-users | tail -1` \
-   &&./auto-uid auto_uidq `head -6 conf-users | tail -1` \
-   &&./auto-uid auto_uidr `head -7 conf-users | tail -1` \
-   &&./auto-uid auto_uids `head -8 conf-users | tail -1` \
-   &&./auto-gid auto_gidq `head -1 conf-groups` \
-   &&./auto-gid auto_gidn `head -2 conf-groups | tail -1` \
-   ) > auto_uids.c.tmp && mv auto_uids.c.tmp auto_uids.c
+#auto_uids.c: \
+#auto-uid auto-gid conf-users conf-groups
+#  ( ./auto-uid auto_uida `head -1 conf-users` \
+#  &&./auto-uid auto_uidd `head -2 conf-users | tail -1` \
+#  &&./auto-uid auto_uidl `head -3 conf-users | tail -1` \
+#  &&./auto-uid auto_uido `head -4 conf-users | tail -1` \
+#  &&./auto-uid auto_uidp `head -5 conf-users | tail -1` \
+#  &&./auto-uid auto_uidq `head -6 conf-users | tail -1` \
+#  &&./auto-uid auto_uidr `head -7 conf-users | tail -1` \
+#  &&./auto-uid auto_uids `head -8 conf-users | tail -1` \
+#  &&./auto-gid auto_gidq `head -1 conf-groups` \
+#  &&./auto-gid auto_gidn `head -2 conf-groups | tail -1` \
+#  ) > auto_uids.c.tmp && mv auto_uids.c.tmp auto_uids.c
 
 auto_uids.o: \
 compile auto_uids.c
diff -ruN qmail-1.03-orig/TARGETS qmail-1.03/TARGETS
--- qmail-1.03-orig/TARGETS 2005-05-04 15:30:03.0 +0200
+++ qmail-1.03/TARGETS  2005-05-04 14:09:07.0 +0200
@@ -154,7 +154,6 @@
 auto-uid
 auto-gid.o
 auto-gid
-auto_uids.c
 auto_uids.o
 qmail-lspawn
 qmail-getpw.o
diff -ruN qmail-1.03-orig/auto_uids.c qmail-1.03/auto_uids.c
--- qmail-1.03-orig/auto_uids.c 1970-01-01 01:00:00.0 +0100
+++ qmail-1.03/auto_uids.c  2005-05-04 14:08:32.0 +0200
@@ -0,0 +1,10 @@
+int auto_uida = 64010;
+int auto_uidd = 64011;
+int auto_uidl = 64015;
+int auto_uido = 0;
+int auto_uidp = 64016;
+int auto_uidq = 64014;
+int auto_uidr = 64013;
+int auto_uids = 64012;
+int auto_gidq = 64010;
+int auto_gidn = 65534;

Bug#255953: kernel-patch-cryptoloop: Does not apply with kernel 2.4.26

[Tomas Hoger]

Hi Juergen!

Can you please take another look at this bug report once again?  Your last
posting is nearly 10 months old and it states new version is ready, there's
only problem with PGP keys.  Can you try to upload new version now, so
it'll have chance to get into Sarge?

If it helps, I can send you patches, which apply cleanly to Debian kernel
source 2.4.26 and 2.4.27.  In both cases, only minor tweak of Makefile was
needed.

Thanks!

th.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#297330: bash3: -/ garbages colored prompt

[Tomas Hoger]

Package: bash3
Version: 3.0-12
Severity: minor

Hi!

I noticed following minor issue with bash3 run in vi-mode with colored PS1
prompt.  When I type -/ (for search in history), cursor jumps few
characters back and starts to overwrite prompt.  Sometimes also part of
previous command is printed.

Example:

orphan:~ $ echo $BASH_VERSION
3.00.16(1)-release
orphan:~ $ /ho $BASH_VERSIO
 ^

Cursor is now on $ sign, as shown by '^'.

My PS1 is defined as follows:

PS1="${debian_chroot:+($debian_chroot)}\[\e[32m\]\h:\[\e[0m\]\w 
\[\e[36m\]$\[\e[0m\] "

If prompt does not use escape chars to make colors, e.g. PS1="\h:\w $ "
problem does not occur.

I tried to install some older versions from snapshot.debian.net and found
out, that -10 works fine also with colored prompt, however -11 is affected.
Also current bash version from sarge (2.05b-24) works fine with same config
files.

It should be possible to reproduce this problem by setting colored PS1 and
setting bash to vi mode.

Regards.

th.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-th
Locale: LANG=sk_SK, LC_CTYPE=sk_SK (charmap=ISO-8859-2)

Versions of packages bash3 depends on:
ii  base-files  3.1.2Debian base system miscellaneous f
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libncurses5 5.4-4Shared libraries for terminal hand
ii  passwd  1:4.0.3-30.9 change and administer password and

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#289006: java-package errors when checking free disk space on system with devfs

[Tomas Hoger]

reopen 289006 !
thanks

Hi Java-Package maintainers!

Bug #289006 is not resolved in 0.19 version.  I've tested on system with
devfs and I got following error:


Checking free diskspace:/usr/bin/make-jpkg: line 34: [: 56%: integer
expression expected
/usr/bin/make-jpkg: line 37: [: 56%: integer expression expected


WARNING: Possibly not enough free disk space in
"/tmp/make-jpkg.UTEMhQ".

You need at least 194 MB, but only 56% MB seems free. Note: You
can specify an alternate directory by setting the environment variable


Fix to this issue is simple, just replace integer comparison on line 34 in
/usr/share/java-package/common.sh with string comparison (since $free can
be e.g. 56%).  So:

if [ "$free" -ne "${free%\%}" ]; then

should be:

if [ "$free" != "${free%\%}" ]; then

HTH

Regards,

Tomas



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]