Bug#931574: nftables: kernel BUG at lib/list_debug.c:53
Control: reassign -1 linux (reassigning to the linux package because it's a kernel bug) On sunday 7 july 2019 21:26:40 CEST, Tim Duesterhus wrote: I performed a test upgrade of a cloud VM running Debian Stretch to buster. After the upgrade the VM does not boot any longer if the `nftables.service` is enabled and the 4.19 kernel is used, because a kernel assertion is violated. The old 4.9 kernel from stretch works fine. Same here. I tried to update a VM with a moderatly complex firewall (and an untainted kernel), and it randomly crashs when loading nftables rules with a similar trace. No problems with 4.9. Fails with 4.19 from backports. [...] It looks like (one of) the two `flow table` lines are at fault, but I am not able to confirm this for sure, because the assertion is not 100% reliably triggered. I can reproduce your crash quite reliably, maybe because I have kernel hardening enabled (page_poison=1 slab_nomerge). Can you try removing the anonymous sets from your configuration ? Replacing "tcp dport { 22 }" with "tcp dport 22" in your example seems to resolve the crash. Unfortunatly, doing the same in my config is almost a full rewrite ... I think it's fixed by this patch: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/plain/releases/4.19.38/netfilter-nf_tables-fix-set-double-free-in-abort-pat.patch https://bugzilla.kernel.org/show_bug.cgi?id=203039 There were some critical bugfixes for nftables in 4.19.38 and 4.19.44, but buster is still using 4.19.37. I tried building a vanilla 4.19.59 and excepting a (harmless ?) warning ("WARNING: CPU: 0 PID: 176 at net/netfilter/nf_tables_api.c:3588 nft_set_destroy+0x45/0x50 [nf_tables]) when the nf_tables_set module is not loaded before using nftables, everything seems to work fine. Kernel team: can we get an update in testing/s-p-u/... before the next point release to confirm it's fixed for good ? nftables is almost unusable with anything but the most simple configuration right now. Thanks.
Bug#932103: RFP: fuidshift -- remap a filesystem tree to shift one set of UID/GID ranges to another
On Tuesday 16 July 2019 23:11:24 Florian Weimer wrote: > * Nicholas D. Steeves: > > Package name: fuidshift > > Version : 3.0 > > Upstream Author : Name > > URL : https://github.com/lxc/lxd/tree/master/fuidshift > > License : Apache 2.0 > > Programming Lang: Go > > Description : remap a filesystem tree to shift one set of UID/GID > > ranges to another ... > How does this compare to (or interact with) newuidmap and newgidmap > from uidmap? They do very different things. Let me try a short description : newuidmap - set the uid mapping of a user namespace (from manpage) fuidshift - shift the uid/gid of files *on disk* fuidshift is basically a recursive chown $(( $(stat -c '%u' "$path") + $uidshift )) "$path" It does not use or configure user namespaces or containers. It's useful for the creation of containers images, for example when the container root filesystem is read-only (squashfs) and the container engine can't change the uids at runtime (see for example systemd-nspawn --private- users=pick / --private-users-chown). So fuidshift may be used to prepare a directory for later use by newuidmap, but that's about it. > There's a push to force uidmap on everyone, with tight integration > into NSS. If there's a competing scheme, it would be helpful to know > about it.
Bug#929067: reopen
Hi, The patch enable-md-clear.patch in the deb9u6 update for stretch is wrong. It defines md-clear to the 26th bit of FEAT_6_EAX instead of the 10th bit of FEAT_7_0_EDX because the offset is wrong in the patch and the first line does not match. Result: the guest does not see the cpu flag: # dmesg | grep -i mds [0.131153] MDS: Vulnerable: Clear CPU buffers attempted, no microcode # grep md_clear /proc/cpuinfo # cat /sys/devices/system/cpu/vulnerabilities/mds Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown Please find a fixed patch attached. With my patch: # dmesg | grep -i mds [0.132439] MDS: Mitigation: Clear CPU buffers # grep md_clear /proc/cpuinfo flags : [...] md_clear # cat /sys/devices/system/cpu/vulnerabilities/mds Mitigation: Clear CPU buffers; SMT Host state unknown A correctly patched target-i386/cpu.c should look like this around line 452: [FEAT_7_0_EDX] = { .feat_names = { NULL, NULL, "avx512-4vnniw", "avx512-4fmaps", NULL, NULL, NULL, NULL, NULL, NULL, "md-clear", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "spec-ctrl", NULL, NULL, NULL, NULL, "ssbd", }, .cpuid_eax = 7, .cpuid_needs_ecx = true, .cpuid_ecx = 0, .cpuid_reg = R_EDX, .tcg_features = TCG_7_0_EDX_FEATURES, }, How to test: With libvirt, you have to patch /usr/share/libvirt/cpu_map.xml to add the feature: Add the feature to the virtual machine xml: ... qemu will now start with the flag (or will not start if the microcode is not patched): qemu-system-x86_64 ... -cpu ...,+md-clear ... Then, check for the presence of the cpu flag and mds status in an up to date virtual machine. Thanks.From: Paolo Bonzini Date: Fri, 1 Mar 2019 21:40:52 +0100 Subject: target/i386: define md-clear bit Bug-Debian: http://bugs.debian.org/929067 md-clear is a new CPUID bit which is set when microcode provides the mechanism to invoke a flush of various exploitable CPU buffers by invoking the VERW instruction. Add the new feature, and pass it down to Hypervisor.framework guests. Signed-off-by: Paolo Bonzini [Backported to qemu 2.8 mjt] CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 --- target-i386/cpu.c | 2 +- target-i386/cpu.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c index de1f30eeda6..bbb4526a043 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -449,7 +449,7 @@ static FeatureWordInfo feature_word_info .feat_names = { NULL, NULL, "avx512-4vnniw", "avx512-4fmaps", NULL, NULL, NULL, NULL, -NULL, NULL, NULL, NULL, +NULL, NULL, "md-clear", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, diff --git a/target-i386/cpu.h b/target-i386/cpu.h index c6057240227..c9c7f60a54d 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h @@ -632,6 +632,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ +#define CPUID_7_0_EDX_MD_CLEAR (1U << 10) /* Microarchitectural Data Clear */ #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ -- 2.11.0
Bug#911259: ruby-httpclient: Please use the system ca-certificates instead of bundling one
Package: ruby-httpclient Version: 2.8.3-1 Severity: normal Dear Maintainer, ruby-httpclient bundles a copy of the root certificate authorities: $ dpkg -L ruby-httpclient | grep pem /usr/lib/ruby/vendor_ruby/httpclient/cacert.pem /usr/lib/ruby/vendor_ruby/httpclient/cacert1024.pem ... Thus, the local CAs configured by the local system administrator (by adding a .crt file in /usr/local/share/ca-certificates/) are ignored, the explicitly untrusted CAs are still valid, etc ... Test (with ca-cacert installed): $ ruby -rhttpclient -e 'p HTTPClient.get("https://www.cacert.org";)' ... /usr/lib/ruby/vendor_ruby/httpclient/ssl_socket.rb:103:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError) Expected: $ curl https://www.cacert.org Please find attached a debdiff to use the system CA bundle instead. Some comments: - the file "cacert1024.pem" is not used by the code: removed - the ca-certificates package is already pulled by rubygems-integration, but a direct dependency may be better Thanks. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ruby-httpclient depends on: ii ruby1:2.5.1 ii ruby-http-cookie1.0.2-1 ii ruby2.1 [ruby-interpreter] 2.1.5-4 ii ruby2.2 [ruby-interpreter] 2.2.4-1 ruby-httpclient recommends no packages. ruby-httpclient suggests no packages. -- no debconf information diff -Nru ruby-httpclient-2.8.3/debian/changelog ruby-httpclient-2.8.3/debian/changelog --- ruby-httpclient-2.8.3/debian/changelog 2017-07-31 16:40:48.0 +0200 +++ ruby-httpclient-2.8.3/debian/changelog 2018-10-17 19:30:30.0 +0200 @@ -1,3 +1,9 @@ +ruby-httpclient (2.8.3-2) UNRELEASED; urgency=medium + + * Unbundle the root CA list, use the one from ca-certificates + + -- Vincent Tondellier Wed, 17 Oct 2018 19:30:30 +0200 + ruby-httpclient (2.8.3-1) unstable; urgency=medium * Team upload diff -Nru ruby-httpclient-2.8.3/debian/ruby-httpclient.links ruby-httpclient-2.8.3/debian/ruby-httpclient.links --- ruby-httpclient-2.8.3/debian/ruby-httpclient.links 1970-01-01 01:00:00.0 +0100 +++ ruby-httpclient-2.8.3/debian/ruby-httpclient.links 2018-10-17 13:32:19.0 +0200 @@ -0,0 +1 @@ +usr/lib/ssl/certs/ca-certificates.crt usr/lib/ruby/vendor_ruby/httpclient/cacert.pem diff -Nru ruby-httpclient-2.8.3/debian/rules ruby-httpclient-2.8.3/debian/rules --- ruby-httpclient-2.8.3/debian/rules 2017-07-31 16:40:48.0 +0200 +++ ruby-httpclient-2.8.3/debian/rules 2018-10-17 13:32:13.0 +0200 @@ -6,3 +6,8 @@ %: dh $@ --buildsystem=ruby --with ruby + +override_dh_auto_install: + dh_auto_install + rm -f debian/ruby-httpclient/usr/lib/ruby/vendor_ruby/httpclient/cacert1024.pem + rm -f debian/ruby-httpclient/usr/lib/ruby/vendor_ruby/httpclient/cacert.pem
Bug#764738: sendfax fails with "ALLO: Command not implemented" with recent perl
Package: libfax-hylafax-client-perl Version: 1.02-2 Severity: important Hello, When using the sendfax function with perl 5.20, an error is returned: "Fax::Hylafax::Client: Communication error: ALLO: Command not implemented." This is due to this change in Net::FTP : https://github.com/steve-m-hay/perl-libnet/commit/0d616e68 It was fixed recently by https://github.com/steve-m-hay/perl-libnet/commit/d3f979bc I tested the patch, and can confirm that the fix works also for Hylafax. perl-modules is the package that needs to be fixed, but libfax-hylafax-client-perl is broken and may also need a Conflicts:, so I am filling the bug on libfax-hylafax-client-perl. Feel free to reassign if needed. Severity important because sendfax is an important functionality of the package. Thanks. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libfax-hylafax-client-perl depends on: ii perl 5.20.1-1 libfax-hylafax-client-perl recommends no packages. libfax-hylafax-client-perl suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#741667: oops in nf_nat_setup_info
Hello, I got the same oops on 3.12, 3.13, and 3.14 (bpo), without fglrx and xtables-addons : http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/52821 But 3.11.10-1~bpo70+1 works for me. It's unrelated to r8169. Can you try this patch : http://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/plain/queue-3.14/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_ext-len.patch or 3.15-rc7 (in experimental) ? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#503152: icemon (in icecc-monitor) displays nothing when compiled with icecc 0.9.0
Package: icecc Version: 0.9.1-1 Severity: normal Tags: patch The problem is in the libicecc.a: the function DiscoverSched::try_get_scheduler always return NULL because connect always returns EINPROGRESS (the socket is non-blocking). With the attached patch, we use a blocking sockect to connect to scheduler. Tested on a 25 nodes cluster with no problems. This bug is present in icecc-monitor=1.1-3 (compiled against icecc 0.9) but was not present in icecc-monitor=1.1-2 (compiled against icecc 0.8). -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (25, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages icecc depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii dpkg 1.14.22Debian package management system ii g++ [c++-compiler]4:4.3.2-2 The GNU C++ compiler ii g++-4.3 [c++-compiler]4.3.2-2~exp1 The GNU C++ compiler ii gcc [c-compiler] 4:4.3.2-2 The GNU C compiler ii gcc-4.3 [c-compiler] 4.3.2-2~exp1 The GNU C compiler ii libc6 2.8+20080809-2 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-2~exp1 GCC support library ii libstdc++64.3.2-2~exp1 The GNU Standard C++ Library v3 ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip icecc recommends no packages. Versions of packages icecc suggests: ii icecc-monitor 1.1-3 icecc monitor for KDE -- debconf information excluded *** 12_fix_nonblocking_sockets_for_icemon.diff --- icecc-0.9.1.orig/services/comm.cpp 2008-05-12 19:57:14.0 +0200 +++ icecc-0.9.1/services/comm.cpp 2008-10-20 15:43:23.0 +0200 @@ -1160,14 +1160,21 @@ if (ask_fd >= 0) { + fcntl(ask_fd, F_SETFL, 0); int status = connect (ask_fd, (struct sockaddr*) &remote_addr, sizeof(remote_addr) ); - if (status == 0 || (status < 0 && errno == EISCONN)) + int connect_errno = errno; + fcntl(ask_fd, F_SETFL, O_NONBLOCK); + if (status == 0 || (status < 0 && connect_errno == EISCONN)) { int fd = ask_fd; ask_fd = -1; return Service::createChannel(fd, (struct sockaddr*) &remote_addr, sizeof(remote_addr)); } + else +{ + log_error() << "connect failed : " << strerror(connect_errno) << endl; +} } return 0; } --- icecc-0.9.1.orig/services/comm.cpp 2008-05-12 19:57:14.0 +0200 +++ icecc-0.9.1/services/comm.cpp 2008-10-20 15:43:23.0 +0200 @@ -1160,14 +1160,21 @@ if (ask_fd >= 0) { + fcntl(ask_fd, F_SETFL, 0); int status = connect (ask_fd, (struct sockaddr*) &remote_addr, sizeof(remote_addr) ); - if (status == 0 || (status < 0 && errno == EISCONN)) + int connect_errno = errno; + fcntl(ask_fd, F_SETFL, O_NONBLOCK); + if (status == 0 || (status < 0 && connect_errno == EISCONN)) { int fd = ask_fd; ask_fd = -1; return Service::createChannel(fd, (struct sockaddr*) &remote_addr, sizeof(remote_addr)); } + else +{ + log_error() << "connect failed : " << strerror(connect_errno) << endl; +} } return 0; }
Bug#459020: [php-maint] Bug#459020: 043-recode_size_t.patch is invalid for recent php versions
Steve Langasek wrote: > On Wed, Feb 06, 2008 at 08:41:22PM +0100, Vincent Tondellier wrote: >> The patch 043-recode_size_t.patch is broken. > >> req_len and str_len should be integers, but are size_t >> (zend_parse_parameters wants pointers to int). This is a problem for 64 >> bits arches since a part of the variables is not initialized >> (sizof(size_t) != sizeof(int)), and recode_buffer_to_buffer is called >> with funny values that makes librecode eat all the system's memory. > > So then, PHP isn't capable of passing values whose length exceeds UINT_MAX? > That's an annoyingly arbitrary limitation. > PHP isn't designed to do large memory allocations ... > But yes, your analysis here looks correct to me. > >> An updated version of the patch witch fixes the problem for me is >> attached to this mail and should be, IMO, applied as a security fix for >> etch. > > I don't see any evidence that this is a security issue, but it should be > applied as a stable release update. > I think this is a security issue since it can cause a Denial Of Service by eating all the server memory. I had the problem on one of my servers (2GB RAM / 3GB swap) and it took at least 10min for oom_killer to kill the process, and in another case the kernel crashed (I didn't change the memory limit settings in /etc/security/limits.conf). And you can trigger the bug remotely by sending a mail like Sebastian Göbel said above. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#459020: 043-recode_size_t.patch is invalid for recent php versions
The patch 043-recode_size_t.patch is broken. req_len and str_len should be integers, but are size_t (zend_parse_parameters wants pointers to int). This is a problem for 64 bits arches since a part of the variables is not initialized (sizof(size_t) != sizeof(int)), and recode_buffer_to_buffer is called with funny values that makes librecode eat all the system's memory. The patch was messed up during the conversion from php4 (r301 of the pkg-kde svn repository). This patch is not needed in testing/unstable and should be removed since the bug for this patch (PHP#41765) was fixed upstream in php 5.2.4, but a fixed version is needed for etch. An updated version of the patch witch fixes the problem for me is attached to this mail and should be, IMO, applied as a security fix for etch. --- php-5.2.0/ext/recode/recode.c.orig 2008-02-06 19:58:51.0 +0100 +++ php-5.2.0/ext/recode/recode.c 2008-02-06 19:59:13.0 +0100 @@ -132,7 +132,7 @@ { RECODE_REQUEST request = NULL; char *r = NULL; - int r_len = 0, r_alen = 0; + size_t r_len = 0, r_alen = 0; int req_len, str_len; char *req, *str;
Bug#443669: fixed with last wxwidgets update
Package: amule Version: 2.1.3-4 I cannot reproduce this bug with wxwidgets 2.6.3.2.2-1. See bug #441766 for more informations. --- System information. --- Architecture: i386 Kernel: Linux 2.6.23-rc8 Debian Release: lenny/sid 990 unstableftp.de.debian.org 550 testing ftp.u-picardie.fr 500 unstablewww.debian-multimedia.org 25 experimentalftp.fr.debian.org --- Package information. --- Depends(Version) | Installed -+-== amule-common (= 2.1.3-4) | 2.1.3-4 libc6 (>= 2.6-1) | 2.6.1-5 libcrypto++6 | 5.5-4 libgcc1 (>= 1:4.2-20070516) | 1:4.3-20070902-1 libstdc++6 (>= 4.2-20070516) | 4.3-20070902-1 libwxbase2.6-0 (>= 2.6.3.2.1.5) | 2.6.3.2.2-1 libwxgtk2.6-0 (>= 2.6.3.2.1.5) | 2.6.3.2.2-1 zlib1g (>= 1:1.2.3.3.dfsg-1) | 1:1.2.3.3.dfsg-6 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#425166: Missing dependency on libyaml-perl
Package: ttf2tex Version: 0.70-8 Severity: important $ ttf2tex-mkpkg Can't locate YAML.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at /usr/bin/ttf2tex-mkpkg line 18. Installing libyaml-perl solves the problem. --- System information. --- Architecture: amd64 Kernel: Linux 2.6.21.1-ck2 Debian Release: lenny/sid 991 unstablewww.debian-multimedia.org 990 unstableftp.fr.debian.org 25 experimentalftp2.fr.debian.org --- Package information. --- Depends (Version) | Installed =-+-=== freetype1-tools | 1.4pre.20050518-0.5 tetex-bin | OR texlive-font-utils| 2007-7 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#398462: libomniorb4c2: problem with float values in 4.0.6, please update to 4.0.7
Package: libomniorb4c2 Version: 4.0.6-2.2 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is a problem with omniorb 4.0.6 and floats. See this message for a testcase and an explanation : http://www.omniorb-support.com/pipermail/omniorb-list/2006-May/027745.html Updating omniorb to 4.0.7 and python-omniorb2 to 2.7 fixes the problem. - -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (25, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.1-ck1 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages libomniorb4c2 depends on: ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-19 GCC support library ii libomnithread3c24.0.6-2.2omniORB4 - CORBA ORB - libomnithre ii libssl0.9.8 0.9.8c-3 SSL shared libraries ii libstdc++6 4.1.1-19 The GNU Standard C++ Library v3 libomniorb4c2 recommends no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFWO1SZmUHKLzaTmIRAhV8AJ9zS8PO7zQtCIfKBNZeFQWRqufNtwCgioeX BR6xk+QpKKTZVkIBE1ilkwM= =vAn4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#398463: python-omniorb2: problem with float values in 2.6, please update to 2.7
Package: python-omniorb2 Version: 2.6-3.1 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is a problem with python-omniorb 2.6 and floats. See this message for a testcase and an explanation : http://www.omniorb-support.com/pipermail/omniorb-list/2006-May/027745.html Updating omniorb to 4.0.7 and python-omniorb2 to 2.7 fixes the problem. - -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (25, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.1-ck1 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages python-omniorb2 depends on: ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-19 GCC support library ii libomniorb4c2 4.0.6-2.2omniORB4 - CORBA ORB - libomniorb4 ii libomnithread3c24.0.6-2.2omniORB4 - CORBA ORB - libomnithre ii libstdc++6 4.1.1-19 The GNU Standard C++ Library v3 ii python 2.4.4-1 An interactive high-level object-o ii python-central 0.5.10 register and build utility for Pyt python-omniorb2 recommends no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFWO36ZmUHKLzaTmIRArOdAJ49hNrAs8RyS7jXqwqzPIOH6TelggCglIY7 F3Rb64Az6hq7x+QtuHYCZxw= =OoVd -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#383532: python-svn: FTBFS when locale != C
Package: python-svn Version: 1.4.2-2 Severity: serious Tags: patch Justification: no longer builds from source -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 When LC_ALL != C and there is a subversion translation available, the build system tries to compare a translated string (here 'exporté') against the english word ('exported') (see Builder/brand_version.py line 28). The attached patch fix the problem. The exact error message is: /usr/bin/python2.3 ../Builder/brand_version.py ../Builder/version.info pysvn_version.hpp.template Info: revision exporté Traceback (most recent call last): File "../Builder/brand_version.py", line 31, in ? revision, modifiers = re.compile( '(\d+)(.*)' ).search( build_revision ).groups() AttributeError: 'NoneType' object has no attribute 'groups' - -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (500, 'stable'), (25, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-beyond2 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages python-svn depends on: ii libapr0 2.0.55-4.1 The Apache Portable Runtime Librar ii libc6 2.3.6-19 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-10 GCC support library ii libstdc++6 4.1.1-10 The GNU Standard C++ Library v3 ii libsvn0 1.3.2-5+b1 Shared libraries used by Subversio ii libuuid11.39-1 universally unique id library ii python 2.4.3-11 An interactive high-level object-o ii python-central 0.5.5register and build utility for Pyt python-svn recommends no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE5NaOZmUHKLzaTmIRAra+AJ9GJ915I3HPpjho+pI7vLluGbFQMQCfU7ub aNTzfy6gD4NY8Tf4gcruRhc= =/8Sy -END PGP SIGNATURE- --- pysvn-1.4.2.orig/debian/rules 2006-08-17 22:37:19.0 +0200 +++ pysvn-1.4.2/debian/rules 2006-08-17 22:37:44.0 +0200 @@ -15,6 +15,7 @@ # This has to be exported to make some magic below work. export DH_OPTIONS +export LC_ALL=C CFLAGS = -Wall -g #-fvisibility=hidden -fvisibility-inlines-hidden
Bug#383525: pysvn contains non-free material in Kit/Win32/vc6redist/
Package: pysvn Severity: serious Justification: Policy 2.2.1 The directory Kit/Win32/vc6redist/ in the tarball contains msvcirt.dll, msvcp60.dll and msvcrt.dll. These files are copyrighted by microsoft and does not meet the DFSG. Please remove them. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (500, 'stable'), (25, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-beyond2 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) signature.asc Description: OpenPGP digital signature
Bug#383518: pysvn contains non-free material in Kit/Win32/vc6redist/
Package: pysvn Severity: serious Justification: Policy 2.2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The directory Kit/Win32/vc6redist/ in the tarball contains msvcirt.dll, msvcp60.dll and msvcrt.dll. These files are copyrighted by microsoft and does not meet the DFSG. Please remove them. - -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (500, 'stable'), (25, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-beyond2 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE5NC9ZmUHKLzaTmIRAu1gAJ49k7Q34TX5PeDF88PnSdFyN6177wCeK/oe HeGZySr/GEIMEIZgVJmhWLY= =Ht/4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#381505: avarice must not link with the shared version of libbfd
Package: avarice Version: 2.4-2 Severity: grave Tags: patch Justification: renders package unusable -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 avarice is linked with the shared version of libbfd, but the binutils-dev says : "Note that building Debian packages which depend on the shared libbfd is Not Allowed." This results in a broken package in current debian unstable : $ avarice avarice: error while loading shared libraries: libbfd-2.16.91.so: cannot open shared object file: No such file or directory A fix for the problem is attached. The check for libbfd is from the Lush project (http://lush.cvs.sourceforge.net/*checkout*/lush/lush/configure.ac) Remember to run autoreconf. I've not reported this bug to upstream. - -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (550, 'testing'), (25, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.7 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages avarice depends on: ii binutils2.17-2 The GNU assembler, linker and bina ii libc6 2.3.6-18 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-10 GCC support library ii libstdc++6 4.1.1-10 The GNU Standard C++ Library v3 ii libusb-0.1-42:0.1.12-2 userspace USB programming library Versions of packages avarice recommends: ii gdb-avr 6.4-1 The GNU Debugger for avr - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE08OKZmUHKLzaTmIRAiz6AJ9YQtvo93TeXnLkBY8zDwJjobirvgCfdqF/ m6iSgK5Qfks9FT8U5bjr9jU= =qEUx -END PGP SIGNATURE- --- avarice-2.4.orig/configure.ac 2006-01-11 19:16:03.0 +0100 +++ avarice-2.4/configure.ac2006-08-04 22:11:54.0 +0200 @@ -64,13 +64,82 @@ fi AC_CHECK_LIB([intl], [dcgettext]) AC_CHECK_LIB([iberty], [xmalloc]) -AC_CHECK_LIB([bfd], [bfd_init], , [ac_found_bfd=no]) -AC_CHECK_LIB([usb], [usb_get_string_simple]) +# bfd + +BFD_YES='' +has_bfd=yes +AC_CHECK_LIB(iberty, xmalloc) +if test $ac_cv_lib_iberty_xmalloc = no; then + AC_CHECK_LIB(mmalloc, mmalloc) + AC_CHECK_LIB(iberty, xcalloc) +fi +AC_CHECK_HEADER(bfd.h,,has_bfd=no) +AC_CHECK_LIB(bfd, bfd_init,,[has_bfd=no]) +AC_SUBST(BFD_YES) + +# Check if it compiles +if test x$has_bfd = xyes ; then +n_LIBS=$LIBS +has_intl= +AC_CHECK_LIB(intl, dcgettext, [has_intl=yes],[has_intl=no]) +i_LIBS=`echo $n_LIBS | sed -e 's/-liberty/& -lintl/'` +sn_LIBS=`echo $n_LIBS | sed -e 's/-lbfd\( -liberty\)*/-Wl,-Bstatic & -Wl,-Bdynamic/'` +si_LIBS=`echo $i_LIBS | sed -e 's/-lbfd\( -liberty\)*/-Wl,-Bstatic & -Wl,-Bdynamic/'` +LIBS=$sn_LIBS +AC_MSG_CHECKING([whether bfd works with -Bstatic]) +AC_TRY_LINK([#include "bfd.h"], +[bfd_openr("junk1","default"); ], + [okay_bfd=yes],[okay_bfd=no]); +AC_MSG_RESULT($okay_bfd) +if test x$okay_bfd = xno ; then + if test x$has_intl = xyes ; then + LIBS=$si_LIBS + AC_MSG_CHECKING([whether bfd works with -Bstatic and -lintl]) + AC_TRY_LINK([#include "bfd.h"], + [bfd_openr("junk1","default"); ], + [okay_bfd=yes],[okay_bfd=no]); + AC_MSG_RESULT($okay_bfd) + fi + if test x$okay_bfd = xno ; then + LIBS=$n_LIBS + AC_MSG_CHECKING([whether bfd works alone]) + AC_TRY_LINK([#include "bfd.h"], + [bfd_openr("junk1","default"); ], + [okay_bfd=yes],[okay_bfd=no]); + AC_MSG_RESULT($okay_bfd) + if test x$okay_bfd = xno ; then + if test x$has_intl = xyes ; then + LIBS=$i_LIBS + AC_MSG_CHECKING([whether bfd works with -lintl]) + AC_TRY_LINK([#include "bfd.h"], + [bfd_openr("junk1","default"); ], + [okay_bfd=yes], + [okay_bfd=no]); + AC_MSG_RESULT($okay_bfd) + fi + if test x$okay_bfd = xno ; then + LIBS=$n_LIBS + fi + fi + fi +fi +if test x$okay_bfd = xno ; then + has_bfd=no +fi +fi -if test "x$ac_found_bfd" = "xno"; then - AC_MSG_ERROR([You need to install libbfd.a from binutils.]) +if test x$has_bfd = xno ; then +AC_MSG_ERROR([Unable to locate BFD development files. +- +We were unable to locate required GNU binutils files. +- Some Linux distributions do not install these by default. + You need to install the 'libbinutils-devel' package. +- On other platforms, get GNU binutils on www.fsf.org. +-]) fi +AC_CHEC