Bug#289560: acknowledged by developer (Bug#289560: fixed in vim 1:6.3-058+1)
* added a new patch (stolen from Ubuntu) which modifies vimspell.sh and tcltags.sh so they use mktemp instead of insecure $$ construction to create temporary files (CAN-2005-0069) (closes: #289560) A few comments and questions regarding this entry: - the scripts seem to be ancient and no longer supported by either their authors nor vim maintainer and have been removed upstream. - I understand that Ubuntu's patch might be simpler, but I actually wrote the patch based on what's done in vim's tcltutor script. There were some reasons I wrote it which have been disregarded (mostly compatibility reasons for things that don't have mktemp/tempfile) (I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125) - no credit is given to me, which I would have appreciated - Ubuntu's patch for tcltags will remove the temporary file *twice* (once on exit, once after the trap is called) as the last line of the script has not been removed (rm $tmp_tagfile) as I did in my patch. Regards Javier signature.asc Description: Digital signature
Bug#287899: Vdr should not be released unless this bug is fixed
On Tue, Jan 18, 2005 at 11:38:55PM +0100, Thomas Schmidt wrote: Well, it seems that there are different opinions in this case - some developers (you for example) say that system users should be removed when the package is purged, some say that it is no problem if the user is not deleted. Yes, you are right, this is not policy (yet). If you believe this is the best decission, no problem. But please note that most of the discussions related to this issue is that a user might live files which then will not belong to anybody. If vdr's handling of files is managed so that the files it creates are located in directories that will be purged it shouldn't be an issue (unless the admin decides to 'su - vdr' and touch files here and there, but we can't cope for all situations). Of course, that probably would mean restricting the GRAB command so that it would only create files in a given directory ;) Regards Javier signature.asc Description: Digital signature
Processed: pseudo-bug opened by the maintainer to hold new package out
Processing commands for [EMAIL PROTECTED]: tags 289595 sid Bug#289595: libofx0c102: library version changed but package name did not There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289646: kbabel: crash with some .po file
El Martes 18 Enero 2005 14:14, Steve Langasek escribió: tags 289646 experimental thanks Matias, I am not able to reproduce this bug using the packages in sarge. Can you please downgrade kdelibs4 on your system to the version in unstable, to confirm whether this bug still exists for you? apt-get kdelibs4/unstable kdelibs-bin/unstable. The problem is still there. Thanks,
Bug#289646: kbabel: crash with some .po file
El Miércoles 19 Enero 2005 01:08, Adeodato Simó escribió: reassign 289646 kdelibs4 tags 289646 - experimental tags 289646 + sid thanks * Matías Costa [Mon, 10 Jan 2005 11:33:09 +0100]: Hi Matías, kbabel crashes (SIGSEGV) with certain entries. This makes imposible to work. You can find a file with this problem at http://webs.ono.com/uucp/knewsticker_crash.po Open the file, go to entry 98 (Crtl+g). Try to save or move to other entry. After some investigations, it seems that the crash is libkspell related. Can you tell us your settings under KControl - KDE Components - Spell checker? And to confirm that is really that: what happens if you chmod -x /usr/bin/[ai]spell? Nothing, the problems is still there. The same with ispell or aspell, with utf-8 or iso-1889-15. But you are right, without automatic spell check kbabel does not crash. * Steve Langasek [Tue, 18 Jan 2005 05:14:14 -0800]: I am not able to reproduce this bug using the packages in sarge. Can you please downgrade kdelibs4 on your system to the version in unstable, to confirm whether this bug still exists for you? Seems to me that the version of kdelibs4 in sarge is not affected. The bogus version has hit unstable, though. Reassigning and tagging accordingly. Thanks.
Bug#291179: [CAN-2005-0064] iDEFENSE Security Advisory 01.18.05 (xpdf)
Package: tetex-bin Version: 2.0.2-26 Severity: grave Tags: security patch Hi, seems to be another overflow in the xpdf library. http://www.securityfocus.com/archive/1/387583 patch available at the vendor site: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch Yet I didn't have the time, if woody is affected too. Regards, Hilmar -- sigmentation fault pgpB5bydljByB.pgp Description: PGP signature
Bug#289560: acknowledged by developer (Bug#289560: fixed in vim 1:6.3-058+1)
Hi Javier! Javier Fernández-Sanguino Peña [2005-01-19 9:08 +0100]: * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and tcltags.sh so they use mktemp instead of insecure $$ construction to create temporary files (CAN-2005-0069) (closes: #289560) A few comments and questions regarding this entry: - the scripts seem to be ancient and no longer supported by either their authors nor vim maintainer and have been removed upstream. Maybe, but still we ship them in our stable release, so we must fix it. - I understand that Ubuntu's patch might be simpler, but I actually wrote the patch based on what's done in vim's tcltutor script. There were some reasons I wrote it which have been disregarded (mostly compatibility reasons for things that don't have mktemp/tempfile) (I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125) I read your patch, but I deliberately wrote my own very simple version, because: - I wanted to avoid the tempfile race in any case, so if mktemp is not available, the script should rather fail than be vulnerable. mktemp is shipped in a required package, so we can assume it is there. - A security update must be as simple and unintrusive as possible. I do not care about the widest possible upstream portability in security updates, the solution only needs to work on the platforms we support. - no credit is given to me, which I would have appreciated I credited you in the announcement [1] since you found the bug. However, since I did not take your patch, but wrote my own, I did not credit you for the patch (so if it's broken, it is seen as my fault and not yours :-) ). [1] http://www.ubuntulinux.org/support/documentation/usn/usn-61-1 - Ubuntu's patch for tcltags will remove the temporary file *twice* (once on exit, once after the trap is called) as the last line of the script has not been removed (rm $tmp_tagfile) as I did in my patch. Right, thanks for that hint. It would be nice to fix that in Sid and our development release. Have a nice day! Martin -- Martin Pitt http://www.piware.de Ubuntu Developerhttp://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org signature.asc Description: Digital signature
Bug#291183: CAN-2004-1378: Denial of service in jabberd
Package: jabber Version: 1.4.3-3 Severity: grave Tags: security sid sarge I can only guess that our version is vulnerable as well. If not, please close this bug report. If you've included a fixe, please add the CVE id to the proper changelog item. == Candidate: CAN-2004-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1378 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050119 Category: SF Reference: BUGTRAQ:20040920 Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraqm=109583829122679w=2 Reference: MLIST:20040919 [jabberd] Jabberd 1.4 critical bug Reference: URL:http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html Reference: CONFIRM:http://devel.amessage.info/jabberd14/ Reference: CONFIRM:http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html Reference: GENTOO:GLSA-200409-31 Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml Reference: BID:11231 Reference: URL:http://www.securityfocus.com/bid/11231 Reference: XF:jabberd-xml-dos(17466) Reference: URL:http://xforce.iss.net/xforce/xfdb/17466 The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connnections. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291011: arggg fix the real problem.
Jamie Heilman [2005-01-18 10:42 -0800]: Changes: sysfsutils (1.2.0-2) unstable; urgency=low . * sysfsutils.init: Use shell bash instead of sh. (closes: #291011) Please do not use bash, just fix the real problem, I offered a patch in #291022 which does this (and more). What is the _real_ problem? Using awk is a problem because it might not be available at the time the init script runs (there is a reason that init script can only use programs in /bin, not in /usr/bin). Additional bugs in the current script: Your replacement of '.' to '/' isn't a good idea because there are paths in sysfs which can contain '.' -- my patch accounted for that as well. Hmm, right. I think I should just drop support for separating the path components with a dot (I wanted to make that similar to the procps init script, but that does not have this problem). You defined a configuration file variable, and then didn't use it, my patch took care of that too. Sorry, will be fixed. Thanks! Martin -- Martin Pitt http://www.piware.de Ubuntu Developerhttp://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org signature.asc Description: Digital signature
Processed: Re: Can't load/install gnucash into unstable
Processing commands for [EMAIL PROTECTED]: tags 291153 + sid Bug#291153: Can't load/install gnucash into unstable There were no tags set. Tags added: sid stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291011: arggg fix the real problem.
Martin Pitt wrote: Jamie Heilman [2005-01-18 10:42 -0800]: Changes: sysfsutils (1.2.0-2) unstable; urgency=low . * sysfsutils.init: Use shell bash instead of sh. (closes: #291011) Please do not use bash, just fix the real problem, I offered a patch in #291022 which does this (and more). What is the _real_ problem? The 'real problem' I was referring to was the use bash substitution syntax when it wasn't necessary... Using awk is a problem because it might not be available at the time the init script runs (there is a reason that init script can only use programs in /bin, not in /usr/bin). Well, for some init scripts sure, however: [98]stink-foot/etc/rcS.d/ls *sysfsutils ls: *sysfsutils: No such file or directory Seeing as you didn't have a link in rcS.d I didn't figure you cared about what was or wasn't mounted yet. (ISTR your bash substitution syntax also didn't trim leading whitespace from the component value, which may or may not be important, mine doesn't trim leading whitespace from the key, or trailing from the value, though thats easy to fix with gsub; I haven't check to see if its a real problem though.) -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know music if it came up and bit them on the ass. -Frank Zappa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291153: Can't load/install gnucash into unstable
tags 291153 + sid stop On 19.01.05 Russell Sutherland ([EMAIL PROTECTED]) wrote: I can't install the gnucash package onto an updated unstable system. The error message is as follows: # apt-get install gnucash Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: gnucash: Depends: gnucash-common (= 1.8.9-4) but it is not going to be installed E: Broken packages Hmm, lets see: gnucash-common in unstable has been built is architecture all and seems to have been uploaded recently. This is version 1.8.10-2. Unfortunately gnucash itself in that version has not been built for i386, due to another package not yet available. As that bug does not affect sarge I'm tagging it sid. H., hoping that was correct. -- sigmentation fault -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289560: acknowledged by developer (Bug#289560: fixed in vim 1:6.3-058+1)
On Wed, Jan 19, 2005 at 10:24:20AM +0100, Martin Pitt wrote:
I read your patch, but I deliberately wrote my own very simple
version, because:
Martin, just to get things straight, my comments are not directed
towards you, but towards the vim maintainer.
- I wanted to avoid the tempfile race in any case, so if mktemp is not
available, the script should rather fail than be vulnerable. mktemp
is shipped in a required package, so we can assume it is there.
It would be best if instead of
tmp_tagfile=`mktemp -t tcltagXX` || exit 1
you had used
tmp_tagfile=`mktemp -t tcltagXX` || { echo $0: error creating the
temporary file 2; exit 1 ;}
IMHO
- A security update must be as simple and unintrusive as possible. I
do not care about the widest possible upstream portability in
security updates, the solution only needs to work on the platforms
we support.
Well, in the Debian case (not Ubuntu's) the patch was not intented to be
used as a DSA (since even if the code is in stable, it's in
/usr/share/doc). I wasn't complaining about the Ubuntu update, but about
the use of Ubuntu's patch in Debian when mine could be used instead for the
sid upload (and would've been more consistent with upstream source)
- no credit is given to me, which I would have appreciated
I credited you in the announcement [1] since you found the bug.
I was mentioning Debian's changelog, not Ubuntu's advisory.
Actually, all my statements are with how this bug has been handled by the
Debian maintainer, which takes no action until an Ubuntu advisory is
released.
In any case, no use in arguing this when there is so many things to work on
(and so many similar security bugs to report)
Regards
Javier
signature.asc
Description: Digital signature
Bug#289976: [exposed@lss.hr: Apache mod_auth_radius remote integer overflow]
Martin Schulze wrote:
--- mod_auth_radius.c~2003-03-24 20:16:15.0 +0100
+++ mod_auth_radius.c 2005-01-13 13:01:42.0 +0100
@@ -971,8 +971,11 @@ find_attribute(radius_packet_t *packet,
}
return attr;
}
-#define radcpy(STRING, ATTR) {memcpy(STRING, ATTR-data, ATTR-length - 2); \
- (STRING)[ATTR-length - 2] = 0;}
+#define radcpy(STRING, ATTR) do { \
+ unsigned char len = ATTR-length; \
+ if (len = 2) len-=2; \
+ memcpy(STRING, ATTR-data, len); \
+ (STRING)[len] = 0;} until (0)
^
Make that while and it'll work. Too much pascal reminiscense in
my head or something...
I'm so sorry about the confusion I have created.
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#242068: Explanation
Michael Banck: The package builds fine like that, it's just the additional kernel modules which need to be built by a different script, AIUI Steve Langasek: well, here's the thing. the source package does build if you run the normal debian/rules commands; but those binary packages that are built do *not* include the kernel-specific modules packages. So you have to go through an additional step to build the per-kernel module packages, which are not listed in debian/control but are present in the archive. me: We cannot support this security-wise. Apart from that the package apparently fails to build from source (FTBFS) if make -f debian/rules build sudo make -f debian/rules binary doesn't produce all required binary packages that should end up in the archive. This is surely release-critical. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#242068: makes linux-wlang-ng unusable on powerpc ...
Sven Luther wrote: severity 242068 grave thanks Maybe this explanation should be added here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286305msg=7 Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289976: marked as done ([exposed@lss.hr: Apache mod_auth_radius remote integer overflow])
Your message dated Wed, 19 Jan 2005 07:17:16 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#289976: fixed in libapache-mod-auth-radius 1.5.7-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
Received: (at submit) by bugs.debian.org; 12 Jan 2005 07:07:18 +
From [EMAIL PROTECTED] Tue Jan 11 23:07:18 2005
Return-path: [EMAIL PROTECTED]
Received: from luonnotar.infodrom.org [195.124.48.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cocb8-pE-00; Tue, 11 Jan 2005 23:07:18 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id 03317366B74; Wed, 12 Jan 2005 08:07:20 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id [EMAIL PROTECTED]
for [EMAIL PROTECTED]; Wed, 12 Jan 2005 08:02:58 +0100 (CET)
Date: Wed, 12 Jan 2005 08:02:57 +0100
From: Martin Schulze [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Apache mod_auth_radius remote integer overflow]
Message-ID: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: libapache-mod-auth-radius
Version: 1.5.7-5
Severity: grave
Tags: woody sid security
I haven't checked if this problem exists in the Debian package. Please check.
If the Debian package is fixed, too old or too new, please close this bug
report.
Regards,
Joey
- Forwarded message from LSS Security [EMAIL PROTECTED] -
Date: Tue, 11 Jan 2005 12:45:50 +0100
From: LSS Security [EMAIL PROTECTED]
To: bugtraq@securityfocus.com
Subject: Apache mod_auth_radius remote integer overflow
LSS Security Advisory #LSS-2005-01-02
http://security.lss.hr
---
Title : Apache mod_auth_radius remote integer overflow
Advisory ID : LSS-2005-01-02
Date: 2005-01-10
Advisory URL: :
http://security.lss.hr/en/index.php?page=detailsID=LSS-2005-01-02
Impact : Denial of service attack
Risk level : Low
Vulnerability type : Remote
Vendors contacted : 10.12.2004
---
===[ Overview
Mod_auth_radius is RADIUS authentication module for Apache. It allows
any Apache web-server to become a RADIUS client for authentication,
authorization and accounting requests. You will, however, need to supply
your own RADIUS server to perform the actual authentication.
Mod_auth_radius can be downloaded from
http://www.freeradius.org/mod_auth_radius/.
===[ Vulnerability
When mod_auth_radius authenticate user against remote RADIUS server,
it will send RADIUS packet with RADIUS_ACCESS_REQUEST code. Server
can responde with RADIUS packet with RADIUS_ACCESS_CHALLENGE code.
When mod_auth_radius gets RADIUS_ACCESS_CHALLENGE, with attribute
code set to RADIUS_STATE, and another attribute code in same packet set
to RADIUS_REPLY_MESSAGE, RADIUS server reply will be copied in local
buffer with function radcpy(). Size of the data that will be copied in
local buffer is taken from 'length' value of packet attribute received
from RADIUS server.
mod_auth_radius.c:
#define radcpy(STRING, ATTR) {memcpy(STRING, ATTR-data, ATTR-length - 2);\
(STRING)[ATTR-length - 2] = 0;}
Before the data is copied with memcpy() RADIUS attribute length is
subtracted by two. If attribute length is 1, after subtract it will be -1,
and memcpy will lead to segfault.
If an attacker can sniff RADIUS request packets (that is vulnerability by
itself), he can spoof RADIUS server replies with attribute length 1 that
will segfault mod_auth_radius.
===[ Affected versions
All mod_auth_radius versions. Tested on 1.5.4 (1.5.7).
===[ Fix
Not available yet.
===[ PoC Exploit
Proof of concept code can be downloaded at http://security.lss.hr/en/PoC
===[ Credits
Credits for this vulnerability goes to Leon Juranic.
===[ LSS Security Contact
LSS Security Team, eXposed by LSS
WWW: http://security.lss.hr
E-mail : [EMAIL PROTECTED]
Tel
Bug#290638: sylpheed-claws-gtk2: Freeze with new Gtk 2.6 libraries
Le Sat, 15 Jan 2005 12:10:51 -0500 Justin Pryzby [EMAIL PROTECTED] a écrit : On Sat, Jan 15, 2005 at 04:41:12PM +0100, Sébastien Lardière wrote: Package: sylpheed-claws-gtk2 Version: 0.9.12cvs187.1-1 Severity: grave Tags: experimental Justification: renders package unusable This packages freeze with the new Gtk 2.6.1 libraries. When does it freeze, when starting the program? Ok, i just remove the trayicon plugin from the config, and it works. This bug is already here : http://www.thewildbeast.co.uk/sylpheed-claws/bugzilla/show_bug.cgi?id= 668 -- Sébastien
Processed: affected version only in sid
Processing commands for [EMAIL PROTECTED]: tags 291143 sid Bug#291143: openswan: FTBFS: Missing build dependency. There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: affected version only in sid
Processing commands for [EMAIL PROTECTED]: tags 291132 sid Bug#291132: perdition: FTBFS: Using non PIC code in shared lib. There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291209: csmash window black !
Package: csmash Version: 0.6.6-5 Severity: grave Justification: renders package unusable since update 0.6.6-5 the playing window is totally black ! otherwise the game seems to be running ok :-) this holds with or without fullscreen and on both of my machines (a desktop PC with linux 2.6.7 and a laptop with 2.4.27) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.7-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages csmash depends on: ii csmash-data 0.6.6-5 data files for the CannonSmash gam ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-6GCC support library ii libglib2.0- 2.4.8-1 The GLib library of C routines ii libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libpango1.0 1.6.0-3 Layout and rendering of internatio ii libsdl-imag 1.2.3-6 image loading library for Simple D ii libsdl-mixe 1.2.5-9 mixer library for Simple DirectMed ii libsdl1.2de 1.2.7+1.2.8cvs20041007-3.0.1 Simple DirectMedia Layer ii libstdc++5 1:3.3.5-5The GNU Standard C++ Library v3 ii libx11-64.3.0.dfsg.1-10 X Window System protocol client li ii libxext64.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxi6 4.3.0.dfsg.1-10 X Window System Input extension li ii libxmu6 4.3.0.dfsg.1-10 X Window System miscellaneous util ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics ii xlibmesa-gl 4.3.0.dfsg.1-10 Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289732: Bug#218530: Conditional command execution
* Thomas Hood
| What is the best way to run a command if and only if it is on the PATH?
findcommand() {
while [ $# -ge 1 ]; do
P=$PATH
while [ $P ]; do
D=${P%%:*}
P=${P#*:}
if [ $D = $P ]; then
P=
fi
if [ -z $D ]; then
D=.
fi
if [ -x $D/$1 ]; then
echo $D/$1
return
fi
done
shift
done
}
should do what command -v does. (Actually, it does a bit more, as it
can do stuff like:
: [EMAIL PROTECTED] ~ findcommand foo bar baz xterm
/usr/X11R6/bin/xterm
(which is _very_ useful for me when I'm doing something approaching
per-user cross-host alternatives (similar to what update-alternatives
provides).)
--
Tollef Fog Heen,''`.
UNIX is user friendly, it's just picky about who its friends are : :' :
`. `'
`-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291209: csmash window black !
Processing commands for [EMAIL PROTECTED]: tag 291209 confirmed Bug#291209: csmash window black ! There were no tags set. Tags added: confirmed thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 290638
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 tags 290638 fixed-upstream Bug#290638: sylpheed-claws-gtk2: Freeze with new Gtk 2.6 libraries Tags were: experimental Tags added: fixed-upstream End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291209: csmash window black !
tag 291209 confirmed thanks On my laptop, the window is not black, but mostly white. The top of the window looks distorted. Sound seems to be okay. Justin On Wed, Jan 19, 2005 at 01:54:16PM +0100, vu-ngoc.san wrote: Package: csmash Version: 0.6.6-5 Severity: grave Justification: renders package unusable since update 0.6.6-5 the playing window is totally black ! otherwise the game seems to be running ok :-) this holds with or without fullscreen and on both of my machines (a desktop PC with linux 2.6.7 and a laptop with 2.4.27) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.7-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages csmash depends on: ii csmash-data 0.6.6-5 data files for the CannonSmash gam ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-6GCC support library ii libglib2.0- 2.4.8-1 The GLib library of C routines ii libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libpango1.0 1.6.0-3 Layout and rendering of internatio ii libsdl-imag 1.2.3-6 image loading library for Simple D ii libsdl-mixe 1.2.5-9 mixer library for Simple DirectMed ii libsdl1.2de 1.2.7+1.2.8cvs20041007-3.0.1 Simple DirectMedia Layer ii libstdc++5 1:3.3.5-5The GNU Standard C++ Library v3 ii libx11-64.3.0.dfsg.1-10 X Window System protocol client li ii libxext64.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxi6 4.3.0.dfsg.1-10 X Window System Input extension li ii libxmu6 4.3.0.dfsg.1-10 X Window System miscellaneous util ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics ii xlibmesa-gl 4.3.0.dfsg.1-10 Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin aptitude install task-iraf saods9 eclipse sextractor x11iraf wcstools http://www.justinpryzby.com/debian/ References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290638: sylpheed-claws-gtk2: Freeze with new Gtk 2.6 libraries
Hi, I just fixed this bug, it's in 1.0.0cvs2.2. The culprit was trayicon, so just updating this package should fix it. See bugzilla for more info. -- Colin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290855: marked as done (Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #2)
Your message dated Wed, 19 Jan 2005 09:32:44 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#290855: fixed in postfix 2.1.5-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 17 Jan 2005 09:02:46 + From [EMAIL PROTECTED] Mon Jan 17 01:02:46 2005 Return-path: [EMAIL PROTECTED] Received: from antispam2.actionweb.fr [62.210.166.5] (Debian-exim) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CqSmb-000229-00; Mon, 17 Jan 2005 01:02:46 -0800 Received: from aweb-dev.actionweb.fr ([82.67.159.142]:49328 helo=[192.168.61.101]) by antispam2.actionweb.fr with esmtp (Exim 4.34 #1 (EximConfig 2.0)) id 1CqSmW-00030B-QT for [EMAIL PROTECTED]; Mon, 17 Jan 2005 10:02:42 +0100 User-Agent: Microsoft-Entourage/11.1.0.040913 Date: Mon, 17 Jan 2005 10:02:25 +0100 Subject: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #2 From: Stephane Leclerc [EMAIL PROTECTED] To: Bug Debian [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Mime-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-EximConfig: v2.0 on antispam2.actionweb.fr (http://www.jcdigita.com/eximconfig) X-SA-Exim-Connect-IP: 82.67.159.142 X-SA-Exim-Mail-From: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: postfix Version: 2.1.4-5 Severity: grave Justification: renders package unusable On a uptodate Sarge box, the upgrade failed like this. Seems NOT to be the same problem as described in bug #290826 tex-mail:/etc# apt-get upgrade Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 3 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Do you want to continue? [Y/n] Setting up postfix (2.1.5-4) ... dpkg: error processing postfix (--configure): subprocess post-installation script returned error exit status 2 dpkg: dependency problems prevent configuration of postfix-pcre: postfix-pcre depends on postfix; however: Package postfix is not configured yet. postfix-pcre depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-pcre (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of postfix-tls: postfix-tls depends on postfix; however: Package postfix is not configured yet. postfix-tls depends on postfix (= 2.1.5-4); however: Package postfix is not configured yet. dpkg: error processing postfix-tls (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: postfix postfix-pcre postfix-tls E: Sub-process /usr/bin/dpkg returned an error code (1) The problem seeems to be on this line: tex-mail:/home/sleclerc# dpkg-divert --package postfix --remove --rename --divert /usr/share/man/man8/smtpd.real.8.gz /usr/share/man/man8/smtpd.8.gz Removing `diversion of /usr/share/man/man8/smtpd.8.gz to /usr/share/man/man8/smtpd.real.8.gz by postfix' dpkg-divert: rename involves overwriting `/usr/share/man/man8/smtpd.8.gz' with different file `/usr/share/man/man8/smtpd.real.8.gz', not allowed Directory have: tex-mail:/home/sleclerc# ll /usr/share/man/man8/smtpd* -rw-r--r-- 1 root root 7460 2004-09-06 03:41 /usr/share/man/man8/smtpd.8.gz -rw-r--r-- 1 root root 7467 2005-01-04 21:05 /usr/share/man/man8/smtpd.8postfix.gz -rw-r--r-- 1 root root 1650 1999-07-19 20:53 /usr/share/man/man8/smtpd.real.8.gz -rw-r--r-- 1 root root 401 2004-08-31 19:44 /usr/share/man/man8/smtpd-setup-chroot.8.gz I solved installation, manualy removing /usr/share/man/man8/smtpd.real.8.gz. Stef... ... . Linux - Debian - php4 - JAVA/Tomcat - MySQL - Infogerance . . email: [EMAIL PROTECTED] - http://www.actionweb.fr/ . . Tel: (0)141 906 100-Fax: (0)141 906 101. ... --- Received: (at 290855-close) by bugs.debian.org; 19 Jan 2005 14:35:37 + From [EMAIL PROTECTED] Wed Jan 19 06:35:36 2005 Return-path:
Bug#291233: mozilla-firefox: does not start (seg fault)
Package: mozilla-firefox
Version: 1.0+dfsg.1-2
Severity: grave
Justification: renders package unusable
Just seg faults when I try to start it.
[EMAIL PROTECTED]:~$ firefox -V
FIREFOX_DSP=
APPLICATION_ID=firefox
CMDLINE_DISPLAY=
DISPLAY=:0.0
REMOTE=0
TRY_USE_EXIST=0
OPTIONS=
DEBUG=0
DEBUGGER=
Running: /usr/lib/mozilla-firefox/firefox-bin -a firefox -remote
'ping()'
/usr/bin/firefox: line 352: 8096 Violación de segmento
DISPLAY=${CMDLINE_DISPLAY} ${MOZ_PROGRAM} -remote 'ping()' /dev/null
21
PING_STATUS=139
Running: /usr/lib/mozilla-firefox/firefox-bin -a firefox
Violación de segmento
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=es_CL, LC_CTYPE=es_CL (charmap=ISO-8859-1) (ignored: LC_ALL set to
es_CL)
Versions of packages mozilla-firefox depends on:
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii fontconfig 2.2.3-4 generic font configuration library
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii libfontconfig1 2.2.3-4 generic font configuration library
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-6 GCC support library
ii libglib2.0-0 2.4.8-1 The GLib library of C routines
ii libgtk2.0-0 2.4.14-2The GTK+ graphical user interface
ii libidl0 0.8.3-1 library for parsing CORBA IDL file
ii libjpeg626b-9The Independent JPEG Group's JPEG
ii libkrb53 1.3.6-1 MIT Kerberos runtime libraries
ii libpango1.0-01.6.0-3 Layout and rendering of internatio
ii libpng12-0 1.2.8rel-1 PNG library - runtime
ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxp6 4.3.0.dfsg.1-10 X Window System printing extension
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii psmisc 21.5-1 Utilities that use the proc filesy
ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-3 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290339: supercollider: [m68k s390 mips sparc arm] FTBFS
In version 040926-3 i added a run test in debian/rules to ensure the package build was failing when built on 64bits architectures. It appears it fails running on many other architectures. I already asked for removal (#276212) on 64bits architectures and will soon do so on all the missing ones. It would be nice if someone could try to investigate on one of [m68k s390 mips sparc arm]. cheers, piem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#278471: [debian-openldap] Bug#278471: ldap-utils: Assertion `lc-lconn_sasl_ctx == ((void *)0)' failed
* Pietro Abate ([EMAIL PROTECTED]) wrote: I'm using ldap together with kerberos (that works ok). After installing the following packages libnss-ldap libdb3-util libsasl7 I get Something about that doesn't add up- why are you installing libsasl7? Everything should be using libsasl2. Can you please do: ldd /usr/bin/ldapsearch and send us the results? Thanks, Stephen signature.asc Description: Digital signature
Bug#291269: pmount: FTBFS: Block device required.
Package: pmount Version: 0.0.4 Severity: serious Hi, Your package is failing to build with the following error: mke2fs 1.36-rc2 (11-Jan-2005) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 128 inodes, 1024 blocks 51 blocks (4.98%) reserved for the super user First data block=1 1 block group 8192 blocks per group, 8192 fragments per group 128 inodes per group Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 22 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. pmount failed: Block device required make: *** [build-stamp] Error 255 kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291268: gengameng: FTBFS: Missing build dependency?
Package: gengameng Version: 4.1-5 Severity: serious Hi, Your package is failing to build with the following error: /bin/sh ../../libtool --mode=link c++ -g -O2 -o libgengameng.la -rpath /usr/lib -version-info 4:1:0 -no-undefined GameEngine.lo PixmapArray.lo PixmapLoadError.lo Sprite.lo Gengameng_LoadCompiledXPM.lo -L/usr/lib -lSDL -lpthread mkdir .libs grep: /usr/lib/libartsc.la: No such file or directory /bin/sed: can't read /usr/lib/libartsc.la: No such file or directory libtool: link: `/usr/lib/libartsc.la' is not a valid libtool archive make[3]: *** [libgengameng.la] Error 1 This looks like a missing build dependency. It seems to be missing atleast libartsc0-dev and libesd0-dev. Then it also fails with the following error: c++ -g -O2 -o .libs/lines lines.o -L/usr/src/gengameng-4.1/src/gengameng /usr/src/gengameng-4.1/src/gengameng/.libs/libgengameng.so -L/usr/lib -L/usr/X11R6/lib -L/usr/share/qt3/lib /usr/lib/libartsc.so /usr/lib/libgmodule-2.0.so /usr/lib/libgthread-2.0.so /usr/lib/libglib-2.0.so /usr/lib/libesd.so /usr/lib/libaudiofile.so -laudio -lXt -lXext -lvga /usr/lib/libaa.so -lncurses -lslang -lX11 /usr/lib/libasound.so -lm -ldl /usr/lib/libSDL_image.so /usr/lib/libtiff.so /usr/lib/libjpeg.so -lpng -lz /usr/lib/libSDL.so -lpthread /usr/bin/ld: cannot find -lXt You don't even seem to have any dependencies on any X package, which is rather strange for a package that says it's a library for X11. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291254: Doesn't work with the latest kernel-source-2.6.8
Package: kernel-patch-2.6.8-hppa Version: 2.6.8-4 Severity: serious It seems that kernel-patch-2.6.8-hppa doesn't work with kernel-source-2.6.8 (ie version 2.6.8-12), so it is simply unuseable: START applying hppa_2_6_8 patch (hppa architecture) Testing whether hppa architecture patch for 2.6.8 applies (dry run): 1 out of 1 hunk FAILED -- saving rejects to file drivers/serial/8250.c.rej hppa architecture patch for 2.6.8 does not apply cleanly Patch /usr/src/kernel-patches/hppa/apply/hppa_2_6_8 failed. Seems to be due to the following change in kernel-source-2.6.8 version 2.6-8-9: * Adding drivers-serial-8250-ioremap-fix.dpatch: a patch from Alex Williamson that prevents setserial from crashing the kernel. See: http://marc.theaimsgroup.com/?l=linux-kernelm=109913237604338w=2 (Dann Frazier) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: hppa (parisc) Kernel: Linux 2.6.8-1-32 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages kernel-patch-2.6.8-hppa depends on: ii bash 2.05b-24 The GNU Bourne Again SHell ii grep-dctrl2.1.8 Grep Debian package information ii patch 2.5.9-2Apply a diff file to an original -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291252: specimen: Uninstallable on sid - library dependency does not exist.
Package: specimen Version: 0.4.3-1 Severity: grave Justification: renders package unusable specimen is in sid with an apparent dependency on libphat0, which does not exist. # apt-get -t unstable install specimen Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: specimen: Depends: libphat0 but it is not installable E: Broken packages # -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26.040705a Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages specimen depends on: ii ladcca2 0.4.0-4 LADCCA shared library files ii libart-2.0-22.3.16-6 Library of functions for 2D graphi ii libasound2 1.0.7-4 ALSA library ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libglib2.0-02.4.8-1 The GLib library of C routines ii libgnomecanvas2-0 2.8.0-1 A powerful object-oriented display ii libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface ii libjack0.80.0-0 0.99.0-2 JACK Audio Connection Kit (librari ii libpango1.0-0 1.6.0-3 Layout and rendering of internatio ii libsamplerate0 0.1.1-2 audio rate conversion library ii libsndfile1 1.0.10-2 Library for reading/writing audio ii libuuid11.35-6 Universally unique id library ii libxml2 2.6.11-5 GNOME XML library ii zlib1g 1:1.2.2-3compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291251: CAN-2005-0064: Arbitrary code execution in kpdf
Package: kpdf
Severity: grave
Tags: security sarge sid
This problem also affects kpdf:
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack
Overflow
Reference:
URL:http://www.idefense.com/application/poi/display?id=186type=vulnerabilities
Reference: CONFIRM:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute arbitrary
code via a PDF file with a large /Encrypt /Length keyLength value.
You'll find the patch in the source of xpdf 3.00-12 which I'm attaching.
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
diff -u xpdf-3.00/debian/changelog xpdf-3.00/debian/changelog
--- xpdf-3.00/debian/changelog
+++ xpdf-3.00/debian/changelog
@@ -1,3 +1,12 @@
+xpdf (3.00-12) unstable; urgency=high
+
+ * SECURITY UPDATE: Fixed buffer overflow that could overwrite the stack
+and hence cause the execution of arbitrary code as reported by
+iDEFENSE (xpdf/Decrypt.cc)
+ * References: CAN-2005-0064
+
+ -- Hamish Moffatt [EMAIL PROTECTED] Wed, 19 Jan 2005 23:48:56 +1100
+
xpdf (3.00-11) unstable; urgency=high
* SECURITY UPDATE: fix potential buffer overflow
only in patch2:
--- xpdf-3.00.orig/xpdf/Decrypt.cc
+++ xpdf-3.00/xpdf/Decrypt.cc
@@ -73,6 +73,11 @@
Guchar fx, fy;
int len, i, j;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+return gFalse;
+ }
+
// try using the supplied owner password to generate the user password
*ownerPasswordOk = gFalse;
if (ownerPassword) {
@@ -98,7 +103,7 @@
} else {
memcpy(test2, ownerKey-getCString(), 32);
for (i = 19; i = 0; --i) {
- for (j = 0; j keyLength; ++j) {
+ for (j = 0; j keyLength j 16; ++j) {
tmpKey[j] = test[j] ^ i;
}
rc4InitKey(tmpKey, keyLength, fState);
@@ -135,6 +140,11 @@
int len, i, j;
GBool ok;
+ // check whether we have non-zero keyLength
+ if ( !keyLength ) {
+return gFalse;
+ }
+
// generate file key
buf = (Guchar *)gmalloc(68 + fileID-getLength());
if (userPassword) {
@@ -172,7 +182,7 @@
} else if (encRevision == 3) {
memcpy(test, userKey-getCString(), 32);
for (i = 19; i = 0; --i) {
- for (j = 0; j keyLength; ++j) {
+ for (j = 0; j keyLength j 16; ++j) {
tmpKey[j] = fileKey[j] ^ i;
}
rc4InitKey(tmpKey, keyLength, fState);
Bug#291259: xfonts-artwiz: FTBFS: Missing build dependency.
Package: xfonts-artwiz
Version: 1:1.3-1
Severity: serious
Hi,
Your package if failing to build with the following error:
cd /usr/src/xfonts-artwiz-1.3/upstream tar -xvjf
artwiz_src.tar.bz2 cd artwiz \
for font in *.bdf; do \
bdftopcf ${font} | \
gzip
/usr/src/xfonts-artwiz-1.3/debian/xfonts-artwiz/usr/X11R6/lib/X11/fonts/misc/${font%.bdf}.pcf.gz;
\
done
tar: bzip2: Cannot exec: No such file or directory
You need to add a build dependency on bzip2.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291265: gnumeric: Silent data loss when saving in a directory with iso8859-1 name
Package: gnumeric Version: 1.4.1-1 Severity: critical Justification: causes serious data loss Hello. Save a file, say Book1.gnumeric, in a directory named é. In the window dedicated to save, it is named \351 (iso8859-1, octal) in the saving dialog. Nothing seems unusual, I heard that gnome uses UTF8. Except the file has a size of 0, and the data is lost. It does not lose data, but it seems related: - The same works correctly if I create the directory with gnumeric (it uses an unicode filename, with ugly two-letters results). - Loading a file with an é in its name crashes gnumeric. Maybe it is not worth the mess, because UTF8 is the future and few users use the command line and gnumeric. But a save your data elsewhere message would be nice. PS: Do not cry for my data, I printed before s(h)aving them accidently. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.9.20041229 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gnumeric depends on: ii gconf2 2.8.1-4 GNOME configuration database syste ii gnumeric-common 1.4.1-1 Common files for Gnumeric, the GNO ii gsfonts 8.14+v8.11-0.1 Fonts for the Ghostscript interpre ii libart-2.0-2 2.3.16-6Library of functions for 2D graphi ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libbonobo2-0 2.8.0-4 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.0-2 The Bonobo UI library ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libgconf2-4 2.8.1-4 GNOME configuration database syste ii libglade2-0 1:2.4.1-1 Library to load .glade files at ru ii libglib2.0-0 2.4.8-1 The GLib library of C routines ii libgnome2-0 2.8.0-6 The GNOME 2 library - runtime file ii libgnomecanvas2-02.8.0-1 A powerful object-oriented display ii libgnomeprint2.2-0 2.8.2-1 The GNOME 2.2 print architecture - ii libgnomeprintui2.2-0 2.8.1-1 The GNOME 2.2 print architecture U ii libgnomeui-0 2.8.0-3 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.8.3-8 The GNOME virtual file-system libr ii libgsf-1 1.11.1-1Structured File Library - runtime ii libgsf-gnome-1 1.11.1-1Structured File Library - runtime ii libgtk2.0-0 2.4.14-2The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii liborbit21:2.10.2-1.1libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.6.0-3 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libxml2 2.6.11-5GNOME XML library ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3 compression library - runtime -- no debconf information
Bug#291266: vulnerable to CAN-2005-0064
Package: xpdf-reader
Version: 3.00-11
Severity: grave
Tags: patch security
xpdf is vulnerable to a buffer overflow that can be exploited by
malicious pdfs to execute arbitrary code. The hole is described here:
http://www.idefense.com/application/poi/display?id=186type=vulnerabilitiesflashstatus=false
I've attached a patch that adds bounds checking to close the hole.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages xpdf depends on:
ii xpdf-common 3.00-11Portable Document Format (PDF) sui
ii xpdf-reader 3.00-11Portable Document Format (PDF) sui
ii xpdf-utils3.00-11Portable Document Format (PDF) sui
Versions of packages xpdf-reader depends on:
ii gsfonts 8.14+v8.11-0.1 Fonts for the Ghostscript interpre
ii lesstif2 1:0.93.94-11OSF/Motif 2.1 implementation relea
ii libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib
ii libgcc1 1:3.4.3-7 GCC support library
ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library
ii libpaper11.1.14-3Library for handling paper charact
ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management
ii libstdc++5 1:3.3.5-6 The GNU Standard C++ Library v3
ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii libxp6 4.3.0.dfsg.1-10 X Window System printing extension
ii libxpm4 4.3.0.dfsg.1-10 X pixmap library
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii xpdf-common 3.00-11 Portable Document Format (PDF) sui
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--
see shy jo
*** XRef.cc.origWed Jan 12 17:10:53 2005
--- XRef.cc Wed Jan 12 17:11:22 2005
***
*** 793,798
--- 793,801
} else {
keyLength = 5;
}
+ if (keyLength 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion = 1 encVersion = 2
encRevision = 2 encRevision = 3) {
signature.asc
Description: Digital signature
Bug#291136: capi4hylafax: FTBFS: Missing build dependencies
Jay Berkenbilt [EMAIL PROTECTED] writes: I'll prepare a fix today with urgency high. (There are only three days left before tiff was to enter testing anyway, so, assuming a day's delay from sponsorship, this won't unduly speed up the transition of this new upstream release. If you prefer, I can use medium.) --Jay Will use low as per discussion. :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: fixes ready
Processing commands for [EMAIL PROTECTED]: tags 291136 + pending Bug#291136: capi4hylafax: FTBFS: Missing build dependencies. Tags were: sid Tags added: pending tags 244247 + pending Bug#244247: libtiff-tools: tiff2ps seems to ignore the -w option There were no tags set. Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291237: tomcat4-admin: admin context does not work because it has symlinked jar files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alessandro Polverini wrote: [...] | Of course if it would be possible to tell tomcat to follow symbolic | links it would be much better, but I don't know if this is possible. | ~From /usr/share/doc/tomcat4/README.Debian.gz: - - Tomcat 4.1 does not follow symlinks by default. You can change this by adding ~ this section to your webapp's context definition: ~ !-- make symlinks work in Tomcat 4.1 -- ~ Resources className=org.apache.naming.resources.FileDirContext ~ allowLinking=true / ~ See /etc/tomcat4/server.xml or /var/lib/tomcat4/webapps/admin.xml in the Debian package tomcat4-admin for examples. Regards, - -- Barry Hawkins All Things Computed site: www.alltc.com weblog: www.yepthatsme.com Registered Linux User #368650 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB7q3k7bZ6kUftWZwRAtvqAKC9Ol05Ji3lAV6vtgwO7TUxZ+EA+QCeLlTs fJkPVt9GmLankdDZJg1/nbU= =cGt1 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291237: Problem solved...
Responding to myself. I didn't knew that using : Resources className=org.apache.naming.resources.FileDirContext allowLinking=true / inside the admin context could solve the problem also for jars. Please close the bug since it's not relevant any more. Sorry, Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290268: saxon-catalog: FTBFS: Missing Build-Depends on 'fastjar'
Hi Mark, I've prepared a 0-day NMU for this bug that will be uploaded shortly. The short patch is attached; verified to build in a pbuilder chroot once fastjar is listed as a build dependency. Thanks, -- Steve Langasek postmodern programmer diff -Nru /var/tmp/7xIZY0pKEP/saxon-catalog-20020210/debian/changelog /var/tmp/TVz8xCk3Pq/saxon-catalog-20020210/debian/changelog --- /var/tmp/7xIZY0pKEP/saxon-catalog-20020210/debian/changelog 2003-09-17 00:30:20.0 -0700 +++ /var/tmp/TVz8xCk3Pq/saxon-catalog-20020210/debian/changelog 2005-01-19 09:10:44.0 -0800 @@ -1,3 +1,11 @@ +saxon-catalog (20020210-0.2) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for sarge-targetted RC bugfix. + * Add missing build-dependency on fastjar. (Closes: #290268) + + -- Steve Langasek [EMAIL PROTECTED] Wed, 19 Jan 2005 09:10:05 -0800 + saxon-catalog (20020210-0.1) unstable; urgency=low * Non maintainer upload (0-day NMU policy) diff -Nru /var/tmp/7xIZY0pKEP/saxon-catalog-20020210/debian/control /var/tmp/TVz8xCk3Pq/saxon-catalog-20020210/debian/control --- /var/tmp/7xIZY0pKEP/saxon-catalog-20020210/debian/control 2003-09-17 00:29:41.0 -0700 +++ /var/tmp/TVz8xCk3Pq/saxon-catalog-20020210/debian/control 2005-01-19 09:21:36.0 -0800 @@ -2,7 +2,7 @@ Section: contrib/text Priority: optional Maintainer: Mark Johnson [EMAIL PROTECTED] -Build-Depends-Indep: debhelper (= 4), arbortext-catalog, libsaxon-java (= 6.5.4), jikes-classpath +Build-Depends-Indep: debhelper (= 4), arbortext-catalog, libsaxon-java (= 6.5.4), jikes-classpath, fastjar Standards-Version: 3.6.1 Package: saxon-catalog signature.asc Description: Digital signature
Bug#286017: Patch correction
Hrm, of course the patch should be:
--- old/httplink.py 2004-05-31 11:52:43.0 -0700
+++ new/httplink.py 2005-01-18 17:52:24.0 -0800
@@ -60,11 +60,7 @@
(username, passwd, realhost, port) = parse_host(host)
-h = httplib.HTTP()
-if port:
- h.connect(realhost, port)
-else:
- h.connect(realhost)
+h = httplib.HTTPConnection(realhost, port)
h.putrequest('HEAD', document)
if username and passwd:
@@ -75,7 +71,8 @@
h.endheaders()
-errcode, errmsg, headers = h.getreply()
+r = h.getresponse()
+errcode, errmsg, headers = r.status, r.reason, r.msg
h.close()
debugio.write(errcode,2)
debugio.write(errmsg,2)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#287651: [GRASS5] [bug #2877] (grass) Insecure tempfile creation
Hamish wrote: Just an update re. less-insecure tempfiles .. In the upstream GRASS 5.7 CVS[*] pretty much everything in the scripts/ directory now uses g.tempfile. C modules are next. I am not sure what to do with the init scripts libs where the GRASS tempfile fn's may not be available.. Re-write g.tempfile so that it doesn't rely upon GRASS having been initialised, i.e. just use tempnam() or similar rather than relying upon G_getenv() etc. The only code which really needs to use G_tempfile() is code which creates files within the GRASS database (e.g. G_open_cell_new() etc), as the files have to reside on the same filesystem as the rest of the database. Everything else can use $TMPDIR. -- Glynn Clements [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291064: CAN-2005-0116: Arbitrary command execution
This problem has been assigned CAN-2005-0116: URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116 Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=185type=vulnerabilitiesflashstatus=false Reference: CONFIRM:http://awstats.sourceforge.net/docs/awstats_changelog.txt AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter. Please . update the package in sid . mention the CVE id from the subject in the changelog . use priority=high . no need to upload into sarge directly, except if the version in sid is not meant to go into testing Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 291255
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 tags 291255 confirmed Bug#291255: wings3d do not work There were no tags set. Tags added: confirmed End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291268: gengameng: FTBFS: Missing build dependency?
Processing commands for [EMAIL PROTECTED]: reassign 291268 libsdl1.2-dev Bug#291268: gengameng: FTBFS: Missing build dependency? Bug reassigned from package `gengameng' to `libsdl1.2-dev'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: correction
Processing commands for [EMAIL PROTECTED]: retitle 291245 CAN-2005-0064: Arbitrary code execution in koffice Bug#291245: CAN-2005-0064: Arbitrary code execution in gpdf Changed Bug title. severity 291245 grave Bug#291245: CAN-2005-0064: Arbitrary code execution in koffice Severity set to `grave'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291153: marked as done (Can't load/install gnucash into unstable)
Your message dated 19 Jan 2005 11:21:43 -0800 with message-id [EMAIL PROTECTED] and subject line [Thomas Viehmann [EMAIL PROTECTED]] Bug#291153: Can't load/install gnucash into unstable has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 19 Jan 2005 01:59:54 + From [EMAIL PROTECTED] Tue Jan 18 17:59:54 2005 Return-path: [EMAIL PROTECTED] Received: from smtp105.rog.mail.re2.yahoo.com [206.190.36.83] by spohr.debian.org with smtp (Exim 3.35 1 (Debian)) id 1Cr58T-0007Dh-00; Tue, 18 Jan 2005 17:59:53 -0800 Received: from unknown (HELO joefox.quist.ca) ([EMAIL PROTECTED]@69.197.168.231 with login) by smtp105.rog.mail.re2.yahoo.com with SMTP; 19 Jan 2005 01:59:20 - Received: (qmail 13381 invoked by uid 501); 19 Jan 2005 01:59:19 - Date: Tue, 18 Jan 2005 20:59:18 -0500 From: Russell Sutherland [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: Can't load/install gnucash into unstable Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailer: reportbug 3.5 User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: gnucash Severity: grave Justification: renders package unusable I can't install the gnucash package onto an updated unstable system. The error message is as follows: # apt-get install gnucash Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: gnucash: Depends: gnucash-common (= 1.8.9-4) but it is not going to be installed E: Broken packages -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26.2004091501 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages gnucash depends on: ii bonobo 1.0.22-2.2 The GNOME Bonobo System. ii gdk-imlib1 1.9.14-16.2 imaging library for use with gtk ( pn gnucash-common Not found. ii guile-1.6-libs 1.6.7-1 Main Guile libraries ii guile-1.6-slib 1.6.7-1 Guile SLIB support ii libart2 1.4.2-19The GNOME canvas widget - runtime ii libaudiofile00.2.6-5 Open-source version of SGI's audio ii libbonobo2 1.0.22-2.2 The GNOME Bonobo library. ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libdate-manip-perl 5.42a-2 a perl library for manipulating da ii libdb3 3.2.9-20Berkeley v3 Database Libraries [ru ii libesd0 0.2.35-2Enlightened Sound Daemon - Shared ii libfinance-quote-perl1.08-1 Perl module for retrieving stock q ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib ii libgal23 0.24-1.4G App Libs (run time library) ii libgdk-pixbuf-gnome2 0.22.0-7The GNOME1 Canvas pixbuf library ii libgdk-pixbuf2 0.22.0-7The GdkPixBuf image library, gtk+ ii libghttp11.0.9-15original GNOME HTTP client library ii libglade-gnome0 1:0.17-3Library to load .glade files at ru ii libglade01:0.17-3Library to load .glade files at ru ii libglib1.2 1.2.10-9The GLib library of C routines ii libgnome32 1.4.2-19The GNOME libraries ii libgnomeprint15 0.37-5 The GNOME Print architecture - run ii libgnomesupport0 1.4.2-19
Bug#291268: gengameng: FTBFS: Missing build dependency?
reassign 291268 libsdl1.2-dev thanks On Wed, Jan 19, 2005 at 08:14:11PM +0100, Kurt Roeckx wrote: grep: /usr/lib/libartsc.la: No such file or directory [...] /usr/bin/ld: cannot find -lXt It seems more package are failing since the last change to libsdl1.2 The libSDL.la file says: dependency_libs=' /usr/lib/libasound.la -L/usr/lib /usr/lib/libartsc.la -L/usr/X11R6/lib -L/usr/share/qt3/lib /usr/lib/libgmodule-2.0.la /usr/lib/libgthread-2.0.la /usr/lib/libglib-2.0.la /usr/lib/libesd.la /usr/lib/libaudiofile.la -laudio -lXt -lXext -lvga /usr/lib/libaa.la -lncurses -lslang -lX11 /usr/lib/libasound.la -lm -ldl -lpthread' I think you should also make sure that the libsdl1.2-dev package depends on all those packages in that case. Are all those libs/packages needed anyway? Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf
Package: kpdf Version: 4:3.3.1-2 Severity: grave Tags: security Since kpdf includes a copy of xpdf, it is vulnerable to CAN-2005-0064, Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. See the KDE Security Advisory at: http://www.kde.org/info/security/advisory-20050119-1.txt An upload is expected today (not before dinstall, though). -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Experience is something you don't get until just after you need it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291274: Fails to build with 2.4.29: missing Makefile
Package: openswan-modules-source Version: 2.3.0-1 Severity: grave I get the following behaviour when trying to compile 2.4.29 plus the openswan modules using kernel-package: [...] Module /usr/src/modules/alsa-driver processed fine make[1]: Entering directory `/usr/src/modules/openswan' /usr/bin/make -f debian/rules binary-modules make[2]: Entering directory `/usr/src/modules/openswan' sed -e s!\$KVERS!2.4.29!g; s!\$KSRC!/usr/local/src/linux!; [EMAIL PROTECTED]; s!\$KMAINT!Unknown Kernel Package Maintainer!; s!\$KDREV!10.00.Custom!; s!\$DEBDATE!Wed, 19 Jan 2005 20:30:41 +0100! debian/control.in debian/control dh_testdir # Add here commands to configure the package. touch configure-stamp dh_testdir # this is taken from the main openswan Makefile sed '//s/xxx//' linux/net/ipsec/version.in.c linux/net/ipsec/version.c # now build the ipsec module /usr/bin/make -C linux/net/ipsec ARCH=i386 KLIPSMODULE=true \ TOPDIR=/usr/local/src/linux -f `pwd`/linux/net/ipsec/defconfig -f Makefile \ MODULE_DEF_INCLUDE=`pwd`/config-all.h KLIPS_TOP=`pwd`/linux \ CONFIG_IPSEC=m \ ipsec.o make[3]: Entering directory `/usr/src/modules/openswan/linux/net/ipsec' make[3]: Makefile: No such file or directory make[3]: *** No rule to make target `Makefile'. Stop. make[3]: Leaving directory `/usr/src/modules/openswan/linux/net/ipsec' make[2]: *** [build-stamp] Error 2 make[2]: Leaving directory `/usr/src/modules/openswan' make[1]: *** [kdist_image] Error 2 make[1]: Leaving directory `/usr/src/modules/openswan' Module /usr/src/modules/openswan failed. Hit return to Continue -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.29-rc2 Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1) Versions of packages openswan-modules-source depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii debhelper 4.2.30 helper programs for debian/rules ii fileutils 5.2.1-2The GNU file management utilities -- no debconf information -- Obsig: developing a new sig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291281: mysql++: FTBFS: unsatisfied build dependencies.
Package: mysql++ Version: 1.7.9.sp4-5 Severity: serious Hi, Your package build depends on libmysqlclient-dev ( 3.23.49). libmysqlclient-dev is a virtual package and you can't have a versioned dependency on virtual packages. Either you need to remove the version, or you have to use libmysqlclient10-dev or libmysqlclient12-dev. I suggest that you do not build depend on libmysqlclient-dev since that will randomly take either libmysqlclient10-dev or libmysqlclient12-dev and use something like libmysqlclient12-dev | libmysqlclient10-dev | libmysqlclient-dev in that case. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: merging 291270 291251
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.6 merge 291270 291251 Bug#291251: CAN-2005-0064: Arbitrary code execution in kpdf Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf Merged 291251 291270. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291269: pmount: FTBFS: Block device required.
Hi Kurt! Kurt Roeckx [2005-01-19 20:28 +0100]: Package: pmount Version: 0.0.4 Severity: serious Hi, Your package is failing to build with the following error: mke2fs 1.36-rc2 (11-Jan-2005) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 128 inodes, 1024 blocks 51 blocks (4.98%) reserved for the super user First data block=1 1 block group 8192 blocks per group, 8192 fragments per group 128 inodes per group Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 22 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. pmount failed: Block device required make: *** [build-stamp] Error 255 What on earth is that? pmount never executes mke2fs (what for?). The package builds fine on my host and the Debian autobuilders. Can you please send me the full build log and make sure that you have the official package? THanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developerhttp://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org signature.asc Description: Digital signature
Bug#291269: pmount: FTBFS: Block device required.
reassign 291269 libpmount severity 291269 important thanks On Wed, Jan 19, 2005 at 10:05:58PM +0100, Martin Pitt wrote: Hi Kurt! Kurt Roeckx [2005-01-19 20:28 +0100]: Package: pmount Version: 0.0.4 Severity: serious [...] What on earth is that? pmount never executes mke2fs (what for?). The package builds fine on my host and the Debian autobuilders. I'm sorry, this was a build of libpmount and not pmount. I hope it makes more sense now. This was also run as root and it seems the tests are skipped when not running as root, so I lowered the severity. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291292: python-epydoc: postinst fails: on readlink /usr/bin/python
Package: python-epydoc Version: 2.1-5 Severity: serious Hi, When trying to install the python-epydoc package I get the following error: Setting up python-epydoc (2.1-5) ... dpkg: error processing python-epydoc (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: python-epydoc E: Sub-process /usr/bin/dpkg returned an error code (1) This seems to be caused by this line in the postinst script: PYTHON=`readlink /usr/bin/python` /usr/bin/python does not exists. That get installed by the python package and you're depending on python2.3. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291237: marked as done (tomcat4-admin: admin context does not work because it has symlinked jar files)
Your message dated Wed, 19 Jan 2005 23:28:39 +0100 with message-id [EMAIL PROTECTED] and subject line Bug#291237: Problem solved... has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 19 Jan 2005 15:34:36 + From [EMAIL PROTECTED] Wed Jan 19 07:34:35 2005 Return-path: [EMAIL PROTECTED] Received: from (nibby.nibbles.it) [62.101.86.146] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrHqt-0008Br-00; Wed, 19 Jan 2005 07:34:35 -0800 Received: from localhost (nibby [127.0.0.1]) by nibby.nibbles.it (Postfix) with ESMTP id BA0285E2A8; Wed, 19 Jan 2005 16:34:33 +0100 (CET) Received: from nibby.nibbles.it ([127.0.0.1]) by localhost (nibby [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12071-06; Wed, 19 Jan 2005 16:34:33 +0100 (CET) Received: by nibby.nibbles.it (Postfix, from userid 0) id 9A9455E2B8; Wed, 19 Jan 2005 16:34:33 +0100 (CET) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Alessandro Polverini [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: tomcat4-admin: admin context does not work because it has symlinked jar files X-Mailer: reportbug 3.2 Date: Wed, 19 Jan 2005 16:34:33 +0100 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at nibbles.it Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: tomcat4-admin Version: 4.1.31-2 Severity: grave Justification: renders package unusable The struts.jar in /usr/share/tomcat4/server/webapps/admin/WEB-INF/lib directory is symlinked to the jar /usr/share/struts1.1/struts.jar of the package libstruts1.1-java. This makes the admin context not work because tomcat is unable to use jar files symlinked to other locations. The solution is to copy the real jar in WEB-INF/lib instead to use a symlink. Of course if it would be possible to tell tomcat to follow symbolic links it would be much better, but I don't know if this is possible. Alex -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.9-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages tomcat4-admin depends on: ii libstruts1.1-java 1.1-2 Java Framework for MVC web applica ii tomcat4 4.1.31-2 Java Servlet 2.3 engine with JSP 1 -- no debconf information --- Received: (at 291237-done) by bugs.debian.org; 19 Jan 2005 22:29:19 + From [EMAIL PROTECTED] Wed Jan 19 14:29:19 2005 Return-path: [EMAIL PROTECTED] Received: from serv54.segi.ulg.ac.be [139.165.32.99] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrOKE-0001my-00; Wed, 19 Jan 2005 14:29:19 -0800 Received: (qmail 20271 invoked by uid 510); 19 Jan 2005 23:28:47 +0100 Received: from 139.165.201.14 by serv54.segi.ulg.ac.be (envelope-from [EMAIL PROTECTED], uid 501) with qmail-scanner-1.23 (drweb: 4. spamassassin: 2.64. Clear:RC:1(139.165.201.14):. Processed in 0.186408 secs); 19 Jan 2005 22:28:47 - Received: from cm-201-014.dialup.ulg.ac.be (HELO edev.localhost) ([139.165.201.14]) (envelope-sender [EMAIL PROTECTED]) by serv54.segi.ulg.ac.be (qmail-ldap-1.03) with SMTP for [EMAIL PROTECTED]; 19 Jan 2005 23:28:46 +0100 Received: from arnaud by edev.localhost with local (Exim 4.34) id 1CrOJb-00029r-Ls; Wed, 19 Jan 2005 23:28:39 +0100 To: Alessandro Polverini [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Bug#291237: Problem solved... References: [EMAIL PROTECTED] From: Arnaud Vandyck [EMAIL PROTECTED] X-Home-Page: http://people.debian.org/~avdyk Date: Wed, 19 Jan 2005 23:28:39 +0100 In-Reply-To: [EMAIL PROTECTED] (Alessandro Polverini's message of Wed, 19 Jan 2005 17:39:45 +0100) Message-ID: [EMAIL PROTECTED] User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on
Bug#291292: python-epydoc: postinst fails: on readlink /usr/bin/python
When trying to install the python-epydoc package I get the following error: Setting up python-epydoc (2.1-5) ... dpkg: error processing python-epydoc (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: python-epydoc E: Sub-process /usr/bin/dpkg returned an error code (1) This seems to be caused by this line in the postinst script: PYTHON=`readlink /usr/bin/python` /usr/bin/python does not exists. That get installed by the python package and you're depending on python2.3. Good point. Guess I've never tested installing this package when I didn't have the default Python installed. I do now have to choose with Python to compile the .py files with. What I'm going to do is the same thing the wrappers do - I'll choose the first one I find of python, python2.3, python2.2 or python2.1. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] pgpRHtSebq6xY.pgp Description: PGP signature
Processed: Re: Processed: Re: Bug#291269: pmount: FTBFS: Block device required.
Processing commands for [EMAIL PROTECTED]: severity 291269 serious Bug#291269: pmount: FTBFS: Block device required. Severity set to `serious'. tags 291269 pending Bug#291269: pmount: FTBFS: Block device required. There were no tags set. Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289595: marked as done (libofx0c102: library version changed but package name did not)
Your message dated 19 Jan 2005 15:23:18 -0800 with message-id [EMAIL PROTECTED] and subject line now it can be closed has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 10 Jan 2005 00:44:39 + From [EMAIL PROTECTED] Sun Jan 09 16:44:39 2005 Return-path: [EMAIL PROTECTED] Received: from master.debian.org [146.82.138.7] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cnnfj-0005zn-00; Sun, 09 Jan 2005 16:44:39 -0800 Received: from rrcs-24-123-187-193.se.biz.rr.com (localhost.localdomain) [24.123.187.193] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cnnfi-0002Vn-00; Sun, 09 Jan 2005 18:44:38 -0600 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Nathan Conrad [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: libofx0c102: library version changed but package name did not X-Mailer: reportbug 3.5 Date: Sun, 09 Jan 2005 19:44:29 -0500 X-Debbugs-Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: libofx0c102 Version: 0.7.0-1 Severity: serious Justification: Policy 8.1 I just upgraded the libofx0c102 package to version 0.7.0-1. This changed the so-version. The Debian package name was not changed. This broke programs that depend on libofx0c102, such as grisbi. -Nathan -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.9-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libofx0c102 depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-7GCC support library ii libosp4 1.5.1.0-2Runtime library for OpenJade group ii libstdc++5 1:3.3.5-6The GNU Standard C++ Library v3 -- no debconf information --- Received: (at 289595-done) by bugs.debian.org; 19 Jan 2005 23:23:19 + From [EMAIL PROTECTED] Wed Jan 19 15:23:19 2005 Return-path: [EMAIL PROTECTED] Received: from vp085189.reshsg.uci.edu (becket.becket.net) [128.195.85.189] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrPAV-0006Jc-00; Wed, 19 Jan 2005 15:23:19 -0800 Received: from tb by becket.becket.net with local (Exim 4.34) id 1CrPAU-6N-Sc for [EMAIL PROTECTED]; Wed, 19 Jan 2005 15:23:18 -0800 To: [EMAIL PROTECTED] Subject: now it can be closed X-Reply-Permission: Posted or emailed replies to this message constitute permission for an emailed response. X-PGP-Fingerprint: 1F0A1E51 63 28 EB DA E6 44 E5 5E EC F3 04 26 4E BF 1A 92 X-Zippy-Says: PARDON me, am I speaking ENGLISH? From: Thomas Bushnell BSG [EMAIL PROTECTED] Date: 19 Jan 2005 15:23:18 -0800 Message-ID: [EMAIL PROTECTED] Lines: 5 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-1.5 required=4.0 tests=BAYES_10 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: libofx0c102 is now officially retired; replaced with libofx1, which is in place and now slowly being build by the autobuilders. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291269: marked as done (pmount: FTBFS: Block device required.)
Your message dated Wed, 19 Jan 2005 19:03:11 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291269: fixed in libpmount 0.0.5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 19 Jan 2005 19:29:00 + From [EMAIL PROTECTED] Wed Jan 19 11:29:00 2005 Return-path: [EMAIL PROTECTED] Received: from europa.telenet-ops.be [195.130.132.60] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrLVj-00055A-00; Wed, 19 Jan 2005 11:29:00 -0800 Received: from localhost (localhost.localdomain [127.0.0.1]) by europa.telenet-ops.be (Postfix) with SMTP id 8C2AC19830B for [EMAIL PROTECTED]; Wed, 19 Jan 2005 20:28:58 +0100 (MET) Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217]) by europa.telenet-ops.be (Postfix) with ESMTP id 6068D198308 for [EMAIL PROTECTED]; Wed, 19 Jan 2005 20:28:58 +0100 (MET) Received: by Q.roeckx.be (Postfix, from userid 501) id E68FB26136; Wed, 19 Jan 2005 20:28:57 +0100 (CET) Date: Wed, 19 Jan 2005 20:28:57 +0100 From: Kurt Roeckx [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: pmount: FTBFS: Block device required. Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: pmount Version: 0.0.4 Severity: serious Hi, Your package is failing to build with the following error: mke2fs 1.36-rc2 (11-Jan-2005) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 128 inodes, 1024 blocks 51 blocks (4.98%) reserved for the super user First data block=1 1 block group 8192 blocks per group, 8192 fragments per group 128 inodes per group Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 22 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. pmount failed: Block device required make: *** [build-stamp] Error 255 kurt --- Received: (at 291269-close) by bugs.debian.org; 20 Jan 2005 00:05:37 + From [EMAIL PROTECTED] Wed Jan 19 16:05:36 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrPpQ-00057T-00; Wed, 19 Jan 2005 16:05:36 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrPn5-0002v1-00; Wed, 19 Jan 2005 19:03:11 -0500 From: Robert Millan [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#291269: fixed in libpmount 0.0.5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 19 Jan 2005 19:03:11 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: libpmount Source-Version: 0.0.5 We believe that the bug you reported is fixed in the latest version of libpmount, which is due to be installed in the Debian FTP archive: libpmount-dev_0.0.5_i386.deb to pool/main/libp/libpmount/libpmount-dev_0.0.5_i386.deb libpmount0.0_0.0.5_i386.deb to pool/main/libp/libpmount/libpmount0.0_0.0.5_i386.deb libpmount_0.0.5.dsc to pool/main/libp/libpmount/libpmount_0.0.5.dsc libpmount_0.0.5.tar.gz to pool/main/libp/libpmount/libpmount_0.0.5.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Robert Millan [EMAIL PROTECTED] (supplier of updated libpmount package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED
Bug#291292: marked as done (python-epydoc: postinst fails: on readlink /usr/bin/python)
Your message dated Wed, 19 Jan 2005 19:17:17 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291292: fixed in epydoc 2.1-6 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 19 Jan 2005 21:55:04 + From [EMAIL PROTECTED] Wed Jan 19 13:55:04 2005 Return-path: [EMAIL PROTECTED] Received: from asia.telenet-ops.be [195.130.132.59] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrNn6-0005MJ-00; Wed, 19 Jan 2005 13:55:04 -0800 Received: from localhost (localhost.localdomain [127.0.0.1]) by asia.telenet-ops.be (Postfix) with SMTP id 85ED722417C for [EMAIL PROTECTED]; Wed, 19 Jan 2005 22:55:03 +0100 (MET) Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217]) by asia.telenet-ops.be (Postfix) with ESMTP id 7722D22417B for [EMAIL PROTECTED]; Wed, 19 Jan 2005 22:55:03 +0100 (MET) Received: by Q.roeckx.be (Postfix, from userid 501) id 2AC6226136; Wed, 19 Jan 2005 22:55:03 +0100 (CET) Date: Wed, 19 Jan 2005 22:55:03 +0100 From: Kurt Roeckx [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: python-epydoc: postinst fails: on readlink /usr/bin/python Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: python-epydoc Version: 2.1-5 Severity: serious Hi, When trying to install the python-epydoc package I get the following error: Setting up python-epydoc (2.1-5) ... dpkg: error processing python-epydoc (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: python-epydoc E: Sub-process /usr/bin/dpkg returned an error code (1) This seems to be caused by this line in the postinst script: PYTHON=`readlink /usr/bin/python` /usr/bin/python does not exists. That get installed by the python package and you're depending on python2.3. Kurt --- Received: (at 291292-close) by bugs.debian.org; 20 Jan 2005 00:23:05 + From [EMAIL PROTECTED] Wed Jan 19 16:23:05 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrQ6L-Gq-00; Wed, 19 Jan 2005 16:23:05 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrQ0j-0003On-00; Wed, 19 Jan 2005 19:17:17 -0500 From: [EMAIL PROTECTED] (Kenneth J. Pronovici) To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#291292: fixed in epydoc 2.1-6 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 19 Jan 2005 19:17:17 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: epydoc Source-Version: 2.1-6 We believe that the bug you reported is fixed in the latest version of epydoc, which is due to be installed in the Debian FTP archive: epydoc-doc_2.1-6_all.deb to pool/main/e/epydoc/epydoc-doc_2.1-6_all.deb epydoc_2.1-6.diff.gz to pool/main/e/epydoc/epydoc_2.1-6.diff.gz epydoc_2.1-6.dsc to pool/main/e/epydoc/epydoc_2.1-6.dsc python-epydoc_2.1-6_all.deb to pool/main/e/epydoc/python-epydoc_2.1-6_all.deb python2.1-epydoc_2.1-6_all.deb to pool/main/e/epydoc/python2.1-epydoc_2.1-6_all.deb python2.2-epydoc_2.1-6_all.deb to pool/main/e/epydoc/python2.2-epydoc_2.1-6_all.deb python2.3-epydoc_2.1-6_all.deb to pool/main/e/epydoc/python2.3-epydoc_2.1-6_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kenneth J. Pronovici [EMAIL PROTECTED] (supplier of updated epydoc package) (This message was generated automatically at their request;
Bug#289560: acknowledged by developer (Bug#289560: fixed in vim 1:6.3-058+1)
I hope I'll find time next weekend for a new upload. There's no hurry, take your time, these scripts have been in Debian for ages. You can even wait until the next upstream version is released, no sense in making two uploads to fix these. Regards Javier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291251: marked as done (CAN-2005-0064: Arbitrary code execution in kpdf)
kooka - Scanner program for KDE kpdf - PDF viewer for KDE kpovmodeler - A graphical editor for povray scenes kruler - a screen ruler and color measurement tool for KDE ksnapshot - Screenshot application for KDE ksvg - SVG viewer for KDE kuickshow - KDE image/slideshow viewer kview - KDE simple image viewer/converter kviewshell - KDE generic framework for viewer applications libkscan-dev - Scanner library for KDE (development files) libkscan1 - Scanner library for KDE Closes: 260201 268966 270488 274035 280563 286881 286891 286892 286893 286894 286895 288754 291139 291251 Changes: kdegraphics (4:3.3.2-1) unstable; urgency=high . +++ Changes by Adeodato Simó: . * Apply patch for the latest kpdf vulnerability (CAN-2005-0064). URL: http://www.kde.org/info/security/advisory-20050119-1.txt (Closes: #291251) . * Update package description for several packages, provided by Jesús Roncero, thanks! These are: kolourpaint, kgamma, kooka, kpovmodeler, kuickshow. (Closes: #286891, #286892, #286893, #286894, #286895, #286881) . * Correct typo in kamera's description. (Closes: #291139) . +++ Changes by Christopher Martin: . * KDE_3_3_BRANCH update. . * Change debian/copyright file to refer to licenses, instead of copyright, when discussing KDE's licenses. . +++ Changes by Isaac Clerencia: . * Remove libgtk1.2-dev from Build-Depends. . kdegraphics (4:3.3.2-0pre1) experimental; urgency=low . * New upstream release. - kfax prints correctly multipage tiff files. (Closes: #288754) * KDE_3_3_BRANCH update. * Remove build-dependency on automake1.9. * Tightened build-dep on libsane-dev to 1.0.15. (Closes: #270488) * Updated kfax package description. (Closes: #280563) . +++ Changes by Adeodato Simó: . * Make konqueror capable of displaying SVG images out-of-the-box, without need of tweaking with mime types in the Control Center (closes: #260201): - this is a workaround until bugs.kde.org/74457 gets fixed. - services/ksvgplugin.desktop: give InitialPreference=11. - added mimelnk/image/svg-xml.desktop since some sites use that mimetype instead of image/svg+xml. . * debian/control: - make kpdf Provide: pdf-viewer. - version Build-Dependency on libexif-dev to (= 0.6.9-1), just in case, acknowledging NMU from Steve Langasek. (Closes: #268966) . * debian/patches: - added new patch 10_correct-nedit-invocation.diff, to invoke NEdit with the proper binary name on Debian systems. (Closes: #274035) Files: 0a55016cb4bcceb34285baa2543f3da0 53936 graphics optional kruler_3.3.2-1_i386.deb 1709e35accf87167739b0911731bb5cc 442976 graphics optional kpdf_3.3.2-1_i386.deb 201a876a3d95fbe179eeef2d938f50ad 633928 graphics optional kview_3.3.2-1_i386.deb 3091a24fbcc7945cc0a723f250e538db 78130 graphics optional kamera_3.3.2-1_i386.deb 480a7c33d2c7e2cbc18d0e66e71bfd3d 88358 graphics optional ksnapshot_3.3.2-1_i386.deb 4f2c9f1c10ae5ac9d2cc59db9d488fbe 219376 graphics optional kghostview_3.3.2-1_i386.deb 59cce00fae369a97478947023d07aaf0 1212214 graphics optional ksvg_3.3.2-1_i386.deb 6119b69a6a68decaabab0f8ef31f9fff 127402 graphics optional kiconedit_3.3.2-1_i386.deb 66fa0d7dc5ee7748a9054616c18755b9 2196824 graphics optional kpovmodeler_3.3.2-1_i386.deb 6fa652889f49b8e3a064d2285fbbcf72 114962 kde optional kdegraphics_3.3.2-1.diff.gz 83a2f65e82baab328962855494496984 158062 graphics optional kviewshell_3.3.2-1_i386.deb 85d63cf9306af2720b4a1c9e41080c2c 739328 graphics optional kolourpaint_3.3.2-1_i386.deb a023923737414cd7c93480780e577509 475042 graphics optional kdvi_3.3.2-1_i386.deb a0caaddfc959a48270661589169da342 77450 graphics optional kgamma_3.3.2-1_i386.deb a9d4d5861dd104984267047c3d423145 9038 kde optional kdegraphics_3.3.2-1_all.deb aceb688be253d334d6c431ede05261a5 126148 libs optional libkscan1_3.3.2-1_i386.deb b53290daed6f5ab645b97910125d6544 213126 kde optional kmrml_3.3.2-1_i386.deb b667a69ecae0ad4e7022c3000bdcb2b4 26028 libdevel optional libkscan-dev_3.3.2-1_i386.deb 9d42eb31324d99c8eea5bfa8294c7ec9 1356 kde optional kdegraphics_3.3.2-1.dsc bcc557947e7d0be3a909d4294f30ba7f 86754 graphics optional kcoloredit_3.3.2-1_i386.deb c52fcb05feb2116c81382d5b1c9153ba 57412 devel optional kdegraphics-dev_3.3.2-1_i386.deb c5abc7073102aa4fd910e46be2d28c53 463180 graphics optional kuickshow_3.3.2-1_i386.deb cb99dc2575b8da8f5c3c7b9af3325e8e 741810 graphics optional kooka_3.3.2-1_i386.deb cff1eb97b210751d8c3beaa0146b9235 213656 kde optional kdegraphics-kfile-plugins_3.3.2-1_i386.deb fc45eaa82a05841e20318ba35d23ca56 131882 graphics optional kfax_3.3.2-1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Signed by Isaac Clerencia [EMAIL PROTECTED] iD8DBQFB7vhGQET2GFTmct4RAqH7AJ4018D96/Kdbvt71Tiz/MybAW+7AACfQvB4 +96Z5BglkTKVCmdKG3taTYA= =3Hpg -END PGP SIGNATURE- -- To UNSUBSCRIBE
Bug#291270: marked as done (kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf)
Your message dated Wed, 19 Jan 2005 19:47:18 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291251: fixed in kdegraphics 4:3.3.2-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 19 Jan 2005 19:35:06 + From [EMAIL PROTECTED] Wed Jan 19 11:35:06 2005 Return-path: [EMAIL PROTECTED] Received: from 84-120-64-130.onocable.ono.com (chistera.yi.org) [84.120.64.130] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrLbe-00060O-00; Wed, 19 Jan 2005 11:35:06 -0800 Received: from userid 1000 by chistera.yi.org with local (Exim 4.43) id 1CrLbN-0005MH-4I for [EMAIL PROTECTED]; Wed, 19 Jan 2005 20:34:49 +0100 Date: Wed, 19 Jan 2005 20:34:48 +0100 From: Adeodato =?iso-8859-1?Q?Sim=F3?= [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-No-CC: Please respect my Mail-Followup-To header User-Agent: Mutt/1.5.6+20050115i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS, HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kpdf Version: 4:3.3.1-2 Severity: grave Tags: security Since kpdf includes a copy of xpdf, it is vulnerable to CAN-2005-0064, Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. See the KDE Security Advisory at: http://www.kde.org/info/security/advisory-20050119-1.txt An upload is expected today (not before dinstall, though). -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Experience is something you don't get until just after you need it. --- Received: (at 291251-close) by bugs.debian.org; 20 Jan 2005 00:53:02 + From [EMAIL PROTECTED] Wed Jan 19 16:53:02 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrQZK-0006pv-00; Wed, 19 Jan 2005 16:53:02 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrQTm-0004N9-00; Wed, 19 Jan 2005 19:47:18 -0500 From: Debian Qt/KDE Maintainers debian-qt-kde@lists.debian.org To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#291251: fixed in kdegraphics 4:3.3.2-1 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 19 Jan 2005 19:47:18 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 3 Source: kdegraphics Source-Version: 4:3.3.2-1 We believe that the bug you reported is fixed in the latest version of kdegraphics, which is due to be installed in the Debian FTP archive: kamera_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kamera_3.3.2-1_i386.deb kcoloredit_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kcoloredit_3.3.2-1_i386.deb kdegraphics-dev_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kdegraphics-dev_3.3.2-1_i386.deb kdegraphics-kfile-plugins_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-1_i386.deb kdegraphics_3.3.2-1.diff.gz to pool/main/k/kdegraphics/kdegraphics_3.3.2-1.diff.gz kdegraphics_3.3.2-1.dsc to pool/main/k/kdegraphics/kdegraphics_3.3.2-1.dsc kdegraphics_3.3.2-1_all.deb to pool/main/k/kdegraphics/kdegraphics_3.3.2-1_all.deb kdvi_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kdvi_3.3.2-1_i386.deb kfax_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kfax_3.3.2-1_i386.deb kgamma_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kgamma_3.3.2-1_i386.deb kghostview_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kghostview_3.3.2-1_i386.deb kiconedit_3.3.2-1_i386.deb to pool/main/k/kdegraphics/kiconedit_3.3.2-1_i386.deb kmrml_3.3.2-1_i386.deb to pool/main/k
Processed: tagging 291027
Processing commands for [EMAIL PROTECTED]: forwarded 291027 [EMAIL PROTECTED] Bug#291027: knoda fails to start because of undefined symbol Noted your statement that Bug has been forwarded to [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: only affects version in sid
Processing commands for [EMAIL PROTECTED]: tags 291259 sid Bug#291259: xfonts-artwiz: FTBFS: Missing build dependency. There were no tags set. Tags added: sid thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290974: marked as done (apache: Temporary usage bugs that can be used in symlink attacks)
Your message dated Wed, 19 Jan 2005 21:32:13 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#290974: fixed in apache 1.3.33-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 00:08:47 +
From [EMAIL PROTECTED] Mon Jan 17 16:08:47 2005
Return-path: [EMAIL PROTECTED]
Received: from tornado.dat.etsit.upm.es (dat.etsit.upm.es) [138.100.17.73]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CqgvP-0007EJ-00; Mon, 17 Jan 2005 16:08:47 -0800
Received: (qmail 9429 invoked by uid 1013); 18 Jan 2005 00:08:43 -
Date: Tue, 18 Jan 2005 01:08:42 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: apache: Temporary usage bugs that can be used in symlink attacks
Message-ID: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=5vNYLRcllDrimb99
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: apache
Version: 1.3.33-2
Priority: grave
Tags: security sid sarge
Hi, I've found unsafe uses of /tmp in some of Apache's scripts in the
source, one of this (check_forensic) is installed in Debian's apache-utils
package and IMHO should be fixed. They are rather low risk, but I have to
set the priority to grave in any case (since they qualify)
The fix is rather straightforward (use mktemp or tempfile instead of the $$
construct and add a trap to remove the temporary files) and it is needed,
specially for check_forensic.
In the check_forensic script, for example, an attacker could just monitor
/tmp/ usage and construct symlinks to the fc-XX.$$ as soon as sees that
the fc-all.$$ file is being used.
I've verified that none of these issues affect woody's Apache
(1.3.26-0woody6). The fnm.sh script was there but it is not installed with
any package and the check_forensic script was introduced later on.
The attached (untested) patch should fix these issues, hope it helps.
Please fix fnm.sh even if not being installed in any Debian packages, just
to ease the work of automatic source-code review tools.
Regards
Javier
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=apache-1.3.33.diff
diff -Nru build-tree-apache.orig/apache_1.3.33/src/helpers/fmn.sh
build-tree-apache/apache_1.3.33/src/helpers/fmn.sh
--- build-tree-apache.orig/apache_1.3.33/src/helpers/fmn.sh 2004-02-16
23:23:09.0 +0100
+++ build-tree-apache/apache_1.3.33/src/helpers/fmn.sh 2005-01-18
00:51:03.0 +0100
@@ -24,8 +24,8 @@
modfile=$1
# the part from the Configure script
-tmpfile=${TMPDIR-/tmp}/fmn.tmp.$$
-rm -f $tmpfile
+tmpfile=`mktemp -t fmn.XX || tempfile --prefix=fmn` || { echo $0: Cannot
create temporary file 2; exit 1; }
+trap rm -f -- \$tmpfile\; 0 1 2 3 13 15
modname=''
ext=`echo $modfile | sed 's/^.*\.//'`
modbase=`echo $modfile | sed 's/\.[^.]*$//'`
@@ -52,8 +52,8 @@
modname=`echo $modbase | sed 's/^.*\///' | \
sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'`
fi
-rm -f $tmpfile
# output: the name of the module structure symbol
echo $modname
+exit 0
diff -Nru build-tree-apache.orig/apache_1.3.33/src/support/check_forensic
build-tree-apache/apache_1.3.33/src/support/check_forensic
--- build-tree-apache.orig/apache_1.3.33/src/support/check_forensic
2005-01-18 00:49:23.0 +0100
+++ build-tree-apache/apache_1.3.33/src/support/check_forensic 2005-01-18
00:53:32.0 +0100
@@ -7,9 +7,14 @@
F=$1
-cut -f 1 -d '|' $F /tmp/fc-all.$$
-grep + /tmp/fc-all.$$ | cut -c2- | sort /tmp/fc-in.$$
-grep -- - /tmp/fc-all.$$ | cut -c2- | sort /tmp/fc-out.$$
+all=`mktemp -t fcall.XX || tempfile --prefix=fcall` || { echo $0: Cannot
create temporary file 2; exit 1; }
+in=`mktemp -t fcin.XX || tempfile --prefix=fcin` || { echo $0: Cannot
create temporary file 2; exit 1; }
+out=`mktemp -t fcout.XX || tempfile --prefix=fcout` || { echo $0: Cannot
create temporary file 2; exit 1; }
+trap rm -f -- \$all\ \$in\ \$out\; 0 1 2 3 13 15
+
+cut -f 1 -d
Processed: iDefense alert
Processing commands for [EMAIL PROTECTED]: merge 291064 291306 Bug#291064: Arbitrary command execution Bug#291306: awstats: possible remote command execution vulnerability (iDEFENSE) Merged 291064 291306. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291259: marked as done (xfonts-artwiz: FTBFS: Missing build dependency.)
Your message dated Wed, 19 Jan 2005 21:47:06 -0500
with message-id [EMAIL PROTECTED]
and subject line Bug#291259: fixed in xfonts-artwiz 1:1.3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
Received: (at submit) by bugs.debian.org; 19 Jan 2005 18:14:59 +
From [EMAIL PROTECTED] Wed Jan 19 10:14:59 2005
Return-path: [EMAIL PROTECTED]
Received: from asia.telenet-ops.be [195.130.132.59]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrKM7-00015A-00; Wed, 19 Jan 2005 10:14:59 -0800
Received: from localhost (localhost.localdomain [127.0.0.1])
by asia.telenet-ops.be (Postfix) with SMTP id ED2B7224233
for [EMAIL PROTECTED]; Wed, 19 Jan 2005 19:14:57 +0100 (MET)
Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217])
by asia.telenet-ops.be (Postfix) with ESMTP id 8FD0B224336
for [EMAIL PROTECTED]; Wed, 19 Jan 2005 19:14:57 +0100 (MET)
Received: by Q.roeckx.be (Postfix, from userid 501)
id 5F15426136; Wed, 19 Jan 2005 19:14:57 +0100 (CET)
Date: Wed, 19 Jan 2005 19:14:57 +0100
From: Kurt Roeckx [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: xfonts-artwiz: FTBFS: Missing build dependency.
Message-ID: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: xfonts-artwiz
Version: 1:1.3-1
Severity: serious
Hi,
Your package if failing to build with the following error:
cd /usr/src/xfonts-artwiz-1.3/upstream tar -xvjf
artwiz_src.tar.bz2 cd artwiz \
for font in *.bdf; do \
bdftopcf ${font} | \
gzip
/usr/src/xfonts-artwiz-1.3/debian/xfonts-artwiz/usr/X11R6/lib/X11/fonts/misc/${font%.bdf}.pcf.gz;
\
done
tar: bzip2: Cannot exec: No such file or directory
You need to add a build dependency on bzip2.
Kurt
---
Received: (at 291259-close) by bugs.debian.org; 20 Jan 2005 02:53:28 +
From [EMAIL PROTECTED] Wed Jan 19 18:53:28 2005
Return-path: [EMAIL PROTECTED]
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrSRs-00071S-00; Wed, 19 Jan 2005 18:53:28 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CrSLi-00076E-00; Wed, 19 Jan 2005 21:47:06 -0500
From: A Lee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291259: fixed in xfonts-artwiz 1:1.3-2
Message-Id: [EMAIL PROTECTED]
Sender: Archive Administrator [EMAIL PROTECTED]
Date: Wed, 19 Jan 2005 21:47:06 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: xfonts-artwiz
Source-Version: 1:1.3-2
We believe that the bug you reported is fixed in the latest version of
xfonts-artwiz, which is due to be installed in the Debian FTP archive:
artwiz-cursor_1.3-2_all.deb
to pool/main/x/xfonts-artwiz/artwiz-cursor_1.3-2_all.deb
xfonts-artwiz_1.3-2.diff.gz
to pool/main/x/xfonts-artwiz/xfonts-artwiz_1.3-2.diff.gz
xfonts-artwiz_1.3-2.dsc
to pool/main/x/xfonts-artwiz/xfonts-artwiz_1.3-2.dsc
xfonts-artwiz_1.3-2_all.deb
to pool/main/x/xfonts-artwiz/xfonts-artwiz_1.3-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
A Lee [EMAIL PROTECTED] (supplier of updated xfonts-artwiz package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.7
Date: Thu, 20 Jan 2005 11:30:48 +0900
Source: xfonts-artwiz
Binary: artwiz-cursor xfonts-artwiz
Architecture: source all
Bug#291331: smilutils: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libartsc.la'
Package: smilutils Version: 0.3.0-7 Severity: serious Tags: sid Justification: fails to build from source smilutils fails to build from source on my sparc pbuilder. (buildd failed due to unavailable dependancy.) Full build log available on request. /bin/sh ../../libtool --mode=link g++ -I../../extensions -I../../libkino `sdl-config --cflags` -s -Wall -I/usr/include/libxml2 -DKINO_PIXMAPSDIR=\/usr/share/pixmaps/smilutils\ -DKINO_PLUGINDIR=\/usr/lib/smilutils\ -D_FILE_OFFSET_BITS=64 -I/usr/include/gdk-pixbuf-1.0 -I/usr/include/gtk-1.2 -I/usr/include/glib-1.2 -I/usr/lib/glib/include -g -O2 -L../../extensions -L../../libkino -lkinoextensions -lkinolegacy -lpthread `sdl-config --libs` -o rawplay rawplay.o -lxml2 -lquicktime -lglib -lpng -ldl -ldv -lz -L/usr/lib -lxml2 -lz -lpthread -lm mkdir .libs libtool: link: cannot find the library `/usr/lib/libartsc.la' make[4]: *** [rawplay] Error 1 make[4]: Leaving directory `/tmp/buildd/smilutils-0.3.0/apps/rawplay' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: some swami files are in /debian
Processing commands for [EMAIL PROTECTED]: package swami Ignoring bugs not assigned to: swami severity 279154 serious Bug#279154: swami files are in /debian/ Severity set to `serious'. quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: boost: upgrading from 1.31.0 to 1.32.0 makes disappear some files
Processing commands for [EMAIL PROTECTED]: severity 290333 important Bug#290333: boost: upgrading from 1.31.0 to 1.32.0 makes disappear some files Bug#290340: boost: upgrading from 1.31.0 to 1.32.0 makes disappear some files Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290333: boost: upgrading from 1.31.0 to 1.32.0 makes disappear some files
severity 290333 important thanks Domenico, I cannot reproduce this bug at all. Can you reproduce it consistently by reinstalling the old version of libboost-thread-dev and upgrading? If you suspect this is a bug in dpkg (and I don't see what *else* it would be), the bug should probably be reassigned there. In any case, since you say it can't be reproduced with a fresh install of libboost-thread-dev, I don't think it's a reason to keep the new version of this package from being shipped with sarge (it was not present in woody), so I'm downgrading the bug. If it is a bug in this package at all, it seems just as likely that it's a bug in the old version of the package, not the new one. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Bug#279154: Processed: some swami files are in /debian
tag 279154 confirmed thanks swami.glade is the only non-directory file which is installed to /debian/. Justin On Wed, Jan 19, 2005 at 09:03:06PM -0800, Debian Bug Tracking System wrote: Processing commands for [EMAIL PROTECTED]: package swami Ignoring bugs not assigned to: swami severity 279154 serious Bug#279154: swami files are in /debian/ Severity set to `serious'. quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Justin aptitude install task-iraf saods9 eclipse sextractor x11iraf wcstools http://www.justinpryzby.com/debian/ References [0] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Fixed in NMU of perdition 1.15-5
Processing commands for [EMAIL PROTECTED]: tag 291132 + fixed Bug#291132: perdition: FTBFS: Using non PIC code in shared lib. Tags were: sid Tags added: fixed quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291348: kernel-image-2.6.8: SiS USB 1.0 Controller Fails in Bulk Transport with, 2.6.8, fixed in 2.6.10
Package: kernel-image-2.6.8-1-386 Version: 2.6.8-10 Severity: critical File: kernel-image-2.6.8 Justification: breaks unrelated software The USB controller on my board doesn't work with 2.6.8 but does with 2.6.10. I've called this critical but you may only consider it grave sicne not too many people depend on usb drives to boot, so it's 'only' usb device use that breaks. However, all or at least most usb devices will not work with the board (see below) which is some pretty major functionality. The computer has a PCChips M599LMR motherboard with built-in SiS USB 1.0 Controller. The failure (according the Theodore Kilgore, the libgphoto2 driver maintainer for sq905 devices) is in bulk transport messages from usb devices. This renders my scanner and camera unusable under 2.6.8. 2.4.27 and 2.6.10 both work, however. (The upstream kernel people are aware of this problem, and have fixed it in 2.6.10). -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (300, 'experimental') Architecture: i386 (i586) Kernel: Linux 2.6.10-1-386 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of packages kernel-image-2.6.8-1-386 depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii initrd-tools 0.1.76 tools to create initrd image for p ii module-init-tools 3.1-rel-2 tools for managing Linux kernel mo -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
