Processed: Re: Bug#290974 acknowledged by developer (Bug#290974: fixed in apache 1.3.33-3)
Processing commands for [EMAIL PROTECTED]: reopen 290974 Bug#290974: apache: Temporary usage bugs that can be used in symlink attacks Bug reopened, originator not changed. tags 290974 sarge Bug#290974: apache: Temporary usage bugs that can be used in symlink attacks Tags were: sarge security sid Tags added: sarge thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290974: acknowledged by developer (Bug#290974: fixed in apache 1.3.33-3)
reopen 290974 tags 290974 sarge thanks A few comments on this: * (Thom May) - Security fix - fix tempfile usage in check_forensic (Closes: #290974) - Please help track this bugs in sarge by tagging them - fmn.sh was not fixed. Even if not used in the Debian package I would appreciate if it was patched too, helps in source code reviews. - Please forward the full bug report upstream (if not already done) Regards Javier signature.asc Description: Digital signature
Bug#291132: marked as done (perdition: FTBFS: Using non PIC code in shared lib.)
Your message dated Thu, 20 Jan 2005 17:06:50 +0900 with message-id [EMAIL PROTECTED] and subject line Processed: Fixed in NMU of perdition 1.15-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 18 Jan 2005 22:48:29 + From [EMAIL PROTECTED] Tue Jan 18 14:48:29 2005 Return-path: [EMAIL PROTECTED] Received: from europa.telenet-ops.be [195.130.132.60] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cr29E-b2-00; Tue, 18 Jan 2005 14:48:28 -0800 Received: from localhost (localhost.localdomain [127.0.0.1]) by europa.telenet-ops.be (Postfix) with SMTP id 6CC1419811E for [EMAIL PROTECTED]; Tue, 18 Jan 2005 23:48:27 +0100 (MET) Received: from Q.roeckx.be (dD5775FD9.access.telenet.be [213.119.95.217]) by europa.telenet-ops.be (Postfix) with ESMTP id 4D0EF19800E for [EMAIL PROTECTED]; Tue, 18 Jan 2005 23:48:27 +0100 (MET) Received: by Q.roeckx.be (Postfix, from userid 501) id E3E2426136; Tue, 18 Jan 2005 23:48:26 +0100 (CET) Date: Tue, 18 Jan 2005 23:48:26 +0100 From: Kurt Roeckx [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: perdition: FTBFS: Using non PIC code in shared lib. Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: perdition Version: 1.15-4 Severity: serious Hi, Your package is failing to build because it's contains non PIC code. Here is an extraction from the log file: gcc -shared .libs/perditiondb_daemon.o .libs/unix_socket.o -ldb -L/build/buil dd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet -Wl,-soname -Wl,libperditiondb_daemon.so.0 -o .libs/libperditiondb_daemon.so.0.0.0 -ldb -L /build/buildd/perdition-1.15/perdition/db/daemon -lperditiondb_daemon_packet /usr/bin/ld: /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_da emon_packet.a(packet.o): relocation R_PARISC_DPREL21L can not be used when maki ng a shared object; recompile with -fPIC /build/buildd/perdition-1.15/perdition/db/daemon/libperditiondb_daemon_packet.a : could not read symbols: Bad value collect2: ld returned 1 exit status make[5]: *** [libperditiondb_daemon.la] Error 1 It's saying that packet.o is build without -fPIC. Please note that static libs need to be build without -fPIC and shared libs with. Kurt --- Received: (at 291132-done) by bugs.debian.org; 20 Jan 2005 08:07:02 + From [EMAIL PROTECTED] Thu Jan 20 00:07:02 2005 Return-path: [EMAIL PROTECTED] Received: from koto.vergenet.net [210.128.90.7] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrXLK-0008Pu-00; Thu, 20 Jan 2005 00:07:02 -0800 Received: by koto.vergenet.net (Postfix, from userid 7100) id 40A293413A; Thu, 20 Jan 2005 16:47:53 +0900 (JST) Date: Thu, 20 Jan 2005 17:06:50 +0900 From: Horms [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Processed: Fixed in NMU of perdition 1.15-5 Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: [EMAIL PROTECTED] X-Cluestick: seven User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Not sure why this was flaged as an NMU. On Wed, Jan 19, 2005 at 11:18:23PM -0800, Debian Bug Tracking System wrote: Processing commands for [EMAIL PROTECTED]: tag 291132 + fixed Bug#291132: perdition: FTBFS: Using non PIC code in shared lib. Tags were: sid Tags added: fixed quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: hardware-specific installer failure, not RC
Processing commands for [EMAIL PROTECTED]: severity 291347 important Bug#291347: debian-installer: SiS5513 IDE Module doesn't work,, must use ide-generic or ide based systems won't work Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: smilutils: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libartsc.la'
Processing commands for [EMAIL PROTECTED]: reassign 291331 libsdl1.2-dev Bug#291331: smilutils: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libartsc.la' Bug reassigned from package `smilutils' to `libsdl1.2-dev'. tags 291331 -sid Bug#291331: smilutils: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libartsc.la' Tags were: sid Tags removed: sid merge 291331 291268 Bug#291268: gengameng: FTBFS: Missing build dependency? Bug#291331: smilutils: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libartsc.la' Merged 291268 291331. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: lack of support for specific hardware is not RC
Processing commands for [EMAIL PROTECTED]: severity 291348 important Bug#291348: kernel-image-2.6.8: SiS USB 1.0 Controller Fails in Bulk Transport with, 2.6.8, fixed in 2.6.10 Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291331: smilutils: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libartsc.la'
reassign 291331 libsdl1.2-dev tags 291331 -sid merge 291331 291268 thanks This is not a bug in smilutils. The current version of the libsdl1.2-dev package is broken; reassigning. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Bug#291339: [Pkg-alsa-devel] Bug#291339: alsa-modules-2.4.27-1-686: undefined symbols
Hi Brian, merge 291339 284181 thanks On Thu, Jan 20, 2005 at 05:12:45PM +1100, Brian May wrote: Setting up alsa-modules-2.4.27-1-686 (1.0.6a+5) ... depmod: *** Unresolved symbols in /lib/modules/2.4.27-1-686/updates/alsa/snd-pdaudiocf.o There's a fixed package for 2.4.27-2-* waiting in NEW. -- Jordi Mallach Pérez -- Debian developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sindominio.net/ GnuPG public key information available at http://oskuro.net/~jordi/ signature.asc Description: Digital signature
Bug#291355: gaim-gnome: installation fails, depends on uninstalable libpanel-applet0
Package: gaim-gnome Version: 1:0.58-2.4 Severity: grave Justification: renders package unusable # LANG=en; apt-get install gaim-gnome Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: gaim-gnome: Depends: libpanel-applet0 (= 1.4.0.2-3) but it is not installable -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.6-1-686 Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289560: Woody still vulnerable (or at least no entry in non-vulns-list)
reopen 289560 thanks At least woody is not fixed. I just checked, there is also no entry in http://www.debian.org/security/nonvulns-woody for this issue. Either one (the first preferably) needs to be handled. Greetings Helge -- Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED] gpg signed mail preferred 64bit GNU powered http://www.itp.uni-hannover.de/~kreutzm Help keep free software libre: http://www.freepatents.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289856: mdnsresponder: Wrong license
Jeff, Above and beyond the issue of distributing code without proper license notices, the APSL 2.0 is not, in the opinion of many (and AFAICT, according to the consensus of the debian-legal mailing list), a free license under the DFSG. Although there's been extensive discussion about *which* points of the license are actually DFSG problems, the questionable clauses are multiple: - The copyright license is terminated if you attempt to defend your patent rights against Apple. - The license requires you to publish any local modifications if you deploy public services based on the Covered Code, which discriminates against a field of endeavour. - The license includes a choice of venue clause forcing all licensees to accept the jurisdiction of the Northern District of California, which is discriminatory against persons located outside this district by exposing them to unequal legal expense. Again, while the question of which parts of the license (if any) fail the DFSG is still somewhat open, the fact is that this license imposes a number of restrictions on the licensee which are not present in more traditional Free Software licenses. Now that it's known that this package is licensed under the APSL and not under a BSD license, I believe it's best to remove mdnsresponder from the archive until such a time as it's made available under a different license or there's a clear consensus that the APSL 2.0 is a DFSG-free license. If you agree with this assessment but don't have time to clean the source tree, let me know and I can take a look at doing this for you. Thanks, -- Steve Langasek postmodern programmer signature.asc Description: Digital signature
Bug#291209: marked as done (csmash window black !)
Your message dated Thu, 20 Jan 2005 04:47:15 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291209: fixed in csmash 0.6.6-6 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 19 Jan 2005 12:55:21 + From [EMAIL PROTECTED] Wed Jan 19 04:55:21 2005 Return-path: [EMAIL PROTECTED] Received: from amazone.ujf-grenoble.fr [193.54.238.254] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrFMn-00066G-00; Wed, 19 Jan 2005 04:55:21 -0800 Received: from tibre2.ujf-grenoble.fr (tana1.ujf-grenoble.fr [152.77.18.74]) by amazone.ujf-grenoble.fr (Switch-3.1.3/Switch-3.1.0/Configured by JE 9 8 2004) with ESMTP id j0JCsf6E001340 for [EMAIL PROTECTED]; Wed, 19 Jan 2005 13:54:49 +0100 (CET) Received: from ifapp1.ujf-grenoble.fr (mozart.ujf-grenoble.fr [193.54.241.5]) by tibre2.ujf-grenoble.fr (8.12.8p1/8.12.8) with ESMTP id j0JCseWS092142 for [EMAIL PROTECTED]; Wed, 19 Jan 2005 13:54:40 +0100 (CET) (envelope-from [EMAIL PROTECTED]) Message-Id: [EMAIL PROTECTED] Received: from [127.0.0.1] ([:::193.48.255.218]) by fourier.ujf-grenoble.fr with esmtp; Wed, 19 Jan 2005 13:54:39 +0100 id 014157A1.41EE588F.5205 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: vu-ngoc.san [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: csmash window black ! X-Mailer: reportbug 3.2 Date: Wed, 19 Jan 2005 13:54:16 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.3 required=4.0 tests=BAYES_00,HAS_PACKAGE, MSGID_FROM_MTA_HEADER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: csmash Version: 0.6.6-5 Severity: grave Justification: renders package unusable since update 0.6.6-5 the playing window is totally black ! otherwise the game seems to be running ok :-) this holds with or without fullscreen and on both of my machines (a desktop PC with linux 2.6.7 and a laptop with 2.4.27) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.7-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages csmash depends on: ii csmash-data 0.6.6-5 data files for the CannonSmash gam ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-6GCC support library ii libglib2.0- 2.4.8-1 The GLib library of C routines ii libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libpango1.0 1.6.0-3 Layout and rendering of internatio ii libsdl-imag 1.2.3-6 image loading library for Simple D ii libsdl-mixe 1.2.5-9 mixer library for Simple DirectMed ii libsdl1.2de 1.2.7+1.2.8cvs20041007-3.0.1 Simple DirectMedia Layer ii libstdc++5 1:3.3.5-5The GNU Standard C++ Library v3 ii libx11-64.3.0.dfsg.1-10 X Window System protocol client li ii libxext64.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxi6 4.3.0.dfsg.1-10 X Window System Input extension li ii libxmu6 4.3.0.dfsg.1-10 X Window System miscellaneous util ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics ii xlibmesa-gl 4.3.0.dfsg.1-10 Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-3compression library - runtime -- no debconf information --- Received: (at 291209-close) by bugs.debian.org; 20 Jan 2005 09:54:40 + From [EMAIL PROTECTED] Thu Jan 20 01:54:40 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrZ1U-0002xh-00; Thu, 20 Jan 2005 01:54:40 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrYuJ-0005fh-00; Thu, 20 Jan 2005 04:47:15 -0500
Bug#289646: kbabel: crash with some .po file
On Wed, Jan 19, 2005 at 10:02:47AM +0100, Matías Costa wrote: * Steve Langasek [Tue, 18 Jan 2005 05:14:14 -0800]: I am not able to reproduce this bug using the packages in sarge. Can you please downgrade kdelibs4 on your system to the version in unstable, to confirm whether this bug still exists for you? Seems to me that the version of kdelibs4 in sarge is not affected. The bogus version has hit unstable, though. Reassigning and tagging accordingly. Yesterday I was able to reproduce this on sarge, not today anymore. however, on sarge I can get kbabel to crash by pressing apply in project properties/spellchecking tab while the spell-as-you-go is selected, which is probably the same bug. #0 0x4138868f in mallopt () from /lib/tls/i686/cmov/libc.so.6 #1 0x41387ab3 in malloc () from /lib/tls/i686/cmov/libc.so.6 #2 0x412c32ee in operator new () from /usr/lib/libstdc++.so.5 #3 0x40f28a20 in QGArray::newData () from /usr/lib/libqt-mt.so.3 #4 0x40f279bb in QGArray::QGArray () from /usr/lib/libqt-mt.so.3 #5 0x40f1975c in QCString::QCString () from /usr/lib/libqt-mt.so.3 #6 0x40f1a710 in QCString::mid () from /usr/lib/libqt-mt.so.3 #7 0x40888a15 in KProcIO::readln () from /usr/lib/libkdecore.so.4 #8 0x40695f71 in KSpell::check2 () from /usr/lib/libkdeui.so.4 #9 0x40698c25 in KSpell::qt_invoke () from /usr/lib/libkdeui.so.4 #10 0x40c764a6 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #11 0x40888cca in KProcIO::readReady () from /usr/lib/libkdecore.so.4 #12 0x401a in KProcIO::controlledEmission () from/usr/lib/libkdecore.so.4 #13 0x408887bd in KProcIO::ackRead () from /usr/lib/libkdecore.so.4 #14 0x40695fd3 in KSpell::check2 () from /usr/lib/libkdeui.so.4 with the lines 8-13 repeated infinetly.
Bug#278191: marked as done (xtrlock unlocks upon very long input)
Your message dated Thu, 20 Jan 2005 10:37:55 + with message-id [EMAIL PROTECTED] and subject line DSA out has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 25 Oct 2004 12:16:52 + From [EMAIL PROTECTED] Mon Oct 25 05:16:51 2004 Return-path: [EMAIL PROTECTED] Received: from ns.ustc.edu.cn (mx1.ustc.edu.cn) [202.38.64.1] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CM3mL-00015F-00; Mon, 25 Oct 2004 05:16:50 -0700 Received: from mail.ustc.edu.cn (webmail.ustc.edu.cn [202.38.64.16]) by mx1.ustc.edu.cn (8.11.6/8.11.6) with SMTP id i9PC6QH25899 for [EMAIL PROTECTED]; Mon, 25 Oct 2004 20:06:27 +0800 Received: from 202.112.113.126 (proxying for unknown) (SquirrelMail authenticated user muec) by webmail.ustc.edu.cn with HTTP; Mon, 25 Oct 2004 20:07:03 +0800 (CST) Message-ID: [EMAIL PROTECTED] Date: Mon, 25 Oct 2004 20:07:03 +0800 (CST) Subject: xtrlock unlocks upon very long input From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Mailer: SquirrelMail (version 1.3.2) MIME-Version: 1.0 Content-Type: text/plain;charset=gb2312 X-Priority: 3 Importance: Normal Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-5.4 required=4.0 tests=BAYES_01,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 2 Package: xtrlock Version: 2.0-8 xtrlock can be bypassed by holding down any key for 1 minute and then pressing Enter. I am using Debian GNU/Linux 3.1, kernel 2.6.8-1-686, libc6 2.3.2.ds1-16, xlibs 4.3.0.dfsg.1-7 and Gnome 2. --- Received: (at 278190-done) by bugs.debian.org; 20 Jan 2005 10:38:02 + From [EMAIL PROTECTED] Thu Jan 20 02:38:02 2005 Return-path: [EMAIL PROTECTED] Received: from ppsw-3.csi.cam.ac.uk [131.111.8.133] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrZhS-0004fh-00; Thu, 20 Jan 2005 02:38:02 -0800 Received: from genghis.vet.cam.ac.uk ([131.111.51.140]:49189) by ppsw-3.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.153]:587) with esmtpsa (PLAIN:mcv21) (TLSv1:RC4-SHA:128) id 1CrZhN-0006FO-9j (Exim 4.44) (return-path [EMAIL PROTECTED]); Thu, 20 Jan 2005 10:37:57 + Mime-Version: 1.0 (Apple Message framework v619) Content-Transfer-Encoding: 7bit Message-Id: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII; format=flowed To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Matthew Vernon [EMAIL PROTECTED] Subject: DSA out Date: Thu, 20 Jan 2005 10:37:55 + X-Mailer: Apple Mail (2.619) Sender: [EMAIL PROTECTED] X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ X-Cam-AntiVirus: No virus found X-Cam-SpamDetails: Not scanned Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: The DSA regarding these bugs has been released, so they can be laid to rest. Matthew -- Matthew Vernon MA VetMB LGSM MRCVS Farm Animal Epidemiology and Informatics Unit Department of Veterinary Medicine, University of Cambridge -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291091: Konqueror 3.3.1-4 respawns on clicking any link
On Tue, Jan 18, 2005 at 10:48:35AM -0600, Bud Rogers wrote: If I start konqueror from the menu or command line, it comes up normally. If I click on any link, it spawns another window and contines to spawn new windows at about 2-3 second intervals. I have to killall konqueror or C-c from command line to kill it. Konqueror is at present unusable. I can't reproduce this on my sarge system. The system was upgraded from woody to sarge about 10 days ago. This behavior started today. Did you restart kde session after upgrade? If you create a new user account, does konqueror behave the same? It is well known but unfortunate that kde might not work after a major upgrade with the old configuration files. If the new user works, you need to recreate your ~/.kde configs. [EMAIL PROTECTED]:~$ uname -a Linux mug 2.2.19 #1 Sun Apr 8 13:42:11 EST 2001 i686 GNU/Linux We haven't tested konqueror on anything this old, but it shouldn't be the cause of problems. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291339: [Pkg-alsa-devel] Bug#291339: alsa-modules-2.4.27-1-686: undefined symbols
On Thu, 2005-01-20 at 17:12 +1100, Brian May wrote: depmod: *** Unresolved symbols in /lib/modules/2.4.27-1-686/updates/alsa/snd-pdaudiocf.o [...] I rebuilt the modules from the source code, and the modules I require work (I still get undefined symbols from snd-{pdaudiocf,vx-cs,vxp440,vxpocket}.o, but I don't need these anyway). I strongly suspect that you haven't built your alsa-modules package against the sources for the kernel you are running. Please double check that the kernel you are running is the one built from the tree in which you built the alsa-modules package. -- Thomas Hood [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#290974: acknowledged by developer (Bug#290974: fixed in apache 1.3.33-3)
* Javier Fern?ndez-Sanguino Pe?a ([EMAIL PROTECTED]) wrote : reopen 290974 tags 290974 sarge thanks A few comments on this: * (Thom May) - Security fix - fix tempfile usage in check_forensic (Closes: #290974) - Please help track this bugs in sarge by tagging them - fmn.sh was not fixed. Even if not used in the Debian package I would appreciate if it was patched too, helps in source code reviews. It was fixed, it's not mentioned in the changelog since it's not used anywhere outside the build process. - Please forward the full bug report upstream (if not already done) Fixed in cvs upstream. Cheers, -Thom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291378: mysql-server: Security fixes pending in experimental version
Package: mysql-server Version: 4.1.7-2 Priority: grave Tags: experimental Just a quick note to tell that there are several symlink vulnerabilities in the experimental version of mysql-server which have been fixed in sid's. This includes (but is not limited to) mysqlaccess (#291122), and mysql_install_db.sh Just so these are reviewed before the package is moved into sid (although they are fixed upstream, so a new version should fix them too) Regards Javier signature.asc Description: Digital signature
Bug#291380: [msutton@iDefense.com: iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities]
Package: maxdb Severity: grave Tags: sarge security # sid is already fixed, so this is a reminder. Two CVE ids have been assigned to this advisory: Candidate: CAN-2005-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0081 Reference: IDEFENSE:20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities Reference: URL:http://www.idefense.com/application/poi/display?id=187type=vulnerabilities MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers. Candidate: CAN-2005-0082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0082 Reference: IDEFENSE:20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities Reference: URL:http://www.idefense.com/application/poi/display?id=187type=vulnerabilities The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash. Please mention them in the changelog (or add them to the changelog later with your next upload). Regards, Joey - Forwarded message from Michael Sutton [EMAIL PROTECTED] - Subject: iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities Date: Wed, 19 Jan 2005 16:03:46 -0500 From: Michael Sutton [EMAIL PROTECTED] To: bugtraq@securityfocus.com, [EMAIL PROTECTED] X-Folder: [EMAIL PROTECTED] MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities iDEFENSE Security Advisory 01.19.05 www.idefense.com/application/poi/display?id=187type=vulnerabilities January 19, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality. Further details are available at: http://www.mysql.com/products/maxdb/ II. DESCRIPTION Two remotely exploitable denial of service conditions have been found to exist in MySQL MaxDB and SAP DB Web Agent products. The first vulnerability specifically exists due to a null pointer dereference in the sapdbwa_GetUserData() function. A remote attacker can request the webdav handler code with invalid parameters to cause a null pointer dereference resulting in a crash of SAP DB Web Agent. The second vulnerability is due to insufficient handling of malformed HTTP headers. A remote attacker can submit a HTTP request with invalid headers to cause a denial of service. III. ANALYSIS A remote attacker can send simple HTTP requests to cause MaxDB Web Agent to crash. IV. DETECTION iDEFENSE has confirmed the existence of these vulnerabilities in MySQL MaxDB 7.5.0.0 on Linux and Windows platforms. It is believed that all versions prior to 7.5.0.21 are affected. V. WORKAROUND Employ firewalls, access control lists or other TCP/UDP restriction mechanisms to limit access to administrative systems and services. VI. VENDOR RESPONSE The vulnerability has been addressed in MaxDB 7.5.00.21. Updated binaries (version 7.5.00.23) are available from: http://dev.mysql.com/downloads/maxdb/7.5.00.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues: CAN-2005-0081 MySQL MaxDB Web Agent Null HTTP Header Denial of Service Vulnerability CAN-2005-0082 MySQL MaxDB Web Agent GetUserData Denial of Service Vulnerability VIII. DISCLOSURE TIMELINE 08/20/2004 Initial vendor notification 08/24/2004 Initial vendor response 01/19/2005 Public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp VII. LEGAL NOTICES Copyright (c) 2005 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. - End forwarded message - -- Every use of Linux is a proper
Processed: tagging 284181
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 tags 284181 sid Bug#284181: alsa-modules-2.4.27-1-686: plenty of unresolved symbols Tags were: pending Bug#284463: Alsa modules no longer load after minor kernel update Bug#284485: failed loading alsa driver Bug#284683: alsa-modules-2.4.27-1-k7: Unresolved symbols Bug#287153: depmod: *** Unresolved symbols Bug#287483: alsa-modules-i386: 2.4.27 modules don't work with recent kernel upgrade Bug#287783: alsa-modules-2.4.27-1-k7: unresolved symbol with new kernel-image-2.4.27-1-k7 Bug#287847: Unresolved symbols in alsa-modules-2.4.27-1-686 Bug#289336: alsa-modules-2.4.27-1-k7-smp: can't load module for my sound card (AMD-768) Bug#291339: alsa-modules-2.4.27-1-686: undefined symbols Tags added: sid End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291355: gaim-gnome: installation fails, depends on uninstalable libpanel-applet0
-- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.6-1-686 Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) gaim-gnome was discontinuted starting with the 0.60 release, we (upstream) removed the gnome code from gaim. as a result, it would only be installable on a woody system at this point. luke -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291380: [msutton@iDefense.com: iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities]
Processing commands for [EMAIL PROTECTED]: reassign 291380 maxdb-7.5.00 Bug#291380: [EMAIL PROTECTED]: iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities] Warning: Unknown package 'maxdb' Bug reassigned from package `maxdb' to `maxdb-7.5.00'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289856: mdnsresponder: Wrong license
Steve Langasek [EMAIL PROTECTED] wrote: - The copyright license is terminated if you attempt to defend your patent rights against Apple. It should be emphasised that this is the case if you defend /any/ patent rights against Apple. It's not limited to software patents, and it's not limited to patents that you claim are infringed by that given piece of software. I think this goes too far (but lean towards believing that termination of patent rights wouldn't be an unreasonable thing for Apple to do) - The license requires you to publish any local modifications if you deploy public services based on the Covered Code, which discriminates against a field of endeavour. This clause aims to deal with what is seen by many as a flaw in traditional copyleft licenses. I don't think it's a terribly convincing argument in itself - it's no more actively discriminatory than the GPL (discriminates against people who want to provide closed-source software), so the discussion is really whether we want to encourage or discourage that sort of license. - The license includes a choice of venue clause forcing all licensees to accept the jurisdiction of the Northern District of California, which is discriminatory against persons located outside this district by exposing them to unequal legal expense. But most licenses discriminate against people who don't speak English, or don't have legal training, or... Again, in itself, it's not seeking to discriminate. It's clearly not equivilent to a clause that says This software may not be used by employees of arms manufacturers, which is the sort of thing that DFSG 5 was supposed to deal with. But I agree with your summary. It's not entirely clear that the APSL contravenes the DFSG, but it's also not entirely clear that it should be considered a free software license. I think a firm conclusion is going to have to wait until we actually have a project-wide discussion of how the DFSG should be interpreted nowadays, especially in the face of issues that weren't considered when they were written. -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291378: mysql-server: Security fixes pending in experimental version
Hello Javier On 2005-01-20 Javier Fernández-Sanguino Peña wrote: Package: mysql-server Version: 4.1.7-2 Priority: grave Tags: experimental experimental is obsolete. There is a bug for the FTP maintainers to remove it but they have too much work to do it seems. Anyway don't use a version in experimental/ if sid has a newer one, that is almost anytimes not wanted by the maintainer :-) But it's good that you though of reviewing the experimental package, could have been a mistake from my side very well. (maybe I still urge to ftp maintainers to remove it a bit quicker as it contains security flaws) bye, -christian-
Bug#291339: Ah, yes
I wrote: I strongly suspect that you haven't built your alsa-modules package against the sources for the kernel you are running. Urg, sorry -- I was forgetting that not only the Debian kernel-image-2.4.27-1-* packages but also kernel-image-2.4.27* packages built from Debian sources had altered symbol version suffixes. I take back what I said and agree with Jordi that this is a duplicate of #284181 et al. If you don't want to wait for alsa-modules-2.4.27-2-686 to hit the archive then you can build it yourself from alsa-source. First upgrade your kernel to kernel-image-2.4.27-2-686, of course. -- Thomas Hood [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291385: nautilus-cd-burner: File image creation failed (incorrect file names)
Package: nautilus-cd-burner Version: 2.8.6-3 Severity: grave Justification: renders package unusable When trying to burn a cd, Nautilus-cd-burner reports : File image creation failed Incorrectly named files were to be added to the CD I found this on google that might be related : http://www.dbforums.com/t1080777.html Make nautilus-cd-burner unasable for me... Franck -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8 Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Versions of packages nautilus-cd-burner depends on: ii cdrecord 4:2.01+01a01-2 command line CD writing tool ii dbus-1 0.23-1 simple interprocess messaging syst ii libart-2.0-2 2.3.16-6Library of functions for 2D graphi ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libaudiofile00.2.6-5 Open-source version of SGI's audio ii libbonobo2-0 2.8.0-4 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.0-2 The Bonobo UI library ii libc62.3.2.ds1-20GNU C Library: Shared libraries an ii libeel2-22.8.2-1 Eazel Extensions Library (for GNOM ii libesd0 0.2.35-2Enlightened Sound Daemon - Shared ii libgail-common 1.8.2-1 GNOME Accessibility Implementation ii libgail171.8.2-1 GNOME Accessibility Implementation ii libgconf2-4 2.8.1-4 GNOME configuration database syste ii libgcrypt11 1.2.0-11LGPL Crypto library - runtime libr ii libglade2-0 1:2.4.1-1 Library to load .glade files at ru ii libglib2.0-0 2.6.1-2 The GLib library of C routines ii libgnome-keyring00.4.1-1 GNOME keyring services library ii libgnome2-0 2.8.0-6 The GNOME 2 library - runtime file ii libgnomecanvas2-02.8.0-1 A powerful object-oriented display ii libgnomeui-0 2.8.0-3 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.8.3-9 The GNOME virtual file-system libr ii libgnutls11 1.0.16-13 GNU TLS library - runtime library ii libgpg-error01.0-1 library for common error values an ii libgtk2.0-0 2.4.14-2The GTK+ graphical user interface ii libhal0 0.4.5-1 Hardware Abstraction Layer - share ii libhowl0 0.9.8-2 Library for Zeroconf service disco ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libjpeg626b-9The Independent JPEG Group's JPEG ii libnautilus-burn02.8.6-3 Nautilus Burn Library - runtime ve ii libnautilus2-2 2.8.2-2 libraries for nautilus components ii liborbit21:2.10.2-1.1libraries for ORBit2 - a CORBA ORB ii libpango1.0-01.6.0-3 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libtasn1-2 0.2.10-4Manage ASN.1 structures (runtime) ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxml2 2.6.11-5GNOME XML library ii mkisofs 4:2.01+01a01-2 Creates ISO-9660 CD-ROM filesystem ii xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information smime.p7s Description: S/MIME Cryptographic Signature
Bug#291386: kernel-image-2.4.27-2-686: creates bad initrd with complex lvm2 setup
Package: kernel-image-2.4.27-2-686 Version: 2.4.27-7 Severity: critical Justification: breaks the whole system When the install of kernel-image tries to create initrd, those lines go to /var/log/messages: Jan 20 09:39:39 fregate kernel: device-mapper: unknown block ioctl 0x801c6d02 Jan 20 09:39:40 fregate last message repeated 14 times I do have 15 logical volumes, which explains how many times the message is emitted... I guess I should mention a bit of my partitionning scheme, out of my /etc/fstab: # system /dev/mapper/vg-root / ext3defaults,errors=remount-ro 0 1 /dev/mapper/vg-usr_lib /usr/lib ext3defaults 0 1 /dev/mapper/vg-usr_share /usr/share ext3defaults 0 1 /dev/mapper/vg-doc /usr/share/docext3defaults 0 1 /dev/mapper/vg-locale /usr/share/localeext3defaults 0 1 /dev/mapper/vg-cache_apt /var/cache/apt/archivesext3defaults 0 2 maybe my having /usr/lib on a different logical volume is relevant... just a guess of mine, of course... my other logical volumes are one for /home, and some for subdirectories of /home, so should not be relevant... Last thing I guess I can mention is that on another machine, with only one logical volume for /, and one for /home, /var/log/messages gets its two lines, but the system boots properly... you might notice I presently run a 2.4.27-1-686, this is my rescue that I had a hard time to setup when the problem first happend to me with the last update of 2.4.27-1-868, which really hang the computer, having overwritten my working kernel. (that did not happen this time because of the -1-686 to -2-686 move) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-1-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages kernel-image-2.4.27-2-686 depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities ii initrd-tools 0.1.76 tools to create initrd image for p ii modutils 2.4.26-1.2 Linux module utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291064: Ubuntu patch
tag 291064 patch thanks Hi! FYI, I just fixed the Ubuntu package, you can get the debdiff from http://patches.ubuntu.com/patches/awstats.CAN-2005-0016.diff The upstream fix is much more invasive, I just did the necessary changes to fix the vulnerability, nothing else. Martin -- Martin Pitt http://www.piware.de Ubuntu Developerhttp://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org signature.asc Description: Digital signature
Bug#291408: slapd: Index and Data corruption with openldap2 2.1.30
Package: slapd Version: 2.1.30-3 Severity: critical Justification: causes serious data loss -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, We are running debian sarge on some of our servers now and are getting data and index corruption (every few weeks). On different servers (configured the same) we experience those problems. I think it is openldap that causes this problem because openldap 2.2 doesn't have this problems with the same bdb backend. (db4.2) We only use this option in DB_CONFIG but i think it doesn't have anything to do with the problem: set_cachesize 0 524288000 I've searched the logs for any inconsistency but i couldn't find anything in the logs. Another little problem i experienced is the bad performance with 2.1.30 i've benched 2.1.30 and 2.2.20 a little bit and i got this: On the server (openldap 2.1.30): IBM eServer series: 1 Ghz with 1.5 Gb RAM (Kernel: 2.6.8) www0:~# time id user_from_ldap uid=1003(user_from_ldap) gid=1003(user_from_ldap) groups=1003(user_from_ldap) real0m1.588s user0m0.059s sys 0m0.017s the real is between the 1.4 to 1.8 seconds. Desktop system (openldap 2.2.20) Pentium 2 350Mhz with 192Mb RAM (Kernel: 2.6.8) desktop:~# time id user_from_ldap real0m0.388s user0m0.059s sys 0m0.017s The real on this one is between 0.2 and 0.4 seconds. On both machines ldap is running on localhost. I've now a few weeks openldap 2.2 running on my desktop system and i didn't get any data or index corruption and it's fast as hell. I've seen that the main blocker is the gnutls patch. Well i ported the patch almost to 2.2.20. There are a few things i have to look for. And then i hope it will work. I don't know how far you are with that patch but i hope, really hope that 2.2.20 can make it into Sarge. If you need more information please mail me. Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB79lw2n1ROIkXqbARAnC9AJ9t2O8g+r4l6NAxLYXAnSKgTTy8OQCgsdPd e4hE3GCHUOI+QWxD6aU8FGc= =FRFn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#288876: [Flac-dev] liboggflac1 soname
--- Ralph Giles [EMAIL PROTECTED] wrote: On Mon, Jan 10, 2005 at 09:37:18PM -0800, Josh Coalson wrote: as far as I can piece together, the last releases went like: FLAC release libOggFLAC went to - -- 1.1.0 1:2:0 from 1:1:0 (code changes only I think) 1.1.1-beta12:0:1 from 1:2:0 (some i'faces added, some changed) 1.1.1 2:1:1 from 2:0:1 (code changes only, no interface changes) I think this is all according to the libtool rules in http://www.gnu.org/software/libtool/manual.html#SEC35 the 'enum renumbering' to me implied an 'interface change' but maybe I misinterpreted. Yes, it's a change. The libtool manual seems a little incomplete here. This issue is that the order of items in the enum has changed in the header. Appending is generally safe, but because enums are mapped to integers in the object code, an app built against 1.1.0 would for example misinterpret what the 1.1.1 library uses for OggFLAC__STREAM_DECODER_OGG_ERROR as OggFLAC__STREAM_DECODER_END_OF_STREAM. As such it's an incompatible change, for which you should also zero the 'age' field. So 1.1.1-beta1 should have been 2:0:0, not 2:0:1. I still don't see why it should have been 2:0:0... some interfaces were added, and some were changed, and none removed, so according to those doc's steps: 3. code changed = 1:2:0-1:3:0 4. i'faces addedchanged = 1:3:0-2:0:0 5. i'faces added = 2:0:0-2:0:1 6. no i'faces removed so I still don't see how the numbering could have broken something or how I would fix it in the next release. unless: http://flac.sourceforge.net/changelog.html#flac_1_1_1 Thanks for the changelog link. That's very clear. hmm... not sure what exposed means in the libtool numbering sense. the libOggFLAC++ includes do #include the libOggFLAC headers, but I have been (maybe erroneously) adjusting the libtool numbers strictly by what changed in the C++ side. Hmm. Sounds like the same issue applies unfortunately. The real question is whether you can upgrade them independently or not. If not they should probably share libtool versioning numbers. ...maybe this is what caused the problem? i.e. some underlying change in libFLAC. also, just read Henrique's later email... this is probably what happened. for the next release I will make sure that the numbers are bumped up enough to be right again. but I don't have a timeline for the next release... it is mostly ready but I'm still trying to get time to integrate a bunch of PPC optimizations. I'm OK with Matt doing a 1.1.1a just to fix the sonames though. Josh __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291426: util-vserver doesn't work if compiled on a !ctx-kernel
Package: util-vserver Version: 0.30-10 Severity: grave Hi, I had the problem that e.g. vserver-stats didn't work for me. On checking it up, the build log proved that it is using syscall 273 for that, instead of the really used one: aba Bertl: if the configure script says: checking for number of syscall 'vserver'... 273/default - is that a bad sign? Bertl aba: yes aba Bertl: with recompiling debians utils on my machine with a kernel, it works .. This means that util-vserver doesn't work on powerpc (and probably also not on any other !i386 architecture). Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291091: Konqueror 3.3.1-4 respawns on clicking any link
Did you restart kde session after upgrade? If you create a new user account, does konqueror behave the same? It is well known but unfortunate that kde might not work after a major upgrade with the old configuration files. If the new user works, you need to recreate your ~/.kde configs. That was it. I'm very sorry to have bothered you. The box in question has worked so well for so long I was quite surprised when it acted up. Thanks for the prompt response. Bud Rogers[EMAIL PROTECTED] 405-247-4544 fax 405-247-4446 Western Farmers Electric Cooperative
Bug#291427: kjc: source code is not included (GPL violation)
Kalle Olavi Niemitalo wrote: Package: kjc Version: 2:1.1.4.PRECVS6-1 Severity: serious The kaffe source package does not include the source code for kjc. Instead, there is just a kjc.jar full of compiled class files. /usr/share/doc/kjc/copyright describes: * libraries/javalib/kjc.jar Kopi Java Compiler 2.1B with kaffe specific patches and bugfixes. Kjc is part of the Kopi project from DMS. It is licensed under the GNU General Public License. See license.terms for details. More information on the Kopi project is available from http://www.dms.at/kopi/index.html. The sources for the original kjc 2.1B compiler are available from DMS at the above URL. Patches from kaffe developers to kjc are available in the kaffe-extras repository of the kaffe.org CVS server. As the version of the GNU GPL is not specified, one may choose any version published by the FSF. The license.terms file in the source package (should it be installed too?) contains the text of version 2. Its section 3 is not satisfied: * Alternative a) does not apply, because the source code does not accompany the object code. * Alternative b) does not apply, because there is no indication on which party is making the offer, and no binding promise to keep those servers up for three years. * Alternative c) would also require a similar offer, additionally, it forbids commercial distribution and would thus make the package unsuitable for main. The same reasoning applies to section 3 in version 1 of the GNU GPL. As far as I know, the FSF has not published other versions. Therefore, this package seems undistributable in its current condition. Thanks a lot for pointing that out, that's indeed a serious problem with the package. I'll make sure that either kjc.jar includes the sources, or kjc's source code including the patches is part of kaffe. cheers, dalibor topic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 291362 is serious
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.6 severity 291362 serious Bug#291362: installation-reports: LVM install failed due to missing dmsetup Severity set to `serious'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291427: kjc: source code is not included (GPL violation)
Jim Pick wrote: Dalibor just removed kjc.jar from our CVS. We were already discussing ways of redoing the build and packaging, and the bootstrapping process with kjc.jar has been painful, to say the least. So we were going to redesign the packaging process altogether anyhow. Yeah, it is pretty hard to bootstrap correctly on ports where kaffe's jit/intepreter is not up to running large beasts like kjc on GNU Classpath :) That's a pretty good test of the VM. I think I want to propose separating the whole JDK part (eg. javac and relating utils) out from Kaffe, and make the main product of Kaffe be just the JRE. Ideally, we could split off the class libraries as well, since that comes from Classpath mostly now. So the build process could be something like: a) download Kaffe, KJC, and Classpath separately b) Run some build script which builds a JDK That's less nice than our current solution of having one tarball that gets downloaded. But I really think Kaffe should just be the virtual machine itself, not an entire distribution. Absolutely. We're some 29 classes away from being fully synced up with GNU Classpath, so it's pretty close now. I think we'll get there for the next release. In the meantime, can't the Debian package just be modified to include the kjc source tarball and related patches? They are available. That should fix the bug. Sure. I'll fix the remaining problems Arnaud reported to me, make jikes build the default one, then he can upload a new kaffe package without kjc, and repackage kjc straight from Kaffe's CVS module. That should fix it all. cheers, dalibor topic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291427: kjc: source code is not included (GPL violation)
Wholeheartedly agreed. KJC should definitely be a separate package. Can classpath be entirely extricated from the Kaffe package? Is the JNI integration that uniform across VMs in Debian? On Thursday 20 January 2005 2:09 pm, Jim Pick wrote: First off, I think calling it a GPL violation is a bit strong. Maybe it is technically, but you're really getting down to picking nits here. It's not like the code has been hidden. It's a packaging issue. Debian should ship the kjc source code -- I agree that should be done. It's a build dependency, and Debian should include the sources for all the build dependencies. The kjc source code is available publicly, as are the small number of patches we applied (in the kaffe.org CVS). What's the best way to fix it? Dalibor just removed kjc.jar from our CVS. We were already discussing ways of redoing the build and packaging, and the bootstrapping process with kjc.jar has been painful, to say the least. So we were going to redesign the packaging process altogether anyhow. I think I want to propose separating the whole JDK part (eg. javac and relating utils) out from Kaffe, and make the main product of Kaffe be just the JRE. Ideally, we could split off the class libraries as well, since that comes from Classpath mostly now. So the build process could be something like: a) download Kaffe, KJC, and Classpath separately b) Run some build script which builds a JDK That's less nice than our current solution of having one tarball that gets downloaded. But I really think Kaffe should just be the virtual machine itself, not an entire distribution. In the meantime, can't the Debian package just be modified to include the kjc source tarball and related patches? They are available. That should fix the bug. There should be another release of Kaffe soon, perhaps in the next month or so. -- Ean Schuessler, CTO [EMAIL PROTECTED] 214-720-0700 x 315 Brainfood, Inc. http://www.brainfood.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 290890
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.5 tags 290890 sid Bug#290890: Please remove distributed-net-pproxy. There were no tags set. Tags added: sid End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291427: kjc: source code is not included (GPL violation)
Ean Schuessler wrote: Wholeheartedly agreed. KJC should definitely be a separate package. Can classpath be entirely extricated from the Kaffe package? Is the JNI integration that uniform across VMs in Debian? Yep. Classpath has a nice feature called VM interface, which all VMs using classpath implement. We'd keep the VM interface classes for Kaffe in kaffe's package, and just overlay them into gnu classpath using bootclasspath manipulation. There are also a couple of native libs that are part of Kaffe, that are necessarily different for each vm. Reflection and such things, mostly. It's definitely possible, and I hope to have the largest part done in a week or two. cheers, dalibor topic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291362: installation-reports: LVM install failed due to missing dmsetup
Wesley W. Terpstra wrote: On Thu, Jan 20, 2005 at 02:59:00PM -0500, Joey Hess wrote: initrd-tools 0.1.76 changed to abort on install to LVM if dmsetup was not installed. I think this was a mistake. I'm ccing tbm, who made the change. I made the change. Right, tbm only committed it. This was apparently added as part of a patch to support encrypted root filesystems, which is not supported by d-i at all; silently adding a requirement that dmsetup be installed for lvm systems when previously it was not needed is not a good thing to have done. Why is the d-i seeing the new initrd-tools at all? I thought base was frozen? a) People can install unstable using d-i and we want this to keep working. b) We had to let the new initrd-tools into testing because it fixed other RC bugs. It seems to me that the above code could easily be rewritten to skip calling dmsetup if it was not installed, and run the lvm function. This might be a little less robust on systems that do use encrypted root filesystems, but at least it wouldn't require us to make last-minute changes to d-i and debian-cd to add dmsetup everywhere. At any rate, I agree with your solution, if there is no dmsetup it makes sense to fall back to using lvm. Since cryptsetup depends on dmsetup, there is nothing wrong with this solution. Great, so something like this? (Untested) --- mkinitrd.orig 2005-01-20 16:15:03.0 -0500 +++ mkinitrd2005-01-20 16:16:43.0 -0500 @@ -390,20 +390,19 @@ dm() { local dmname - if ! command -v dmsetup /dev/null 21; then - echo Root is on a DM device, but dmsetup not installed 2 - exit 1 - fi + if command -v dmsetup /dev/null 21; then + dmdev=$(printf (%d, %d) $major $minor) - dmdev=$(printf (%d, %d) $major $minor) - - if ! dmsetup ls | grep -q $dmdev\$; then - echo Unknown DM device $major:$minor 2 - exit 1 + if ! dmsetup ls | grep -q $dmdev\$; then + echo Unknown DM device $major:$minor 2 + exit 1 + fi + + dmname=$(dmsetup ls | grep $dmdev\$ | sed 's/^\([^[:space:]]*\).*$/\1/') fi - dmname=$(dmsetup ls | grep $dmdev\$ | sed 's/^\([^[:space:]]*\).*$/\1/') - if dmsetup table $dmname | cut -d -f3 | grep -q ^crypt$ ; then + if [ -n $dmname ] \ + dmsetup table $dmname | cut -d -f3 | grep -q ^crypt$ ; then dmcrypt elif command -v lvmiopversion /dev/null 21; then lvm -- see shy jo signature.asc Description: Digital signature
Processed: severity of 291006 is serious, severity of 291362 is serious, merging 291362 291006
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.6 severity 291006 serious Bug#291006: Package: installation-reports Severity set to `serious'. severity 291362 serious Bug#291362: installation-reports: LVM install failed due to missing dmsetup Severity set to `serious'. merge 291362 291006 Bug#291006: Package: installation-reports Bug#291362: installation-reports: LVM install failed due to missing dmsetup Merged 291006 291362. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291426: util-vserver doesn't work if compiled on a !ctx-kernel
Processing commands for [EMAIL PROTECTED]: severity 291426 important Bug#291426: util-vserver doesn't work if compiled on a !ctx-kernel Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291426: util-vserver doesn't work if compiled on a !ctx-kernel
severity 291426 important thanks On Thu, Jan 20, 2005 at 06:47:06PM +0100, Andreas Barth wrote: Package: util-vserver Version: 0.30-10 Severity: grave Hi, I had the problem that e.g. vserver-stats didn't work for me. On checking it up, the build log proved that it is using syscall 273 for that, instead of the really used one: aba Bertl: if the configure script says: checking for number of syscall 'vserver'... 273/default - is that a bad sign? Bertl aba: yes aba Bertl: with recompiling debians utils on my machine with a kernel, it works .. This means that util-vserver doesn't work on powerpc (and probably also not on any other !i386 architecture). Ok. Lowering the severity to important as it do not corrupt your system. You say that recompiling debian utils with a kernel, it works .. What do you mean with that? Regards, // Ola Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- - Ola Lundqvist --- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289236: wvdial - patch for RC bug
On Fri, Jan 07, 2005 at 11:47:33PM +0100, Artur R. Czechowski wrote: There are two issues concerning this bug: 1) missed dependency in libwvstreams-dev (# Fixed in unstable. 2) files in libxplc0.3.10-dev are in location not under standard search path [...] The 2nd issue requires one small change: --- rules.orig2003-11-14 20:46:13.0 +0100 +++ rules 2005-01-07 23:46:21.0 +0100 @@ -10,7 +10,7 @@ build: build-stamp build-stamp: dh_testdir - $(MAKE) CXXOPTS=-fno-implement-inlines -fno-rtti -fno-exceptions + $(MAKE) CXXOPTS=-fno-implement-inlines -fno-rtti -fno-exceptions CPPFLAGS=-I/usr/include/xplc-0.3.10 touch build-stamp The Right Thing(tm) would probably be to modify the upstream Makefile to use `pkg-config --cflags libwvstreams` for determining the include directories. If there aren't any objections I will upload a NMU tomorrow to fix this issue. Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291339: [Pkg-alsa-devel] Bug#291339: alsa-modules-2.4.27-1-686: undefined symbols
Thomas == Thomas Hood [EMAIL PROTECTED] writes: Thomas I strongly suspect that you haven't built your Thomas alsa-modules package against the sources for the kernel Thomas you are running. Please double check that the kernel you Thomas are running is the one built from the tree in which you Thomas built the alsa-modules package. I downloaded the kernel-headers-2.6.8-* package from the same archive (testing) that I downloaded the kernel-image-2.6.8-* from, and used that (with module-assistant's help). So if there was a mismatch, the mismatch is (or was) in sarge/testing. (besides: aren't versioned symbols meant to catch this problem? I didn't see any errors of incorrect versioned symbols) -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291339: [Pkg-alsa-devel] Bug#291339: alsa-modules-2.4.27-1-686: undefined symbols
Thomas == Thomas Hood [EMAIL PROTECTED] writes: I rebuilt the modules from the source code, and the modules I require work (I still get undefined symbols from snd-{pdaudiocf,vx-cs,vxp440,vxpocket}.o, but I don't need these anyway). Thomas I strongly suspect that you haven't built your Thomas alsa-modules package against the sources for the kernel Thomas you are running. Please double check that the kernel you Thomas are running is the one built from the tree in which you Thomas built the alsa-modules package. According to the BTS, you sent a email to [EMAIL PROTECTED] to followup this one, but I never received it. Strange. Maybe it is still queued up somewhere. In any case, if you reread my initial bug report, when I gave up using the buggy Debian package, I built my own package, and still got undefined symbol errors. However, none of these affected anything I need to use, and the required modules loaded. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289236: wvdial - patch for RC bug
Go for it - I'm still waiting for keyring-maint to re-enable my account :/ Pat. On Thursday 20 January 2005 16:50, Frank Lichtenheld wrote: On Fri, Jan 07, 2005 at 11:47:33PM +0100, Artur R. Czechowski wrote: There are two issues concerning this bug: 1) missed dependency in libwvstreams-dev (# Fixed in unstable. 2) files in libxplc0.3.10-dev are in location not under standard search path [...] The 2nd issue requires one small change: --- rules.orig 2003-11-14 20:46:13.0 +0100 +++ rules 2005-01-07 23:46:21.0 +0100 @@ -10,7 +10,7 @@ build: build-stamp build-stamp: dh_testdir - $(MAKE) CXXOPTS=-fno-implement-inlines -fno-rtti -fno-exceptions + $(MAKE) CXXOPTS=-fno-implement-inlines -fno-rtti -fno-exceptions CPPFLAGS=-I/usr/include/xplc-0.3.10 touch build-stamp The Right Thing(tm) would probably be to modify the upstream Makefile to use `pkg-config --cflags libwvstreams` for determining the include directories. If there aren't any objections I will upload a NMU tomorrow to fix this issue. Gruesse, -- Patrick Patterson Technical Ambassador Net Integration Technologies RD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291339: [Pkg-alsa-devel] Bug#291339: alsa-modules-2.4.27-1-686: undefined symbols
Brian == Brian May [EMAIL PROTECTED] writes: Thomas == Thomas Hood [EMAIL PROTECTED] writes: Thomas I strongly suspect that you haven't built your Thomas alsa-modules package against the sources for the kernel Thomas you are running. Please double check that the kernel you Thomas are running is the one built from the tree in which you Thomas built the alsa-modules package. Brian I downloaded the kernel-headers-2.6.8-* package from the Brian same archive (testing) that I downloaded the Brian kernel-image-2.6.8-* from, and used that (with Brian module-assistant's help). I am doing too much in one day and getting confused. I meant the 2.4.27-1-686 versions of both packages. Not 2.6.8. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291470: mozilla-thunderbird-enigmail: Enigmail fails to initiate unless other global extension installed afterwards
Package: mozilla-thunderbird-enigmail Version: 2:0.90.0-1 Severity: grave Justification: renders package unusable This problem seems rather simple. I apt-getted everything necessary for enigmail support : mozilla-thunderbird andmozilla-thunderbird-enigmail including all dependencies. Enigmail would apparently install correctly, but when I tried to use it, it said Enigmail failed to initialize. I later tried installing it as a local extension, but it still wouldn't work. Finally, I installed the French locale of Thunderbird and it started working. I guess the extension DB is not rebuilt correctly by engimail, and it has to rely on another extension to do the job : I consider this a rather serious bug. Louis-Philippe Savoie -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (1001, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.10usbmouse Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_CA.UTF-8) Versions of packages mozilla-thunderbird-enigmail depends on: ii gnupg 1.2.5-3 GNU privacy guard - a free PGP rep ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-7GCC support library ii libstdc++5 1:3.3.5-6The GNU Standard C++ Library v3 ii mozilla-thunderbird 1.0-3Mozilla Thunderbird standalone mai -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289856: mdnsresponder: Wrong license
[EMAIL PROTECTED] wrote: Above and beyond the issue of distributing code without proper license notices, the APSL 2.0 is not, in the opinion of many (and AFAICT, according to the consensus of the debian-legal mailing list), a free license under the Where many in this context should be read as an handful of people on the debian-legal mailing list who invented new rules which are not part of the DFSG. Again, while the question of which parts of the license (if any) fail the DFSG is still somewhat open, the fact is that this license imposes a number of restrictions on the licensee which are not present in more traditional Free Software licenses. Now that it's known that this package is licensed under the APSL and not under a BSD license, I believe it's best to remove mdnsresponder from the archive until such a time as it's made available under a different license or there's a clear consensus that the APSL 2.0 is a DFSG-free license. Do you suggest removing from the archive all packages whose licenses impose uncommon restrictions or just this one? -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: duplicate report
Processing commands for [EMAIL PROTECTED]: reassign 291428 libtiff4-dev Bug#291428: capi4hylafax: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libjpeg.la' Bug reassigned from package `capi4hylafax' to `libtiff4-dev'. merge 291428 291136 Bug#291136: capi4hylafax: FTBFS: Missing build dependencies. Bug#291428: capi4hylafax: ftbfs [sparc] libtool: link: cannot find the library `/usr/lib/libjpeg.la' Merged 291136 291428. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289702: marked as done (menu: Non-executable update-menus breaks woody ghostview postrm)
Your message dated Thu, 20 Jan 2005 18:17:39 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#289702: fixed in menu 2.1.21 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 10 Jan 2005 16:01:56 + From [EMAIL PROTECTED] Mon Jan 10 08:01:56 2005 Return-path: [EMAIL PROTECTED] Received: from rwcrmhc12.comcast.net [216.148.227.85] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Co1zQ-0003CA-00; Mon, 10 Jan 2005 08:01:56 -0800 Received: from doorstop.home.net (h001057000cf9.ne.client2.attbi.com[24.60.135.62]) by comcast.net (rwcrmhc12) with ESMTP id 2005011016011801400gpgghe; Mon, 10 Jan 2005 16:01:26 + Received: from hazelsct by doorstop.home.net with local (Exim 4.34) id 1Co1yT-0006iW-MT for [EMAIL PROTECTED]; Mon, 10 Jan 2005 11:00:57 -0500 Subject: menu: Non-executable update-menus breaks woody ghostview postrm From: Adam C Powell IV [EMAIL PROTECTED] To: Debian Bugs [EMAIL PROTECTED] Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: Debian GNU/Linux Date: Mon, 10 Jan 2005 11:00:57 -0500 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 Sender: Adam C Powell IV [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: menu Version: 2.1.19 Severity: serious Justification: Policy 10.9 Greetings, During a woody-sarge upgrade, the new menu unpacked before the old ghostview was removed, resulting in the following breakage: Removing ghostview ... /var/lib/dpkg/info/ghostview.postrm: /usr/bin/update-menus: Permission denied dpkg: error processing ghostview (--purge): subprocess post-removal script returned error exit status 1 I believe this is because update-menus was non-executable, which I have heard you do in order to prevent packages from calling it before the package is configured. (I understand this is not quite the same as Policy 10.9, but reportbug asked for a policy section. :-) How to fix this? I suppose you could conflict with ghostview, which is now obsolete, so it gets removed before menu is upgraded. Most other woody packages (at least, all others installed on my one remaining woody system) use test -x update-menus to avoid calling it if not executable, so those should upgrade just fine. Thanks, -Adam -- GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6 Welcome to the best software in the world today cafe! http://www.take6.com/albums/greatesthits.html -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages menu depends on: ii dpkg1.10.25 Package maintenance system for Deb ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an ii libgcc1 1:3.4.2-2GCC support library ii libstdc++5 1:3.3.4-13 The GNU Standard C++ Library v3 -- no debconf information --- Received: (at 289702-close) by bugs.debian.org; 20 Jan 2005 23:23:05 + From [EMAIL PROTECTED] Thu Jan 20 15:23:05 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Crldp-0005Vk-00; Thu, 20 Jan 2005 15:23:05 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrlYZ-0003d5-00; Thu, 20 Jan 2005 18:17:39 -0500 From: Bill Allombert [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#289702: fixed in menu 2.1.21 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Thu, 20 Jan 2005 18:17:39 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 2 Source: menu Source-Version: 2.1.21 We believe that the bug you
Bug#291427: kjc: source code is not included (GPL violation)
Dalibor Topic wrote: Thanks a lot for pointing that out, that's indeed a serious problem with the package. I'll make sure that either kjc.jar includes the sources, or kjc's source code including the patches is part of kaffe. I've removed kjc in kaffe's CVS and made the build and the regression test work with jikes out of the box, and fix a few other, minor problems. Arnaud, could you upload a new kaffe deb package when you have the time? cheers, dalibor topic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291408: [debian-openldap] Bug#291408: slapd: Index and Data corruption with openldap2 2.1.30
* Matthijs Mohlmann ([EMAIL PROTECTED]) wrote: We are running debian sarge on some of our servers now and are getting data and index corruption (every few weeks). On different servers (configured the same) we experience those problems. I think it is openldap that causes this problem because openldap 2.2 doesn't have this problems with the same bdb backend. (db4.2) Can you try setting LD_ASSUME_KERNEL=2.4.1 in the startup scripts and see if that helps? Thanks, Stephen signature.asc Description: Digital signature
Bug#291478: Openwebmail: insecure temporary filename usage in many CGI scripts
Package: openwebmail Priority: grave Version: 2.41-10 Tags: patch security Openwebmail has multiple unsafe usages of temporary files (in /tmp) which lead to race conditions and symlink attacks. There are actually a lot of Perl scripts that, instead of using Perl's builtin File::Temp module use the (insecure) /tmp/SOMETHING.$$$ construct to define temporary files. Attached is a patch fixing some of these issues, it doesn't fix all of them, however. To find remaining issues please run 'grep -r /tmp .' on the source directory. The patch should provide hints on how to properly fix all of these. IMHO these bugs together with #290848 show that there has been no effort to prevent security bugs and makes this package unsuitable for release with sarge. I don't think this package should be included in a Debian release unless a full audit has been conducted in the sources for common web programming mistakes. Regards Javier diff -Nru openwebmail-2.41.orig/cgi-bin/openwebmail/misc/mkrelease/mkcurrent.sh openwebmail-2.41/cgi-bin/openwebmail/misc/mkrelease/mkcurrent.sh --- openwebmail-2.41.orig/cgi-bin/openwebmail/misc/mkrelease/mkcurrent.sh 2004-08-05 05:07:27.0 +0200 +++ openwebmail-2.41/cgi-bin/openwebmail/misc/mkrelease/mkcurrent.sh 2005-01-21 01:12:54.0 +0100 @@ -3,9 +3,8 @@ # this is used by author to create the tarball of openwebmail # -tmpdir=/tmp/openwebmail.mkrelease.tmp -rm -Rf $tmpdir -mkdir $tmpdir +tmpdir=`mktemp -d openwebmail.mkrelease.XX` || { echo $0: Cannot create temporary directory 2 ; exit 1; } +trap rm -rf $tmpdir 0 1 2 3 13 15 cd $tmpdir q /usr/local/www/cgi-bin/openwebmail/etc/defaults/openwebmail.conf @@ -193,10 +192,11 @@ echo copy current to snapshot $version-$releasedate... cd /usr/local/www/data/openwebmail/download/snapshot cp /usr/local/www/data/openwebmail/download/current/openwebmail-current.tar.gz openwebmail-$version-$releasedate.tar.gz - grep -v $releasedate MD5SUM /tmp/.md5.tmp.$$ - md5 -r openwebmail-$version-$releasedate.tar.gz /tmp/.md5.tmp.$$ - cp /tmp/.md5.tmp.$$ MD5SUM - rm /tmp/.md5.tmp.$$ + md5file=`mktemp -t .md5.tmp.XX` || { echo $0: Cannot create temporary file 2; exit 1; } + grep -v $releasedate MD5SUM $md5file + md5 -r openwebmail-$version-$releasedate.tar.gz $md5file + cp $md5file MD5SUM + rm -f $md5file fi # diff -Nru openwebmail-2.41.orig/cgi-bin/openwebmail/misc/mkrelease/notify.sh openwebmail-2.41/cgi-bin/openwebmail/misc/mkrelease/notify.sh --- openwebmail-2.41.orig/cgi-bin/openwebmail/misc/mkrelease/notify.sh 2004-09-21 18:09:31.0 +0200 +++ openwebmail-2.41/cgi-bin/openwebmail/misc/mkrelease/notify.sh 2005-01-21 01:10:02.0 +0100 @@ -115,6 +115,8 @@ echo send release announcement to port maintainer? (y/N) read ans if [ $ans = y -o $ans = Y ]; then + notify=`mktemp -t notify.XX` || { echo $0: Cannot create temporary file 2; exit 1; } + trap rm -f $notify 0 1 2 3 13 15 echo Dear sir, The new release of Open WebMail is available now. @@ -132,17 +134,16 @@ Best Regards. tung - /tmp/notify.tmp.$$ + $notify - q /tmp/notify.tmp.$$ + q $notify echo Really send release announcement to port maintainer? (y/N) read ans if [ $ans = y -o $ans = Y ]; then echo sending to pkg/port maintainer... -cat /tmp/notify.tmp.$$| \ +cat $notify| \ /usr/local/bin/mutt -s OWM new release announcement \ $cobalt $freebsd $openbsd $debian $webmin $ipspace fi - rm /tmp/notify.tmp.$$ fi diff -Nru openwebmail-2.41.orig/cgi-bin/openwebmail/misc/test/dbmtest.pl openwebmail-2.41/cgi-bin/openwebmail/misc/test/dbmtest.pl --- openwebmail-2.41.orig/cgi-bin/openwebmail/misc/test/dbmtest.pl 2004-07-07 15:22:13.0 +0200 +++ openwebmail-2.41/cgi-bin/openwebmail/misc/test/dbmtest.pl 2005-01-21 01:07:52.0 +0100 @@ -5,6 +5,7 @@ use strict; use Fcntl qw(:DEFAULT :flock); use FileHandle; +use File::Temp qw/tempfile tempdir/; print \n; @@ -21,9 +22,10 @@ sub check_tell_bug { my $offset; - my $testfile=/tmp/testfile.$$; + my ($testh, $testfile) = tempfile (testfile.XX); ($testfile =~ /^(.+)$/) ($testfile = $1); + close $testh; open(F, $testfile); print F test; close(F); open(F, $testfile); $offset=tell(F); close(F); unlink($testfile); @@ -42,18 +44,17 @@ sub guessoptions { my (%DB, @filelist, @delfiles); my ($dbm_ext, $dbmopen_ext, $dbmopen_haslock); + my $dbmdir = tempdir(dbmtest.XX); - mkdir (/tmp/dbmtest.$$, 0755); - - dbmopen(%DB, /tmp/dbmtest.$$/test, 0600); dbmclose(%DB); + dbmopen(%DB, $dbmdir/test, 0600); dbmclose(%DB); @delfiles=(); - opendir(TESTDIR, /tmp/dbmtest.$$); + opendir(TESTDIR, $dbmdir); while (defined(my $filename = readdir(TESTDIR))) { ($filename =~ /^(.+)$/) ($filename = $1); # untaint ... if ($filename!~/^\./ ) {
Bug#291433: marked as done (FWD: [SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution)
Your message dated Thu, 20 Jan 2005 19:47:12 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#291433: fixed in sword 1.5.7-7 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 20 Jan 2005 18:41:19 + From [EMAIL PROTECTED] Thu Jan 20 10:41:19 2005 Return-path: [EMAIL PROTECTED] Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrhF9-0002nF-00; Thu, 20 Jan 2005 10:41:19 -0800 Received: from dragon.kitenet.net (unknown [66.168.94.144]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN Joey Hess, Issuer Joey Hess (verified OK)) by kitenet.net (Postfix) with ESMTP id 7757F180AD for [EMAIL PROTECTED]; Thu, 20 Jan 2005 18:41:17 + (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id CD9CD6E6B7; Thu, 20 Jan 2005 13:43:21 -0500 (EST) Date: Thu, 20 Jan 2005 13:43:20 -0500 From: Joey Hess [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FWD: [SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=9jxsPFA5p3P2qPhR Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: sword Version: 1.5.7-6 Tags: security Severity: grave The DSA below talks about a new version of sword being forthcoing for sid, but I don't see it in the queue or archive, so I'm filing this bug to make sure we don't forget to do it. If you have in fact already finished a build or something, feel free to close this bug report. - Forwarded message from Martin Schulze [EMAIL PROTECTED] - =46rom: Martin Schulze [EMAIL PROTECTED] Date: Thu, 20 Jan 2005 17:07:38 +0100 (CET) To: Debian Security Announcements [EMAIL PROTECTED] g Subject: [SECURITY] [DSA 650-1] New sword packages fix arbitrary command ex= ecution User-Agent: dsa-launch $Revision: 1.15 $ Reply-To: debian-security@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 650-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/f= aq - -- Package: sword Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0015 Ulf H=E4rnhammar discovered that due to missing input sanitising in diatheke, a CGI script for making and browsing a bible website, it is possible to execute arbitrary commands via a specially crafted URL. For the stable distribution (woody) this problem has been fixed in version 1.5.3-3woody2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your diatheke package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3-3woody= 2.dsc Size/MD5 checksum: 612 9204579e3a264d7d43297c1b7bf98438 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3-3woody= 2.diff.gz Size/MD5 checksum:21169 c355f97deb2ef2c39b82aec857b15a21 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3.orig.t= ar.gz Size/MD5 checksum: 2389613
Bug#289182: kino endianness issues on powerpc
On Fri, Jan 07, 2005 at 06:37:52PM +0100, Michael Schmitz wrote: Severity: serious Can you please comment on why you think these bugs make kino unsuitable for release; specifically, which section of policy is violated? I'm not denying that the bugs you reported are nasty and should be fixed, but unless you convince me otherwise, the severity looks inappropriate to me. kino appears to have multiple issues with data endianness on powerpc. Symptoms: Video display: fine when using GDK, reverse video (or rather: magenta on cyan) when using XV for display in the edit and trim menus. Audio in edit/trim mode is fine BTW (see audio problems below). This sounds a lot like an old Xv bug that first came up in 2002. Can you please supply me with the output of xvinfo? Which system are you testing this on, and what's your graphics adapter? Is DRI turned on, and does it make a difference if you turn it off? For reference, the original discussion should be available from here: http://www.geocrawler.com/mail/thread.php3?subject=%5Blibdv-dev%5D+Re%3A+Should+dv1394+work+on+PPC%3Flist=3147 I suspect kino declares BE audio data to be LE in the DV export (or indeed any) pipe. No idea what's the cause of the XV and mpeg2enc endianness problems though. The audio problems seem to be caused (at least) by big-endian length fields in an otherwise little-endian WAV file. I'm not too familiar with the various video encodings. I'll have another close look on it over the week-end, but might have to pass on the problem to upstream for a fix. Thanks, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: This is just sarge.
Processing commands for [EMAIL PROTECTED]: tags 291166 + sarge Bug#291166: rosegarden4: will not load any files There were no tags set. Tags added: sarge thanks. Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#291488: RM: java2-common -- RoQA; unneeded package
Processing commands for [EMAIL PROTECTED]: clone 291488 -1 Bug#291488: RM: java2-common -- RoQA; unneeded package Bug 291488 cloned as bug 291491. reassign -1 java2-common Bug#291491: RM: java2-common -- RoQA; unneeded package Bug reassigned from package `ftp.debian.org' to `java2-common'. retitle -1 In process of being removed (RoQA, #291488) Bug#291491: RM: java2-common -- RoQA; unneeded package Changed Bug title. severity -1 serious Bug#291491: In process of being removed (RoQA, #291488) Severity set to `serious'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291386: kernel-image-2.4.27-2-686: creates bad initrd with complex lvm2 setup
reassign 291386 initrd-tools thanks On Thu, Jan 20, 2005 at 02:17:34PM +0100, Eric Deplagne wrote: Package: kernel-image-2.4.27-2-686 Version: 2.4.27-7 Severity: critical Justification: breaks the whole system When the install of kernel-image tries to create initrd, those lines go to /var/log/messages: Jan 20 09:39:39 fregate kernel: device-mapper: unknown block ioctl 0x801c6d02 Jan 20 09:39:40 fregate last message repeated 14 times I do have 15 logical volumes, which explains how many times the message is emitted... I guess I should mention a bit of my partitionning scheme, out of my /etc/fstab: # system /dev/mapper/vg-root / ext3defaults,errors=remount-ro 0 1 /dev/mapper/vg-usr_lib /usr/lib ext3defaults 0 1 /dev/mapper/vg-usr_share /usr/share ext3defaults 0 1 /dev/mapper/vg-doc /usr/share/docext3defaults 0 1 /dev/mapper/vg-locale /usr/share/localeext3defaults 0 1 /dev/mapper/vg-cache_apt /var/cache/apt/archivesext3defaults 0 2 maybe my having /usr/lib on a different logical volume is relevant... just a guess of mine, of course... my other logical volumes are one for /home, and some for subdirectories of /home, so should not be relevant... Last thing I guess I can mention is that on another machine, with only one logical volume for /, and one for /home, /var/log/messages gets its two lines, but the system boots properly... you might notice I presently run a 2.4.27-1-686, this is my rescue that I had a hard time to setup when the problem first happend to me with the last update of 2.4.27-1-868, which really hang the computer, having overwritten my working kernel. (that did not happen this time because of the -1-686 to -2-686 move) -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-1-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages kernel-image-2.4.27-2-686 depends on: ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities ii initrd-tools 0.1.76 tools to create initrd image for p ii modutils 2.4.26-1.2 Linux module utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#288046: marked as done (kernel: NFS fh_verify causes lost output (2.4 kernel))
Your message dated Thu, 20 Jan 2005 23:17:45 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#288046: fixed in kernel-source-2.4.27 2.4.27-8 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 31 Dec 2004 21:23:44 + From [EMAIL PROTECTED] Fri Dec 31 13:23:44 2004 Return-path: [EMAIL PROTECTED] Received: from 195-240-184-66-mx.xdsl.tiscali.nl (elrond.fjphome.nl) [195.240.184.66] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CkUFM-0003eR-00; Fri, 31 Dec 2004 13:23:44 -0800 Received: from strider.fjphome.nl ([10.19.66.89] ident=fjp) by elrond.fjphome.nl with esmtp (Exim 4.34) id 1CkUEp-0003AQ-Ka for [EMAIL PROTECTED]; Fri, 31 Dec 2004 22:23:11 +0100 From: Frans Pop [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: kernel: NFS fh_verify causes lost output (2.4 kernel) Date: Fri, 31 Dec 2004 22:23:10 +0100 User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: kernel-source-2.4.27 Severity: grave Justification: can cause data loss I am seeing the problem described in #255931 in the Sarges current 2.4 kernel (2.4.27-6). The problem is also described in [1]. I have experienced data loss in my mail files that I keep in a NFS-exported home directory because of this problem. The Mail directory and its subdirs were set to drwx-- After changing this to drwxr-xr-x According to #255931 this has been fixed in 2.6 kernels, but apparently it was not fixed in 2.4 kernels. Note: my server is running Sarge with 2.4.27 kernel; the client is running Sarge with 2.6.8 kernel. [1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=110421 Cheers, Frans Pop --- Received: (at 288046-close) by bugs.debian.org; 21 Jan 2005 04:23:05 + From [EMAIL PROTECTED] Thu Jan 20 20:23:05 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrqK9-0001H5-00; Thu, 20 Jan 2005 20:23:05 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrqEz-00027c-00; Thu, 20 Jan 2005 23:17:45 -0500 From: Simon Horman [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#288046: fixed in kernel-source-2.4.27 2.4.27-8 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Thu, 20 Jan 2005 23:17:45 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 3 Source: kernel-source-2.4.27 Source-Version: 2.4.27-8 We believe that the bug you reported is fixed in the latest version of kernel-source-2.4.27, which is due to be installed in the Debian FTP archive: kernel-doc-2.4.27_2.4.27-8_all.deb to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-8_all.deb kernel-patch-debian-2.4.27_2.4.27-8_all.deb to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-8_all.deb kernel-source-2.4.27_2.4.27-8.diff.gz to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-8.diff.gz kernel-source-2.4.27_2.4.27-8.dsc to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-8.dsc kernel-source-2.4.27_2.4.27-8_all.deb to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-8_all.deb kernel-tree-2.4.27_2.4.27-8_all.deb to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-8_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon Horman [EMAIL PROTECTED] (supplier of updated kernel-source-2.4.27
Bug#289202: marked as done (CAN-2004-1235: uselib() privilege escalation)
Your message dated Thu, 20 Jan 2005 23:17:45 -0500 with message-id [EMAIL PROTECTED] and subject line Bug#289202: fixed in kernel-source-2.4.27 2.4.27-8 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 7 Jan 2005 14:41:07 + From [EMAIL PROTECTED] Fri Jan 07 06:41:07 2005 Return-path: [EMAIL PROTECTED] Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CmvIZ-0007RW-00; Fri, 07 Jan 2005 06:41:07 -0800 Received: from wlan-client-025.informatik.uni-bremen.de ([134.102.116.26] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with asmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.34) id 1CmvIX-0007Sb-Lt for [EMAIL PROTECTED]; Fri, 07 Jan 2005 15:41:05 +0100 Received: from jmm by localhost.localdomain with local (Exim 4.34) id 1CmvIU-0001lw-3s; Fri, 07 Jan 2005 15:41:02 +0100 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2004-1235: uselib() privilege escalation X-Mailer: reportbug 3.5 Date: Fri, 07 Jan 2005 15:41:01 +0100 Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 134.102.116.26 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, RCVD_IN_DSBL autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-source-2.6.8 Version: 2.6.8 Severity: grave Tags: security Justification: user security hole Paul Starzetz from iSec Security Research has discovered a local root exploit in the Linux kernel: Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges. The full advisory text: http://isec.pl/vulnerabilities/isec-0021-uselib.txt I haven't found a patch for 2.6 yet, a patch for 2.4 is available in the 2.4 Bitkeeper branch. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9-1-386 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-2high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities --- Received: (at 289202-close) by bugs.debian.org; 21 Jan 2005 04:23:19 + From [EMAIL PROTECTED] Thu Jan 20 20:23:19 2005 Return-path: [EMAIL PROTECTED] Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CrqKN-0001TX-00; Thu, 20 Jan 2005 20:23:19 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CrqEz-00027k-00; Thu, 20 Jan 2005 23:17:45 -0500 From: Simon Horman [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#289202: fixed in kernel-source-2.4.27 2.4.27-8 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Thu, 20 Jan 2005 23:17:45 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 7 Source: kernel-source-2.4.27 Source-Version: 2.4.27-8 We believe that the bug you reported is fixed in the latest version of kernel-source-2.4.27, which is due to be installed in the Debian FTP archive: kernel-doc-2.4.27_2.4.27-8_all.deb to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-8_all.deb kernel-patch-debian-2.4.27_2.4.27-8_all.deb to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-8_all.deb kernel-source-2.4.27_2.4.27-8.diff.gz to
Bug#288316: marked as done (sablevm: ftbfs [sparc] couldn't open file ./confstatNTv6ZO/subs-3.sed)
Your message dated Fri, 21 Jan 2005 02:07:34 -0500 with message-id [EMAIL PROTECTED] and subject line New sablevm 1.1.9-1 debs built on sparc w/o problems has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 3 Jan 2005 01:21:10 + From [EMAIL PROTECTED] Sun Jan 02 17:21:10 2005 Return-path: [EMAIL PROTECTED] Received: from blars.org (renig.nat.blars.org) [64.81.35.59] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1ClGuD-xJ-00; Sun, 02 Jan 2005 17:21:09 -0800 Received: from renig.nat.blars.org (plergb.nat.blars.org [172.16.1.1]) by renig.nat.blars.org (8.12.3/8.12.3/Debian-7.1) with ESMTP id j031L5XE026009 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 2 Jan 2005 17:21:06 -0800 Received: (from [EMAIL PROTECTED]) by renig.nat.blars.org (8.12.3/8.12.3/Debian-7.1) id j031L5mi026007; Sun, 2 Jan 2005 17:21:05 -0800 Message-Id: [EMAIL PROTECTED] From: Blars Blarson [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: sablevm: ftbfs [sparc] couldn't open file ./confstatNTv6ZO/subs-3.sed X-Mailer: reportbug 1.50 Date: Sun, 02 Jan 2005 17:21:05 -0800 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: sablevm Version: 1.1.8-1.1 Severity: serious Tags: sid Justification: fails to build from source sablevm failed to build from source on the sparc buildd, not recreated on my sparc pbuilder. config.status: creating src/Makefile config.status: creating src/include/Makefile config.status: creating src/libsablevm/Makefile config.status: creating src/libsablevm/include/Makefile config.status: creating src/libsablevm/inlinability/Makefile sed: couldn't open file ./confstatNTv6ZO/subs-3.sed: No such file or directory mv: cannot stat `./confstatNTv6ZO/out': No such file or directory mkdir: cannot create directory `src': No such file or directory config.status: error: cannot create directory src/sablevm ./configure: line 23071: config.log: No such file or directory make: *** [configure-stamp] Error 1 ** --- Received: (at 288316-done) by bugs.debian.org; 21 Jan 2005 07:08:09 + From [EMAIL PROTECTED] Thu Jan 20 23:08:09 2005 Return-path: [EMAIL PROTECTED] Received: from griffin.griffaction.ca [66.11.181.4] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Crstt-0005tG-00; Thu, 20 Jan 2005 23:08:09 -0800 Received: from glue.info.uqam.ca ([132.208.135.95]) by griffin.griffaction.ca with esmtp (Exim 4.34 #1 (Debian)) id 1Crsts-0001UE-DZ for [EMAIL PROTECTED]; Fri, 21 Jan 2005 02:08:08 -0500 Received: from localhost ([127.0.0.1] helo=localhost.localdomain) by glue.info.uqam.ca with esmtp (Exim 4.34) id 1Crr1q-0003OX-Rj for [EMAIL PROTECTED]; Fri, 21 Jan 2005 00:08:15 -0500 Subject: New sablevm 1.1.9-1 debs built on sparc w/o problems From: Grzegorz B. Prokopski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Type: text/plain Organization: Debian http://www.debian.org - The Free Operating System Date: Fri, 21 Jan 2005 02:07:34 -0500 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 Content-Transfer-Encoding: 7bit Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: The new, just uploaded debs of SableVM 1.1.9 have been built on sparc buildd apparently w/o any troubles, so I am closing this bug. GBP -- Grzegorz B. Prokopski [EMAIL PROTECTED] SableVM - Free, LGPL'ed Java VM http://sablevm.org Why SableVM ?!? http://sablevm.org/wiki/Features Debian GNU/Linux - the Free OS http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291503: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation
Package: konversation Version: 0.15-2 Severity: grave Tags: security sarge sid These problems have been discovered by Wouter Coekaerts in the konversation IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and some older versions too. They are fixed in 0.15.1. When you fix these problems, please mention the corresponding CVE id in the changelog. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129 Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing % variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130 Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC sripts. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131 Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. Regards, Joey -- Have you ever noticed that General Public Licence contains the word Pub? Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291506: wvdial: unsatisfiable depends on libwvstreams3-base in unstable
Package: wvdial Version: 1.54.0-1 Severity: grave Justification: package is completely unusable The wvstreams package has changed package names from libwvstreams3-base to libwvstreams4.0-base, making wvdial uninstallable in unstable. In addition, wvdial prevents the new wvstreams from transitioning to testing, which is needed in order to fix 281772 for sarge. -- Steve Langasek postmodern programmer signature.asc Description: Digital signature