Bug#293418: CAN-2005-0198: Authentication bypass

[Martin Schulze]

Package: uw-imap
Version: 2002edebian1-5
Severity: grave
Tags: security sarge sid patch

A vulnerability was discovered in the CRAM-MD5 authentication in
UW-IMAP where, on the fourth failed authentication attempt, a user
would be able to access the IMAP server regardless.  This problem
exists only if you are using CRAM-MD5 authentication and have an
/etc/cram-md5.pwd file.  This is not the default setup.  This is
also VU#702777 

I'm attaching the patch.

Please
 . update the package in sid
 . mention the CVE id from the subject in the changelog
 . use priority=high
 . no need to upload into sarge directly, except if the version in
   sid is not meant to go into testing

Regards,

Joey

-- 
We all know Linux is great... it does infinite loops in 5 seconds.
-- Linus Torvalds
--- imap-2004/src/c-client/auth_md5.c~  2005-01-17 16:38:46.758527958 -0700
+++ imap-2004/src/c-client/auth_md5.c   2005-01-17 16:38:46.758527958 -0700
@@ -153,7 +153,7 @@
/* get password */
   if (p = auth_md5_pwd ((authuser && *authuser) ? authuser : user)) {
pl = strlen (p);
-   u = (md5try && strcmp (hash,hmac_md5 (chal,cl,p,pl))) ? NIL : user;
+   u = (md5try && !strcmp (hash,hmac_md5 (chal,cl,p,pl))) ? user : NIL;
memset (p,0,pl);/* erase sensitive information */
fs_give ((void **) &p); /* flush erased password */
/* now log in for real */


signature.asc
Description: Digital signature

Bug#292938: speedy-cgi-perl: Running /usr/bin/speedy as non root result in Segmentation fault

[sven.van.den.steene]

Jose,

While running the strace I noticed the non-root user could not create the
file in /tmp. Indeed the file permissions on /tmp were 755 in stead of 1777.
I changed the permissions and it works like a charm.

Sven

-Original Message-
From: Jose Carlos Garcia Sogo [mailto:[EMAIL PROTECTED] 
Sent: 02 February 2005 22:42
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Bug#292938: speedy-cgi-perl: Running /usr/bin/speedy as non root
result in Segmentation fault

El mié, 02-02-2005 a las 08:45 +0100, [EMAIL PROTECTED]
escribió:
>  Jose,
> 
> What kind of information do you need ?
> 
> In the mean time I resolved the problem by adding a root sticky-bit on the
executable.

>  (Perhaps it's something the program can't read when run as a non-root 
> user

 Please, don't remove CC to the bug #, so BTS can keep track of mails.

 Having a backtrace of the executable when it hangs could be interesting.
Also, you could send me directly a strace of it running (os speedy-cgi-perl,
not smokeping)

 Thanks,

--
Jose Carlos Garcia Sogo
   [EMAIL PROTECTED]
blowit:/usr/bin$ strace speedy /usr/lib/cgi-bin/smokeping.cgi
execve("/usr/bin/speedy", ["speedy", "/usr/lib/cgi-bin/smokeping.cgi"], [/* 16 
vars */]) = 0
uname({sys="Linux", node="blowit", ...}) = 0
brk(0)  = 0x8052cd0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x40017000
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/etc/ld.so.preload", O_RDONLY)= -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)  = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=15630, ...}) = 0
old_mmap(NULL, 15630, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40018000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/usr/lib/libperl.so.5.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\7\2"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1150824, ...}) = 0
old_mmap(NULL, 1158176, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001c000
old_mmap(0x4012b000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0x10f000) = 0x4012b000
old_mmap(0x40135000, 7200, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40135000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)= 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200^\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1244016, ...}) = 0
old_mmap(NULL, 1254180, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40137000
old_mmap(0x4025f000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0x127000) = 0x4025f000
old_mmap(0x40267000, 8996, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40267000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340A\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=81127, ...}) = 0
old_mmap(NULL, 331716, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4026a000
old_mmap(0x40277000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0xc000) = 0x40277000
old_mmap(0x40279000, 270276, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40279000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY)   = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\34\0\000"..., 512) = 
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9872, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x402bb000
old_mmap(NULL, 8632, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x402bc000
old_mmap(0x402be000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0x2000) = 0x402be000
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/lib/libm.so.6", O_RDONLY)= 3
read(3, "[EMAIL PROTECTED]"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=134464, ...}) = 0
old_mmap(NULL, 136944, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x402bf000
old_mmap(0x402e, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0x2) = 0x402e
close(3)= 0
access("/etc/ld.so.nohwcap", F_OK)  = -1 ENOENT (No such file or directory)
open("/lib/libcrypt.so.1", O_RDONLY)= 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\n\0\000"..., 512) = 
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=18780, ...}) = 0
old_mmap(NULL, 181596, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x402e1000
old_mmap(0x402e6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 

Bug#271427: another Debian font bug

[Steve Langasek]

Danilo,

On Thu, Feb 03, 2005 at 01:22:08AM +0100, Danilo Åegan wrote:
> Yesterday at 1:46, Dafydd Harries wrote:

> > http://muse.19inch.net/~daf/dump/271427/

> I see many problems with these fonts.

> In particular, many Cyrillic glyphs are incorrectly scaled (perhaps
> due to different em-sizes?  I don't know).  Metrics are also wrong
> (and they seem to be wrong in the same way as the glyphs size is):

>   http://kvota.net/fonts/urwcyr/nimbus-mono.png

> This applies to Nimbus Mono L Oblique, Bold and Bold Oblique faces.
> If I load /usr/share/fonts/type1/gsfonts/* in FontForge, I see that
> some glyphs have width of 600, and others have width of 747 (a bit
> strange for monospace font, but not too strange once you look at the
> glyphs, whose size varies as well :).

Hmm, unless I'm being hit by font caching issues, it appears that this
problem exists in the current version of the font as well as it's present in
Debian; i.e., this problem is not caused by Daf's changes.  So AFAICT, this
isn't a factor in deciding whether to accept Daf's changes into sarge.

The size issue would of course be an important bug, but also probably not
release-critical.

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Bug#293403: abort

[Justin Pryzby]

Right; potion abort every time for me on two different machines.  I
can't make it segfault.  Sometimes it shows a couple packets
immediately before aborting; sometimes it waits a second, shows no
packets, and then aborts.

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: tagging 293403

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.10
> tags 293403 upstream
Bug#293403: Segfaults or aborts with assertion.
There were no tags set.
Tags added: upstream

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291784: zopeinterface_3.0.0-2(hppa/unstable): FTBFS: missing build-depends?

[Steve Langasek]

On Thu, Feb 03, 2005 at 01:58:31AM +0100, Steinar H. Gunderson wrote:
> On Thu, Feb 03, 2005 at 02:50:17AM +0200, Tommi Virtanen wrote:
> > Well fuck you very much too. You notify me on 2005-02-01 15:05,
> > and your upload is processed at 15:06. Talk about poor manners.

> I'm very sorry, but we are currently in 0-day NMU, your bug contained
> absolutely zero response and was nine days old.

> > There's a zopeinterface_3.0.0-3 that's been sitting in incoming
> > since 2005-01-27, waiting for ftp-master to accept it (due to
> > new binary package for python2.4).

> 3.0.0-3 > 3.0.0-2.1, so your package should go in without problems. Apologies
> for not checking the NEW queue before NMUing.

There's no reason you should have to apologize for this.  This package was a
candidate for removal from testing; the release team is not, as a rule,
going to wait for NEW processing by ftpmasters before acting on a buggy
package.  Maintainers need to take responsibility for possible NEW
processing delays when fixing their RC bugs, or expect them to be removed
from testing.

-- 
Steve Langasek
postmodern programmer


signature.asc
Description: Digital signature

Bug#293413: ftbfs [sparc] cannot stat `/build/buildd/rox-2.2.0/ROX-Filer/Linux-ix86/ROX-Filer'

[Blars Blarson]

Package: rox
Version: 2.2.0-1
Severity: serious
Justification: fails to build from source

rox fails to build from source on sparc and other buildds, duplicated
on sparc pbuilder:

dh_installdirs
cp -r /build/buildd/rox-2.2.0/Choices 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/rox
rm -rf /build/buildd/rox-2.2.0/debian/rox-filer/usr/share/rox/Choices/MIME-info/
cp /build/buildd/rox-2.2.0/ROX-Filer/*.xml 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/rox
cp /build/buildd/rox-2.2.0/ROX-Filer/Help/Changes 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/doc/rox-filer/changelog
cp /build/buildd/rox-2.2.0/ROX-Filer/Help/*html 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/doc/rox-filer/html/.
cp /build/buildd/rox-2.2.0/ROX-Filer/style.css 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/doc/rox-filer/html/.
cp -r /build/buildd/rox-2.2.0/ROX-Filer/images 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/rox
cp -r /build/buildd/rox-2.2.0/ROX-Filer/ROX 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/share/rox
cp /build/buildd/rox-2.2.0/ROX-Filer/Linux-ix86/ROX-Filer 
/build/buildd/rox-2.2.0/debian/rox-filer/usr/bin/rox
cp: cannot stat `/build/buildd/rox-2.2.0/ROX-Filer/Linux-ix86/ROX-Filer': No 
such file or directory
make: *** [install] Error 1



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: forwarded python report

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> forwarded 293338 http://python.org/sf/1114776
Bug#293338: python2.3: raises an AttributeError during a deep copy
Noted your statement that Bug has been forwarded to 
http://python.org/sf/1114776.

> tags 293338 + upstream
Bug#293338: python2.3: raises an AttributeError during a deep copy
There were no tags set.
Tags added: upstream

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#275307: marked as done (gstreamer-player: post-installation problem)

[Debian Bug Tracking System]

Your message dated Wed, 2 Feb 2005 23:20:03 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#275307: gstreamer-player: post-installation problem
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 7 Oct 2004 10:02:44 +
>From [EMAIL PROTECTED] Thu Oct 07 03:02:44 2004
Return-path: <[EMAIL PROTECTED]>
Received: from pop.gmx.net (mail.gmx.net) [213.165.64.20] 
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CFV6i-0001zN-00; Thu, 07 Oct 2004 03:02:44 -0700
Received: (qmail 32387 invoked by uid 65534); 7 Oct 2004 10:02:12 -
Received: from djdeath.dyndns.org (EHLO traktopel.atr) (81.56.179.51)
  by mail.gmx.net (mp018) with SMTP; 07 Oct 2004 12:02:12 +0200
X-Authenticated: #12859812
Received: from djdeath by traktopel.atr with local (Exim 4.34)
id 1CFV7v-0004OB-3y; Thu, 07 Oct 2004 12:03:59 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Dj-Death <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: gstreamer-player: post-installation problem
X-Mailer: reportbug 2.99.3
Date: Thu, 07 Oct 2004 12:03:59 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: gstreamer-player
Version: 0.6.0-1.1
Severity: grave
Justification: renders package unusable


I can't install the gstreamer-player package.

traktopel:/home/djdeath# apt-get install gstreamer-player
Reading Package Lists... Done
Building Dependency Tree... Done
gstreamer-player is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 379 not upgraded.
2 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up gstreamer-player (0.6.0-1.1) ...
I/O warning : failed to load external entity 
"/etc/gconf/schemas/gst-player.schemas"
Failed to open `/etc/gconf/schemas/gst-player.schemas': No such file or 
directory
dpkg: error processing gstreamer-player (--configure):
 subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of gstreamer-player-nautilus:
 gstreamer-player-nautilus depends on gstreamer-player; however:
  Package gstreamer-player is not configured yet.
dpkg: error processing gstreamer-player-nautilus (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 gstreamer-player
 gstreamer-player-nautilus
E: Sub-process /usr/bin/dpkg returned an error code (1)


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8

Versions of packages gstreamer-player depends on:
ii  gconf22.8.0-1GNOME configuration database syste
ii  gstreamer-colorspace  0.6.4-5.1  colorspace conversion plugin for G
ii  gstreamer-gconf   0.6.4-5.1  GConf support for GStreamer
ii  gstreamer-gnomevfs0.6.4-5.1  Gnome VFS plugin for GStreamer
ii  gstreamer-misc0.6.4-5.1  Collection of various GStreamer pl
ii  gstreamer-plugin-libs 0.6.4-5.1  Various GStreamer library plugins
ii  libart-2.0-2  2.3.16-6   Library of functions for 2D graphi
ii  libatk1.0-0   1.8.0-2The ATK accessibility toolkit
ii  libaudiofile0 0.2.6-4Open-source version of SGI's audio
ii  libbonobo2-0  2.8.0-1Bonobo CORBA interfaces library
ii  libbonoboui2-02.8.0-1The Bonobo UI library
ii  libc6 2.3.2.ds1-16   GNU C Library: Shared libraries an
ii  libesd0   0.2.34-1   Enlightened Sound Daemon - Shared 
ii  libgconf2-4   2.8.0-1GNOME configuration database syste
ii  libgcrypt11   1.2.0-6LGPL Crypto library - runtime libr
ii  libglade2-0   1:2.4.0-1  Library to load .glade files at ru
ii  libglib2.0-0  2.4.6-2The GLib library of C routines
ii  libgnome-desktop-22.8.0-1Utility library for loading .deskt
ii  libgnome-keyring0 0.2.1-3  

Bug#287651: [GRASS5] [bug #2877] (grass) Insecure tempfile creation

[Hamish]

> I'll try to get a CVS package squared away tomorrow.

I have just reverted that init.sh $TMPDIR change now, so it should be
all set for a fresh checkout, AFAICT.


> Best to do it as quickly as possible I think.

Yes, I hadn't been keeping up with the Debian Weekly News & the sarge
release appears to be much closer than I thought it was.



Hamish


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#241112: distributed-net-pproxy

[Jeroen van Wolffelaar]

retitle 290890 RM: distributed-net-pproxy -- RoQA; Orphaned, non-free, 
uselessly-buggy, outdated
tags 290890 confirmed
thanks

On Mon, Nov 29, 2004 at 04:23:00PM +0100, Jeroen van Wolffelaar wrote:
> I'm reassigning this bug as RC on -pproxy to at least keep it out of
> sarge. If Loic doesn't reply to this bug in a reasonable time, -pproxy
> should indeed be removed from sid too, and this bug cloned as removal
> request to ftp.debian.org.

So be it.

--Jeroen

-- 
Jeroen van Wolffelaar
[EMAIL PROTECTED]
http://jeroen.A-Eskwadraat.nl


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293318: libquantlib0-dev: depends on libboost-test1.31.0 which is not available

[Dirk Eddelbuettel]

On 2 February 2005 at 14:59, Domenico Andreoli wrote:
| Package: libquantlib0-dev
| Version: 0.3.8-1
| Severity: serious
| 
| this package depends on libboost-test1.31.0 (?), which is not available
| in sid any more. please upgrade to Boost 1.32.0.

Thanks for the heads-up, will do in the next few days. 

Dirk

-- 
Better to have an approximate answer to the right question than a precise 
answer to the wrong question.  --  John Tukey as quoted by John Chambers


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293345: marked as done (mysql: File owned by mysql is run by root)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 20:32:29 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293345: fixed in mysql-dfsg-4.1 4.1.9-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 2 Feb 2005 16:56:47 +
>From [EMAIL PROTECTED] Wed Feb 02 08:56:47 2005
Return-path: <[EMAIL PROTECTED]>
Received: from turing.cs.hmc.edu [134.173.42.99] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwNo7-00023A-00; Wed, 02 Feb 2005 08:56:47 -0800
Received: by turing.cs.hmc.edu (Postfix, from userid 20007)
id D991453304; Wed,  2 Feb 2005 08:56:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by turing.cs.hmc.edu (Postfix) with ESMTP id C27E75A92A
for <[EMAIL PROTECTED]>; Wed,  2 Feb 2005 08:56:46 -0800 (PST)
Date: Wed, 2 Feb 2005 08:56:46 -0800 (PST)
From: Matt Brubeck <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: mysql: File owned by mysql is run by root
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: mysql-server
Version: 4.0.23-3
Severity: critical
Tags: security, sarge, sid

A privilege escalation vulnerability was introduced in mysql-sever
4.0.23-1.

The following file is run as root by /etc/init.d/mysql (it is sourced by
/etc/mysql/debian-start):

  /usr/share/mysql/debian-start.inc.sh

This file and its containing directory are owned by the "mysql" user.
An attacker with access to the "mysql" account could change this file to
contain arbitrary commands, which would be run as root whenever
mysql-server is started (including at system boot).

---
Received: (at 293345-close) by bugs.debian.org; 3 Feb 2005 01:38:12 +
>From [EMAIL PROTECTED] Wed Feb 02 17:38:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwVwh-0006Pz-00; Wed, 02 Feb 2005 17:38:11 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwVrB-0006b9-00; Wed, 02 Feb 2005 20:32:29 -0500
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#293345: fixed in mysql-dfsg-4.1 4.1.9-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 20:32:29 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 3

Source: mysql-dfsg-4.1
Source-Version: 4.1.9-2

We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-4.1, which is due to be installed in the Debian FTP archive:

libmysqlclient14-dev_4.1.9-2_i386.deb
  to pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.9-2_i386.deb
libmysqlclient14_4.1.9-2_i386.deb
  to pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.9-2_i386.deb
mysql-client-4.1_4.1.9-2_i386.deb
  to pool/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.9-2_i386.deb
mysql-common-4.1_4.1.9-2_all.deb
  to pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.9-2_all.deb
mysql-dfsg-4.1_4.1.9-2.diff.gz
  to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.9-2.diff.gz
mysql-dfsg-4.1_4.1.9-2.dsc
  to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.9-2.dsc
mysql-server-4.1_4.1.9-2_i386.deb
  to pool/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.9-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-4.1 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administ

Bug#292728: marked as done (gaim-dev: missing dependencies)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 20:32:13 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292728: fixed in gaim 1:1.1.2-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 29 Jan 2005 07:46:38 +
>From [EMAIL PROTECTED] Fri Jan 28 23:46:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from vawad.err.no [129.241.93.49] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CunJW-0003Fl-00; Fri, 28 Jan 2005 23:46:38 -0800
Received: from tfheen by vawad.err.no with local (Exim 4.34)
id 1CunJU-0004Or-R7
for [EMAIL PROTECTED]; Sat, 29 Jan 2005 08:46:36 +0100
To: [EMAIL PROTECTED]
Subject: gaim-dev: missing dependencies
Mail-Copies-To: never
From: Tollef Fog Heen <[EMAIL PROTECTED]>
Organization: Private
Date: Sat, 29 Jan 2005 08:46:36 +0100
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


Package: gaim-dev
Severity: serious

gaim-dev should depend on pkg-config, libglib2.0-dev and
libgtk2.0-dev, as it is not possible to build anything for it without
those installed.

-- 
Tollef Fog Heen,''`.
UNIX is user friendly, it's just picky about who its friends are  : :' :
  `. `' 
`-  

---
Received: (at 292728-close) by bugs.debian.org; 3 Feb 2005 01:38:09 +
>From [EMAIL PROTECTED] Wed Feb 02 17:38:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwVwe-0006Ph-00; Wed, 02 Feb 2005 17:38:08 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwVqv-0006Zv-00; Wed, 02 Feb 2005 20:32:13 -0500
From: Ari Pollak <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292728: fixed in gaim 1:1.1.2-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 20:32:13 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: gaim
Source-Version: 1:1.1.2-3

We believe that the bug you reported is fixed in the latest version of
gaim, which is due to be installed in the Debian FTP archive:

gaim-data_1.1.2-3_all.deb
  to pool/main/g/gaim/gaim-data_1.1.2-3_all.deb
gaim-dev_1.1.2-3_i386.deb
  to pool/main/g/gaim/gaim-dev_1.1.2-3_i386.deb
gaim_1.1.2-3.diff.gz
  to pool/main/g/gaim/gaim_1.1.2-3.diff.gz
gaim_1.1.2-3.dsc
  to pool/main/g/gaim/gaim_1.1.2-3.dsc
gaim_1.1.2-3_i386.deb
  to pool/main/g/gaim/gaim_1.1.2-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ari Pollak <[EMAIL PROTECTED]> (supplier of updated gaim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Wed,  2 Feb 2005 19:56:36 -0500
Source: gaim
Binary: gaim gaim-dev gaim-data
Architecture: source i386 all
Version: 1:1.1.2-3
Distribution: unstable
Urgency: low
Maintainer: Robert McQueen <[EMAIL PROTECTED]>
Changed-By: Ari Pollak <[EMAIL PROTECTED]>
Description: 
 gaim   - multi-protocol instant messaging client
 gaim-data  - multi-protocol instant messaging client - data files
 gaim-dev   - multi-protocol instant messaging client - development files
Closes: 292728
Changes: 
 gaim

Bug#287651: [GRASS5] [bug #2877] (grass) Insecure tempfile creation

[Steve Halasz]

On Thu, 2005-02-03 at 12:55 +1300, Hamish wrote:
> Hi, for those playing along at home, time for a status update:
> 
> 
> r.terraflow is the only module in GRASS 6.0 CVS which hasn't been fixed
> for this bug yet (end user set-able but uses "/var/tmp" as default).
> 
> You can make a GRASS package without the r.terraflow module by doing:
> ./configure --without-cxx
> 
> this has no repercussions on the rest of the package.
> 
> 
> Hopefully we can have a GRASS 6beta2 release soon with r.terraflow fixed
> and a new debian package made from that. If you don't want to wait, pull
> from CVS and do --without-cxx.

Hamish,

You rock! I'll try to get a CVS package squared away tomorrow. Best to
do it as quickly as possible I think.

Thanks,
Steve



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#248853: 3270: 5250 emulation code, all rights reserved

[Jeroen van Wolffelaar]

retitle 287083 RM: 3270 -- RoQA; undistributable code in non-free
tags 287083 confirmed
thanks

On Fri, Dec 24, 2004 at 01:58:22AM -0500, Branden Robinson wrote:
> Given that the package maintainer has taken no visible action on this in
> over 4 months, I recommend removing this package from Debian's FTP archives
> so as to reduce our potential liability for copyright infringements.

Richard, I'm hereby confirming this removal request, it is well over one
month old, and you didn't react in any way to this bug in at least five
months. Please reply immediately if you disagree with removing this
package.

Thanks,
--Jeroen

-- 
Jeroen van Wolffelaar
[EMAIL PROTECTED]
http://jeroen.A-Eskwadraat.nl


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#248853: 3270: 5250 emulation code, all rights reserved

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> retitle 287083 RM: 3270 -- RoQA; undistributable code in non-free
Bug#287083: ftp.debian.org: please remove un-redistributable 3270 package from 
the archive
Changed Bug title.

> tags 287083 confirmed
Bug#287083: RM: 3270 -- RoQA; undistributable code in non-free
Tags were: sid
Tags added: confirmed

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#276212: RM: supercollider [alpha sparc amd64]

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> retitle 276212 RM: supercollider [alpha sparc ia64] -- RoM; code has 64bit 
> issues
Bug#276212: RM: [ia64 alpha sparc] please remove supercollider
Changed Bug title.

> tags 276212 moreinfo
Bug#276212: RM: supercollider [alpha sparc ia64] -- RoM; code has 64bit issues
Tags were: sid
Tags added: moreinfo

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#286700: ftp.debian.org: RM - Removal of gnuradio packages

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reassign 286700 gnuradio
Bug#286700: Remove gnuradio version 0.9 from unstable and testing
Bug reassigned from package `ftp.debian.org' to `gnuradio'.

> retitle 286700 Gnuradio 0.9 unsuitable for release
Bug#286700: Remove gnuradio version 0.9 from unstable and testing
Changed Bug title.

> severity 286700 serious
Bug#286700: Gnuradio 0.9 unsuitable for release
Severity set to `serious'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293406: mdadm-1.8.1 is a development release

[Chris Stromsoe]

Package: mdadm
Version: 1.8.1-1
Severity: grave
mdadm 1.8.1 is not stable.  The announcement (ANNOUNCE-1.8.1) states:
   This is a "development" release of mdadm.  It should *not* be
   considered stable and should be used primarily for testing.
   The current "stable" version is 1.8.0.
Please downgrade to 1.8.0.
-Chris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#276212: RM: supercollider [alpha sparc amd64]

[Jeroen van Wolffelaar]

retitle 274240 RM: supercollider [alpha sparc ia64] -- RoM; code has 64bit 
issues
tags 274240 moreinfo
thanks

On Tue, Oct 12, 2004 at 06:49:36PM +0200, [EMAIL PROTECTED] wrote:
> supercollider has no support for 64-bit, see #274240.

The selftest added in -3 also fails on m68k, for example, see [1].

Please research what is going on, and on what architectures it builds
and builds not, and why not on a 32bit architecture like m68k.

--Jeroen

[1] 
http://buildd.debian.org/fetch.php?&pkg=supercollider&ver=040926-3&arch=m68k&stamp=1105297583&file=log&as=raw

-- 
Jeroen van Wolffelaar
[EMAIL PROTECTED]
http://jeroen.A-Eskwadraat.nl


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291784: zopeinterface_3.0.0-2(hppa/unstable): FTBFS: missing build-depends?

[Tommi Virtanen]

Steinar H. Gunderson wrote:
I'm NMUing zopeinterface for this bug now, simply by adding a "-" in front of
the rule in debian/clean. I guess Tommi will want to add Python 2.4 support
to the package at a later stage (as mentioned in the changelog), but this
will fix the bug for now.
Well fuck you very much too. You notify me on 2005-02-01 15:05,
and your upload is processed at 15:06. Talk about poor manners.
There's a zopeinterface_3.0.0-3 that's been sitting in incoming
since 2005-01-27, waiting for ftp-master to accept it (due to
new binary package for python2.4).
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291784: zopeinterface_3.0.0-2(hppa/unstable): FTBFS: missing build-depends?

[Steinar H. Gunderson]

On Thu, Feb 03, 2005 at 02:50:17AM +0200, Tommi Virtanen wrote:
> Well fuck you very much too. You notify me on 2005-02-01 15:05,
> and your upload is processed at 15:06. Talk about poor manners.

I'm very sorry, but we are currently in 0-day NMU, your bug contained
absolutely zero response and was nine days old.

> There's a zopeinterface_3.0.0-3 that's been sitting in incoming
> since 2005-01-27, waiting for ftp-master to accept it (due to
> new binary package for python2.4).

3.0.0-3 > 3.0.0-2.1, so your package should go in without problems. Apologies
for not checking the NEW queue before NMUing.

/* Steinar */
-- 
Homepage: http://www.sesse.net/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293207: bogofilter: last two versions caused db errors

[David Relson]

On Wed, 02 Feb 2005 10:40:39 -0600
Karl Schmidt wrote:

> Matthias Andree wrote:

...[snip]...

> Installing bogofilter on a Debian testing box gives us:
> 
> ii  bogofilter 0.93.5-1   a fast Bayesian spam filter
> 
> $ bogofilter -V
> bogofilter version 0.93.5
>  Database: Sleepycat Software: Berkeley DB 4.3.27: (December 22, 2004
> 
> I delete all the files in the db directory and run the following script 
> (as I've had to rebuild a few times now):
> 
> #!/bin/bash
> bogofilter -M -s -d /etc/bogofilter -I /home/karl/mail/zs-archived-spam2004
> bogofilter -M -s -d /etc/bogofilter -I /home/karl/mail/zs-archived-spam2003
> bogofilter -M -s -d /etc/bogofilter -I /home/karl/mail/s-archived-spam
> bogofilter -M -n -d /etc/bogofilter -I /home/karl/mail/z-archived2004
> bogofilter -M -n -d /etc/bogofilter -I /home/karl/mail/archived
> bogofilter -M -n -d /etc/bogofilter -I /home/karl/mail/list-servers/EXIM
> bogofilter -M -n -d /etc/bogofilter -I
> chown  Debian-exim.Debian-exim /etc/bogofilter/*

Your script looks reasonable.  I, too, make a practice of to preserving
sequences of useful commands in scripts.

As a tip, using "-B" instead of "-I" allows listing of multiple message
sources (mailboxes, maildirs, etc) in 1 command, e.g.

bogofilter -M -s -d /etc/bogofilter -B /home/karl/mail/*s-archived-spam*

> Everything works (not sure if it is tagging quite as much spam) then it 
> ends ups stopping after about 48 hours.
> 
> This is on a Tyan MB with ECC memory, antec powersupply - I think a 
> quite stable system running bind, dhcp,hylasfax, samba, nfs, imap all 
> flawlessly. I would suspect falky hardware at this point except going 
> back to the older version fixes things.
> 
> Only other thing I can suspect is that exim is threaded - could there be 
> a locking problem I'm seeing running two requests at a time? I can 
> imagine that 48 hours would be long enough to be filtering two messages 
> at the same time. That would explain why most people running in a single 
> thread POP service manner would not see this bug.
> 
> The basic fact is I am sure I recreated the databases and didn't upgrade 
> and try to run the old data base  (which if I remember would have failed 
> at once.) Going back to the old version and once again reproducing the 
> databases fixes the problem.
> 
> I can think that it would be easy to test by running two or three 
> instances of bogofilter at the same time on some mail files. One can 
> write a script that will fork and you might want to add it to your 
> testing procedure. Hope this helps.

Bogofilter can be built with "make check" which runs a series of 40 or
so regression tests.  The 2 locking tests run multiple copies of
bogofilter to test operating system, database, and bogofilter.  If you
have source code, it's probably worth running -- just for grins.

 
> I hope I didn't sound off base here and hope I haven't ruffled any 
> feathers, but I really do think that these should spend some time in 
> unstable.

Nope, no ruffled feathers here.  Guess you'll have to try harder :-)

Cheers!

David



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#271262: Processed: severity of 271262 is grave

[Ben Burton]

severity 271262 important
thanks mate

> Bug#271262: kteatime: fails to start
> Severity set to `grave'.

Why?

Most of the problems in this report appear to be with non-KDE users.
KTeaTime is a KDE system tray applet (as it says in the package
description); what I will do shortly is do a new upload that makes it
clearer in both the package description and the various readme files
that on a non-KDE system you are taking your chances.

On a KDE system I have not been able to reproduce this bug.  When I have
time I can look into what is breaking under other window managers, and I
agree it's a distressing bug, but I don't see why this is RC.

(For future reference, it would be appreciated if you could include a
short reason when you raise a bug's severity, rather than just doing it
without any comment - ta.)

On a related note: if kteatime is not starting for you, can you please:
(i) tell me what window manager you're using, and (ii) install kcpuload
and let me know if _that_ starts for you?

b.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#271262: kicker is an applet

[Marco Krohn]

Hi,

klipper is an small applet that does not show up as a window. Instead it 
"lives" in the panel, as described in 
http://docs.kde.org/en/3.3/kdetoys/kteatime/how-to-use.html. 

(BTW note that it seems that nobody took care of sending the bug report to 
upstream -- that is bugs.kde.org.)


In private communication Helge K. suggested to change

  Recommends: kicker

to

  Depends: kicker

I agree with him. Please note that other packages might have the same problem 
with the dependency as well. Perhaps someone who knows Debian better than I 
do wants to check the packages

  klipper
  kicker-applets

as well. best regards, Marco


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#271262: The same on ppc with fvwm2

[Ben Burton]

Hi,

> I run fvwm2 on ppc and also no window is presented. I run kteatime
> under strace, and whenever I changed windows with the mouse, a few,
> very similar lines were repeated. If you are interested, I can present
> those lines.

Yes please -- that would be helpful.

Also: can you please install kcpuload and let me know if that comes up
inside a window on your system (this is another KDE systray applet)?

Thanks - Ben.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Processed: severity of 271262 is grave

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> severity 271262 important
Bug#271262: kteatime: fails to start
Severity set to `important'.

> thanks mate
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293403: Segfaults or aborts with assertion.

[Philipp Weis]

Package: potion
Version: 0.0.3
Severity: grave

I wanted to try potion and it either segfaults or aborts with an
assertion right away.

| $ potion eth1
| potion: event_queue_remove: 0x804c3ec(fd -1) not on queue 1
| potion: event.c:614: event_del:
| Assertion `!(ev->ev_flags & ~(0xf000 | 0x9f))' failed.
| Aborted

or

| $ potion eth1
| Segmentation fault

This is both an the same machine, seemingly choosing randomly between
segfault and abort.

Here is a backtrace of the failed assertion case:

| #0  0xb7e617ab in raise () from /lib/tls/libc.so.6???
| #1  0xb7e62f12 in abort () from /lib/tls/libc.so.6???
| #2  0xb7e5b26f in __assert_fail () from /lib/tls/libc.so.6??
| #3  0xb7fd4328 in event_del () from /usr/lib/libevent.so.1??
| #4  0x0804a885 in ?? ()
| #5  0x0804c3ec in optind ()
| #6  0xb448 in ?? ()
| #7  0xb7e64102 in exit () from /lib/tls/libc.so.6???
| #8  0xb7e64102 in exit () from /lib/tls/libc.so.6???
| #9  0xb7f0f7a3 in errx () from /lib/tls/libc.so.6???
| #10 0xb7fd475f in event_active () from /usr/lib/libevent.so.1??
| #11 0xb7fd45bc in event_active () from /usr/lib/libevent.so.1??
| #12 0xb7fd3d04 in event_base_loop () from /usr/lib/libevent.so.1??
| #13 0xb7fd3bbb in event_loop () from /usr/lib/libevent.so.1
| #14 0xb7fd3af0 in event_dispatch () from /usr/lib/libevent.so.119:19:32 ?
| #15 0x0804b0b2 in ?? ()
| #16 0x0804a865 in ?? ()
| #17 0xb7f69c60 in ?? () from /lib/tls/libc.so.6
| #18 0xb5b8 in ?? ()
| #19 0xb7e4e904 in __libc_start_main () from /lib/tls/libc.so.6
| #20 0xb7e4e904 in __libc_start_main () from /lib/tls/libc.so.6
| #21 0x080492a1 in ?? ()

And here for the segfault case.

| #0  0x08049f78 in ?? ()
| #1  0xb2e4 in ?? ()
| #2  0xb3e0 in ?? ()
| #3  0x0804ac55 in ?? ()
| #4  0x08052a7c in ?? ()
| #5  0x42016dba in ?? ()
| #6  0x42016dba in ?? ()
| #7  0x0169 in ?? ()
| #8  0x in ?? ()
| #9  0x0001 in ?? ()
| #10 0x in ?? ()
| #11 0xcb0b0006 in ?? ()
| #12 0x42da5f4a in ?? ()
| #13 0x18931261 in ?? ()
| #14 0x08930050 in ?? ()
| #15 0x0003 in ?? ()
| #16 0x in ?? ()
| #17 0x in ?? ()?
| [...]
| #59 0x in ?? ()
| #60 0xb7fd696b in evsignal_recalc () from /usr/lib/libevent.so.1
| Previous frame inner to this frame (corrupt stack?)

Let me know if you need more information.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (600, 'testing'), (570, 'experimental'), (570, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages potion depends on:
ii  libabz0 0.4.6Miscellaneous useful routines
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libdebug0   0.4.2Memory leak detection system and l
ii  libevent1   1.0b-1.1 An asynchronous event notification
ii  libncurses5 5.4-4Shared libraries for terminal hand
ii  libpcap0.8  0.8.3-5  System interface for user-level pa

-- no debconf information

-- 
Philipp Weis[EMAIL PROTECTED]http://pweis.com/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#271427: another Debian font bug

[Danilo Åegan]

Yesterday at 1:46, Dafydd Harries wrote:

>   http://muse.19inch.net/~daf/dump/271427/

I see many problems with these fonts.

In particular, many Cyrillic glyphs are incorrectly scaled (perhaps
due to different em-sizes?  I don't know).  Metrics are also wrong
(and they seem to be wrong in the same way as the glyphs size is):

  http://kvota.net/fonts/urwcyr/nimbus-mono.png

This applies to Nimbus Mono L Oblique, Bold and Bold Oblique faces.
If I load /usr/share/fonts/type1/gsfonts/* in FontForge, I see that
some glyphs have width of 600, and others have width of 747 (a bit
strange for monospace font, but not too strange once you look at the
glyphs, whose size varies as well :).


The following is most likely a configuration problem, but I thought
I'd mention it as well.

Also, Nimbus Sans Regular and Regular Condensed look exactly the same
for me (this could be due to some font fields not being set fully,
but I'm not sure).

Similarly, URW Bookman L Light gives me Demi Bold variant.  For URW
Gothic L, Book looks like Demi, and Demi Oblique looks like Book
Oblique.  Also, URW Palladio L Roman actually displays bold, just what
Century Schoolbook L Roman does as well.

All this is tested using gedit.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#287651: [GRASS5] [bug #2877] (grass) Insecure tempfile creation

[Hamish]

Hi, for those playing along at home, time for a status update:


r.terraflow is the only module in GRASS 6.0 CVS which hasn't been fixed
for this bug yet (end user set-able but uses "/var/tmp" as default).

You can make a GRASS package without the r.terraflow module by doing:
./configure --without-cxx

this has no repercussions on the rest of the package.


Hopefully we can have a GRASS 6beta2 release soon with r.terraflow fixed
and a new debian package made from that. If you don't want to wait, pull
from CVS and do --without-cxx.

see the pkg-grass mailing list at Alioth for more info.
  http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-general



best,
Hamish


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#282434: marked as done (multiple unsafe uses of files in /tmp)

[Debian Bug Tracking System]

Your message dated Thu, 03 Feb 2005 00:34:08 +0100
with message-id <[EMAIL PROTECTED]>
and subject line wmfrog: multiple unsafe uses of files in /tmp fixed by package 
removal
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 22 Nov 2004 02:08:28 +
>From [EMAIL PROTECTED] Sun Nov 21 18:08:28 2004
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CW3cy-0005Jj-00; Sun, 21 Nov 2004 18:08:28 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 89524180A5
for <[EMAIL PROTECTED]>; Mon, 22 Nov 2004 02:08:22 + (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 85A546E636; Sun, 21 Nov 2004 21:09:58 -0500 (EST)
Date: Sun, 21 Nov 2004 21:09:58 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: multiple unsafe uses of files in /tmp
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: wmfrog
Version: 0.1.6-2
Severity: grave
Tags: security

By default wmfrog uses /tmp as its teporary directory. No care is used
when writing or accessing files in this directory, which means that
wmfrog is vulnerable to symlink attacks, which a local attacker can
easily use to overwrite files owned by the user who runs wmfrog. There
are also potentially other attacks, such as buffer overflows.

#define TMP "/tmp/"
=2E..
chartmp[255]=3DTMP;
=2E..
sprintf(command, "/usr/lib/wmfrog/weather.pl %s %s %s &", Stati=
onID, tmp, proto);

my ($station, $tmpfolder, $proto) =3D @ARGV;
my $tmpfile =3D "$tmpfolder/$station.TMP";
`wget -q -O '$tmpfile' '$URI'`;

wget does not open -O files in a manner that is appropriate for use in /tmp.
This is easily exploitable with a symlink attack.

=2E..
open(FILE,"> $tmpfolder/$station") || die "Couldn't open $tmpfolder/$statio=
n:$!";

Completly unsafe for use in /tmp again symlink attackable.

=2E..
sprintf(FileName, "/tmp/%s", StationID);
if ((fp =3D fopen(FileName, "r")) !=3D NULL){
=2E..
  weatherFound=3Dfscanf(fp, "Weather:%as", &Weather);

Are Weather and other character arrays safe from buffer overflows if fed
malicious data by an attacker? I have not checked.


There is a simple workaround: set -tmp to a directory only you can write to.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages wmfrog depends on:
ii  libc6 2.3.2.ds1-18   GNU C Library: Shared librarie=
s an
ii  libx11-6  4.3.0.dfsg.1-8 X Window System protocol clien=
t li
ii  libxext6  4.3.0.dfsg.1-8 X Window System miscellaneous =
exte
ii  libxpm4   4.3.0.dfsg.1-8 X pixmap library
ii  xlibs 4.3.0.dfsg.1-8 X Window System client librari=
es m

-- no debconf information

--=20
see shy jo

--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBoUp1d8HHehbQuO8RAsklAJ9cGnfFRTyInLYVxqUKm7arhDF2HQCgtoj3
wdXr5XaA+z5Cs1S1LOUUBfk=
=wr/0
-END PGP SIGNATURE-

--SLDf9lqlvOQaIe6s--

---
Received: (at 282434-done) by bugs.debian.org; 2 Feb 2005 23:34:57 +
>From [EMAIL PROTECTED] Wed Feb 02 15:34:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from

Bug#292836: marked as done (ttcn3parser: FTBFS: Missing Build-Depends on 'python-dev')

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 17:32:26 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292836: fixed in ttcn3parser 20050130-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 30 Jan 2005 12:58:52 +
>From [EMAIL PROTECTED] Sun Jan 30 04:58:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from c169252.adsl.hansenet.de (localhost.localdomain) 
[213.39.169.252] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CvEfD-0002O9-00; Sun, 30 Jan 2005 04:58:52 -0800
Received: from aj by localhost.localdomain with local (Exim 4.34)
id 1CvEf4-0004ph-EY; Sun, 30 Jan 2005 13:58:42 +0100
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
From: Andreas Jochens <[EMAIL PROTECTED]>
Subject: ttcn3parser: FTBFS: Missing Build-Depends on 'python-dev'
Message-Id: <[EMAIL PROTECTED]>
Date: Sun, 30 Jan 2005 13:58:42 +0100
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: ttcn3parser
Severity: serious
Tags: patch

cd . && python setup.py build --build-base="./build"
/bin/sh: python: command not found
make: *** [common-build-impl] Error 127

Please add the missing Build-Depends on 'python-dev'
to debian/control.

Regards
Andreas Jochens

diff -urN ../tmp-orig/ttcn3parser-20050122/debian/control ./debian/control
--- ../tmp-orig/ttcn3parser-20050122/debian/control 2005-01-30 
13:36:16.479552772 +0100
+++ ./debian/control2005-01-30 13:36:04.706824974 +0100
@@ -2,14 +2,14 @@
 Section: devel
 Priority: extra
 Maintainer: W. Borgert <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>> 4), docbook-xsl (>= 1.60), python2.3-dev, 
xsltproc, cdbs
+Build-Depends: debhelper (>> 4), docbook-xsl (>= 1.60), python-dev, xsltproc, 
cdbs
 Standards-Version: 3.6.1.1
 
 Package: ttcn3parser
 Architecture: all
-Depends: python, python2.3-pyparsing
+Depends: python, python-pyparsing
 Recommends: ttcn-el
-Suggests: python2.3-psyco
+Suggests: python-psyco
 Description: parser for the TTCN-3 test specification language
  This is a parser for TTCN-3 (Testing and Test Control
  Notation 3), a language mainly for testing of communication

---
Received: (at 292836-close) by bugs.debian.org; 2 Feb 2005 22:38:02 +
>From [EMAIL PROTECTED] Wed Feb 02 14:38:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwT8L-0002d2-00; Wed, 02 Feb 2005 14:38:01 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwT2w-0005mF-00; Wed, 02 Feb 2005 17:32:26 -0500
From: [EMAIL PROTECTED] (W. Borgert)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292836: fixed in ttcn3parser 20050130-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 17:32:26 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: ttcn3parser
Source-Version: 20050130-1

We believe that the bug you reported is fixed in the latest version of
ttcn3parser, which is due to be installed in the Debian FTP archive:

ttcn3parser_20050130-1.diff.gz
  to pool/main/t/ttcn3parser/ttcn3parser_20050130-1.diff.gz
ttcn3parser_20050130-1.dsc
  to pool/main/t/ttcn3parser/ttcn3parser_20050130-1.dsc
ttcn3parser_20050130-1_all.deb
  to pool/main/t/ttcn3parser/ttcn3parser_20050130-1_all.deb
ttcn3parser_20050130.orig.tar.gz
  to pool/main/t/ttcn3parser/ttcn3parser_20050130.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
W. Borgert <[EMAIL PROTECTED]> (supplier of updated ttcn3parser package)

(This message was generated automatically at their request; if you
believe that there is a pr

Bug#293207: bogofilter: last two versions caused db errors

[Clint Adams]

> ii  bogofilter 0.93.5-1   a fast Bayesian spam filter
> 
> $ bogofilter -V
> bogofilter version 0.93.5
> Database: Sleepycat Software: Berkeley DB 4.3.27: (December 22, 2004

Are you using libc6-i686?

> Only other thing I can suspect is that exim is threaded - could there be 
> a locking problem I'm seeing running two requests at a time? I can 

Which exim package are you using?

> I hope I didn't sound off base here and hope I haven't ruffled any 
> feathers, but I really do think that these should spend some time in 
> unstable.

I don't see how that would have helped in this case.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#292938: speedy-cgi-perl: Running /usr/bin/speedy as non root result in Segmentation fault

[Jose Carlos Garcia Sogo]

El miÃ, 02-02-2005 a las 08:45 +0100, [EMAIL PROTECTED]
escribiÃ:
>  Jose,
> 
> What kind of information do you need ?
> 
> In the mean time I resolved the problem by adding a root sticky-bit on the 
> executable.

>  (Perhaps it's something the program can't read when run as a non-root user

 Please, don't remove CC to the bug #, so BTS can keep track of mails.

 Having a backtrace of the executable when it hangs could be
interesting. Also, you could send me directly a strace of it running (os
speedy-cgi-perl, not smokeping)

 Thanks,

-- 
Jose Carlos Garcia Sogo
   [EMAIL PROTECTED]


signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada	digitalmente

Bug#293388: sqlite: FTBFS: Missing build dependency

[Kurt Roeckx]

Package: sqlite
Version: 2.8.15-4
Severity: serious

Hi,

Your package is failing to build with the following error:
if test -n "" ; then \
if test -d ./m4 ; then m4="-I m4" ; fi ; \
if test -e ./aclocal.m4 ; then cd . && aclocal- $m4 ; fi ; \
elif test -n "1.8 " ; then \
if test -d ./m4 ; then m4="-I m4" ; fi ; \
if test -e ./aclocal.m4 ; then cd . && aclocal-1.8  $m4 ; fi ; \
fi
/bin/sh: aclocal-1.8: command not found
make: *** [debian/stamp-autotools-files] Error 127

You changed the build dependency from automake1.8 to
automake1.9 but then you should actually use that too.


Kurt



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291559: capi4hylafax: segfault on receive in 1:01.02.03-8 but not 1:01.02.03-7

[Bodo Meissner]

Package: capi4hylafax
Version: 1:01.02.03-7
Followup-For: Bug #291559

Segfault on receiving a fax on my system, too. (Sending not checked.)
Everything works after downgrading to 1:01.02.03-7.

c2faxrecv always creates a fax00*.tif containing 8 bytes.

# od -tx1 fax5.tif
000 49 49 2a 00 00 00 00 00
010

logfile capi4hylafax:

Feb 02 21:45:19.29: [  814]: c2faxrecv - INFO: 
Device "faxCAPI" uses 1 receive thread(s) with the following config:
Feb 02 21:45:19.31: [  814]: c2faxrecv - INFO: Controller=1 : 
IncomingMSNs=9874994,9874995
Feb 02 21:45:19.31: [  814]: c2faxrecv - INFO: 
Started in Hylafax mode and waiting on incoming calls.
Feb 02 21:51:18.98: [  821]: c2faxrecv - INFO: SESSION BEGIN 0095 
+49..9874994
Feb 02 21:51:18.98: [  821]: c2faxrecv - INFO: Incoming speech call on 
controller 1 to 9874994.
Feb 02 21:51:28.35: [  821]: c2faxrecv - INFO: Connection established.
Feb 02 21:51:28.35: [  821]: c2faxrecv - INFO:  BaudRate  = 9600
Feb 02 21:51:28.35: [  821]: c2faxrecv - INFO:  Flags = HighRes
Feb 02 21:51:28.41: [  821]: c2faxrecv - INFO: Write fax in path 
/var/spool/hylafax to file recvq/fax7.tif.

[all c2faxrecv processes died]
[/etc/init.d/capi4hylafax restart]

Feb 02 21:53:47.61: [  944]: c2faxrecv - INFO: 
Device "faxCAPI" uses 1 receive thread(s) with the following config:
Feb 02 21:53:47.62: [  944]: c2faxrecv - INFO: Controller=1 : 
IncomingMSNs=9874994,9874995
Feb 02 21:53:47.62: [  944]: c2faxrecv - INFO: 
Started in Hylafax mode and waiting on incoming calls.
Feb 02 21:54:12.54: [  946]: c2faxrecv - INFO: SESSION BEGIN 0096 
+49..9874994
Feb 02 21:54:12.54: [  946]: c2faxrecv - INFO: Incoming speech call on 
controller 1 to 9874994.
Feb 02 21:54:21.93: [  946]: c2faxrecv - INFO: Connection established.
Feb 02 21:54:21.94: [  946]: c2faxrecv - INFO:  BaudRate  = 9600
Feb 02 21:54:21.94: [  946]: c2faxrecv - INFO:  Flags = HighRes
Feb 02 21:54:21.95: [  946]: c2faxrecv - INFO: Write fax in path 
/var/spool/hylafax to file recvq/fax8.tif.

[all c2faxrecv died again]

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages capi4hylafax depends on:
ii  isdnactivecards   1:3.3.0.20041110-1 support for active ISDN cards and 
ii  libc6 2.3.2.ds1-20   GNU C Library: Shared libraries an
ii  libcapi20-2   1:3.3.0.20041110-1 libraries for CAPI support
ii  libgcc1   1:3.4.3-6  GCC support library
ii  libstdc++51:3.3.5-5  The GNU Standard C++ Library v3
ii  libtiff4  3.7.1-2Tag Image File Format (TIFF) libra

hylafax-server 1:4.2.1-1
-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293303: marked as done (lsbdev: RoM; buggy, orphaned upstream)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 16:13:43 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293303: fixed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 2 Feb 2005 11:12:07 +
>From [EMAIL PROTECTED] Wed Feb 02 03:12:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from colo.lackof.org [198.49.126.79] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwIQZ-000805-00; Wed, 02 Feb 2005 03:12:07 -0800
Received: from localhost (localhost [127.0.0.1])
by colo.lackof.org (Postfix) with ESMTP id 02AE2298034
for <[EMAIL PROTECTED]>; Wed,  2 Feb 2005 04:12:00 -0700 (MST)
Received: from colo.lackof.org ([127.0.0.1])
by localhost (colo.lackof.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 23692-05 for <[EMAIL PROTECTED]>;
Wed, 2 Feb 2005 04:11:59 -0700 (MST)
Received: from cyrix.home.bogus (c-24-18-165-146.client.comcast.net 
[24.18.165.146])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "taggart.lackof.org", Issuer "ca.lackof.org" (verified OK))
by colo.lackof.org (Postfix) with ESMTP id 6752D29800A
for <[EMAIL PROTECTED]>; Wed,  2 Feb 2005 04:11:59 -0700 (MST)
Received: by cyrix.home.bogus (Postfix, from userid 3)
id 28E1D1AA810; Wed,  2 Feb 2005 03:11:35 -0800 (PST)
Received: from cyrix.home.bogus (localhost [127.0.0.1])
by cyrix.home.bogus (Postfix) with ESMTP id 256CF2FF24
for <[EMAIL PROTECTED]>; Wed,  2 Feb 2005 03:11:35 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Matt Taggart <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: lsbdev: RoM; buggy, orphaned upstream
X-Reportbug-Version: 3.7.1
Date: Wed, 02 Feb 2005 03:11:35 -0800
Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at lackof.org
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: ftp.debian.org
Severity: critical

lsbdev provides an LSB development environment via a chroot with bind
mounts. This system is complicated and buggy(4 RC bugs, 4 non-RC), it
affects other packages on the system (interferes with upgrades) and
has caused data loss due to misunderstandings and bugs in bind
mounting. Overall it sucks and upstream has mostly abandoned this
approach and has switched to a compiler wrapper system instead. I
believe it is possible to re-implement this system in a way that
doesn't rely on bind mounting, but until this is done upstream, this
package does not belong in Debian. 

Please remove from testing and unstable.

I'd also like to apologize for taking so long to make the decision to
remove this package.

-- 
Matt Taggart
[EMAIL PROTECTED]

---
Received: (at 293303-close) by bugs.debian.org; 2 Feb 2005 21:14:53 +
>From [EMAIL PROTECTED] Wed Feb 02 13:14:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwRps-0004cb-00; Wed, 02 Feb 2005 13:14:52 -0800
Received: from troup by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwRol-0001rG-00; Wed, 02 Feb 2005 16:13:43 -0500
From: Debian Archive Maintenance <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: melanie $Revision: 1.43 $ 
Subject: Bug#293303: fixed
Message-Id: <[EMAIL PROTECTED]>
Sender: James Troup <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 16:13:43 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

lsbdev |1.1.2-2 | source, i386

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no 

Bug#288274: marked as done (RM: astats -- Security issues, obsolete)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 16:14:15 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#288274: fixed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 2 Jan 2005 19:55:59 +
>From [EMAIL PROTECTED] Sun Jan 02 11:55:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from zongo.gunnm.org (akira) [82.230.93.29] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1ClBpX-0003w2-00; Sun, 02 Jan 2005 11:55:59 -0800
Received: from soda by akira with local (Exim 3.36 #1 (Debian))
id 1ClBoy-0001xt-00; Sun, 02 Jan 2005 20:55:24 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Julien Delange <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: ftp.debian.org: remove astats package, better package replace it
X-Mailer: reportbug 3.5
Date: Sun, 02 Jan 2005 20:55:24 +0100
Message-Id: <[EMAIL PROTECTED]>
Sender: Julien Delange <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: ftp.debian.org
Severity: important


Hi,

Please remove the astats package. In fact astats was used by old aMule
versions, which was packaged in Debian. But the aMule's team create new
tools which replaced astats. This tools are in the amule-utils package,
and replace the astats tools. More, upstream don't maintain astats at
this time, and it doesn't work with the new version of aMule.

So, please remove the astats package from the debian's archive.

Thanks,

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.10
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

---
Received: (at 288274-close) by bugs.debian.org; 2 Feb 2005 21:14:51 +
>From [EMAIL PROTECTED] Wed Feb 02 13:14:51 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwRpr-0004cL-00; Wed, 02 Feb 2005 13:14:51 -0800
Received: from troup by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwRpH-0001rR-00; Wed, 02 Feb 2005 16:14:15 -0500
From: Debian Archive Maintenance <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: melanie $Revision: 1.43 $ 
Subject: Bug#288274: fixed
Message-Id: <[EMAIL PROTECTED]>
Sender: James Troup <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 16:14:15 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

astats |1.6.5-2 | source, all

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED]

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[EMAIL PROTECTED]

Debian distribution maintenance softw

Bug#288297: marked as done (RM: astats -- Security issues, obsolete)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 16:14:15 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#288274: fixed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 29 Dec 2004 00:43:21 +
>From [EMAIL PROTECTED] Tue Dec 28 16:43:21 2004
Return-path: <[EMAIL PROTECTED]>
Received: from tornado.dat.etsit.upm.es (dat.etsit.upm.es) [138.100.17.73] 
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CjRvt-0008Vq-00; Tue, 28 Dec 2004 16:43:21 -0800
Received: (qmail 14876 invoked by uid 1013); 29 Dec 2004 00:43:19 -
Date: Wed, 29 Dec 2004 01:43:19 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: astats: Multiple temporary symlink vulnerabilities in the astats script
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="LKTjZJSUETSlgu2t"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--LKTjZJSUETSlgu2t
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Package: astats
Version: 1.6.5-2
Priority: grave
Tags: security sarge sid

The astats script does not protect itself from temporary filename attacks
since it creates file in an insecure manner (using names like
'/tmp/aStats-Graphic-Signature-Generation', '/tmp/aMule-temp1.png',
'/tmp/aMule-temp2.png', etc.). No checks are done to prevent symlink
attacks (set -C, for example).

IMHO this makes this script unsuitable for release.

Regards

Javier


--LKTjZJSUETSlgu2t
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB0f2ni4sehJTrj0oRArAfAJ4vw0Uyez4NMgmWXEJCP5QIQD1XhwCbBVuM
eWrPrLuTielM1/Hldy5lR3s=
=PQ9/
-END PGP SIGNATURE-

--LKTjZJSUETSlgu2t--

---
Received: (at 288274-close) by bugs.debian.org; 2 Feb 2005 21:14:51 +
>From [EMAIL PROTECTED] Wed Feb 02 13:14:51 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwRpr-0004cL-00; Wed, 02 Feb 2005 13:14:51 -0800
Received: from troup by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwRpH-0001rR-00; Wed, 02 Feb 2005 16:14:15 -0500
From: Debian Archive Maintenance <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: melanie $Revision: 1.43 $ 
Subject: Bug#288274: fixed
Message-Id: <[EMAIL PROTECTED]>
Sender: James Troup <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 16:14:15 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

astats |1.6.5-2 | source, all

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive (ftp-master.debian.org) and will not propagate to any
mirrors (ftp.debian.org included) until the next cron.daily run at the
earliest.

Packages are never removed from testing by hand.  Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems.

Bugs which have been reported against this package are not automatically
removed from the Bug Tracking System.  Please check all open bugs and
close them or re-assign them to another package if the removed package
was superseded by another one.

Thank you for reporting the bug, which will now be closed.  If you
have further comments p

Bug#291252: marked as done (specimen: Uninstallable on sid - library dependency does not exist.)

[Debian Bug Tracking System]

Your message dated Wed, 2 Feb 2005 16:02:30 -0500
with message-id <[EMAIL PROTECTED]>
and subject line specimen: Uninstallable on sid - library dependency does not 
exist.
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 19 Jan 2005 17:08:35 +
>From [EMAIL PROTECTED] Wed Jan 19 09:08:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl092-172-198.wdc2.dsl.speakeasy.net (stax) [66.92.172.198] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrJJr-0002Cd-00; Wed, 19 Jan 2005 09:08:35 -0800
Received: from cmetzler by stax with local (Exim 3.36 #1 (Debian))
id 1CrJIT-000136-00; Wed, 19 Jan 2005 12:07:09 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Chris Metzler <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: specimen: Uninstallable on sid - library dependency does not exist.
X-Mailer: reportbug 3.2
Date: Wed, 19 Jan 2005 12:07:09 -0500
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: specimen
Version: 0.4.3-1
Severity: grave
Justification: renders package unusable


specimen is in sid with an apparent dependency on libphat0,
which does not exist.

# apt-get -t unstable install specimen
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
  specimen: Depends: libphat0 but it is not installable
E: Broken packages
#



-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26.040705a
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages specimen depends on:
ii  ladcca2 0.4.0-4  LADCCA shared library files
ii  libart-2.0-22.3.16-6 Library of functions for 2D graphi
ii  libasound2  1.0.7-4  ALSA library
ii  libatk1.0-0 1.8.0-4  The ATK accessibility toolkit
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libglib2.0-02.4.8-1  The GLib library of C routines
ii  libgnomecanvas2-0   2.8.0-1  A powerful object-oriented display
ii  libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface 
ii  libjack0.80.0-0 0.99.0-2 JACK Audio Connection Kit (librari
ii  libpango1.0-0   1.6.0-3  Layout and rendering of internatio
ii  libsamplerate0  0.1.1-2  audio rate conversion library
ii  libsndfile1 1.0.10-2 Library for reading/writing audio 
ii  libuuid11.35-6   Universally unique id library
ii  libxml2 2.6.11-5 GNOME XML library
ii  zlib1g  1:1.2.2-3compression library - runtime

-- no debconf information

---
Received: (at 291252-done) by bugs.debian.org; 2 Feb 2005 21:05:24 +
>From [EMAIL PROTECTED] Wed Feb 02 13:05:24 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail25.sea5.speakeasy.net [69.17.117.27] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwRgh-0003Ma-00; Wed, 02 Feb 2005 13:05:23 -0800
Received: (qmail 5411 invoked from network); 2 Feb 2005 21:05:05 -
Received: from dsl092-172-198.wdc2.dsl.speakeasy.net (HELO stax) 
([66.92.172.198])
  (envelope-sender <[EMAIL PROTECTED]>)
  by mail25.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
  for <[EMAIL PROTECTED]>; 2 Feb 2005 21:05:04 -
Date: Wed, 2 Feb 2005 16:02:30 -0500
From: Chris Metzler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: specimen: Uninstallable on sid - libr

Processed: and this is RC

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> severity 284520 grave
Bug#284520: libdbd-sqlite-perl must conflict with older popfile versions
Severity set to `grave'.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293379: FWD: [SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions

[Joey Hess]

Package: cpio
Version: 2.5-1.1
Severity: grave
Tags: security

I'm filing this bug report so we can track the progress of getting cpio
fixed in unstable. Since the DSA says "soon", you've probably already
been contacted by the security team, so if you have an upload already
built just close this bug.

- Forwarded message from Martin Schulze <[EMAIL PROTECTED]> -

From: Martin Schulze <[EMAIL PROTECTED]>
Date: Wed, 2 Feb 2005 17:57:21 +0100 (CET)
To: Debian Security Announcements 
Subject: [SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions
User-Agent: dsa-launch $Revision: 1.15 $
Reply-To: debian-security@lists.debian.org

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 664-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 2nd, 2005  http://www.debian.org/security/faq
- --

Package: cpio
Vulnerability  : broken file permissions
Problem-Type   : local
Debian-specific: no
CVE ID : CAN-1999-1572

It has been discovered, that cpio, a program to manage archives of
files, creates output files with -O and -F with broken permissions due
to a reset zero umask which allows local users to read or overwrite
those files.

For the stable distribution (woody) this problem has been fixed in
version 2.4.2-39woody1

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your cpio package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- 

  Source archives:

http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1.dsc
  Size/MD5 checksum:  549 45ee6d04cffc59c6e0d125ab269d8672

http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1.diff.gz
  Size/MD5 checksum:22965 a5db2ad1ec00b2825bbdf4f0acaf8a84
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2.orig.tar.gz
  Size/MD5 checksum:   181728 3e976db71229d52a8a135540698052df

  Alpha architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_alpha.deb
  Size/MD5 checksum:73064 029c7d1de8bff5d6f63c7702455c0e17

  ARM architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_arm.deb
  Size/MD5 checksum:63746 05f2cee18a28822b4fbe0d54f2b0efcf

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_i386.deb
  Size/MD5 checksum:61382 2011b7b05347a22780fe5a2d2da77923

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_ia64.deb
  Size/MD5 checksum:84938 173755073bd59fee905debce08456824

  HP Precision architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_hppa.deb
  Size/MD5 checksum:69512 e950b2aa1f51a0f9412c31982496

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_m68k.deb
  Size/MD5 checksum:59714 c6c591c1839c464fb0cb2294d1758875

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_mips.deb
  Size/MD5 checksum:69094 8aee70b66943403293252649d4879134

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_mipsel.deb
  Size/MD5 checksum:68806 9e761f1fe3d156c5c557d3a28d51ab37

  PowerPC architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_powerpc.deb
  Size/MD5 checksum:64084 f0fa8bf78610ed20b6135b4c7c04436c

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_s390.deb
  Size/MD5 checksum:63866 ba0b403eaee5bcd05d8d0cbf3c48cfcb

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_sparc.deb
  Size/MD5 checksum:65818 f5e0c10d8e46321e8c584454402512c5


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: de

Bug#293381: vulnerable to another XSS hole (CAN-2005-0104)

[Joey Hess]

Package: squirrelmail
Version: 2:1.4.4-1
Tags: security
Severity: grave

Seems that squirrelmail in unstable is still vulnerable to the
cross-site scripting hole CAN-2005-0104. The mail below has some
details and a patch against the woody version follows. The CAN-2005-0152
part of the patch is not relevant, but most of the webmail.php patch
will apply to the unstable version.

- Forwarded message from Martin Schulze <[EMAIL PROTECTED]> -

From: Martin Schulze <[EMAIL PROTECTED]>
Date: Wed, 2 Feb 2005 12:29:21 +0100
To: Joey Hess <[EMAIL PROTECTED]>
Subject: Re: [SECURITY] [DSA 662-1] New squirrelmail package fixes several 
vulnerabilities
User-Agent: Mutt/1.5.6+20040907i

Joey Hess wrote:
> Martin Schulze wrote:
> > CAN-2005-0104
> > 
> > Upstream developers noticed that an unsanitised variable could
> > lead to cross site scripting.
> 
> The changelog for squirrelmail 2:1.4.4-1 says that the CAN for the XSS
> hole is -0103, not -104. Which is wrong, or is this a different hole?

It's a different hole.  Woody is not vulnerable to 0103 and we thought
that it wasn't to 0104 either, but that turned out to be wrong.

> Both CANs are still reserved so I can't check.

This should help:

http://cvs.sf.net/viewcvs.py/squirrelmail/squirrelmail/src/webmail.php?r1=1.92.2.8&r2=1.92.2.6&only_with_tag=SM-1_4-STABLE

Use CAN-2005-0103 for cross site scripting
and CAN-2005-0104 for code injectian via unsanitised integer variable

Regards,

Joey

-- 
Still can't talk about what I can't talk about.  Sorry.  -- Bruce Schneier

diff -u squirrelmail-1.2.6/debian/changelog squirrelmail-1.2.6/debian/changelog
--- squirrelmail-1.2.6/debian/changelog
+++ squirrelmail-1.2.6/debian/changelog
@@ -1,3 +1,16 @@
+squirrelmail (1:1.2.6-2) stable-security; urgency=high
+
+  * Security upload
+  * [CAN-2005-0152] Close security hole where URL-manipulation in combination
+with register_globals and allow_url_fopen both set to On could lead to
+remote code execution as the www-data user. (Closes: #292714).
+This issue is specific to exactly version 1.2.6 of SquirrelMail (older
+and newer versions not vulnerable). Thanks Grant Hollingworth for
+discovering this bug and notifying us about it.
+  * [CAN-2005-0104] Fix possible XSS issues in src/webmail.php.
+
+ -- Thijs Kinkhorst <[EMAIL PROTECTED]>  Sun, 30 Jan 2005 18:27:25 +0100
+
 squirrelmail (1:1.2.6-1.4) stable-security; urgency=high
 
   * Non-maintainer upload for security issues. Thanks to Thijs Kinkhorst for
only in patch2:
--- squirrelmail-1.2.6.orig/src/webmail.php
+++ squirrelmail-1.2.6/src/webmail.php
@@ -85,14 +85,17 @@
 
 if ($right_frame == 'right_main.php') {
 $urlMailbox = urlencode($mailbox);
+$urlSort= urlencode($sort);
+$urlStartMessage = urlencode($startMessage);
+
 $right_frame_url =
-
"right_main.php?mailbox=$urlMailbox&sort=$sort&startMessage=$startMessage";
+
"right_main.php?mailbox=$urlMailbox&sort=$urlSort&startMessage=$urlStartMessage";
 } elseif ($right_frame == 'options.php') {
 $right_frame_url = 'options.php';
 } elseif ($right_frame == 'folders.php') {
 $right_frame_url = 'folders.php';
 } elseif ($right_frame == 'compose.php') {
-$right_frame_url = "compose.php?send_to=$rcptaddress";
+$right_frame_url = "compose.php?send_to=" . urlencode($rcptaddress);
 } else {
 $right_frame_url = 'right_main.php';
 }


- End forwarded message -
-- 
see shy jo


signature.asc
Description: Digital signature

Bug#293378: hdparm not turning off write caching

[john]

Package: hdparm
Version: 5.8-1
Severity: critical

The command
  hdparm -W 0 /dev/hda
does not disable write caching on my hard disk. There is no error
message, but a subsequent
  hdparm -I /dev/hda
reports that write caching is still enabled.

This was working correctly in version 4.5-1.2 (stable) and is
failing in version 5.8-1 (testing).

This bug is serious because journalled file systems such as ext3 can
only guarantee no data loss/corruption if the hardware write caching is
turned off. So I have marked this bug as "critical".


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: still present in sarge

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reopen 291251
Bug#291251: CAN-2005-0064: Arbitrary code execution in kpdf
Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf
Bug reopened, originator not changed.

> tags 291251 -sid
Bug#291251: CAN-2005-0064: Arbitrary code execution in kpdf
Tags were: sid sarge security patch
Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf
Tags removed: sid

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: still present in sarge

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reopen 291209
Bug#291209: csmash window black !
Bug reopened, originator not changed.

> tags 291209 +sarge
Bug#291209: csmash window black !
Tags were: confirmed
Tags added: sarge

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293367: [MAILER-DAEMON@ms-smtp-04.nyroc.rr.com: Returned mail: see transcript for details]

[Justin Pryzby]

acct maintainer:

I responded to the submitter of this RC bug on acct, and his address
bounced, as shown below.  It seems probable that there is no trouble
with the acct package, so I recommend that this bug be closed.

Justin


- Forwarded message from Mail Delivery Subsystem <[EMAIL PROTECTED]> -

X-Original-To: [EMAIL PROTECTED]
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Spam-Score: -0.9 (/)
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
webmin.steelfarms.net
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.63

The original message was received at Wed, 2 Feb 2005 14:57:46 -0500 (EST)
from cpe-24-59-54-124.twcny.res.rr.com [24.59.54.124]

   - The following addresses had permanent fatal errors -
<[EMAIL PROTECTED]>
(reason: 550 5.1.1 <[EMAIL PROTECTED]>... User unknown)

   - Transcript of session follows -
... while talking to mail.hamletinc.com.:
>>> DATA
<<< 550 5.1.1 <[EMAIL PROTECTED]>... User unknown
550 5.1.1 <[EMAIL PROTECTED]>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)

Reporting-MTA: dns; ms-smtp-04.nyroc.rr.com
Received-From-MTA: DNS; cpe-24-59-54-124.twcny.res.rr.com
Arrival-Date: Wed, 2 Feb 2005 14:57:46 -0500 (EST)

Final-Recipient: RFC822; [EMAIL PROTECTED]
Action: failed
Status: 5.1.1
Remote-MTA: DNS; mail.hamletinc.com
Diagnostic-Code: SMTP; 550 5.1.1 <[EMAIL PROTECTED]>... User unknown
Last-Attempt-Date: Wed, 2 Feb 2005 14:57:52 -0500 (EST)

Received: from andromeda (cpe-24-59-54-124.twcny.res.rr.com [24.59.54.124])
by ms-smtp-04.nyroc.rr.com (8.12.10/8.12.10) with ESMTP id 
j12Jvkpl012795;
Wed, 2 Feb 2005 14:57:46 -0500 (EST)
Received: from pryzbyj by andromeda with local (Exim 3.36 #1 (Debian))
id 1CwQdF-0005zm-00; Wed, 02 Feb 2005 14:57:45 -0500
Date: Wed, 2 Feb 2005 14:57:44 -0500
To: Mark Garcia <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#293367: cron.daily acct script execs /etc/init.d/acct -> 
permission denied
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
From: Justin Pryzby <[EMAIL PROTECTED]>
X-Virus-Scanned: Symantec AntiVirus Scan Engine


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: still present in sarge

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reopen 291433
Bug#291433: FWD: [SECURITY] [DSA 650-1] New sword packages fix arbitrary 
command execution
Bug reopened, originator not changed.

> tags 291433 +sarge
Bug#291433: FWD: [SECURITY] [DSA 650-1] New sword packages fix arbitrary 
command execution
Tags were: security
Tags added: sarge

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: still present in sarge

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tags 283134 -fixed
Bug#283134: a2ps: Buggy shell quoting
Tags were: fixed security woody
Tags removed: fixed

> tags 283134 -woody
Bug#283134: a2ps: Buggy shell quoting
Tags were: security woody
Tags removed: woody

> tags 283134 +sarge
Bug#283134: a2ps: Buggy shell quoting
Tags were: security
Tags added: sarge

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293367: cron.daily acct script execs /etc/init.d/acct -> permission denied

[Justin Pryzby]

On Wed, Feb 02, 2005 at 11:20:43AM -0800, Mark Garcia wrote:
> Package: acct
> Version: 6.3.5-39
> Severity: critical
> Tags: patch
> Justification: causes serious data loss
Did you mean that it prevents the creation of new data, because the
script doesn't run?

ii  acct   6.3.5-39   The GNU Accounting utilities for

-rwxr-xr-x root/root  3443 2004-02-01 17:52:59 ./etc/init.d/acct

The file provided by the .deb is chmod a+x.  Are you sure you haven't
manually changed the permissions?

> -- Description:
> 
> /etc/cron.daily/acct that is installed calls the /etc/init.d/acct
> {start|stop}.
> 
> This init.d script does not have execute permissions.  One would be
> tempted to chmod u+x /etc/init.d/acct but it is preferred to execute
> /bin/sh /etc/init.d/acct instead.
Why is it preferred?

Justin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#292618: wvdial: doesn't initialize serial port correctly since last update

[Jérôme Schell]

Patrick Patterson a écrit :
Can you double check what the permissions are for your /dev/ttyS0?
Forgot to tell that my install is a fresh Sarge with default 2.6 kernel.
Permissions of /dev/ttyS0 are allright:
crw-rw  1 root dialout 4, 64 2002-03-14 22:51 /dev/ttyS0
kppp is working fine and pon/poff too as a simple user.
Also - are you using udev or any such thing? 

Yes, udev, as it is a default Sarge install.
Does this work when you run wvdial as root?
Yes it works as root, that's why I think it's pretty strange.
--
Jérôme

Bug#293370: cron.daily acct script execs /etc/init.d/acct -> permission denied

[Mark A. Garcia]

Package: acct
Version: 6.3.5-39
Severity: critical
Tags: patch
Justification: causes serious data loss
-- System Information:
Debian Release: 3.1
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages acct depends on:
ii  debconf 1.4.30.10Debian configuration management sy
ii  libc6   2.3.2.ds1-18 GNU C Library: Shared libraries an
-- debconf information:
 acct/kernel_mismatch: false
-- Description:
/etc/cron.daily/acct that is installed calls the /etc/init.d/acct {start|stop}.
This init.d script does not have execute permissions.  This means that the 
savelog that occurs could happen during a write from the acct tool leading to 
dataloss.  One would be tempted to chmod u+x /etc/init.d/acct but it would be 
nice to add '/bin/sh /etc/init.d/acct' instead.  Hence, the simple patch below:
 BEGIN 
--- acct.orig   2005-02-02 11:14:51.0 -0800
+++ acct2005-02-02 11:15:12.0 -0800
@@ -9,8 +9,8 @@
then
cd /var/account
savelog -g adm -m 0640 -u root -c 7 /var/account/pacct >/dev/null
-/etc/init.d/acct stop >/dev/null
-/etc/init.d/acct start >/dev/null
+/bin/sh /etc/init.d/acct stop >/dev/null
+/bin/sh /etc/init.d/acct start >/dev/null
fi
 
#
 END 


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293367: cron.daily acct script execs /etc/init.d/acct -> permission denied

[Mark Garcia]

Package: acct
Version: 6.3.5-39
Severity: critical
Tags: patch
Justification: causes serious data loss



-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages acct depends on:
ii  debconf 1.4.30.10Debian configuration management sy
ii  libc6   2.3.2.ds1-18 GNU C Library: Shared libraries an

-- debconf information:
  acct/kernel_mismatch: false

-- Description:

/etc/cron.daily/acct that is installed calls the /etc/init.d/acct {start|stop}.

This init.d script does not have execute permissions.  One would be tempted to 
chmod u+x /etc/init.d/acct but it 
is preferred to execute /bin/sh /etc/init.d/acct instead.  Hence, the simple 
patch below:

 BEGIN 
--- acct.orig   2005-02-02 11:14:51.0 -0800
+++ acct2005-02-02 11:15:12.0 -0800
@@ -9,8 +9,8 @@
 then
 cd /var/account
 savelog -g adm -m 0640 -u root -c 7 /var/account/pacct >/dev/null
-/etc/init.d/acct stop >/dev/null
-/etc/init.d/acct start >/dev/null
+/bin/sh /etc/init.d/acct stop >/dev/null
+/bin/sh /etc/init.d/acct start >/dev/null
 fi
  
 #
 END 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293345: mysql: File owned by mysql is run by root

[Christian Hammers]

Hello Matt

On 2005-02-02 Matt Brubeck wrote:
> The following file is run as root by /etc/init.d/mysql (it is sourced by
> /etc/mysql/debian-start): /usr/share/mysql/debian-start.inc.sh

You're right, the directory is really owned by the mysql user.
I check if this is neccessary as the server should only needs to
read the locale data in this directory.

The problem does also exist for other scripts there, i.e.
echo_stderr and mysql_fix_privilege_tables.sql which is sourced
by /usr/bin/mysql_fix_privilege_tables.

I will upload a fixed version later the evening and also check if
Woody is affected.

Thanks for reporting!

bye,

-christian-



pgpdnGU35hCG8.pgp
Description: PGP signature

Bug#293338: python2.3: raises an AttributeError during a deep copy

[Matthias Klose]

Roman Joost writes:
> Package: python2.3
> Version: 2.3.4-19
> Severity: grave
> Justification: renders package unusable
> 
> 
> I'm using the python2.3 to run my Zope 2.7.3 with CMF/Plone. After an update 
> in
> debian unstable, it doesn't work anymore, because it raises an AttributeError
> during a deep copy. I haven't investigated the Problem, but seems to be 
> package
> related for me. 
> 
> I downgraded to the latest testing release of python2.3 and I'm able to start 
> Zope with the products as usual. The traceback as follows:

[...]

The current python version in unstable is 2.3.4+2.3.5rc1-1.

Please could you disable the AlphaFlow product and try to reprodcue
the behaviour?

Thanks, Matthias


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291031: additional Info regarding #291031

[Sebastian Feltel]

LaMont Jones schrieb am 02.02.2005 18:24:
From the documentation:
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi".  This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
Since you can't rebuild mysql maps with newaliases, you really want to
have this instead:
alias_maps = hash:/etc/postfix/aliases, mysql:/etc/postfix/mysql-aliases.cf
alias_database = hash:/etc/postfix/aliases
It seems you are right. I changed the configuration and re-installed 
postfix for testing purposes. Now the installation works without problems.

Sorry for creating unnessesary noise.
Bye
Sebastian
--
debianforum.de - die deutschsprachige Supportwebseite rund
um das Debian-Projekt  


signature.asc
Description: OpenPGP digital signature

Bug#293209: marked as done (xine-ui: video visualization doesn't work)

[Debian Bug Tracking System]

Your message dated Wed, 2 Feb 2005 18:52:26 +0100 (CET)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293209: xine-ui: video visualization doesn't work (fwd)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 1 Feb 2005 19:21:44 +
>From [EMAIL PROTECTED] Tue Feb 01 11:21:43 2005
Return-path: <[EMAIL PROTECTED]>
Received: from master.debian.org [146.82.138.7] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cw3ap-kG-00; Tue, 01 Feb 2005 11:21:43 -0800
Received: from 200-206-141-224.speedyterra.com.br (bestbrasil.pinnet.com.br) 
[200.206.141.224] 
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cw3Z8-0002Qb-00; Tue, 01 Feb 2005 13:19:59 -0600
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Renan Melhado <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: xine-ui: video visualization doesn't work
X-Mailer: reportbug 3.2
Date: Tue, 01 Feb 2005 17:21:09 +
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=ham 
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: xine-ui
Version: 0.99.3-1
Severity: grave
Justification: renders package unusable

I'm using the latest testing version of xine.

When I run xine, the visualization area of the video player just stay 
"embarassed" and distorted, so the area of video play turns "off", 
showing random color with some distortions, and is impossible to run any 
video due to this problem.

The title of the windows shows a message saying something like: "There 
are no mrl"

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-386
Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1)

Versions of packages xine-ui depends on:
ii  libc62.3.2.ds1-20GNU C Library: Shared libraries an
ii  libcurl3 7.12.3-2Multi-protocol file transfer libra
ii  libfreetype6 2.1.7-2.3   FreeType 2 font engine, shared lib
ii  libice6  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libidn11 0.5.2-3 GNU libidn library, implementation
ii  libncurses5  5.4-4   Shared libraries for terminal hand
ii  libpng12-0   1.2.8rel-1  PNG library - runtime
ii  libreadline5 5.0-8   GNU readline and history libraries
ii  libsm6   4.3.0.dfsg.1-10 X Window System Session Management
ii  libssl0.9.7  0.9.7e-2SSL shared libraries
ii  libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxine1 1.0-1   the xine video/media player librar
ii  libxtst6 4.3.0.dfsg.1-10 X Window System event recording an
ii  libxv1   4.3.0.dfsg.1-10 X Window System video extension li
ii  xlibs4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  zlib1g   1:1.2.2-3   compression library - runtime

-- no debconf information

---
Received: (at 293209-done) by bugs.debian.org; 2 Feb 2005 17:52:28 +
>From [EMAIL PROTECTED] Wed Feb 02 09:52:28 2005
Return-path: <[EMAIL PROTECTED]>
Received: from darkwing.informatik.uni-stuttgart.de [129.69.212.97] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwOg0-0005Ju-00; Wed, 02 Feb 2005 09:52:28 -0800
Received: from langausd (helo=localhost)
by darkwing.informatik.uni-stuttgart.de with local-esmtp (Exim 3.35 #1 
(Debian))
id 1CwOfy-0008PK-00
for <[EMAIL PROTECTED]>; Wed, 02 Feb 2005 18:52:26 +0100
Date: Wed, 2 Feb 2005 18:52:26 +0100 (CET)
From: Siggi Langauf <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Bug#293209: xine-ui: video visualization doesn't work (fwd)
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: Siggi Langauf <[EMAIL PROTECTED]>
Deliv

Processed: Fixed in NMU of strace 4.5.8-1.1

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> tag 278449 + fixed
Bug#278449: strace: ftbfs [sparc] initializer element is not constant errors
Tags were: patch sid
Tags added: fixed

> quit
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#291031: marked as done (postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #3)

[Debian Bug Tracking System]

Your message dated Wed, 2 Feb 2005 10:25:56 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291031: postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 
fails #3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 18 Jan 2005 10:08:12 +
>From [EMAIL PROTECTED] Tue Jan 18 02:08:12 2005
Return-path: <[EMAIL PROTECTED]>
Received: from port-212-202-174-55.dynamic.qsc.de (server.home) 
[212.202.174.55] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CqqHT-00052R-00; Tue, 18 Jan 2005 02:08:12 -0800
Received: from localhost (localhost [127.0.0.1])
by server.home (Postfix) with ESMTP id 3F90060B0270;
Tue, 18 Jan 2005 11:07:40 +0100 (CET)
Received: from server.home ([127.0.0.1])
by localhost (server.home [127.0.0.1]) (amavisd-new, port 10024)
with SMTP id 13037-07; Tue, 18 Jan 2005 11:07:22 +0100 (CET)
Received: by server.home (Postfix, from userid 1000)
id B1E5E60B0261; Tue, 18 Jan 2005 11:07:21 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Martin Lohmeier <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: postfix: Upgrade from Postfix 2.1.4-5 to 2.1.5-4 fails #3
X-Mailer: reportbug 3.2
Date: Tue, 18 Jan 2005 11:07:21 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at ferris.dyndns.info
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,DATING,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: postfix
Version: 2.1.5-4
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

when updating postfix I got the following error:

Running newaliases
postalias: fatal: dict_mkmap_func: unsupported dictionary type: mysql does not 
allow map creation.
dpkg: error processing postfix (--configure):
 subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of postfix-tls:
 postfix-tls depends on postfix; however:
  Package postfix is not configured yet.
 postfix-tls depends on postfix (= 2.1.5-4); however:
  Package postfix is not configured yet.
dpkg: error processing postfix-tls (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of postfix-mysql:
 postfix-mysql depends on postfix; however:
  Package postfix is not configured yet.
 postfix-mysql depends on postfix (= 2.1.5-4); however:
  Package postfix is not configured yet.
dpkg: error processing postfix-mysql (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of postfix-pcre:
 postfix-pcre depends on postfix; however:
  Package postfix is not configured yet.
 postfix-pcre depends on postfix (= 2.1.5-4); however:
  Package postfix is not configured yet.
dpkg: error processing postfix-pcre (--configure):
 dependency problems - leaving unconfigured
Setting up postfix-doc (2.1.5-4) ...

Errors were encountered while processing:
 postfix
 postfix-tls
 postfix-mysql
 postfix-pcre
E: Sub-process /usr/bin/dpkg returned an error code (1)

Here is my main.cf: http://np.debianforum.de/30

Is solved the problem by commenting out the following line

virtual_alias_maps  = 
mysql:/etc/postfix/mysql-virtual_alias_maps.cf

by, Martin


- -- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages postfix depends on:
ii  adduser 3.59 Add and remove users and groups
ii  debconf [debconf-2.0]   1.4.30.11Debian configuration management sy
ii  dpkg1.10.25  Package maintenance system for Deb
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libgdbm31.8.3-2  GNU dbm database routines (runtime
ii  netbase 4.19 Basic TCP/IP networking system

- -- debconf information:
  postfix/mailname: /etc/mailname
  postfix/append_dot_mydoma

Bug#293281: squirrelmail: Config file in /var

[Jeroen van Wolffelaar]

On Wed, Feb 02, 2005 at 07:49:48PM +0300, Cyril Bouthors wrote:
> On 2 Feb 2005, Thijs Kinkhorst wrote:
> >
> > Thank you for your report, I think you are right.
> 
> My advice would be to pay attention to the lintian and linda outputs,
> I'm almost sure they both report this kind of suggestion.

Eh, I'm lintian maintainer, I do lintian check our package every upload
:). Somehow, indeed this isn't causing a lintian warning, which is
strange. I'll look into that.
 
> Is squirrelmail lintian error/warning free?

No, but the two lintian warnings need to be overridden, I just didn't
get around doing that, otherwise, it's lintain free. True enough, linda
did find this. Argh, I really dislike there being a clone of lintian
that completely tries to reproduce the same functionality, for no good
reason...

--Jeroen

-- 
Jeroen van Wolffelaar
[EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl

Bug#291031: additional Info regarding #291031

[LaMont Jones]

On Tue, Jan 18, 2005 at 05:12:31PM +0100, Sebastian Feltel wrote:
> I was running into the same problems which Martin described while 
> upgrading postfix. I "solved" the problem by uncommenting the 
> newaliases-Section (line 438 - 450) in the postix postinst-Script.

> For reference I've saved my configuration at [1]. This configuration was 
> used under postfix 1.x and modified some times ago to be compatible with 
> postfix 2. Postfix is running quite well as before the upgrade to 
> postfix 2.1.5-4

alias_maps = hash:/etc/postfix/aliases, mysql:/etc/postfix/mysql-aliases.cf
alias_database = hash:/etc/postfix/aliases, mysql:/etc/postfix/mysql-aliases.cf

>From the documentation:
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.

# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi".  This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.

Since you can't rebuild mysql maps with newaliases, you really want to
have this instead:

alias_maps = hash:/etc/postfix/aliases, mysql:/etc/postfix/mysql-aliases.cf
alias_database = hash:/etc/postfix/aliases

lamont


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293287: marked as done (Atempt to restart X or reboot system with /usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank screen.)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 11:16:20 -0600
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293287: Attempt to restart X or reboot system with 
/usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank 
screen.
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 2 Feb 2005 08:14:40 +
>From [EMAIL PROTECTED] Wed Feb 02 00:14:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mtaout2.012.net.il [84.95.2.4] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwFep-000821-00; Wed, 02 Feb 2005 00:14:39 -0800
Received: from d_baron ([80.178.69.30])
 by i_mtaout2.012.net.il (HyperSendmail v2004.12)
 with ESMTP id <[EMAIL PROTECTED]> for
 [EMAIL PROTECTED]; Wed, 02 Feb 2005 10:16:14 +0200 (IST)
Received: from david by d_baron with local (Exim 4.44)
id 1CwFeI-0002qe-Mh; Wed, 02 Feb 2005 10:14:06 +0200
Date: Wed, 02 Feb 2005 10:14:06 +0200
From: David Baron <[EMAIL PROTECTED]>
Subject: Atempt to restart X or reboot system with
 /usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank
 screen.
X-012-Sender: David Baron <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
X-Mailer: reportbug 3.7.1
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
RCVD_IN_DSBL autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: dri-trunk
Version: 2005.01.26-2
Severity: critical
Justification: breaks the whole system

When system is hung with blank screen, impossible to "escape" to shell
and the only way out is to reboot. File systems (ext3) seem uneffected
and journals were not restored.
Commenting out the line in XF86Config-4 (fallback to older modules
directories) restores the system.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable'), (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

---
Received: (at 293287-done) by bugs.debian.org; 2 Feb 2005 17:16:02 +
>From [EMAIL PROTECTED] Wed Feb 02 09:16:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ev1s-216-127-82-9.ev1servers.net (mail.nixnuts.net) 
[216.127.82.9] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwO6k-0006l5-00; Wed, 02 Feb 2005 09:16:02 -0800
Received: from [66.25.59.191] (helo=[192.168.2.184])
by mail.nixnuts.net with asmtp (Exim 4.34 #1 (Debian))
id 1CwPu6-0004TU-1i; Wed, 02 Feb 2005 13:11:06 -0600
Subject: Re: Bug#293287: Attempt to restart X or reboot system with
/usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with
blank screen.
From: John Lightsey <[EMAIL PROTECTED]>
To: Martin Michlmayr <[EMAIL PROTECTED]>
Cc: David Baron <[EMAIL PROTECTED]>, [EMAIL PROTECTED],  [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
 <[EMAIL PROTECTED]>
 <[EMAIL PROTECTED]>
 <[EMAIL PROTECTED]>
Content-Type: multipart/signed; micalg=pgp-sha1; 
protocol="application/pgp-signature"; boundary="=-u2Re5cWM8K63bk0YjUvU"
Date: Wed, 02 Feb 2005 11:16:20 -0600
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--=-u2Re5cWM8K63bk0YjUvU
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2005-02-02 at 13:29 +, Martin Michlmayr wrote:
> * David Baron <[EMAIL PROTECTED]> [2005-02-02 15:11]:
> > > > Package: dri-trunk
> > > > Version: 2005.01.26-2
> > >
> > > I cannot find such a package in the Debian archive.  Do you know wher=
e
> > > you obtained in?  If not, what does
> > >   dpkg -p dri-trunk | grep Maintainer
> > > say?
> >=20
> > There are actually three pieces here:
> >=20
> > 1. xserver-xfree86-dri-trunk
> > 2. xlibmesa-gl1-dri-trunk
> >=20
> > these two might bot

Bug#293281: squirrelmail: Config file in /var

[Cyril Bouthors]

On 2 Feb 2005, Thijs Kinkhorst wrote:
>
> Thank you for your report, I think you are right.

My advice would be to pay attention to the lintian and linda outputs,
I'm almost sure they both report this kind of suggestion.

Is squirrelmail lintian error/warning free?
-- 
Cyril Bouthors


pgpGebYgcV3HM.pgp
Description: PGP signature

Bug#293345: mysql: File owned by mysql is run by root

[Matt Brubeck]

Package: mysql-server
Version: 4.0.23-3
Severity: critical
Tags: security, sarge, sid

A privilege escalation vulnerability was introduced in mysql-sever
4.0.23-1.

The following file is run as root by /etc/init.d/mysql (it is sourced by
/etc/mysql/debian-start):

  /usr/share/mysql/debian-start.inc.sh

This file and its containing directory are owned by the "mysql" user.
An attacker with access to the "mysql" account could change this file to
contain arbitrary commands, which would be run as root whenever
mysql-server is started (including at system boot).


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293209: xine-ui: video visualization doesn't work

[Renan]

What I tried to say with "embarassed" is that the
video area of xine is displaying a incompreensive
content, like random colors moving in the screen in
differents rotations.

"Off" I used to say that the area of video display was
impossible to use, that only displayed the random
colors...

I thinked that the title of the window have a relation
with the problem.

I tried the command that you said, and it worked. Of
course, the problem is on my machine.

Sorry my bad English and inconvenience.

Thanks a lot for your help.





___ 
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. 
http://br.acesso.yahoo.com/ - Internet rápida e grátis


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293207: bogofilter: last two versions caused db errors

[Karl Schmidt]

Matthias Andree wrote:
I have:
libdb4.3   4.3.27-1

Please run "bogofilter -V" to check the bogofilter and Berkeley DB
versions, the first two lines are sufficient. Do this with either
bogofilter version. Remember that if you're inadvertently going forth
and back between Berkeley DB versions, your database environment may
break like this. Going backwards isn't supported (so bogoutil -d before
the upgrade, remove the database, downgrade, bogoutil -l), going
forwards requires you to remove the environment _BEFORE_ the update.
I have rewritten parts of README.db after the 0.93.5 release, hence I'm
adding the rewritten version below, perhaps it can help.

Installing bogofilter on a Debian testing box gives us:
ii  bogofilter 0.93.5-1   a fast Bayesian spam filter
$ bogofilter -V
bogofilter version 0.93.5
Database: Sleepycat Software: Berkeley DB 4.3.27: (December 22, 2004
I delete all the files in the db directory and run the following script 
(as I've had to rebuild a few times now):

#!/bin/bash
bogofilter -M -s -d /etc/bogofilter -I /home/karl/mail/zs-archived-spam2004
bogofilter -M -s -d /etc/bogofilter -I /home/karl/mail/zs-archived-spam2003
bogofilter -M -s -d /etc/bogofilter -I /home/karl/mail/s-archived-spam
bogofilter -M -n -d /etc/bogofilter -I /home/karl/mail/z-archived2004
bogofilter -M -n -d /etc/bogofilter -I /home/karl/mail/archived
bogofilter -M -n -d /etc/bogofilter -I /home/karl/mail/list-servers/EXIM
bogofilter -M -n -d /etc/bogofilter -I
chown  Debian-exim.Debian-exim /etc/bogofilter/*
Everything works (not sure if it is tagging quite as much spam) then it 
ends ups stopping after about 48 hours.

This is on a Tyan MB with ECC memory, antec powersupply - I think a 
quite stable system running bind, dhcp,hylasfax, samba, nfs, imap all 
flawlessly. I would suspect falky hardware at this point except going 
back to the older version fixes things.

Only other thing I can suspect is that exim is threaded - could there be 
a locking problem I'm seeing running two requests at a time? I can 
imagine that 48 hours would be long enough to be filtering two messages 
at the same time. That would explain why most people running in a single 
thread POP service manner would not see this bug.

The basic fact is I am sure I recreated the databases and didn't upgrade 
and try to run the old data base  (which if I remember would have failed 
at once.) Going back to the old version and once again reproducing the 
databases fixes the problem.

I can think that it would be easy to test by running two or three 
instances of bogofilter at the same time on some mail files. One can 
write a script that will fork and you might want to add it to your 
testing procedure. Hope this helps.

I hope I didn't sound off base here and hope I haven't ruffled any 
feathers, but I really do think that these should spend some time in 
unstable.


Karl Schmidt EMail [EMAIL PROTECTED]
Transtronics, Inc. WEB http://xtronics.com
3209 West 9th StreetPh (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-0434
A patent provides one a license to enrich his lawyer. -kps

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293338: python2.3: raises an AttributeError during a deep copy

[Roman Joost]

Package: python2.3
Version: 2.3.4-19
Severity: grave
Justification: renders package unusable


I'm using the python2.3 to run my Zope 2.7.3 with CMF/Plone. After an update in
debian unstable, it doesn't work anymore, because it raises an AttributeError
during a deep copy. I haven't investigated the Problem, but seems to be package
related for me. 

I downgraded to the latest testing release of python2.3 and I'm able to start 
Zope with the products as usual. The traceback as follows:

Traceback (most recent call last):
  File "/opt/Zope-2.7.3/lib/python/Zope/Startup/run.py", line 50, in ?
run()
  File "/opt/Zope-2.7.3/lib/python/Zope/Startup/run.py", line 19, in run
start_zope(opts.configroot)
  File "/opt/Zope-2.7.3/lib/python/Zope/Startup/__init__.py", line 51, in 
start_zope
starter.startZope()
  File "/opt/Zope-2.7.3/lib/python/Zope/Startup/__init__.py", line 230, in 
startZope
Zope.startup()
  File "/opt/Zope-2.7.3/lib/python/Zope/__init__.py", line 47, in startup
_startup()
  File "/opt/Zope-2.7.3/lib/python/Zope/App/startup.py", line 45, in startup
OFS.Application.import_products()
  File "/opt/Zope-2.7.3/lib/python/OFS/Application.py", line 637, in 
import_products
import_product(product_dir, product_name, raise_exc=debug_mode)
  File "/opt/Zope-2.7.3/lib/python/OFS/Application.py", line 660, in 
import_product
product=__import__(pname, global_dict, global_dict, silly)
  File "/opt/AlphaFlow/Products/ATContentTypes/__init__.py", line 54, in ?
import Products.ATContentTypes.migration
  File "/opt/AlphaFlow/Products/ATContentTypes/migration/__init__.py", line 3, 
in ?
import ATCTMigrator
  File "/opt/AlphaFlow/Products/ATContentTypes/migration/ATCTMigrator.py", line 
30, in ?
from Products.ATContentTypes.types import ATDocument, ATEvent, \
  File "/opt/AlphaFlow/Products/ATContentTypes/types/__init__.py", line 26, in ?
import ATLink
  File "/opt/AlphaFlow/Products/ATContentTypes/types/ATLink.py", line 38, in ?
from Products.ATContentTypes.types.ATContentType import ATCTContent
  File "/opt/AlphaFlow/Products/ATContentTypes/types/ATContentType.py", line 
61, in ?
from Products.ATContentTypes.types.schemata import ATContentTypeSchema
  File "/opt/AlphaFlow/Products/ATContentTypes/types/schemata.py", line 53, in ?
ATContentTypeBaseSchema = BaseSchema.copy()
  File "/opt/AlphaFlow/Products/Archetypes/Schema/__init__.py", line 671, in 
copy
c.addField(field.copy())
  File "/opt/AlphaFlow/Products/Archetypes/Field.py", line 203, in copy
properties = deepcopy(cdict)
  File "/usr/lib/python2.3/copy.py", line 191, in deepcopy
y = copier(x, memo)
  File "/usr/lib/python2.3/copy.py", line 285, in _deepcopy_dict
y[deepcopy(key, memo)] = deepcopy(value, memo)
  File "/usr/lib/python2.3/copy.py", line 200, in deepcopy
copier = _getspecial(cls, "__deepcopy__")
  File "/usr/lib/python2.3/copy.py", line 66, in _getspecial
for basecls in cls.__mro__:
AttributeError: __mro__


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (700, 'unstable'), (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages python2.3 depends on:
ii  libbz2-1.0  1.0.2-3  high-quality block-sorting file co
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libncurses5 5.4-4Shared libraries for terminal hand
ii  libreadline44.3-15   GNU readline and history libraries
ii  libssl0.9.7 0.9.7e-3 SSL shared libraries
ii  zlib1g  1:1.2.2-4compression library - runtime

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: your mail

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> close 288785
Bug#288785: dummy bug to prevent transition into sarge
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to Martin Godisch <[EMAIL PROTECTED]>

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293315: marked as done (liblockfile-simple-perl: Conflicts with perl-base)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 10:32:02 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293315: fixed in liblockfile-simple-perl 0.2.5-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 2 Feb 2005 13:50:35 +
>From [EMAIL PROTECTED] Wed Feb 02 05:50:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwKtv-0005PM-00; Wed, 02 Feb 2005 05:50:35 -0800
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
id 1CwKtQ-0006ZQ-3G; Wed, 02 Feb 2005 14:50:04 +0100
Date: Wed, 2 Feb 2005 14:50:04 +0100
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: liblockfile-simple-perl: Conflicts with perl-base
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs"
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: liblockfile-simple-perl
Severity: critical
Tags: patch
Justification: breaks unrelated software

Hi!

This package conflicts wiht perl-base. It ships an (empty) directory
/usr/lib/perl/5.8, which violates the Perl Policy. /usr/lib/perl/5.8
is already installed by perl-base as a symlink to /usr/lib/perl/5.8.4.

A quickfix is at

  http://patches.ubuntu.com/patches/liblockfile-simple-perl.perl-base-confl=
ict.diff

however, you should rather change the build system to not create that
directory in the first place.

Just as a side note, this package is badly undermaintained. It has
lots of lintian warnings (and an error which points out this bug,
btw), lots of cruft in debian/, and an ancient Packaging Policy.

Thanks,

Martin

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8 (charmap=3DUTF-8)

--=20
Martin Pitt   http://www.piware.de
Ubuntu Developerhttp://www.ubuntulinux.org
Debian GNU/Linux Developer   http://www.debian.org

--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCANqLDecnbV4Fd/IRAk5EAKCs5juYi14Xqur3vwdAOf980/KEqQCfU6XA
zCyacLmdXRn+ZVhA6Rm6cIU=
=XFKV
-END PGP SIGNATURE-

--82I3+IH0IqGh5yIs--

---
Received: (at 293315-close) by bugs.debian.org; 2 Feb 2005 15:38:49 +
>From [EMAIL PROTECTED] Wed Feb 02 07:38:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwMad-LE-00; Wed, 02 Feb 2005 07:38:47 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwMU6-0005oG-00; Wed, 02 Feb 2005 10:32:02 -0500
From: John Goerzen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#293315: fixed in liblockfile-simple-perl 0.2.5-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 10:32:02 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: liblockfile-simple-perl
Source-Version: 0.2.5-5

We believe that the bug you reported is fixed in the latest version of
liblockfile-simple-perl, which is due to be installed in the Debian FTP archive:

liblockfile-simple-perl_0.2.5-5.diff.gz
  to 
pool/main/libl/liblockfile-simple-perl/liblockfile-simple-perl_0.2.5-5.diff.gz
liblockfile-simple-perl_0.2.5-5.dsc
  to pool/ma

Bug#285435: marked as done (perl: silent write error can lead to data loss, with patch)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 10:17:16 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#285435: fixed in perl 5.8.4-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 13 Dec 2004 08:47:53 +
>From [EMAIL PROTECTED] Mon Dec 13 00:47:52 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mx.meyering.net [82.230.74.64] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cdls0-0002G3-00; Mon, 13 Dec 2004 00:47:52 -0800
Received: by mx.meyering.net (Acme Bit-Twister, from userid 1002)
id 21BD8400C; Mon, 13 Dec 2004 09:49:24 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Jim Meyering <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: perl: silent write error can lead to data loss, with patch
X-Mailer: reportbug 3.4
Date: Mon, 13 Dec 2004 09:49:24 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: perl
Version: 5.8.4-5
Severity: grave
Tags: security patch
Justification: causes non-serious data loss

At first I hesitated to give this the `security' tag, but if you care
about security/reliability and write to a file, then you do want this fix.
And calling this a `grave' bug might be accurate, but only if you're
constantly writing to a nearly-full disk.

I reported this upstream a couple of weeks ago, but was surprised
by the total lack of response.  Maybe you'll be more interested:

  http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2004-12/msg00072.html
  http://rt.perl.org/rt3/index.html?q=32745

Sometimes, closing a Perl file handle succeeds even though there have
been write errors via that handle.  This bug appears to affect every
version of perl from 5.005_04 to 5.9.1.  I didn't build/test versions
earlier than 5.005_04, but the doio.c:do_close function in 5.003 looks
like it has the same problem.

Here's a quick demo that depends on two things:
  - you have a /dev/full device (Linux, HPUX, MaxOS-X/Darwin)
  - 131072 is a multiple of your system's I/O buffer size

  perl -e 'print "x" x 131072; close STDOUT or die "$!\n"' \
> /dev/full 2> /dev/null && echo fail || echo ok

It prints `fail' because at least one write system call failed and Perl's
`close' mistakenly succeeded.  It would print `ok' for any size output
other than a multiple of the output buffer size.  On the Linux systems
I've checked, that size is 4096.  On a ppc/Darwin (7.5.0) system I tested,
the buffer size was 131072.

This means that if your Perl script happens to write precisely the
wrong number of bytes to a full or corrupted disk or to a closed file
descriptor, even if you dutifully check for success when closing the
file handle, the error will go undetected.

Here's another demo.  Notice that it fails (as it should) for sizes
131071 and 131073, but not for output of size 131072.

  $ perl -e 'print "x" x 131071; close STDOUT or die "$!\n"' > /dev/full
  No space left on device
  [Exit 28]
  $ perl -e 'print "x" x 131072; close STDOUT or die "$!\n"' > /dev/full
  $ perl -e 'print "x" x 131073; close STDOUT or die "$!\n"' > /dev/full
  No space left on device
  [Exit 28]

After applying the patch below, the problematic case (with size being
a multiple of 4096 in my case), now fails, as it should:

  $ ./perl -e 'print "x" x 131072; close STDOUT or die "$!\n"' > /dev/full
  No space left on device
  [Exit 28]

On a Solaris 5.9 system, which lacks /dev/full, I demonstrated
the failure with the following small script that invokes perl with
stdout closed.  All invocations of perl should evoke the
`Bad file number' error.  But note that on some systems the
closed-stdout test succeeds (perl detects the error) even though
the write-to-/dev/full test fails.

#!/bin/sh
n=1024
for i in 1 2 3 4 5 6; do
   echo $n
   perl -e 'print "x" x '$n'; close STDOUT or die "$!\n"' >&-
   n=`expr 2 \* $n`
done

Here's the output:

1024
Bad file number
2048
Bad file number
4096
Bad file number
8192
Bad file number
16384
32768


This patch fixes the bug and induces no new failures in any of
these versions:

5.005_04

Processed: change severity

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> severity 292984 important
Bug#292984: lvm2: lvremove causes inconsistent VG metadata
Severity set to `important'.

> --
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293315: liblockfile-simple-perl: Conflicts with perl-base

[John Goerzen]

On Wed, Feb 02, 2005 at 02:50:04PM +0100, Martin Pitt wrote:
> This package conflicts wiht perl-base. It ships an (empty) directory
> /usr/lib/perl/5.8, which violates the Perl Policy. /usr/lib/perl/5.8
> is already installed by perl-base as a symlink to /usr/lib/perl/5.8.4.
> 
> A quickfix is at
> 
>   
> http://patches.ubuntu.com/patches/liblockfile-simple-perl.perl-base-conflict.diff

Thanks.

> Just as a side note, this package is badly undermaintained. It has
> lots of lintian warnings (and an error which points out this bug,
> btw), lots of cruft in debian/, and an ancient Packaging Policy.

You're right.  I'm going to put this up for adoption.  I had thought I
already did, actually, but I guess that didn't happen somehow.  (I do
little Perl coding anymore.)

-- John


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293317: marked as done (perl: Vulnerable to CAN-2005-015[56])

[Debian Bug Tracking System]

Your message dated Thu, 3 Feb 2005 01:24:10 +1100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293317: perl: Vulnerable to CAN-2005-015[56]
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 2 Feb 2005 13:58:31 +
>From [EMAIL PROTECTED] Wed Feb 02 05:58:31 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwL1b-0007Yp-00; Wed, 02 Feb 2005 05:58:31 -0800
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
id 1CwL16-0006c5-PC; Wed, 02 Feb 2005 14:58:00 +0100
Date: Wed, 2 Feb 2005 14:58:00 +0100
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: perl: Vulnerable to CAN-2005-015[56]
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="jq0ap7NbKX2Kqbes"
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--jq0ap7NbKX2Kqbes
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: perl
Version: 5.8.4-5
Severity: critical
Tags: security patch
Justification: root security hole

Hi Brendan!

suid-perl scripts in conjunction with the PERLIO_DEBUG environment
variable have two vulnerabilities (exploitable buffer overflow and
arbitrary file overwrite).

Please see the Ubuntu USN for details:

  http://www.ubuntulinux.org/support/documentation/usn/usn-72-1

The Ubuntu debdiff is at

  http://patches.ubuntu.com/patches/perl.CAN-2005-0155_0156.diff

However, I just made the fix inline without putting it in
debian/patches.

Thanks,

Martin

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=3Dde_DE.UTF-8, LC_CTYPE=3Dde_DE.UTF-8 (charmap=3DUTF-8)

Versions of packages perl depends on:
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Librari=
es [
ii  libgdbm31.8.3-2  GNU dbm database routines (run=
time
ii  perl-base   5.8.4-5  The Pathologically Eclectic Ru=
bbis
ii  perl-modules5.8.4-5  Core Perl modules

-- no debconf information

--=20
Martin Pitt   http://www.piware.de
Ubuntu Developerhttp://www.ubuntulinux.org
Debian GNU/Linux Developer   http://www.debian.org

--jq0ap7NbKX2Kqbes
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCANxoDecnbV4Fd/IRAoEcAJ9fAKOaDHt1qiqnzKpVp+Gou7WiJACcCR7e
V5EdodjDG7G0I2RhaLDCypw=
=Rd+A
-END PGP SIGNATURE-

--jq0ap7NbKX2Kqbes--

---
Received: (at 293317-done) by bugs.debian.org; 2 Feb 2005 14:24:14 +
>From [EMAIL PROTECTED] Wed Feb 02 06:24:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from londo.c47.org [198.142.1.20] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwLQT-0005Bm-00; Wed, 02 Feb 2005 06:24:13 -0800
Received: from bod by londo.c47.org with local (Exim 3.36 #1 (Debian))
id 1CwLQQ-6m-00; Thu, 03 Feb 2005 01:24:10 +1100
Date: Thu, 3 Feb 2005 01:24:10 +1100
From: Brendan O'Dea <[EMAIL PROTECTED]>
To: Martin Pitt <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#293317: perl: Vulnerable to CAN-2005-015[56]
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-S

Bug#293319: gconf2: gconf fail to store information into /apps/nautilus/preferences_version/

[Patrick Zanon - Isolcell Italia S.p.A.]

Package: gconf2
Version: 2.8.1-4
Severity: grave
Justification: renders package unusable

Dear Bug Team,
just after startx command, the gconf fails givinng

"
Errore GConf: Nessun database disponibile per salvare la propria
configurazione: Impossibile inserire un valore alla chiave
'/apps/nautilus/preferences_version' perché il server di configurazione
non ha database scrivibili. Le possibile cause sono: 1) l'attuale file
di configurazione del percorso /etc/gconf/2/path non contiene nessun
database o non è stato trovato; 2) sono erroneamente attivi due processi
gconfd; 3) il sistema operativo ha una configurazione errata che
preclude il funzionamento del file locking NFS nella home directory; 4)
il client NFS è andato in crash e non ha notificato, in modo corretto,
al server di rilasciare il lock sui file al riavvio. Se sono attivi due
processi gconfd, provare ad eseguire il logout, terminare (kill) tutti i
processi gconfd ed eseguire il login nuovamente. Se è presente un file
di lock vecchio, cancellare ~/.gconf*/*lock. Probabilmente il problema è
che c'è stato un tentativo di utilizzo di GConf da due macchine
contemporaneamente e la configurazione di ORBit è sempre quella di
default che non permette connessioni CORBA remote. Inserire
"ORBIIOPIPv4=1" nel file /etc/orbitrc. Verificare i log di sistema
user.* per avere informazioni dettagliate sui problemi riscontrati da
gconfd. Può esistere un solo gconfd per directory home, deve avere un
file di lock ~/gconfd ed ulteriori file di lock in posizioni di
immagazzinamento dati individuali come ~/.gconf
"

This error shows only when I log authenticating within an NT domain (the
user name is "ISOLCELL\patrick zanon". Notice that the home directory is:
"/home/ISOLCELL/patrick zanon"

On the contrary, when I log as patrick (a normal linux user) the error does not 
appear.

Any info on that?
Thanks

Patrick Zanon


--r System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages gconf2 depends on:
ii  libatk1.0-0 1.8.0-4  The ATK accessibility toolkit
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libgconf2-4 2.8.1-4  GNOME configuration database syste
ii  libglib2.0-02.6.1-3  The GLib library of C routines
ii  libgtk2.0-0 2.4.14-2 The GTK+ graphical user interface
ii  liborbit2   1:2.10.2-1.1 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0   1.6.0-3  Layout and rendering of internatio
ii  libpopt01.7-5lib for parsing cmdline parameters
ii  libxml2 2.6.11-5 GNOME XML library
ii  zlib1g  1:1.2.2-3compression library - runtime

-- no debconf information

Bug#271262: The same on ppc with fvwm2

[Helge Kreutzmann]

Hello,
I run fvwm2 on ppc and also no window is presented. I run kteatime
under strace, and whenever I changed windows with the mouse, a few,
very similar lines were repeated. If you are interested, I can present
those lines.

Greetings

 Helge
-- 
Helge Kreutzmann, Dipl.-Phys.   [EMAIL PROTECTED]
   gpg signed mail preferred 
64bit GNU powered  http://www.itp.uni-hannover.de/~kreutzm
   Help keep free software "libre": http://www.freepatents.org/


pgpRdA0oINGL1.pgp
Description: PGP signature

Bug#104394: lowest prices on your medications Rosendo

[Kris Pagan]

Refill Notification Ref: WQK-85354620

Dear [EMAIL PROTECTED],

Our automated system has identified that you most likely are ready to refill 
your recent online pharmaceutical order.

To help you get your needed supply, we have sent this reminder notice.

Please use the refill system http://chorus.epicoff3rs.com/?wid=100069 to obtain 
your item in the quickest possible manner.

Thank you for your time and we look forward to assisting you.

Sincerely,

Kris Pagan




compressor ecq festival ftp instructor rp morphism tq 
docile vk robbins wyp dockyard lj coachwork xng 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293318: libquantlib0-dev: depends on libboost-test1.31.0 which is not available

[Domenico Andreoli]

Package: libquantlib0-dev
Version: 0.3.8-1
Severity: serious

this package depends on libboost-test1.31.0 (?), which is not available
in sid any more. please upgrade to Boost 1.32.0.

thanks
domenico

-[ Domenico Andreoli, aka cavok
 --[ http://people.debian.org/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293317: perl: Vulnerable to CAN-2005-015[56]

[Martin Pitt]

Package: perl
Version: 5.8.4-5
Severity: critical
Tags: security patch
Justification: root security hole

Hi Brendan!

suid-perl scripts in conjunction with the PERLIO_DEBUG environment
variable have two vulnerabilities (exploitable buffer overflow and
arbitrary file overwrite).

Please see the Ubuntu USN for details:

  http://www.ubuntulinux.org/support/documentation/usn/usn-72-1

The Ubuntu debdiff is at

  http://patches.ubuntu.com/patches/perl.CAN-2005-0155_0156.diff

However, I just made the fix inline without putting it in
debian/patches.

Thanks,

Martin

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages perl depends on:
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libgdbm31.8.3-2  GNU dbm database routines (runtime
ii  perl-base   5.8.4-5  The Pathologically Eclectic Rubbis
ii  perl-modules5.8.4-5  Core Perl modules

-- no debconf information

-- 
Martin Pitt   http://www.piware.de
Ubuntu Developerhttp://www.ubuntulinux.org
Debian GNU/Linux Developer   http://www.debian.org


signature.asc
Description: Digital signature

Bug#293315: liblockfile-simple-perl: Conflicts with perl-base

[Martin Pitt]

Package: liblockfile-simple-perl
Severity: critical
Tags: patch
Justification: breaks unrelated software

Hi!

This package conflicts wiht perl-base. It ships an (empty) directory
/usr/lib/perl/5.8, which violates the Perl Policy. /usr/lib/perl/5.8
is already installed by perl-base as a symlink to /usr/lib/perl/5.8.4.

A quickfix is at

  
http://patches.ubuntu.com/patches/liblockfile-simple-perl.perl-base-conflict.diff

however, you should rather change the build system to not create that
directory in the first place.

Just as a side note, this package is badly undermaintained. It has
lots of lintian warnings (and an error which points out this bug,
btw), lots of cruft in debian/, and an ancient Packaging Policy.

Thanks,

Martin

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

-- 
Martin Pitt   http://www.piware.de
Ubuntu Developerhttp://www.ubuntulinux.org
Debian GNU/Linux Developer   http://www.debian.org


signature.asc
Description: Digital signature

Bug#290685: New upstream available, fixes this

[Marcelo E. Magallon]

Package: vcdimager
Followup-For: Bug #290685

Hi,

 a new upstream release 0.7.21 is available since early december.  I've
 just tried and it builds against current libraries in sid.

 Marcelo

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686-smp
Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages vcdimager depends on:
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
pn  libcdio0 Not found.
pn  libiso9660-0 Not found.
ii  libpopt01.7-5lib for parsing cmdline parameters
pn  libvcdinfo0  Not found.
ii  libxml2 2.6.15-2 GNOME XML library
ii  zlib1g  1:1.2.2-4compression library - runtime


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293287: Attempt to restart X or reboot system with /usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank screen.

[Martin Michlmayr]

* David Baron <[EMAIL PROTECTED]> [2005-02-02 15:11]:
> > > Package: dri-trunk
> > > Version: 2005.01.26-2
> >
> > I cannot find such a package in the Debian archive.  Do you know where
> > you obtained in?  If not, what does
> >   dpkg -p dri-trunk | grep Maintainer
> > say?
> 
> There are actually three pieces here:
> 
> 1. xserver-xfree86-dri-trunk
> 2. xlibmesa-gl1-dri-trunk
> 
> these two might both place modules in  the directory I commented out. I would 
> guess any but is in the first one since no openGL stuff has yet been invoked.
> 
> 3. drm-trunk-module-src

None of these packages appear to be in Debian.  I'm CCing the people
you mentioned.
-- 
Martin Michlmayr
http://www.cyrius.com/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293287: Attempt to restart X or reboot system with /usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank screen.

[David Baron]

On Wednesday 02 February 2005 15:00, you wrote:
> * David Baron <[EMAIL PROTECTED]> [2005-02-02 10:14]:
> > Package: dri-trunk
> > Version: 2005.01.26-2
>
> I cannot find such a package in the Debian archive.  Do you know where
> you obtained in?  If not, what does
>   dpkg -p dri-trunk | grep Maintainer
> say?

There are actually three pieces here:

1. xserver-xfree86-dri-trunk
2. xlibmesa-gl1-dri-trunk

these two might both place modules in  the directory I commented out. I would 
guess any but is in the first one since no openGL stuff has yet been invoked.

3. drm-trunk-module-src

In this one, I compile mach64.ko and place in its proper place in the kernel 
driver tree. Its presence or correctness makes no difference in this bug.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293287: Atempt to restart X or reboot system with /usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank screen.

[David Baron]

On Wednesday 02 February 2005 15:00, you wrote:
> * David Baron <[EMAIL PROTECTED]> [2005-02-02 10:14]:
> > Package: dri-trunk
> > Version: 2005.01.26-2
>
> I cannot find such a package in the Debian archive.  Do you know where
> you obtained in?  If not, what does
>   dpkg -p dri-trunk | grep Maintainer
> say?


John Lightsey maintains all three.

( A Daenziger or such used to be involved in this)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#292618: wvdial: doesn't initialize serial port correctly since last update

[Patrick Patterson]

Can you double check what the permissions are for your /dev/ttyS0?

Also - are you using udev or any such thing? 

Does this work when you run wvdial as root?

On Wednesday 02 February 2005 05:00, Jérôme Schell wrote:
> I confirm this bug.
>
> Here is an interesting part of a strace of the execution of wvdial:
>
> ...
> open("/dev/ttyS0", O_RDWR|O_NONBLOCK|O_NOCTTY|O_LARGEFILE) = 4
> fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
> ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon
> -echo ...}) = 0
> ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon
> -echo ...}) = 0
> select(5, [4], [], [], {0, 0})  = 0 (Timeout)
> ioctl(4, TIOCGSERIAL, 0xbfffe4a0)   = 0
> ioctl(4, TIOCSSERIAL, 0xbfffe460)   = -1 EPERM (Operation not
> permitted) ioctl(4, TCFLSH, 0x2)   = 0
> ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon
> -echo ...}) = 0
> ioctl(4, SNDCTL_TMR_START or TCSETS, {B38400 -opost -isig -icanon -echo
> ...}) = 0
> ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon
> -echo ...}) = 0
> close(4)= 0
> write(3, "--> ", 4--> ) = 4
> write(3, "Cannot open /dev/ttyS0: Cannot s"..., 63Cannot open
> /dev/ttyS0: Cannot set information for serial port.) = 63write(3, "\n", 1
> )   = 1
> unlink("/var/lock/LCK..ttyS0")  = 0
> 
>
> So this seems to fail during an ioctl call giving an EPERM result.
>
> (just to clarify, my user is part of dialout group so no problem of
> access permission to /dev/ttyS0)

Bug#293287: Atempt to restart X or reboot system with /usr/X11R6/lib/modules-dri-trunk active in XF86Config-4 hang system with blank screen.

[Martin Michlmayr]

* David Baron <[EMAIL PROTECTED]> [2005-02-02 10:14]:
> Package: dri-trunk
> Version: 2005.01.26-2

I cannot find such a package in the Debian archive.  Do you know where
you obtained in?  If not, what does
  dpkg -p dri-trunk | grep Maintainer
say?
-- 
Martin Michlmayr
http://www.cyrius.com/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#271427: another Debian font bug

[Florian Weimer]

* Dafydd Harries:

> Ok, I now have a list of glyphs to copy based on your list and the ones
> which I've identified as broken. I've uploaded a new .deb, plus the
> latest versions of my scripts and their various outputs to the same
> location as before:
> 
>   http://muse.19inch.net/~daf/dump/271427/

Judging by a quick test, the Courier font metrics appear to be
unchanged.  Thanks.

> One thing that needs some consideration is which version number to give
> this updated package. The three most recent versions were:
>
>  - 8.14-3.
>  - 8.14+urwcyr1.0.7pre35-1, which I understand used Valek's fonts as
>upstream source.
>  - 8.14+v8.11-0.1, Florian's NMU which reverted the .orig.tar.gz back to
>that of 8.14, in order to fix the metrics problems introduced by the
>previous upload.
>
> I guess 8.14+urwcyr1.0.7pre40 will do for the upstream version.

No, it's not greater than the version in my upload.  You'd have to use
an epoch in this case, or choose something that is recognized by "dpkg
--compare-versions" as greater than the previous version.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: reopening 293125, tagging 293125

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.6
> reopen 293125
Bug#293125: postgresql: LOAD security issue
Bug reopened, originator not changed.

> tags 293125 - sarge sid
Bug#293125: postgresql: LOAD security issue
Tags were: sid sarge woody security
Tags removed: sarge, sid

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#271427: another Debian font bug

[Danilo Åegan]

Today at 1:46, Dafydd Harries wrote:

> Ok, I now have a list of glyphs to copy based on your list and the ones
> which I've identified as broken. I've uploaded a new .deb, plus the
> latest versions of my scripts and their various outputs to the same
> location as before:
>
>   http://muse.19inch.net/~daf/dump/271427/

I'll test these in Ubuntu now.  Lets see how it goes.

> The copy-cyrillic.sh script contains the list of glyphs copied.

Just a minor point, not very important anyway, since it's in a comment:

# Ð : U+040b : afii10060 : capital Tshe
  ^ â this should be Ð :)

> Yeah, it seems this was due to a bug in my script where it wouldn't copy
> the glyphs if they were not already in the target font. I've now fixed
> this, with some help from the Fontforge author. The only drawback is
> that these glyphs are added at the end of the font rather than inserted
> in order, but I don't think it's enough to worry about.

This is no problem, because no "modern" client uses encoding vector in
the font to access these glyphs anyway (since it's limited to 256
entries, and is probably AdobeStandardEncoding for GS fonts). 


I'll complain if I see any problem with fonts, but if I'm quiet,
assume everything is fine.

Cheers,
Danilo

Bug#288047: Woody affected (?), reopening to avoid loss

[Helge Kreutzmann]

reopen 288047
tags 288047 = woody,security
thanks

Since there was no further reply on this bug report, I assume that it
is not clear weather woody is affected or not. To ensure that this
stays marked, I reopen.

Once this is clarified (i.e., a DSA prepared or woody found not
vulnerable) this bug then can be closed for good.

Greetings

 Helge


-- 
Helge Kreutzmann, Dipl.-Phys.   [EMAIL PROTECTED]
   gpg signed mail preferred 
64bit GNU powered  http://www.itp.uni-hannover.de/~kreutzm
   Help keep free software "libre": http://www.freepatents.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Woody affected (?), reopening to avoid loss

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> reopen 288047
Bug#288047: mozilla-mailnews: NNTP Security Flaw in Mozilla 1.7.3 and below
Bug reopened, originator not changed.

> tags 288047 = woody,security
Bug#288047: mozilla-mailnews: NNTP Security Flaw in Mozilla 1.7.3 and below
Tags were: sarge security sid woody
Tags set to: woody, security

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: severity of 271262 is grave

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

> # Automatically generated email from bts, devscripts version 2.8.10
> severity 271262 grave
Bug#271262: kteatime: fails to start
Severity set to `grave'.

>
End of message, stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293303: lsbdev: RoM; buggy, orphaned upstream

[Matt Taggart]

Package: ftp.debian.org
Severity: critical

lsbdev provides an LSB development environment via a chroot with bind
mounts. This system is complicated and buggy(4 RC bugs, 4 non-RC), it
affects other packages on the system (interferes with upgrades) and
has caused data loss due to misunderstandings and bugs in bind
mounting. Overall it sucks and upstream has mostly abandoned this
approach and has switched to a compiler wrapper system instead. I
believe it is possible to re-implement this system in a way that
doesn't rely on bind mounting, but until this is done upstream, this
package does not belong in Debian. 

Please remove from testing and unstable.

I'd also like to apologize for taking so long to make the decision to
remove this package.

-- 
Matt Taggart
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#293281: squirrelmail: Config file in /var

[Thijs Kinkhorst]

On Wed, February 2, 2005 08:25, Cyril Bouthors said:
> Squirrelmail contains a configuration file in /var; which is a serious
> violation of the policy.

Thank you for your report, I think you are right. I will take a look at
what it takes to move this file to /etc, also upstream since it's a more
logical place anyway.


Regards,
Thijs Kinkhorst



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#277518: marked as done (libgamin-dev: gamin.pc contains @MAJOR_VERSION@ as literal)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 05:47:07 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#277518: fixed in gamin 0.0.21-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 20 Oct 2004 15:53:55 +
>From [EMAIL PROTECTED] Wed Oct 20 08:53:55 2004
Return-path: <[EMAIL PROTECTED]>
Received: from rutherford.zen.co.uk [212.23.3.142] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CKImg-0003Xt-00; Wed, 20 Oct 2004 08:53:55 -0700
Received: from [217.155.195.89] (helo=sceptic.centricular.net)
by rutherford.zen.co.uk with esmtp (Exim 4.34)
id 1CKImd-0003KC-JS; Wed, 20 Oct 2004 15:53:51 +
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: =?iso-8859-15?q?Tim_M=FCller?= <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libgamin-dev: gamin.pc contains @MAJOR_VERSION@ as literal
Bcc: =?iso-8859-15?q?Tim_M=FCller?= <[EMAIL PROTECTED]>
X-Mailer: reportbug 2.99.6
Date: Wed, 20 Oct 2004 16:53:51 +0100
Message-ID: <[EMAIL PROTECTED]>
X-Originating-Rutherford-IP: [217.155.195.89]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: libgamin-dev
Version: 0.0.12-1
Severity: grave
Justification: renders package unusable



% pkg-config --libs gamin
-pthread [EMAIL PROTECTED]@ -lgthread-2.0 -lglib-2.0

% pkg-config --cflags gamin
-pthread -I/usr/include/gamin/@MAJOR_VERSION@ -I/usr/include/glib-2.0
-I/usr/lib/glib-2.0/include

That doesn't look entirely right :)

Cheers 
 -Tim


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=C, LC_CTYPE=C

Versions of packages libgamin-dev depends on:
ii  libgamin0 0.0.12-1   Library for the gamin file and dir

-- no debconf information

---
Received: (at 277518-close) by bugs.debian.org; 2 Feb 2005 10:53:56 +
>From [EMAIL PROTECTED] Wed Feb 02 02:53:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwI8y-0003lG-00; Wed, 02 Feb 2005 02:53:56 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwI2N-0008Hp-00; Wed, 02 Feb 2005 05:47:07 -0500
From: Jeff Waugh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#277518: fixed in gamin 0.0.21-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 05:47:07 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: gamin
Source-Version: 0.0.21-1

We believe that the bug you reported is fixed in the latest version of
gamin, which is due to be installed in the Debian FTP archive:

gamin_0.0.21-1.diff.gz
  to pool/main/g/gamin/gamin_0.0.21-1.diff.gz
gamin_0.0.21-1.dsc
  to pool/main/g/gamin/gamin_0.0.21-1.dsc
gamin_0.0.21-1_powerpc.deb
  to pool/main/g/gamin/gamin_0.0.21-1_powerpc.deb
gamin_0.0.21.orig.tar.gz
  to pool/main/g/gamin/gamin_0.0.21.orig.tar.gz
libgamin-dev_0.0.21-1_powerpc.deb
  to pool/main/g/gamin/libgamin-dev_0.0.21-1_powerpc.deb
libgamin0_0.0.21-1_powerpc.deb
  to pool/main/g/gamin/libgamin0_0.0.21-1_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jeff Waugh <[EMAIL PROTECTED]> (supplier of updated gamin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sun, 30 Ja

Bug#292316: marked as done (spew: package overlap with snarf)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 05:47:37 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#279679: fixed in spew 1.0.4-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 26 Jan 2005 10:35:51 +
>From [EMAIL PROTECTED] Wed Jan 26 02:35:50 2005
Return-path: <[EMAIL PROTECTED]>
Received: from bal.lis.inpg.fr [195.220.21.15] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CtkWc-0006x5-00; Wed, 26 Jan 2005 02:35:50 -0800
Received: from smtpc.lis.inpg.Fr (smtpc.lis.inpg.fr [195.220.21.17])
by bal.lis.inpg.fr (Postfix) with ESMTP id 019C63067C2;
Wed, 26 Jan 2005 11:35:15 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by smtpc.lis.inpg.Fr (Postfix) with ESMTP id E0B902C80F0;
Wed, 26 Jan 2005 11:35:14 +0100 (CET)
Received: from smtpc.lis.inpg.Fr ([127.0.0.1])
by localhost (smtpc.lis.inpg.fr [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 31782-02; Wed, 26 Jan 2005 11:35:10 +0100 (CET)
Received: from irancy.lis.inpg.fr (irancy.lis.inpg.fr [195.220.21.167])
by smtpc.lis.inpg.Fr (Postfix) with SMTP id 15D852C8189;
Wed, 26 Jan 2005 11:35:10 +0100 (CET)
Received: by irancy.lis.inpg.fr (sSMTP sendmail emulation); Wed, 26 Jan 2005 
11:35:10 +0100
From: "Laurent Bonnaud" <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: spew: package overlap with snarf
X-Mailer: reportbug 3.6
Date: Wed, 26 Jan 2005 11:35:10 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at lis.inpg.fr
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: spew
Version: 1.0.3-1
Severity: serious
Justification: Policy 0.0 packages must not overlap


Hi,

here is the problem:

Unpacking spew (from .../archives/spew_1.0.3-1_i386.deb) ...
dpkg - warning, overriding problem because --force enabled:
 trying to overwrite `/usr/bin/snarf', which is also in package snarf
dpkg - warning, overriding problem because --force enabled:
 trying to overwrite `/usr/share/man/man1/snarf.1.gz', which is also in package 
snarf


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages spew depends on:
ii  libc6   2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libgcc1 1:4.0-0pre4  GCC support library
ii  libncurses5 5.4-4Shared libraries for terminal hand
ii  libpopt01.7-5lib for parsing cmdline parameters
ii  libstdc++5  1:3.3.5-6The GNU Standard C++ Library v3

-- no debconf information

---
Received: (at 279679-close) by bugs.debian.org; 2 Feb 2005 10:53:05 +
>From [EMAIL PROTECTED] Wed Feb 02 02:53:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwI88-0003j6-00; Wed, 02 Feb 2005 02:53:04 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwI2r-0008KS-00; Wed, 02 Feb 2005 05:47:37 -0500
From: Matt Taggart <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#279679: fixed in spew 1.0.4-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 05:47:37 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: spew
Source-Version: 1.0.4-1

We believe that the bug you reported is fixed in the latest version of
spew, which is due to be installed in the Debian FTP archive:

spew_1.0.4-1.diff.gz
  to pool/main/s/spew/spew_1.0.4-1.diff.gz
spew_1.0.4-1.dsc
  to 

Bug#279679: marked as done (snarf: overwrites file in spew package. both cannot be installed at a time.)

[Debian Bug Tracking System]

Your message dated Wed, 02 Feb 2005 05:47:37 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#279679: fixed in spew 1.0.4-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--
Received: (at submit) by bugs.debian.org; 4 Nov 2004 16:07:51 +
>From [EMAIL PROTECTED] Thu Nov 04 08:07:51 2004
Return-path: <[EMAIL PROTECTED]>
Received: from (oraciod2) [83.213.35.240] 
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CPk9O-0005m8-00; Thu, 04 Nov 2004 08:07:51 -0800
Received: by oraciod2 (Postfix, from userid 1000)
id E89396ECBCB; Thu,  4 Nov 2004 17:07:07 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Jose Miguel Martinez <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: snarf: overwrites file in spew package. both cannot be installed at a 
time.
X-Mailer: reportbug 3.1
Date: Thu, 04 Nov 2004 17:07:07 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: snarf
Version: 7.0-3
Severity: normal


overwrites file in spew package. both cannot be installed at a time.
one of them (snarf or spew) should rename conflicting file.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (1100, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages snarf depends on:
ii  libc6   2.3.2.ds1-18 GNU C Library: Shared libraries an

-- no debconf information

---
Received: (at 279679-close) by bugs.debian.org; 2 Feb 2005 10:53:05 +
>From [EMAIL PROTECTED] Wed Feb 02 02:53:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwI88-0003j6-00; Wed, 02 Feb 2005 02:53:04 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CwI2r-0008KS-00; Wed, 02 Feb 2005 05:47:37 -0500
From: Matt Taggart <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#279679: fixed in spew 1.0.4-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 02 Feb 2005 05:47:37 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: spew
Source-Version: 1.0.4-1

We believe that the bug you reported is fixed in the latest version of
spew, which is due to be installed in the Debian FTP archive:

spew_1.0.4-1.diff.gz
  to pool/main/s/spew/spew_1.0.4-1.diff.gz
spew_1.0.4-1.dsc
  to pool/main/s/spew/spew_1.0.4-1.dsc
spew_1.0.4-1_i386.deb
  to pool/main/s/spew/spew_1.0.4-1_i386.deb
spew_1.0.4.orig.tar.gz
  to pool/main/s/spew/spew_1.0.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matt Taggart <[EMAIL PROTECTED]> (supplier of updated spew package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Wed,  2 Feb 2005 01:42:02 -0800
Source: spew
Binary: spew
Architecture: source i386
Version: 1.0.4-1
Distribution: unstable
Urgency: low
Maintainer: Matt Taggart <[EMAIL PROTECTED]>
Changed-By: Matt Taggart <[EMAIL PROTECTED]>
Description: 
 spew   - I/O performance measurement and load generation tool
Closes: 279679 280257 292316
Changes: 
 spew (1.0.4-1) unstable; urgency=low
 .
   * New upstream release
   * Upstream fixed file conflict with snarf, Closes: #279679, #292316
   * Drop libstdc++ build-dep. I should know better

Bug#293125: Is woody impacted?

[Helge Kreutzmann]

Hello,
the tags indicate that woodys postgresql is impacted as well. The
latest entry in the changelog is, however, from 26 Oct 2004, and
reading the bug report I did not find a indication to the contrary.

Please reopen if a DSA is forthcoming. Thanks.

Greetings

  Helge
-- 
Helge Kreutzmann, Dipl.-Phys.   [EMAIL PROTECTED]
   gpg signed mail preferred 
64bit GNU powered  http://www.itp.uni-hannover.de/~kreutzm
   Help keep free software "libre": http://www.freepatents.org/


pgpZ02kFOlAEJ.pgp
Description: PGP signature

Bug#267799: fails to auto-load kernel module

[Janeene Webb]

I've found some more info on this issue from
http://www.reactivated.net/udevrules.php#nvidia, and while I'm not
entirely sure how to implement it, it does appear to solve the problem
of the nvidia module autoloading for kernel2.6 and udev, and should be
extendible to devfs as well.

Basically, what's happening is that X is *trying* to load the nvidia
module, but the /dev/nvidia* nodes take longer to be created than X
expects, so X gives up believing that it isn't working.

To fix the problem, you need to create the /dev/nvidia0
and /dev/nvidiactl device nodes on boot up (*without* necessarily
loading the nvidia module), then when X attempts to autoload the nvidia
module the delay to create the devices is no longer there, and X starts
fine.

I've tested the second option from the website below manually, buy
booting Debian, allowing X to fail, creating the device nodes manually
(nvidia module NOT loaded) then restarting X - and everything works
fine, X autoloaded the nvidia module and was happy.

So to resolve this bug, is it possible to add the /dev/nvidia0
and /dev/nvidiactl to the list of device nodes to include automatically
on boot up (rather than loading the module) when the nvidia module is
installed, and then remove them if the module is uninstalled?

As a worst case scenario assuming that the nodes couldn't be added to
the dev system created before devfs/udev started up, how about an init.d
script that created the nodes? And to remove the nvidia module without
removing the nodes?

Cheers,
Janeene.

> Quoted From the web site
http://www.reactivated.net/udevrules.php#nvidia
>
> udev vs Nvidia's graphics drivers
> This section isn't really relevant to the purpose of this document,
> but judging from the hits I get from google, this is a hot topic. I
> will leave it here for now.
> 
> Nvidia's graphics drivers (the closed-source ones, not the ones that
> come with XFree) do not work with a default installation of udev - you
> are unable to start X. This is because the nvidia module is loaded by
> X, but the /dev/nvidia* nodes are not created quick enough, so X bails
> out.
> 
> The solution to this problem is to autoload the nvidia module on
> bootup. Yes - you are *supposed* to do this - the NVidia FAQ confirms
> this! On devfs-based systems, devfs did this automatically at bootup
> anyway. Your linux distribution will have created a file which you can
> list modules to be loaded on bootup
> (e.g. /etc/modules.autoload.d/kernel-2.6 for Gentoo, /etc/modules for
> Debian).
> 
> This isn't all - you will also need to patch the nvidia kernel
> interface to export some basic info to SYSFS so that udev will create
> the devices. Martin Schlemmer has written a patch against the 1.0.5336
> version of the nvidia drivers, which can be found here. The Gentoo
> package nvidia-kernel-1.0.5336-r4 contains this patch.
> 
> Another solution is to simply create the nvidia specific nodes on
> bootup. X will then load the module when required, and as the nodes
> are already in existance, you will not run into the problem described
> above. Place these commands in a file that is automatically executed
> on bootup (e.g. /etc/conf.d/local.start for Gentoo): 
> 
> mknod /dev/nvidia0 c 195 0
> mknod /dev/nvidiactl c 195 255
> You should now be able to get into X with no problems.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#292618: wvdial: doesn't initialize serial port correctly since last update

[Jérôme Schell]

I confirm this bug.
Here is an interesting part of a strace of the execution of wvdial:
...
open("/dev/ttyS0", O_RDWR|O_NONBLOCK|O_NOCTTY|O_LARGEFILE) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon 
-echo ...}) = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon 
-echo ...}) = 0
select(5, [4], [], [], {0, 0})  = 0 (Timeout)
ioctl(4, TIOCGSERIAL, 0xbfffe4a0)   = 0
ioctl(4, TIOCSSERIAL, 0xbfffe460)   = -1 EPERM (Operation not permitted)
ioctl(4, TCFLSH, 0x2)   = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon 
-echo ...}) = 0
ioctl(4, SNDCTL_TMR_START or TCSETS, {B38400 -opost -isig -icanon -echo 
...}) = 0
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 -opost -isig -icanon 
-echo ...}) = 0
close(4)= 0
write(3, "--> ", 4--> ) = 4
write(3, "Cannot open /dev/ttyS0: Cannot s"..., 63Cannot open 
/dev/ttyS0: Cannot set information for serial port.) = 63write(3, "\n", 1
)   = 1
unlink("/var/lock/LCK..ttyS0")  = 0


So this seems to fail during an ioctl call giving an EPERM result.
(just to clarify, my user is part of dialout group so no problem of 
access permission to /dev/ttyS0)
--
Jérôme