Processed: digikam exiv2 issues
Processing commands for [EMAIL PROTECTED]: block 401660 by 389711 Bug#401660: digikam: Crash on startup (sometimes) Was not blocked by any bugs. Bug#401416: digikam: crashes on startup Blocking bugs of 401660 added: 389711 End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401845: Tries to use gconf but you don't need have gconf2 installed
Ari, I see you added a Depends on gconf2, but I think you simply want to depend on ${misc:Depends}. dh_gconf will automatically add the dependency for you. (misc:depends is recommended for all packages anyway, even if empty.) Bye, -- Loïc Minier [EMAIL PROTECTED] I have no strong feelings one way or the other. -- Neutral President
Bug#401896: Accepted pygtk 2.8.6-7 (source i386 all)
Le jeudi 07 décembre 2006 à 08:17 +0100, Loïc Minier a écrit : On Wed, Dec 06, 2006, Josselin Mouette wrote: Shouldn't python-dev be enough? Depending on python-all-dev will bring all python interpreter versions, this sounds overkill to me. I wanted to depend on python-dev | python-something-dev, but there's no virtual provide shared by python2.X-dev packages. Since python-gtk2-dev ships header files which could theoritically be different between python versions, it made no particular sense to favor python-dev, so I picked python-all-dev for symmetry. I think python-dev is ok as well. The python policy implies that if you want to build something against the non-default python version, you need python-foo and python2.X-dev. Which means in this case, a python-dev dependency should be enough. This would avoid pulling several interpreter versions when not needed. -- Josselin Mouette/\./\ Do you have any more insane proposals for me?
Processed: this is serious
Processing commands for [EMAIL PROTECTED]: severity 401961 serious Bug#401961: conflicts with libneon26, making most neon-using packages uninstallable Bug#401388: libneon26-gnutls should not conflict with libneon26 Bug#401398: neon26: please put two alternative packages in the shlibs files Severity set to `serious' from `important' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 401593 is important, tagging 401593
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 severity 401593 important Bug#401593: libssl0.9.8c-4: fails to update in testing Severity set to `important' from `grave' tags 401593 unreproducible Bug#401593: libssl0.9.8c-4: fails to update in testing There were no tags set. Tags added: unreproducible End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: merging duplicates
Processing commands for [EMAIL PROTECTED]: forcemerge 401913 401895 Bug#401913: CVE-2006-6235: arbitrary indirect call in GnuPG Bug#401895: gnupg2: [CVE-2006-6235] remotely controllable function pointer Forcibly Merged 401895 401913. forcemerge 401914 401894 401898 Bug#401914: CVE-2006-6235: arbitrary indirect call in GnuPG Bug#401894: gnupg: [CVE-2006-6235] remotely controllable function pointer Bug#401898: gnupg: remotely controllable function pointer Forcibly Merged 401894 401898 401914. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 401956 is important
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 # not inherently a security problem, just an implied one when combined with other bugs severity 401956 important Bug#401956: libx11-6: contents of .XCompose file are leaked to subprocesses (possibly unprivileged) Severity set to `important' from `critical' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: closing 375077
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 # this bug was definitely resolved close 375077 251-6 Bug#375077: udevd: nss_ldap: failed to bind to LDAP server - boot fails 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug#375215: libnss-ldap hangs udev at startup Bug#391167: libnss-ldap: can't boot since 251-5.2 upgrade Bug marked as fixed in version 251-6, send any further explanations to Michael Schultheiss [EMAIL PROTECTED] End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398899: Bug#399986: Bug#398899: reopen, still fails
Hello Changwoo, On Tue, 05 Dec 2006, Changwoo Ryu wrote: Well, the problem is still on python-central, exactly dh_pycentral which has been used during package build. Before these stupid binary-only uploads, the packages had the correct Depends, python (= 2.3), python ( 2.4). But the new rebuilt revisions have just python (= 2.3). The binary NMU are not stupid... but your packaging is no more compliant with the latest python policy. python2.3 won't be shipped in etch and is removed from sid already (or is going to be removed soon). The old dependency python (= 2.3), python ( 2.4) can't be met in etch/sid. So dh_pycentral is not going to generate a dependency which results in an uninstallable package. Please either change the package to work with python 2.4 (and any other new upstream version) or remove the package completely. And the same applies to python-cjkcodecs (#398039). Please take a decision and we could provide you some more help. We're speaking of RC bugs here, please act promptly. Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/
Bug#401896: Accepted pygtk 2.8.6-7 (source i386 all)
On Thu, Dec 07, 2006, Josselin Mouette wrote: The python policy implies that if you want to build something against the non-default python version, you need python-foo and python2.X-dev. Which means in this case, a python-dev dependency should be enough. This would avoid pulling several interpreter versions when not needed. Yes, so if someone wants to build against the non-default python version, python2.X-dev will be pulled by his build-deps and, with your proposal python-dev will be pulled by python-gtk2-dev as well, even if it's not required. So I had the choice between: 1) depending on python-all-dev, always pulling too much, but also protecting against missing build-deps and being generally a safe bet which puts load on buildd (but so close to the release, I prefer playing safely) 2) depending on python-dev, pulling too much when building against a non-default python version, and not pulling the correct python-dev package for the corresponding Python.h IMO, none of the above is correct; as I stated, we should depend on python-dev | virtual-provide-satisfied-by-all-python2.X-dev to ensure that someone pulls some python2.X-dev or that we pull python-dev. You prefer 2), I picked up 1) as a safe bet. I ultimately prefer 3) (virtual provide), but I'm fine with 2): I think python-dev is ok as well. BTW, you assert a Python package building against python-gobject, but there's also the far-fetched possibility of a C program using pygobject.h directly, or simply an user / admin building stuff locally, without complying to the Python policy. Anyway, I don't care, swap 1) for 2) if you like, just pick one as not having anything is probably a RC bug. -- Loïc Minier [EMAIL PROTECTED] I have no strong feelings one way or the other. -- Neutral President
Bug#399821: What about in a new profile?
severity 399821 important thanks * Frank Küster ([EMAIL PROTECTED]) [061206 00:20]: Hm, do you really think that if an extension that is not even packaged for Debian fails to work with iceweasel, this is a RC bug? I'd rather think it should be downgraded. Downgrading to important - of course, the maintainers should feel free to lower it even more if they consider that adequate. Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: What about in a new profile?
Processing commands for [EMAIL PROTECTED]: severity 399821 important Bug#399821: iceweasel: iceweasel doesn't display pages anymore Severity set to `important' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401304: marked as done (CVE-2006-4800: GStreamer FFmpeg Plug-in Multiple Buffer Overflows)
Your message dated Thu, 7 Dec 2006 11:23:33 +0100 with message-id [EMAIL PROTECTED] and subject line CVE-2006-4800: GStreamer FFmpeg Plug-in Multiple Buffer Overflows has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gstreamer0.8-ffmpeg Severity: grave Tags: security Justification: user security hole According to http://secunia.com/advisories/22202/ gstreamer0.8-ffmpeg is vulnerable to an ffmpeg buffer overflow and gstreamer0.8-ffmpeg does not seem to link dynamically against the ffmpeg in Debian. You should try to link against ffmpeg dynamically if possible. Please mention the CVE id in the changelog. ---End Message--- ---BeginMessage--- Version: 0.8.7-7 This bug was fixed in the above version, but I closed the wrnog bug in changelog (fixed in SVN). -- Loïc Minier [EMAIL PROTECTED] I have no strong feelings one way or the other. -- Neutral President ---End Message---
Processed: severity of 401971 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 severity 401971 normal Bug#401971: egroupware-core: Checking PEAR is installed*: False but package php-pear was intalled Severity set to `normal' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#321796: Adobe Acrobat 8 PR0 MS Office 2007 $79 N0W @ Beverly's Softshop
T0P 1O TITLES 0N [EMAIL PROTECTED] N0W! $79 MS Office Enterprise 2007 $79 Adobe Acrobat 8 Pro $49 Windows XP Pro w/SP2 $59 Adobe Premiere 2.0 $99 Macromedia Studio 8 $69 QuickBooks 2006 Prem. $129 Autodesk Autocad 2007 $59 Corel Grafix Suite X3 $149 Adobe Creative Suite 2 $59 Adobe Illustrator CS2 http://acrsok.erodinsoft.net/ See more by this manufacturer Microsoft New Mac Software Adobe Microsoft Office 2007 Enterprise Edition Regular price: $899.00 Our offer: $79.95 You save: $819.95 (89%) Availability: Pay and download instantly. http://acrsok.erodinsoft.net/2442.php Sales Rank: #1 Average Customer Review: * (based on 2 reviews) Adobe Acrobat 8.0 Professional Market price: $449.00 We propose: $79.95 Your profit: $369.05 (80%) Availability: Available for INSTANT download. http://acrsok.erodinsoft.net/2441.php Top-ranked item. Average Customer Review: * (based on 13514 reviews) Macromedia Studio 8 Retail price: $999.00 Proposition: $99.95 Your benefit: $899.05 (90%) Availability: Can be downloaded INSTANTLY. http://acrsok.erodinsoft.net/2348.php Best choice for professional. Average Customer Review: * (based on 35352 reviews) ty: Available for INSTANT download. Top-ranked item. Average Customer Review: * (based on 66284 reviews) This list contains the overflow from the other lists about non- Others look like external connectors, or a connector hood without a everything under /usr/local. # % mkdir Mathematica PostScript Printers'') with the arguments LPD passed to this o Laser5 in Japan has graciously donated a portion of their profits the exported file system. In all cases, note that additional options, The command given can be shortened to the shortest unique form. The o Linksys EtherPCI If you have a SCSI-2 controller, short jumper 6. Otherwise, the drive Identifies an entry for a provider called ``provider''. ports-emulators: /usr/ports/emulators emulators for other OSes if !defined(NOMANCOMPRESS) rattan|line|diablo|lp|Diablo 630 Line Printer:\ associated with a principal.Using kdb_edit we can create the entry 0xcc write Channel 7 starting address /compat/linux/lib/libc.so, /compat/linux/usr/X11/lib/libX11.so, etc.) because it's sym-linked to the CDROM, which is read-only. You can easily with other systems as well act as an enterprise server, ${PATCHDIR} (defaults to the patches subdirectory), they are iteration count is decremented after each successful login to keep the (e.g., `Makefile'), set ${DIST_SUBDIR} to the name of the port -DACK signal for this channel. if [ X${pid} != X ] ; then oo u u t li nn ee July 6, 1996. 7.4.2.2.7. Trying It Out ATZ With a bit of luck, the added -g option will not change anything for oldlibs. In each of the contents-files for these packages, look for a RIP.Configuring SLIP services on a dial-up server requires a the LPD system on orchid would copy the job to the spooling directory restore and the other programs that you need are located in commands in the /etc/rc.serial script if you have FreeBSD 1.1.5.1 or The upshot of this is that I must force sendmail to re-examine the set file names literal 18.2.5.4.4. MASTER_SITES (matcd) pre-fetch: /usr/src/sys/i386/isa/sound/sound.doc. Also, if you add any A. No problem, assuming you know how to make patches for your controller needs more bytes than the drive offers. with the local and remote addresses and network mask of the SLIP If the printer you are installing is connected to a parallel port, Experience has shown that some devices are slow to respond to INQUIRY actually being sent over the media, not the amount of data that is string display. The number after the comma is the object count. To named ${DISTNAME}${EXTRACT_SUFX} by default which, if it is a normal to set interrupt-driven mode for lptN. Portugal Enter Kerberos master key: even have the faintest idea what most of them actually do? Simply do Note: If you are working in a networked environment, lprm will let you This is the mailing list for users of freebsd-current. It This section is still under development. allow the DMA to read or write memory locations above the 64K mark. $ cd /usr/lib messages. If all your devices are listed and functional, skip on to 18.2.5.7.1. WRKDIR firewall rules at boot time. My suggestion is to put a call to a shell paper will be used. After sending the file to the printer, it then IRQ line. You should use whichever one works. page for a detailed description. FreeBSD before then the Novice installation method is most 0x02 write Channel 0 starting word count 16. established 10.1.1.4. CDROM drives Firmware revisions prior to 25462 -011 are bug ridden and will not on-going release of FreeBSD known as ``FreeBSD-current'' which is made partition of the floppy read-write (mount -u -o rw /mnt). Use your let me instead provide more examples. Use these as guidance
Processed: tagging 401731, severity of 401731 is grave
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.21 tags 401731 + sarge security Bug#401731: gv: version 3.6.1-10sarge1 is effectively identical to 3.6.1-10 There were no tags set. Tags added: sarge, security severity 401731 grave Bug#401731: gv: version 3.6.1-10sarge1 is effectively identical to 3.6.1-10 Severity set to `grave' from `normal' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: found 398292 in 3.6.1-10sarge1
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.21 found 398292 3.6.1-10sarge1 Bug#398292: GNU gv ps_gettext() Buffer Overflow Vulnerability (CVE-2006-5864) Bug marked as found in version 3.6.1-10sarge1. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401917: marked as done (bibledit_2.2-1(ia64/unstable): FTBFS: missing build-dep)
Your message dated Thu, 07 Dec 2006 11:32:03 + with message-id [EMAIL PROTECTED] and subject line Bug#401917: fixed in bibledit 2.2-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: bibledit Version: 2.2-1 Severity: serious There was an error while trying to autobuild your package: Automatic build of bibledit_2.2-1 on caballero by sbuild/ia64 98 Build started at 20061206-1651 [...] ** Using build dependencies supplied by package: Build-Depends: autotools-dev, quilt, patchutils (= 0.2.25), cdbs (= 0.4.27-1), debhelper (= 4.2.21), libsqlite3-dev, pkg-config, libgtk2.0-dev, psmisc [...] checking for tail... /usr/bin/tail checking for gzip... /bin/gzip checking for gunzip... /bin/gunzip checking for iconv... /usr/bin/iconv checking for strings... /usr/bin/strings checking for killall... /usr/bin/killall checking for mkfifo... /usr/bin/mkfifo checking for cat... /bin/cat checking for sort... /usr/bin/sort checking for head... /usr/bin/head checking for make... /usr/bin/make checking for find... /usr/bin/find checking for ping... no configure: error: Program ping is needed. Install this first. make: *** [build-tree/bibledit-2.2/config.status] Error 1 A full build log can be found at: http://buildd.debian.org/build.php?arch=ia64pkg=bibleditver=2.2-1 ---End Message--- ---BeginMessage--- Source: bibledit Source-Version: 2.2-2 We believe that the bug you reported is fixed in the latest version of bibledit, which is due to be installed in the Debian FTP archive: bibledit_2.2-2.diff.gz to pool/main/b/bibledit/bibledit_2.2-2.diff.gz bibledit_2.2-2.dsc to pool/main/b/bibledit/bibledit_2.2-2.dsc bibledit_2.2-2_i386.deb to pool/main/b/bibledit/bibledit_2.2-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Glassey [EMAIL PROTECTED] (supplier of updated bibledit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 6 Dec 2006 22:35:16 + Source: bibledit Binary: bibledit Architecture: source i386 Version: 2.2-2 Distribution: unstable Urgency: low Maintainer: Daniel Glassey [EMAIL PROTECTED] Changed-By: Daniel Glassey [EMAIL PROTECTED] Description: bibledit - Bible translation tool Closes: 401917 Changes: bibledit (2.2-2) unstable; urgency=low . * debian/control: Provides scripturechecks for easier upgrade * Dependency on ping, Closes: #401917 Files: e19839c9c87e2e2058bb37b102b9922b 682 gnome optional bibledit_2.2-2.dsc c03fbf5d3d9bf8671667bbde1aba76d4 2262 gnome optional bibledit_2.2-2.diff.gz b46107eb7733ae454d5efeb8fe4fce40 1458746 gnome optional bibledit_2.2-2_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFd/pZ/offrSwPzRoRAlHxAKCgRZTPBR0wbcC8my7T8q2WeehLzwCg1Uh8 wNuB9T8PwBNssr4sY1GOAC4= =F+8R -END PGP SIGNATURE- ---End Message---
Bug#401999: mdadm fails to upgrade in testing. Can't start service.
Package: mdadm Version: 2.5.6-6 Severity: grave Justification: renders package unusable I upgrade mdadm to the current testing (and sid) version. Upgrade fails, see this log(transalated by hand): --LOG START-- Configuring mdadm (2.5.6-6) ... /boot/initrd.img-2.6.18-3-686 has been altered. Cannot update. update-initramfs: Generating /boot/initrd.img-2.6.18p4s W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. update-initramfs: Generating /boot/initrd.img-2.6.17-ck1-p4s W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. update-initramfs: Generating /boot/initrd.img-2.6.17-2-686 W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. sha1sum: /boot/initrd.img-2.6.16.1-p4s: Can't find file or directory. /boot/initrd.img-2.6.16.1-p4s has been altered. Cannot update. Starting MD monitoring service: mdadm --monitor/sbin/mdadm already running. failed! /etc/lsb-base-logging.sh: line 34: RUNLEVEL: unbound variable invoke-rc.d: initscript mdadm, action start failed. dpkg: error processing mdadm (--configure): post-installation script subproccess returned output error code 1 Errors when processing: mdadm E: Sub-process /usr/bin/dpkg returned an error code (1) A package couldn't be installed. Trying to recover: Configuring mdadm (2.5.6-6) ... update-initramfs: Generating /boot/initrd.img-2.6.18p4s W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. update-initramfs: Generating /boot/initrd.img-2.6.17-ck1-p4s W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. update-initramfs: Generating /boot/initrd.img-2.6.17-2-686 W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. Starting MD monitoring service: mdadm --monitor/sbin/mdadm already running. failed! /etc/lsb-base-logging.sh: line 34: RUNLEVEL: unbound variable invoke-rc.d: initscript mdadm, action start failed. dpkg: error al procesar mdadm (--configure): el subproceso post-installation script devolvió el código de salida de error 1 Se encontraron errores al procesar: mdadm --LOG END-- I also attach the file /etc/lsb-base-logging.sh which belongs to package splashy version 0.2.2 -- Package-specific info: --- mount output /dev/sda1 on / type reiserfs (rw,notail) proc on /proc type proc (rw,noexec,nosuid,nodev) /sys on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type tmpfs (rw,mode=0755) devshm on /dev/shm type tmpfs (rw) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) usbfs on /proc/bus/usb type usbfs (rw,noexec,nosuid,nodev) /dev/sda5 on /home type reiserfs (rw) /dev/mapper/varoptusr-opt on /opt type reiserfs (rw) /dev/mapper/varoptusr-usr on /usr type reiserfs (rw) /dev/mapper/varoptusr-var on /var type reiserfs (rw) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) nfsd on /proc/fs/nfsd type nfsd (rw) rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) 10.0.0.50:/opt/BA020 on /opt/BA020 type nfs (rw,noexec,nosuid,nodev,addr=10.0.0.50) --- mdadm.conf DEVICE /dev/sda MAILADDR root --- /proc/mdstat: Personalities : [linear] [multipath] [raid0] [raid1] [raid10] unused devices: none --- /proc/partitions: major minor #blocks name 8 0 244198584 sda 8 16835626 sda1 8 21349460 sda2 8 3 31447237 sda3 8 4 1 sda4 8 5 146480638 sda5 8 6 58082976 sda6 253 05242880 dm-0 253 1 41943040 dm-1 253 2 10895360 dm-2 --- initrd.img-2.6.18p4s: 16946 blocks etc/mdadm etc/mdadm/mdadm.conf lib/modules/2.6.18p4s/kernel/drivers/md/dm-mirror.ko lib/modules/2.6.18p4s/kernel/drivers/md/dm-mod.ko lib/modules/2.6.18p4s/kernel/drivers/md/multipath.ko lib/modules/2.6.18p4s/kernel/drivers/md/raid0.ko lib/modules/2.6.18p4s/kernel/drivers/md/raid1.ko lib/modules/2.6.18p4s/kernel/drivers/md/raid10.ko lib/modules/2.6.18p4s/kernel/drivers/md/dm-snapshot.ko lib/modules/2.6.18p4s/kernel/drivers/md/linear.ko
Bug#402000: 1.0.8776-3 does not compile with 2.6.19
Package: nvidia-kernel-source Version: 1.0.8776-3 Severity: grave Tags: patch 8876 in unstable does not compile with 2.6.19 due to the interrupt interface change and an struct change in i2c. The fix is trivial: diff -ru nvidia-kernel/nv/nv.c nvidia-kernel-patched/nv/nv.c --- nvidia-kernel/nv/nv.c 2006-12-04 03:04:54.0 +0100 +++ nvidia-kernel-patched/nv/nv.c 2006-12-07 11:00:59.042282766 +0100 @@ -252,7 +252,7 @@ long nv_kern_unlocked_ioctl(struct file *, unsigned int, unsigned long); long nv_kern_compat_ioctl(struct file *, unsigned int, unsigned long); void nv_kern_isr_bh(unsigned long); -irqreturn_t nv_kern_isr(int, void *, struct pt_regs *); +irqreturn_t nv_kern_isr(int, void *); void nv_kern_rc_timer(unsigned long); #if defined(NV_PM_SUPPORT_OLD_STYLE_APM) static intnv_kern_apm_event(struct pm_dev *, pm_request_t, void *); @@ -2561,8 +2561,7 @@ */ irqreturn_t nv_kern_isr( int irq, -void *arg, -struct pt_regs *regs +void *arg ) { nv_linux_state_t *nvl = (void *) arg; diff -ru nvidia-kernel/nv/nv-i2c.c nvidia-kernel-patched/nv/nv-i2c.c --- nvidia-kernel/nv/nv-i2c.c 2006-12-04 03:04:54.0 +0100 +++ nvidia-kernel-patched/nv/nv-i2c.c 2006-12-07 11:03:38.143216305 +0100 @@ -23,8 +23,6 @@ static struct i2c_algorithm nv_i2c_algo = { .master_xfer = nv_i2c_algo_xfer, .smbus_xfer = NULL, -.slave_send = NULL, -.slave_recv = NULL, .algo_control = nv_i2c_algo_control, .functionality= nv_i2c_algo_functionality, }; diff -ru nvidia-kernel/nv/nv-linux.h nvidia-kernel-patched/nv/nv-linux.h --- nvidia-kernel/nv/nv-linux.h 2006-12-04 03:04:54.0 +0100 +++ nvidia-kernel-patched/nv/nv-linux.h 2006-12-07 11:01:54.669406211 +0100 @@ -14,7 +14,6 @@ #include nv.h -#include linux/config.h #include linux/version.h #include linux/utsname.h -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (700, 'experimental'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.19 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages nvidia-kernel-source depends on: ii debhelper 5.0.42 helper programs for debian/rules ii dpatch2.0.21 patch maintenance system for Debia ii make 3.81-3 The GNU version of the make util ii sed 4.1.5-1The GNU sed stream editor Versions of packages nvidia-kernel-source recommends: ii devscripts2.9.26 Scripts to make the life of a Debi ii kernel-package10.065 A utility for building Linux kerne ii nvidia-glx1.0.8776-3 NVIDIA binary XFree86 4.x driver -- no debconf information diff -ru nvidia-kernel/nv/nv.c nvidia-kernel-patched/nv/nv.c --- nvidia-kernel/nv/nv.c 2006-12-04 03:04:54.0 +0100 +++ nvidia-kernel-patched/nv/nv.c 2006-12-07 11:00:59.042282766 +0100 @@ -252,7 +252,7 @@ long nv_kern_unlocked_ioctl(struct file *, unsigned int, unsigned long); long nv_kern_compat_ioctl(struct file *, unsigned int, unsigned long); void nv_kern_isr_bh(unsigned long); -irqreturn_t nv_kern_isr(int, void *, struct pt_regs *); +irqreturn_t nv_kern_isr(int, void *); void nv_kern_rc_timer(unsigned long); #if defined(NV_PM_SUPPORT_OLD_STYLE_APM) static intnv_kern_apm_event(struct pm_dev *, pm_request_t, void *); @@ -2561,8 +2561,7 @@ */ irqreturn_t nv_kern_isr( int irq, -void *arg, -struct pt_regs *regs +void *arg ) { nv_linux_state_t *nvl = (void *) arg; diff -ru nvidia-kernel/nv/nv-i2c.c nvidia-kernel-patched/nv/nv-i2c.c --- nvidia-kernel/nv/nv-i2c.c 2006-12-04 03:04:54.0 +0100 +++ nvidia-kernel-patched/nv/nv-i2c.c 2006-12-07 11:03:38.143216305 +0100 @@ -23,8 +23,6 @@ static struct i2c_algorithm nv_i2c_algo = { .master_xfer = nv_i2c_algo_xfer, .smbus_xfer = NULL, -.slave_send = NULL, -.slave_recv = NULL, .algo_control = nv_i2c_algo_control, .functionality= nv_i2c_algo_functionality, }; diff -ru nvidia-kernel/nv/nv-linux.h nvidia-kernel-patched/nv/nv-linux.h --- nvidia-kernel/nv/nv-linux.h 2006-12-04 03:04:54.0 +0100 +++ nvidia-kernel-patched/nv/nv-linux.h 2006-12-07 11:01:54.669406211 +0100 @@ -14,7 +14,6 @@ #include nv.h -#include linux/config.h #include linux/version.h #include linux/utsname.h
Processed: merging 401263 401980
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 merge 401263 401980 Bug#401263: apt segfaults when reading package lists Bug#401980: apt-get segfaults during Debian installation Merged 401263 401980. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402003: eclipse-cdt: CDT 3.0 is not compatible with eclipse 3.2
Package: eclipse-cdt Version: 3.0.1-3 Severity: grave Justification: renders package unusable Hello! With eclipse 3.2.1 installed, eclipse fails to start with CDT 3.0.1-3 installed as well. After starting up, a message is shown telling Error notifying preference change listener. Check the log for details. Unfortunately I couldn't locate this logfile, it's neither located in ~/.eclipse nor $WORKSPACE/.metadata/..log as stated in the manpage. After some search on the internet, I found out that this problem occurs because CDT 3.0 is not supposed to be used with eclipse 3.2. After removing the debian package and installing CDT 3.1.1, everything worked again, but I'd prefer to use the debian package. Please update the package, right now it is unusable with eclipse in Debian. Thanks Johannes PS: Thanks for packaging eclipse! This is the first bigger problem I ever had with the packages! Great! -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.utf8) Versions of packages eclipse-cdt depends on: ii eclipse-pde 3.2.1-1Plug-in Development Environment to ii exuberant-ctags [ctags] 1:5.6-1build tag file indexes of source c eclipse-cdt recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401999: Results after purging splashy
I purged splashy and then I had this: Configurando mdadm (2.5.6-6) ... update-initramfs: Generating /boot/initrd.img-2.6.18p4s W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. update-initramfs: Generating /boot/initrd.img-2.6.17-ck1-p4s W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. update-initramfs: Generating /boot/initrd.img-2.6.17-2-686 W: mdadm: unchecked configuration file: /etc/mdadm/mdadm.conf W: mdadm: please read /usr/share/doc/mdadm/README.upgrading-2.5.3.gz . W: mdadm: no arrays defined in configuration file. W: mdadm: falling back to emergency procedure in initramfs. Starting MD monitoring service: mdadm --monitor. Assembling MD arrays...failed (no arrays found in config file). Which seems that the problem is solved. But I still think there should be anything wrong anywhere. -- Raúl Sánchez Siles pgpX320c7TbmQ.pgp Description: PGP signature
Bug#402003: eclipse-cdt: CDT 3.0 is not compatible with eclipse 3.2
Hello again, one more thing I forgot to mention is that the error I explained above doesn't go away when you click OK (the only avaiable button), it just complains again and again so it's impossible to start eclipse at all. To get out of this circle, I had to kill it manually. Thanks Johannes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401579: marked as done (open-iscsi: upgrade fails: 'FATAL: Module scsi_transport_iscsi not found.')
Your message dated Thu, 7 Dec 2006 13:38:30 +0100 with message-id [EMAIL PROTECTED] and subject line fixed in 2.0.730-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: open-iscsi Severity: grave Justification: renders package unusable # apt-get upgrade [...] Preparing to replace open-iscsi 1.0.485-3 (using .../open-iscsi_2.0.730-0.2_i386.deb) ... Stopping iSCSI initiator service: iscsiadm: can not connect to iSCSI daemon! iscsiadm: exiting due to configuration error failed. Removing iSCSI enterprise target modules: FATAL: Module scsi_transport_iscsi not found. failed. invoke-rc.d: initscript open-iscsi, action stop failed. dpkg: warning - old pre-removal script returned error exit status 1 dpkg - trying script from the new package instead ... Stopping iSCSI initiator service: iscsiadm: can not connect to iSCSI daemon! iscsiadm: exiting due to configuration error failed. Removing iSCSI enterprise target modules: FATAL: Module scsi_transport_iscsi not found. failed. invoke-rc.d: initscript open-iscsi, action stop failed. dpkg: error processing /var/cache/apt/archives/open-iscsi_2.0.730-0.2_i386.deb (--unpack): subprocess new pre-removal script returned error exit status 1 Starting iSCSI initiator service: FATAL: Module scsi_transport_iscsi not found. succeeded. Errors were encountered while processing: /var/cache/apt/archives/open-iscsi_2.0.730-0.2_i386.deb E: Sub-process /usr/bin/dpkg returned an error code (1) regards, -mika- ---End Message--- ---BeginMessage--- fixed in latest upload done ---End Message---
Bug#399226: yacas has rpath to insecure location (/tmp/yacas/usr/bin/yacas)
(sorry, in the first version of this mail the Cc was to [EMAIL PROTECTED] instead of the bugnumber) Bill Allombert [EMAIL PROTECTED] wrote: Package: yacas Version: 1.0.57-2.4 Severity: serious Tags: security Hello Gopal, yacas includes a binary with a rpath pointing to /tmp/yacas/usr/bin/yacas. chrpath /usr/bin/yacas /usr/bin/yacas: RPATH=/tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib I tried to fix this by removing all instances of -rpath $(libdir) or -rpath $(pkglibdir) in the Makefile.in's that are generated by calling ./makemake: RPATH_SED_MAKEFILES = src/Makefile.in libltdl/Makefile.in plugins/example/Makefile.in \ plugins/filescanner/Makefile.in plugins/forth/Makefile.in plugins/opengl/Makefile.in \ plugins/pcre/Makefile.in plugins/yacas_gsl/Makefile.in for file in $(RPATH_SED_MAKEFILES); do \ echo Fixing rpath options in $${file}; \ sed -i -e 's/-rpath \$$(libdir)//;s/-rpath \$$(pkglibdir)//' $$file; \ done However, this does not work, the resulting package FTBFS with a strange error: make[3]: Entering directory `/tmp/buildd/yacas-1.0.57/src' test -z /tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib || mkdir -p -- /tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib /bin/sh ../libtool --mode=install /usr/bin/install -c 'libyacas.la' '/tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib/lib yacas.la' /usr/bin/install -c .libs/libyacas.lai /tmp/buildd/yacas-1.0.57/debian/yacas/usr/lib/libyacas.la /usr/bin/install: cannot stat `.libs/libyacas.lai': No such file or directory No idea where the i after libyacas.la is coming from. On the other hand, I'm unsure whether it's necessary to run ./makemake (in other words, aclocal, autoheader, automake and autoconf) at all. Regards, Frank -- Dr. Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)
Bug#402010: gosa leaves the ldap admin password readable by any web application
Package: gosa Version: 2.5.6-2 Severity: critical Tags: security Justification: root security hole The documentation in gosa tells the admin to install gosa.conf under /etc/gosa/gosa.conf, and to make it readable by the group www-data. In this configuration file, the ldap admin password is stored in cleartext. Any process running under the web process can now read that file, and if the same ldap users was used for authenticating , it would be rather easy to create a user with root access. this litle script placed under my ~/public_html/ revealed the password on my server ?php system ('cat /etc/gosa/gosa.conf') ; ? -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8) Versions of packages gosa depends on: ii apache2-mpm-prefork 2.2.3-3.1Traditional model for Apache HTTPD ii fping 2.4b2-to-ipv6-14 sends ICMP ECHO_REQUEST packets to ii libcrypt-smbhash-perl 0.12-1 generate LM/NT hash of a password ii php55.2.0-7 server-side, HTML-embedded scripti ii php5-gd 5.2.0-7 GD module for php5 ii php5-imagick0.9.11+1-4.1 ImageMagick module for php5 ii php5-imap 5.2.0-7 IMAP module for php5 ii php5-ldap 5.2.0-7 LDAP module for php5 ii php5-mhash 5.2.0-7 MHASH module for php5 ii php5-mysql 5.2.0-7 MySQL module for php5 ii php5-recode 5.2.0-7 recode module for php5 ii postfix [mail-transport 2.3.4-2 A high-performance mail transport ii smarty 2.6.14-1 Template engine for PHP ii smarty-gettext 1.0b1-2 provides gettext support for smart ii wwwconfig-common0.0.48 Debian web auto configuration gosa recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401980: apt-get segfaults during Debian installation
Why has this bug been merged with #401263 ? I specifically separated it out from #401263, because I became apparent to me that the problem was different to the one detailed there. The patch posted to #401263 does not fix the problem I am seeing in the installer. Gordon -- Gordon Farquharson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: unmerging 401263
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 unmerge 401263 Bug#401263: apt segfaults when reading package lists Bug#401980: apt-get segfaults during Debian installation Disconnected #401263 from all other report(s). End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#277619: Adobe Acrobat 8 PR0 MS Office 2007 $79 N0W @ Jacqueline's Softshop
T0P 1O TITLES 0N [EMAIL PROTECTED] N0W! $79 MS Office Enterprise 2007 $79 Adobe Acrobat 8 Pro $49 Windows XP Pro w/SP2 $59 Adobe Premiere 2.0 $99 Macromedia Studio 8 $69 QuickBooks 2006 Prem. $129 Autodesk Autocad 2007 $59 Corel Grafix Suite X3 $149 Adobe Creative Suite 2 $59 Adobe Illustrator CS2 http://acrsok.erdvaoem.com/ See more by this manufacturer Microsoft New Mac Software Adobe Microsoft Office 2007 Enterprise Edition Regular price: $899.00 Our offer: $79.95 You save: $819.95 (89%) Availability: Pay and download instantly. http://acrsok.erdvaoem.com/2442.php Sales Rank: #1 Average Customer Review: * (based on 10697 reviews) Adobe Acrobat 8.0 Professional Market price: $449.00 We propose: $79.95 Your profit: $369.05 (80%) Availability: Available for INSTANT download. http://acrsok.erdvaoem.com/2441.php Top-ranked item. Average Customer Review: * (based on 50558 reviews) Macromedia Studio 8 Retail price: $999.00 Proposition: $99.95 Your benefit: $899.05 (90%) Availability: Can be downloaded INSTANTLY. http://acrsok.erdvaoem.com/2348.php Best choice for professional. Average Customer Review: * (based on 83252 reviews) ty: Available for INSTANT download. Top-ranked item. Average Customer Review: * (based on 28130 reviews) echo $ 12 the FTP site menu. -P argument.Again, if you are testing a printer that expects Digital controllers see . pty is a ``pseudo-terminal'' or simulated login port. It is The Regents of the University of California. All rights reserved. 10.1.1.1. Motherboards This instructs savecore(8) to use another kernel for symbol name conversion step each time by having LPD do it for us. Now, each time 67% longer than the 150MB tapes. This drive can read 120MB tapes as or ``EXB-8500'' __ 5|D300|Fast-Dial-300:\ 11.4.1.5. Serial Interface Considerations (cd ./documentation/; make ) support for filesystems you use less often (perhaps the MS-DOS what was, at the time, a completely unknown project, it is quite systems such as 4.4BSD from CSRG, BSD/386, 386BSD and NetBSD. [do not forget the trailing slash (/)!] as a 16550A in their ability to handle high speed data. However, most The following tasks are considered to be urgent, usually because they DMA Address and Count Registers In most cases the remapping is done by using N-1 sectors on each track for anyone. If, however, you see the dreaded ``proc table Note: If you are working in a networked environment, lprm will let you skip to the section ``Installing the Text Filter''. Otherwise, (cd ./documentation/; make ) the Intel port of 4.4 was highly incomplete.It took us until integrity of the delta and see if it would apply cleanly to your If the printer did not work, see the next section, file comes from the af capability in /etc/printcap, and if not hosts are identified using a mechanism known as RIP (Routing reaches your network. PostScript printers are expensive. Section ``Simulating PostScript block handling is not usable and still FreeBSD's filesystems assume The parity bit was incorrect for the spooling system that comes with FreeBSD. You can probably appreciate # 10.4.13. * Other Network Communications information are: central one.It has been developed for usage with FreeBSD's source o It might understand the LPD protocol and can even queue jobs from swap space that you want to take advantage of. A perfect place The boot message identifier for this drive is ARCHIVE VIPER 150 21531 There is also a CCITT standard named V.24 that mirrors the URL:freefall.cdrom/pub/CTM zhang 9.001 $ 0.18 Updating wollman:) these will not appear if you sd0(bt0:0:0): Direct-Access 1350MB (2766300 512 byte sectors) (e.g., `Makefile'), set ${DIST_SUBDIR} to the name of the port o Switch 2: Do not care (Verbal Result Codes/Numeric Result Codes) :lp=/dev/lpt0: Verifying password Do not know exactly what effect these lines have need to use the trick introduced in section ``Accounting for Header if [ ! -x /sys/compile/MINI/kernel ] Kerberos is a network add-on system/protocol that allows users to -- cpio(1) does not support backups across the network.You can use a The first line (`permit internet') allows users whose IP source +0x03 write/read Line Control Register (LCR) and no separate installation is required. Use title on the pr header instead of the file name. This trap cleanup 1 2 15 etc.). Not all of the existing Makefiles are in this format (mostly subset of ${DISTFILES} are actual extractable archives, then set them install (whether or not you actually use it as the installa- able to send some simple data to the printer. Now, we are ready to mt fsf 1 causes the tape drive to write an Identifier Block to the checks the
Bug#402010: gosa leaves the ldap admin password readable by any web application
Finn-Arne Johansen wrote: Package: gosa Version: 2.5.6-2 Severity: critical Tags: security Justification: root security hole The documentation in gosa tells the admin to install gosa.conf under /etc/gosa/gosa.conf, and to make it readable by the group www-data. In this configuration file, the ldap admin password is stored in cleartext. Any process running under the web process can now read that file, and if the same ldap users was used for authenticating , it would be rather easy to create a user with root access. Honestly, what solution would you propose for a process running as www-data to access a password which can not be read by other processes running as www-data? this litle script placed under my ~/public_html/ revealed the password on my server ?php system ('cat /etc/gosa/gosa.conf') ; ? As usual, it's sad, but if you allow random users to use self-written PHP scripts, they can access everything that the www-data user can access. It may be different with suhosin. As a general rule, users don't belong on services machines, if you want to avoid such problems. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398899: Bug#399986: Bug#398899: reopen, still fails
retitle 398899 RM: python-iconvcodec - RoM: python 2.3 only retitle 401634 RM: python-iconvcodec - RoM: python 2.3 only severity 401634 serious reassign 401634 ftp.debian.org merge 398899 401634 retitle 398039 RM: python-cjkcodecs - RoM: python 2.3 only reassign 398039 ftp.debian.org merge 398039 401675 thanks 2006-12-07 (목), 10:53 +0100, Raphael Hertzog 쓰시길: Hello Changwoo, On Tue, 05 Dec 2006, Changwoo Ryu wrote: Well, the problem is still on python-central, exactly dh_pycentral which has been used during package build. Before these stupid binary-only uploads, the packages had the correct Depends, python (= 2.3), python ( 2.4). But the new rebuilt revisions have just python (= 2.3). The binary NMU are not stupid... but your packaging is no more compliant with the latest python policy. python2.3 won't be shipped in etch and is removed from sid already (or is going to be removed soon). The old dependency python (= 2.3), python ( 2.4) can't be met in etch/sid. So dh_pycentral is not going to generate a dependency which results in an uninstallable package. Please either change the package to work with python 2.4 (and any other new upstream version) or remove the package completely. And the same applies to python-cjkcodecs (#398039). Please take a decision and we could provide you some more help. We're speaking of RC bugs here, please act promptly. I see. python-cjkcodecs has mreged to python 2.4. (And python-iconvcodec does almost same thing with cjkcodecs.) So just removing is the right decision. -- Changwoo Ryu [EMAIL PROTECTED]
Bug#401391: New package ready -- need sponsor
If a rc bug hunter sees this and wants to beat my regular sponsor to it. You can find a new package at http://www.famdijkstra.org/~tdykstra/debian/uswsusp TIA, Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed (with 2 errors): Re: Bug#398899: Bug#399986: Bug#398899: reopen, still fails
Processing commands for [EMAIL PROTECTED]: retitle 398899 RM: python-iconvcodec - RoM: python 2.3 only Bug#398899: python-central: wrong python versioned dependency by dh_pycentral Changed Bug title. retitle 401634 RM: python-iconvcodec - RoM: python 2.3 only Bug#401634: python-iconvcodec: depends on python 2.3 Changed Bug title. severity 401634 serious Bug#401634: RM: python-iconvcodec - RoM: python 2.3 only Severity set to `serious' from `important' reassign 401634 ftp.debian.org Bug#401634: RM: python-iconvcodec - RoM: python 2.3 only Bug reassigned from package `python-iconvcodec' to `ftp.debian.org'. merge 398899 401634 Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Bug#401634: RM: python-iconvcodec - RoM: python 2.3 only Mismatch - only Bugs in same state can be merged: Values for `package' don't match: #398899 has `python-iconvcodec'; #401634 has `ftp.debian.org' retitle 398039 RM: python-cjkcodecs - RoM: python 2.3 only Bug#398039: RM: python-cjkcodecs; no longer useful for python2.4 Changed Bug title. reassign 398039 ftp.debian.org Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Bug reassigned from package `python-cjkcodecs' to `ftp.debian.org'. merge 398039 401675 Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Bug#401675: RM: python-cjkcodecs -- RoQA; python 2.3 only Mismatch - only Bugs in same state can be merged: Values for `severity' don't match: #398039 has `serious'; #401675 has `normal' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402010: gosa leaves the ldap admin password readable by any web application
Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen: Package: gosa Version: 2.5.6-2 Severity: critical Tags: security Justification: root security hole The documentation in gosa tells the admin to install gosa.conf under /etc/gosa/gosa.conf, and to make it readable by the group www-data. In this configuration file, the ldap admin password is stored in cleartext. Any process running under the web process can now read that file, and if the same ldap users was used for authenticating , it would be rather easy to create a user with root access. this litle script placed under my ~/public_html/ revealed the password on my server ?php system ('cat /etc/gosa/gosa.conf') ; ? So, do you have another solution, actually? Any web application that stores information about passwords has the same problem, you can simply get passwords to mysql databases, etc. Don't use public stuff on these administrative servers. I'm not responsible for configuring your PHP installation, i.e. use PHPs secure mode to avoid these cases. Cheers, Cajus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#389711: Library upgrade for exiv2
* Mark Purcell ([EMAIL PROTECTED]) [20061207 06:46]: While we await a decision from debian-release. Could you post packages to either experimental or people.debian.org so we can start the integration. Sure. I have limited airtime on the network; will do my best. Peter -- .+'''+. .+'''+. .+'''+. .+'''+. .+'' Kelemen Péter / \ / \ /[EMAIL PROTECTED] .+' `+...+' `+...+' `+...+' `+...+' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402017: Depends on removed cpp-4.0
Package: gcc-4.0-locales Version: 4.0.3-8 Severity: serious gcc-4.0-locales -8 still depends on cpp-4.0 even though cpp-4.0 is not build anymore for this revision. This will make this package uninstallable once the old cpp-4.0 binary is removed. Gruesse, Frank Lichtenheld -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: hppa (parisc64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-parisc64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401893: marked as done (mplayer: FTBFS on AMD64)
Your message dated Thu, 07 Dec 2006 14:02:07 + with message-id [EMAIL PROTECTED] and subject line Bug#401893: fixed in mplayer 1.0~rc1-7 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: mplayer Version: 1.0~rc1-6 Severity: serious After trying build several time with different options, I found that it built successfully with or without real and xanim, but failed with win32. So please remove the line with_win32 = true out of amd64 build arch in debian/rules. Sorry for wrong description of my config in #401697, I was trying the different configs and testing if it works at that time. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.19 Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8) Versions of packages mplayer depends on: ii debconf [debconf-2 1.5.8 Debian configuration management sy ii libaa1 1.4p5-30 ascii art library ii libartsc0 1.5.5-1 aRts sound system C support librar ii libasound2 1.0.13-1 ALSA library ii libatk1.0-01.12.3-1 The ATK accessibility toolkit ii libaudio2 1.8-2 The Network Audio System (NAS). (s ii libaudiofile0 0.2.6-6 Open-source version of SGI's audio ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libcaca0 0.99.beta11.debian-1 colour ASCII art library ii libcairo2 1.2.4-4 The Cairo 2D vector graphics libra ii libcdparanoia0 3.10+debian~pre0-3audio extraction tool for sampling ii libconfhelper-perl 0.12.5Library for editing configuration ii libcucul0 0.99.beta11.debian-1 low-level Unicode character drawin ii libdirectfb-0.9-25 0.9.25.1-4direct frame buffer graphics - sha ii libdvdread30.9.7-2 library for reading DVDs ii libesd00.2.36-3 Enlightened Sound Daemon - Shared ii libfontconfig1 2.4.1-2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libglib2.0-0 2.12.4-2 The GLib library of C routines ii libgtk2.0-02.8.20-3 The GTK+ graphical user interface ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii liblircclient0 0.8.0-9 LIRC client library ii libmad00.15.1b-2.1 MPEG audio decoder library ii libncurses55.5-5 Shared libraries for terminal hand ii libogg01.1.3-2 Ogg Bitstream Library ii libpango1.0-0 1.14.8-2 Layout and rendering of internatio ii libpng12-0 1.2.13-4 PNG library - runtime ii libsdl1.2debian1.2.11-7 Simple DirectMedia Layer ii libsvga1 1:1.4.3-24console SVGA display libraries ii libtheora0 0.0.0.alpha7.dfsg-1.1 The Theora Video Compression Codec ii libungif4g 4.1.4-4 shared library for GIF images ii libx11-6 2:1.0.3-4 X11 client-side library ii libxcursor11.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.1-4 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.1-3 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library ii libxrender11:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii libxv1 1:1.0.2-1 X11 Video extension library ii libxvmc1 1:1.0.2-2 X11 Video extension library ii libxxf86dga1 2:1.0.1-2 X11 Direct Graphics Access extensi ii libxxf86vm11:1.0.1-2 X11 XFree86 video mode extension l ii mplayer-skin-blue 1.6-1 blue skin for mplayer ii zlib1g 1:1.2.3-13compression library - runtime mplayer recommends no packages. -- debconf information: mplayer/voutput: autodetect mplayer/rtc: false mplayer/ttfont: Sans
Bug#392464: kernel-patch-exec-shield still doesn't apply cleany (kernel 2.6.18)
Hi, This is the output: ../kernel-patches/all/apply/exec-shield START applying exec-shield patch (Exec-shield) Testing whether Exec-shield patch for 2.6.18 applies (dry run): 2 out of 3 hunks FAILED -- saving rejects to file mm/mprotect.c.rej Exec-shield patch for 2.6.18 does not apply cleanly All my packages were updated till today (07/12/2006). I'm using Debian Unstable. Thanks! Cheers, Johnny Morano signature.asc Description: This is a digitally signed message part
Bug#333522: Adobe Acrobat 8 PR0 MS Office 2007 $79 N0W @ Deborah's Softshop
T0P 1O TITLES 0N [EMAIL PROTECTED] N0W! $79 MS Office Enterprise 2007 $79 Adobe Acrobat 8 Pro $49 Windows XP Pro w/SP2 $59 Adobe Premiere 2.0 $99 Macromedia Studio 8 $69 QuickBooks 2006 Prem. $129 Autodesk Autocad 2007 $59 Corel Grafix Suite X3 $149 Adobe Creative Suite 2 $59 Adobe Illustrator CS2 http://acrsok.erdvaoem.net/ See more by this manufacturer Microsoft New Mac Software Adobe Microsoft Office 2007 Enterprise Edition Regular price: $899.00 Our offer: $79.95 You save: $819.95 (89%) Availability: Pay and download instantly. http://acrsok.erdvaoem.net/2442.php Sales Rank: #1 Average Customer Review: * (based on 28157 reviews) Adobe Acrobat 8.0 Professional Market price: $449.00 We propose: $79.95 Your profit: $369.05 (80%) Availability: Available for INSTANT download. http://acrsok.erdvaoem.net/2441.php Top-ranked item. Average Customer Review: * (based on 76767 reviews) Macromedia Studio 8 Retail price: $999.00 Proposition: $99.95 Your benefit: $899.05 (90%) Availability: Can be downloaded INSTANTLY. http://acrsok.erdvaoem.net/2348.php Best choice for professional. Average Customer Review: * (based on 88063 reviews) ty: Available for INSTANT download. Top-ranked item. Average Customer Review: * (based on 10158 reviews) If you are the only user of your computer and PostScript (or other bus width is negotiated between the devices. You have to watch your See also: mode PPP'' section of the handbook for more information. o Preemptive multitasking with dynamic priority adjustment to ensure almost identical to each other! They are: simultaneous SLIP sessions to support. This handbook has more custom configuration file, copy the file GENERICAH (or GENERICBT, if You should give it your full Internet hostname. Do send applicable changes/patches to the original author/maintainer Update packet counters but do not allow/deny the packet based on from the current boot. 6.1.DES, MD5, and Crypt o Switch 7: UP - Load NVRAM Defaults When the counter reaches zero, the DMA asserts the EOP signal, which for each change as it is made along with any pertinent information Contact: Remy.Cardibp.fr. % cd /usr/local/Mathematica/Install example, suppose we do a lot of work with the TeX typesetting system, on possible side-effects. 26 February 1996 installed with a simple command (pkg_add) by those who do not wish to Attempting to fetch from kermit.columbia.edu/kermit/archives/. device npx0 at isa? port IO_NPX irq 13 vector npxintr only two arguments to an output filter: If an index value is supplied, it used to place the entry at a Here is the process that FreeBSD follows to accept dialup logins. A device sb0 at isa? port 0x220 irq 7 conflicts drq 1 vector sbintr the necessary options or you will need someone else to compile it password and see if it works.) Programs which use `crypt' are linked Try to mount(8) (e.g. mount /dev/sd0a /mnt) the root partition of your Verifying password traffic. This can cause a problem for people (on the inside) using DMA Address and Count Registers contain: ISBN 0-201-51459-1 Identifies the device that has the modem hanging from it. COM1: user interface (GUI) for the cost of a common VGA card and monitor coming around. WD1007's onboard BIOS. This implied I could not use the low-level library cache to the contents of /usr/lib only, and will royally screw /etc/printcap with the lp capability; see ``Identifying the Printer that have a single jumper to enable or disable a built-in terminator. 7.4.1.2. Parallel Ports The next step in the simple spooler setup is to make a spooling 3. Make a spooling directory, and specify its location with the sd 6.3.7. Using other commands } ; swapfs 192.1.2.3:/swapfs Change (-CTS, tampered with, accidentally truncated, struck by neutrinos while in The advantage of intelligent devices is obvious: the device drivers on defaults when possible) as fast as possible. If you've never used Wait for Triton-II. A. You can use the PORTSDIR and PREFIX variables to tell the ports full description of the printer, including make and model. This scheme works fine, but keep in mind that it of course only works the following URLs: This is the location of function trap() in the stack trace. URL:ftp.FreeBSD/pub/FreeBSD/incoming. Before you can run Mathematica you will have to obtain a password from o Future Domain 8xx/950 series SCSI controllers. name of the file from the af capability), but if you have a well- of `Additional FreeBSD contributors' on the FreeBSD Handbook and other 0x2f8, IO_COM3 is 0x3e8, and IO_COM4 is 0x2e8, which are fairly common GPL_MATH_EMULATE to use the superior GNU math support, Now, suppose you want to install the gnats program from the databases the Divisor Registers, and clearing alias for this: `panic'. follows: The syntax used to specify an address/mask
Bug#395321: vaiostat-source: fails to build against 2.6.18
* Arnaud Fontaine [EMAIL PROTECTED] [20061207 00:15]: I fix this bug by using module_param instead of MODULE_PARM which is deprecated (in favor of module_param) and not type-safe. It builds fine but could you please try this patch and tell me if the module behaves correctly? If so, I will prepare a NMU. The patch itself looks ok for me, but sorry - I do not own the appropriate hardware to test the module. regards, -mika- pgpRfaEridZa3.pgp Description: PGP signature
Bug#402014: defoma, fontconfig: integration is broken, brokes updates of font packages
Package: defoma, fontconfig Severity: serious Currently upgrades of font packages with truetype fonts that use defoma are broken, as can be seen from comments to bugs #401411 and #401615. One needs to run 'dpkg-reconfigure fontconfig' or fc-cache -f after upgrade. Until this is done, there maybe some bugs visible. This is probably caused by fontconfig generating caches for both directory with symlinks in /var/lib/defoma/fontconfig.d and with real files in /usr/share/fonts . Then after font package upgrade, only directory under /var/... is scanned (if scanned at all). Severity is set to 'serious' because of broken packages after upgrades. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.19-me Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: merging same remove request
Processing commands for [EMAIL PROTECTED]: reassign 398899 ftp.debian.org Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Bug reassigned from package `python-iconvcodec' to `ftp.debian.org'. merge 398899 401634 Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Bug#401634: RM: python-iconvcodec - RoM: python 2.3 only Merged 398899 401634. severity 401675 serious Bug#401675: RM: python-cjkcodecs -- RoQA; python 2.3 only Severity set to `serious' from `normal' merge 398039 401675 Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Bug#401675: RM: python-cjkcodecs -- RoQA; python 2.3 only Merged 398039 401675. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402010: marked as done (gosa leaves the ldap admin password readable by any web application)
Your message dated Thu, 7 Dec 2006 16:57:35 +0100 with message-id [EMAIL PROTECTED] and subject line Bug is not fixable has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gosa Version: 2.5.6-2 Severity: critical Tags: security Justification: root security hole The documentation in gosa tells the admin to install gosa.conf under /etc/gosa/gosa.conf, and to make it readable by the group www-data. In this configuration file, the ldap admin password is stored in cleartext. Any process running under the web process can now read that file, and if the same ldap users was used for authenticating , it would be rather easy to create a user with root access. this litle script placed under my ~/public_html/ revealed the password on my server ?php system ('cat /etc/gosa/gosa.conf') ; ? -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8) Versions of packages gosa depends on: ii apache2-mpm-prefork 2.2.3-3.1Traditional model for Apache HTTPD ii fping 2.4b2-to-ipv6-14 sends ICMP ECHO_REQUEST packets to ii libcrypt-smbhash-perl 0.12-1 generate LM/NT hash of a password ii php55.2.0-7 server-side, HTML-embedded scripti ii php5-gd 5.2.0-7 GD module for php5 ii php5-imagick0.9.11+1-4.1 ImageMagick module for php5 ii php5-imap 5.2.0-7 IMAP module for php5 ii php5-ldap 5.2.0-7 LDAP module for php5 ii php5-mhash 5.2.0-7 MHASH module for php5 ii php5-mysql 5.2.0-7 MySQL module for php5 ii php5-recode 5.2.0-7 recode module for php5 ii postfix [mail-transport 2.3.4-2 A high-performance mail transport ii smarty 2.6.14-1 Template engine for PHP ii smarty-gettext 1.0b1-2 provides gettext support for smart ii wwwconfig-common0.0.48 Debian web auto configuration gosa recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- tags 402010 + wontfix thanks This problem is inherited by the way apache/php handles scripts/permissions. Either disable mod_user [1], or use PHP's safe mode [2] in order to lock down your system. From the gosa point of view, this problem can not be fixed - even not by changing the way gosa authenticates to the LDAP. --- [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s5.8 [2] http://de.php.net/manual/en/features.safe-mode.php#features.safe-mode.functions ---End Message---
Bug#401017: marked as done (Apt hangs for ever, complains about bzip2)
Your message dated Thu, 07 Dec 2006 16:17:02 + with message-id [EMAIL PROTECTED] and subject line Bug#401017: fixed in apt 0.6.46.4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: apt Version: 0.6.46.2 Severity: serious I'm filing this new bug following some discussion (attached) in debian-devel. I've also seen this behaviour a few time and it's very annoying. This should be fixed for etch... Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/ ---BeginMessage--- Hello, Is this a bug in apt? pbuilder update --override-config --configfile /tmp/pbuilder-local.SvMNy19452 W: /home/brian/.pbuilderrc does not exist Upgrading for distribution etch Building the build Environment - extracting base tarball [/var/cache/pbuilder/base-etch.tgz] - creating local configuration - copying local configuration - mounting /proc filesystem - mounting /dev/pts filesystem - policy-rc.d already exists - Installing apt-lines Refreshing the base.tgz - upgrading packages Get:1 http://ftp.au.debian.org etch Release.gpg [378B] Get:2 http://ftp.au.debian.org etch Release [74.4kB] Get:3 http://ftp.au.debian.org etch/main Packages/DiffIndex [2038B] Get:4 http://ftp.au.debian.org etch/main Packages [5579kB] Get:5 http://ftp.au.debian.org etch/main Packages [5579kB] 99% [5 Packages gzip 0] (hangs for ever) I have tried waiting for it to timeout, but it doesn't. I tried running it in strace, but then it works. Perfectly. Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++--- ii apt 0.6.46.2 Advanced front-end for dpkg The chroot in question doesn't yet have the latest Etch key, but I don't think that is significant. Doing a search for bugs, I see #358817, but this doesn't involve NFS so it looks different. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] ---End Message--- ---BeginMessage--- Hi, Brian May wrote: Hello, Is this a bug in apt? pbuilder update --override-config --configfile /tmp/pbuilder-local.SvMNy19452 [...] Get:5 http://ftp.au.debian.org etch/main Packages [5579kB] 99% [5 Packages gzip 0] (hangs for ever) [...] I experienced the same some time ago and worked it around by temporarily switching to a different mirror. It then succeeded, and afterwards I could again switch to my usual mirror. But, yesterday I had the same issue in my i386 chroot, so the issue seems to persist Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] ---End Message--- ---BeginMessage--- On Mon, 27 Nov 2006, Andreas Fester wrote: I experienced the same some time ago and worked it around by temporarily switching to a different mirror. It then succeeded, and afterwards I could again switch to my usual mirror. But, yesterday I had the same issue in my i386 chroot, so the issue seems to persist Use --save-after-login and pbuilder login to open the chroot, add the new apt key, and only then run the update. I don't know where the bug is, but it is directly related to apt key management. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] ---End Message--- ---BeginMessage--- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrique de Moraes Holschuh wrote: On Mon, 27 Nov 2006, Andreas Fester wrote: I experienced the same some time ago and worked it around by temporarily switching to a different mirror. It then succeeded, and afterwards I could again switch to my usual mirror. But, yesterday I had
Processed: Tagging wontfix
Processing commands for [EMAIL PROTECTED]: tags 402010 + wontfix Bug#402010: gosa leaves the ldap admin password readable by any web application Tags were: security Tags added: wontfix thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401099: Still applies
Version: 0.95+dfsg2-0.1 This bug still applies in 0.95+dfsg2-0.1. The difference is that the problematic file is now provided by the Debian-specific diff rather than the original tarball. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400874: marked as done (apt-get: glibc detected: double free or corruption)
Your message dated Thu, 07 Dec 2006 16:17:02 + with message-id [EMAIL PROTECTED] and subject line Bug#400874: fixed in apt 0.6.46.4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: apt Severity: grave Version: 0.6.46.2 Hi, on my freshly installed etch amd64-system, I get this error now: [EMAIL PROTECTED]:~$ apt-get source php-imagick Reading package lists... Done Building dependency tree... Done *** glibc detected *** double free or corruption (!prev): 0x005b0980 *** Aborted The same happens with apt-get source bash. My /etc/apt/sources.list contains: deb http://ftp2.de.debian.org/debian etch main deb-src http://ftp2.de.debian.org/debian etch main deb-src http://ftp2.de.debian.org/debian sid main Any hints for me? Cheers, Andi -- http://home.arcor.de/andreas-barth/ ---End Message--- ---BeginMessage--- Source: apt Source-Version: 0.6.46.4 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive: apt-doc_0.6.46.4_all.deb to pool/main/a/apt/apt-doc_0.6.46.4_all.deb apt-utils_0.6.46.4_i386.deb to pool/main/a/apt/apt-utils_0.6.46.4_i386.deb apt_0.6.46.4.dsc to pool/main/a/apt/apt_0.6.46.4.dsc apt_0.6.46.4.tar.gz to pool/main/a/apt/apt_0.6.46.4.tar.gz apt_0.6.46.4_i386.deb to pool/main/a/apt/apt_0.6.46.4_i386.deb libapt-pkg-dev_0.6.46.4_i386.deb to pool/main/a/apt/libapt-pkg-dev_0.6.46.4_i386.deb libapt-pkg-doc_0.6.46.4_all.deb to pool/main/a/apt/libapt-pkg-doc_0.6.46.4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt [EMAIL PROTECTED] (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 7 Dec 2006 10:49:50 +0100 Source: apt Binary: apt-utils libapt-pkg-doc libapt-pkg-dev apt-doc apt Architecture: source all i386 Version: 0.6.46.4 Distribution: unstable Urgency: high Maintainer: APT Development Team deity@lists.debian.org Changed-By: Michael Vogt [EMAIL PROTECTED] Description: apt- Advanced front-end for dpkg apt-doc- Documentation for APT apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Closes: 398381 400874 401017 Changes: apt (0.6.46.4) unstable; urgency=high . * ack NMU (closes: #401017) * added apt-secure.8 to See also section * apt-pkg/deb/dpkgpm.cc: - added Dpkg::StopOnError variable that controls if apt will abort on errors from dpkg * apt-pkg/deb/debsrcrecords.{cc,h}: - make the Buffer grow dynmaically (closes: #400874) * Merged from Christian Perrier bzr branch: - uk.po: New Ukrainian translation: 483t28f3u - el.po: Update to 503t9f2u - de.po: Updates and corrections. * apt-pkg/contrib/progress.cc: - OpProgress::CheckChange optimized, thanks to Paul Brook (closes: #398381) * apt-pkg/contrib/sha256.cc: - fix building with noopt Files: 22f6d1c960f5d57263487f6d57dfc57a 788 admin important apt_0.6.46.4.dsc 82ec892fb9d389a4b6090cc2314e1714 1797347 admin important apt_0.6.46.4.tar.gz ab4bd0d33e5112129f4a6fddb30ef051 91468 doc optional apt-doc_0.6.46.4_all.deb 8b24eafb11eb630306462f77a380b300 113052 doc optional libapt-pkg-doc_0.6.46.4_all.deb 61aa2370fdd1dd47bdd9a9d4edcf0366 1445796 admin important apt_0.6.46.4_i386.deb c6a3bea824c613e787a1a500706a3f1b 84084 libdevel optional libapt-pkg-dev_0.6.46.4_i386.deb aedda4fa178a4a05a917cb1df54ceb67 199198 admin important apt-utils_0.6.46.4_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFdGNQliSD4VZixzQRAkL1AJ9vw7rECsmRh3DpC+YH/9DHKzQfiwCglZN/ rOSnKrnTPdK5CCm9tuP7f1A= =t/Se -END PGP SIGNATURE- ---End Message---
Bug#397571: [debiandoc-sgml-pkgs] Bug#397676: Bug#397571: debian-reference: FTBFS: ERROR: reference.zh-tw.pdf could not be generated properly
Osamu Aoki [EMAIL PROTECTED] wrote: On Sat, Dec 02, 2006 at 02:42:15PM +0100, Danai SAE-HAN wrote: I'm confident that this bug (#397571) is solved after new debiandoc-sgml and debian-reference packages have been released. Thanks. I uploaded debiandoc-sgml and one more package today. I will do debian-reference later.(once debiandoc-sgml hit unstable) I have tried this, and there are still issues. First of all, debian-reference as currently in sid (is there a public repository somewhere?) needs to depend (at least) on latex-cjk-chinese and latex-cjk-chinese-arphic-bkai00mp. If I install these packages, reference.zh-tw.pdf still fails. The first error is: ! Improper alphabetic constant. to be read again \textbackslash l.102 ...textbf{shell ABFCA5O}BDdA8D2A8D3B2[BB\textbackslash {}A8tB2CEBADEB2zAABAA6UADD3ADB1A6VA1C A5]ACA... A one-character control sequence belongs after a ` mark. So I'm essentially inserting \0 here. This looks like an encoding problem? Regards, Frank -- Dr. Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)
Bug#401198: NMU patch for this bug
Hi, since didn't get an okay to adjust the dependencies, I only fixed the RC issue: diff -Nur cdcover-0.9.1.old/debian/changelog cdcover-0.9.1/debian/changelog --- cdcover-0.9.1.old/debian/changelog 2006-12-06 13:49:25.0 +0100 +++ cdcover-0.9.1/debian/changelog 2006-12-07 19:04:19.0 +0100 @@ -1,3 +1,18 @@ +cdcover (0.9.1-6.2) unstable; urgency=low + + * NMU to fix RC bug + * There was a typo in my patch that lead to the previous NMU, and is now +fixed by this upload, s/latin/latin1/ (closes: #401198) + + -- Frank KÃŒster [EMAIL PROTECTED] Thu, 7 Dec 2006 19:03:37 +0100 + +cdcover (0.9.1-6.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix FTBFS: replace \usepackage{isolatin1} with inputenc. Closes: #401198 + + -- Andreas Barth [EMAIL PROTECTED] Tue, 5 Dec 2006 20:48:16 + + cdcover (0.9.1-6) unstable; urgency=low * Bumped standards-version to 3.6.2. diff -Nur cdcover-0.9.1.old/reshead.tex cdcover-0.9.1/reshead.tex --- cdcover-0.9.1.old/reshead.tex 2000-05-04 17:49:16.0 +0200 +++ cdcover-0.9.1/reshead.tex 2006-12-06 13:44:48.0 +0100 @@ -1,5 +1,6 @@ \documentclass[]{article} -\usepackage{ifthen,isolatin1,graphicx,color} +\usepackage{ifthen,graphicx,color} +\usepackage[latin1]{inputenc} \graphicspath{{/tmp/disc-cover-8568/}} \renewcommand{\thepage}{} \setlength{\oddsidemargin}{0pt} The dependency on texlive should be fixed, too, I think - post-etch it'll become RC, anyway, if we don't change our plans. On the other hand, we should consider whether this package is actually needed. It does have a couple of users according to popcon, but at least seems none of them uses sid, etch or the teTeX backports, otherwise this wouldn't have gone undetected. Regards, Frank -- Dr. Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)
Bug#401198: marked as done (uses obsolete, nonexistent isolatin1.sty)
Your message dated Thu, 07 Dec 2006 18:17:07 + with message-id [EMAIL PROTECTED] and subject line Bug#401198: fixed in cdcover 0.9.1-6.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: cdcover Version: 0.9.1-6 Severity: minor I guess cdcover can be used with the texlive TeX distribution as well as with TeTeX. As texlive is in Debian (and TeTeX is discontinued), please allow texlive as an alternative dependency for cdcover. The latex-ucs package also does this, for example. ---End Message--- ---BeginMessage--- Source: cdcover Source-Version: 0.9.1-6.2 We believe that the bug you reported is fixed in the latest version of cdcover, which is due to be installed in the Debian FTP archive: cdcover_0.9.1-6.2.diff.gz to pool/main/c/cdcover/cdcover_0.9.1-6.2.diff.gz cdcover_0.9.1-6.2.dsc to pool/main/c/cdcover/cdcover_0.9.1-6.2.dsc cdcover_0.9.1-6.2_i386.deb to pool/main/c/cdcover/cdcover_0.9.1-6.2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Frank Küster [EMAIL PROTECTED] (supplier of updated cdcover package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 7 Dec 2006 19:03:37 +0100 Source: cdcover Binary: cdcover Architecture: source i386 Version: 0.9.1-6.2 Distribution: unstable Urgency: low Maintainer: Roberto Suarez Soto [EMAIL PROTECTED] Changed-By: Frank Küster [EMAIL PROTECTED] Description: cdcover- Creating Data-CD Covers Closes: 401198 Changes: cdcover (0.9.1-6.2) unstable; urgency=low . * NMU to fix RC bug * There was a typo in my patch that lead to the previous NMU, and is now fixed by this upload, s/latin/latin1/ (closes: #401198) Files: b231bc77f0066b13a2fade27c817c6f6 559 text optional cdcover_0.9.1-6.2.dsc 88451915fafd9fe824b4174bde4d42d1 5741 text optional cdcover_0.9.1-6.2.diff.gz 1fecd0f3afacc66d6dee268337788033 25996 text optional cdcover_0.9.1-6.2_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFeFh++xs9YyJS+hoRAm7xAJ9HiBi11truBL9pCFnfeBdNomtVRwCfeMqK uIOUskyaTyqA3DNFNe2OwD8= =oGK5 -END PGP SIGNATURE- ---End Message---
Processed: Forwarded bug.
Processing commands for [EMAIL PROTECTED]: forwarded 401569 https://develop.participatoryculture.org/democracy/ticket/5145 Bug#401569: wrong plural form for Romanian makes app to crash on start Noted your statement that Bug has been forwarded to https://develop.participatoryculture.org/democracy/ticket/5145. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402017: marked as done (Depends on removed cpp-4.0)
Your message dated Thu, 7 Dec 2006 19:44:23 +0100 with message-id [EMAIL PROTECTED] and subject line Bug#402017: Depends on removed cpp-4.0 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gcc-4.0-locales Version: 4.0.3-8 Severity: serious gcc-4.0-locales -8 still depends on cpp-4.0 even though cpp-4.0 is not build anymore for this revision. This will make this package uninstallable once the old cpp-4.0 binary is removed. Gruesse, Frank Lichtenheld -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: hppa (parisc64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-parisc64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) ---End Message--- ---BeginMessage--- Frank Lichtenheld writes: Package: gcc-4.0-locales Version: 4.0.3-8 Severity: serious gcc-4.0-locales -8 still depends on cpp-4.0 even though cpp-4.0 is not build anymore for this revision. This will make this package uninstallable once the old cpp-4.0 binary is removed. the package is still installable on hurd-i386. gcc-4.0-locales is not the only package which is not installable on architectures, where the binary-arch packages are not built. Closing the report. ---End Message---
Processed (with 1 errors): libcommoncpp2
Processing commands for [EMAIL PROTECTED]: severity 402009 grave Bug#402009: twinkle: symbol lookup error when hanging up Severity set to `grave' from `important' title 402009 backward-incompatible ABI changes Unknown command or malformed arguments to command. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#397691: munin-graph consumes all memory
usertag 398111 biten-by usertag 397691 biten-by thanks Hi, After yesterdays update of rrdtool, munin-graph consumes all memory. It seems this issue is known upstream as well: http://oss.oetiker.ch/rrdtool-trac/ticket/54 I hope this gets fixed soon :-) Greetings Arjan signature.asc Description: Dit berichtdeel is digitaal ondertekend
Bug#389355: interface naming conflicts (was: installation-report: Warning about boot partition on newworld powerpc.)
reassign 389355 udev tags 389355 confirmed severity 389355 serious thanks I was able to reproduce this bug. The change mentioned for udev fixes the bug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#342633: marked as done (checkinstall leaves system in unusable state)
Your message dated Thu, 07 Dec 2006 19:17:03 + with message-id [EMAIL PROTECTED] and subject line Bug#342578: fixed in checkinstall 1.6.1-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- package: checkinstall version: 1.5.3-3 severity: grave On Thu, 8 Dec 2005, Fabian Greffrath wrote: package: checkinstall version: 1.5.3-3 severity: grave Hello! I wanted to use checkinstall to create a 'Sun Java JRE' Package out of Sun's self-installing bin-file. So I started 'checkinstall ./jre-1_5_0-$foo.bin' as root several times and tried out some of the options to make the package meet my needs. After playing around with checkinstall a bit, a severe problem occured on my system: I could not log in as a normal user anymore but only as root. Trying to log in as a normal user allways gave the error message 'no shell'. Programs like exim4, sudo and gdm did not work anymore either. After a lot of work and time I found out that the permissions of the base dir '/' were set to 700! So a simple 'chmod 755 /' was the solution. Nevertheless I have not been far away from reinstalling Debian! I do not know if 'checkinstall' itself or 'installwatch' are blamable on this, but I think that it MUST be guaranteed that no program leaves your system in such a state. No matter if the user has done a handling error / faulty operation or not. Well, the first thing that would be useful to know is exactly what options did you use the last time you ran checkinstall. It would be really useful for trying to figure out what actually happened to your system. Please send it ;-) The second thing is, the other week I wanted to delete a file from my system. I had some trouble doing it. So I played with some of the options of the rm program and suddenly my system became completely unstable! Upon examination and after a lot of work I found out that the thing had removed half of the files of my system! The moral of the story: I agree with you, it MUST be guaranteed that no program leaves your system in such a state. I.e. don't mess with your system! But if the program's job IS to actually mess with the system (rm, checkinstall, installwatch, etc) then all you can do is to educate the user about it's proper use and do your best to avoid putting too much bugs in ;-) ---End Message--- ---BeginMessage--- Source: checkinstall Source-Version: 1.6.1-1 We believe that the bug you reported is fixed in the latest version of checkinstall, which is due to be installed in the Debian FTP archive: checkinstall_1.6.1-1.diff.gz to pool/main/c/checkinstall/checkinstall_1.6.1-1.diff.gz checkinstall_1.6.1-1.dsc to pool/main/c/checkinstall/checkinstall_1.6.1-1.dsc checkinstall_1.6.1-1_i386.deb to pool/main/c/checkinstall/checkinstall_1.6.1-1_i386.deb checkinstall_1.6.1.orig.tar.gz to pool/main/c/checkinstall/checkinstall_1.6.1.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felipe Sateler [EMAIL PROTECTED] (supplier of updated checkinstall package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 6 Dec 2006 00:02:32 -0300 Source: checkinstall Binary: checkinstall Architecture: source i386 Version: 1.6.1-1 Distribution: unstable Urgency: low Maintainer: Felipe Sateler [EMAIL PROTECTED] Changed-By: Felipe Sateler [EMAIL PROTECTED] Description: checkinstall - installation tracker Closes: 281823 284786 342578 Changes: checkinstall (1.6.1-1) unstable; urgency=low . * New upstream release. * Tag files in /etc as conffiles (Closes: #284786) * Fix backup restoration changing permissions of the root directory. (Closes: #342578, #281823) * Fix erronous manpage sgml files. Files: c9d51d994113daffef2a205efbacbbf7 608 admin optional checkinstall_1.6.1-1.dsc 1ae49645d6d16efac79ac67b84bfb419 159552 admin optional checkinstall_1.6.1.orig.tar.gz d4826868b9e13c5cc8e2075572994cc7 9167 admin optional checkinstall_1.6.1-1.diff.gz 346713570ba034409b9c1c104fa93eeb 110430 admin optional checkinstall_1.6.1-1_i386.deb -BEGIN PGP SIGNATURE- Version:
Bug#342578: marked as done (checkinstall leaves system in unusable state)
Your message dated Thu, 07 Dec 2006 19:17:03 + with message-id [EMAIL PROTECTED] and subject line Bug#342578: fixed in checkinstall 1.6.1-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- package: checkinstall version: 1.5.3-3 severity: grave Hello! I wanted to use checkinstall to create a 'Sun Java JRE' Package out of Sun's self-installing bin-file. So I started 'checkinstall ./jre-1_5_0-$foo.bin' as root several times and tried out some of the options to make the package meet my needs. After playing around with checkinstall a bit, a severe problem occured on my system: I could not log in as a normal user anymore but only as root. Trying to log in as a normal user allways gave the error message 'no shell'. Programs like exim4, sudo and gdm did not work anymore either. After a lot of work and time I found out that the permissions of the base dir '/' were set to 700! So a simple 'chmod 755 /' was the solution. Nevertheless I have not been far away from reinstalling Debian! I do not know if 'checkinstall' itself or 'installwatch' are blamable on this, but I think that it MUST be guaranteed that no program leaves your system in such a state. No matter if the user has done a handling error / faulty operation or not. I send a bcc-copy to the upstream author as well! Nice Greetings, Fabian ---End Message--- ---BeginMessage--- Source: checkinstall Source-Version: 1.6.1-1 We believe that the bug you reported is fixed in the latest version of checkinstall, which is due to be installed in the Debian FTP archive: checkinstall_1.6.1-1.diff.gz to pool/main/c/checkinstall/checkinstall_1.6.1-1.diff.gz checkinstall_1.6.1-1.dsc to pool/main/c/checkinstall/checkinstall_1.6.1-1.dsc checkinstall_1.6.1-1_i386.deb to pool/main/c/checkinstall/checkinstall_1.6.1-1_i386.deb checkinstall_1.6.1.orig.tar.gz to pool/main/c/checkinstall/checkinstall_1.6.1.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felipe Sateler [EMAIL PROTECTED] (supplier of updated checkinstall package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 6 Dec 2006 00:02:32 -0300 Source: checkinstall Binary: checkinstall Architecture: source i386 Version: 1.6.1-1 Distribution: unstable Urgency: low Maintainer: Felipe Sateler [EMAIL PROTECTED] Changed-By: Felipe Sateler [EMAIL PROTECTED] Description: checkinstall - installation tracker Closes: 281823 284786 342578 Changes: checkinstall (1.6.1-1) unstable; urgency=low . * New upstream release. * Tag files in /etc as conffiles (Closes: #284786) * Fix backup restoration changing permissions of the root directory. (Closes: #342578, #281823) * Fix erronous manpage sgml files. Files: c9d51d994113daffef2a205efbacbbf7 608 admin optional checkinstall_1.6.1-1.dsc 1ae49645d6d16efac79ac67b84bfb419 159552 admin optional checkinstall_1.6.1.orig.tar.gz d4826868b9e13c5cc8e2075572994cc7 9167 admin optional checkinstall_1.6.1-1.diff.gz 346713570ba034409b9c1c104fa93eeb 110430 admin optional checkinstall_1.6.1-1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFeGQieYl9593Atw0RAtqiAKCfPPA31c+yGvnP6DUyngin7EbbBgCbBQrM 24KQm5RhR0xwSryuLcrM7FE= =5Ipf -END PGP SIGNATURE- ---End Message---
Bug#401263: apt-get busted -- again!
Margarita, Margarita Manterola wrote: On 12/5/06, Jan Evert van Grootheest [EMAIL PROTECTED] wrote: I am getting upset now Apt-get is again segfaulting! Yesterday I removed the *.bin files from /var/cache/apt. Then ran apt-get update, apt-get -V upgrade and apt-get clean. Now I do apt-get update and it segfaults again!!! A new apt was uploaded today Could you please upgrade your apt to the latest version in unstable (0.6.46.3-0.1) ? It's quite possible that it still happens, since the fix was aimed at amd64, and you are experiencing this in i386, but please do check. I've tried the 0.2 that is in unstable at this moment (didn't have time for last two evenings). Still busted. (I replaced the valid .bin files with the invalid ones I saved before) It seems to me from this trace that it shouldn't be too hard to actually fix the crash itself (although the real problem, of course, is the invalid bin file). Program received signal SIGSEGV, Segmentation fault. 0xb7c822f3 in strlen () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xb7c822f3 in strlen () from /lib/tls/i686/cmov/libc.so.6 #1 0xb7e05316 in std::string::compare () from /usr/lib/libstdc++.so.6 #2 0xb7efa361 in debPackagesIndex::FindInCache () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #3 0xb7ec2fdb in pkgCacheGenerator::~pkgCacheGenerator () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #4 0xb7ec3aed in pkgMakeStatusCache () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #5 0x08051b5c in ?? () #6 0xb7c2bea8 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #7 0x0804a461 in ?? () (gdb) quit From this trace I would theorize that one of the strings passed to compare is invalid. Using a debug version of apt it shouldn't be too hard to actually fix that. But I don't know the apt code at all and don't have the time to dive into it (given a version with symbols it would be simple to provide a better trace; I would then also get the libc and libstdc++ dev (dbg?) versions). For completeness sake there's also a trace of apt-get: (gdb) run install apt Starting program: /usr/bin/apt-get install apt Failed to read a valid object file image from memory. (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Reading package lists... 0% Program received signal SIGSEGV, Segmentation fault. 0xb7d232f3 in strlen () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xb7d232f3 in strlen () from /lib/tls/i686/cmov/libc.so.6 #1 0xb7ea6316 in std::string::compare () from /usr/lib/libstdc++.so.6 #2 0xb7f9b361 in debPackagesIndex::FindInCache () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #3 0xb7f63fdb in pkgCacheGenerator::~pkgCacheGenerator () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #4 0xb7f64aed in pkgMakeStatusCache () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #5 0xb7f5bcff in pkgCacheFile::BuildCaches () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #6 0xb7f5bdf4 in pkgCacheFile::Open () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #7 0x0805da12 in ?? () #8 0xb7f2a34b in CommandLine::DispatchArg () from /usr/lib/libapt-pkg-libc6.3-6.so.3.11 #9 0x0804f59f in ?? () #10 0xb7cccea8 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #11 0x0804c5a1 in ?? () Thanks for your efforts, Jan Evert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402010: gosa leaves the ldap admin password readable by any web application
Cajus Pollmeier skrev: Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen: Package: gosa Version: 2.5.6-2 Severity: critical Tags: security Justification: root security hole The documentation in gosa tells the admin to install gosa.conf under /etc/gosa/gosa.conf, and to make it readable by the group www-data. In this configuration file, the ldap admin password is stored in cleartext. Any process running under the web process can now read that file, and if the same ldap users was used for authenticating , it would be rather easy to create a user with root access. this litle script placed under my ~/public_html/ revealed the password on my server ?php system ('cat /etc/gosa/gosa.conf') ; ? So, do you have another solution, actually? Any web application that stores information about passwords has the same problem, you can simply get passwords to mysql databases, etc. Don't use public stuff on these administrative servers. I'm not responsible for configuring your PHP installation, i.e. use PHPs secure mode to avoid these cases. Please add these notes to the explenation or at least to the README.Debian file Someone thought about adding gosa as the user admin tool for Debian-Edu, until I pointed this out. -- Finn-Arne Johansen [EMAIL PROTECTED] http://bzz.no/ EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402063: vulnerable to overflow in PS handling (CVE-2006-5864)
Package: evince Version: 0.4.0-2 Severity: critical Tags: security, patch This is the same vulnerability as reported against gv as bug 398292, since evince has old gv code embedded (I've updated the wiki to reflect this: http://wiki.debian.org/EmbeddedCodeCopies) Patch attached (applies to both 0.4.0 and 0.6.1). -- Kees Cook@outflux.net diff -Nur evince-0.4.0/ps/ps.c evince-0.4.0.new/ps/ps.c --- evince-0.4.0/ps/ps.c2005-06-17 06:33:00.0 -0700 +++ evince-0.4.0.new/ps/ps.c2006-12-04 12:28:32.280683848 -0800 @@ -1225,6 +1225,9 @@ quoted = 1; line++; while(*line !(*line == ')' level == 0)) { + if (cp - text = PSLINELENGTH - 2) { +return NULL; + } if(*line == '\\') { if(*(line + 1) == 'n') { *cp++ = '\n'; @@ -1295,8 +1298,12 @@ } } else { -while(*line !(*line == ' ' || *line == '\t' || *line == '\n')) +while(*line !(*line == ' ' || *line == '\t' || *line == '\n')) { + if (cp - text = PSLINELENGTH - 2) { +return NULL; + } *cp++ = *line++; +} } *cp = '\0'; if(next_char)
Bug#402010: gosa leaves the ldap admin password readable by any web application
One way to solve it is to require the people accessing the LDAP database using the web to provide the LDAP admin password during the interaction, and not store it in clear text on the server. One way to avoid having to pass the LDAP admin password every time is to store it in a cookie. It would then only be needed when logging in. To avoid having it in clear text in the cookie, the server can generate a random session key, and use this key to encrypt the password in the cookie, and use it to decrypt the cookie when the user want to access the LDAP database. Both the random session key and the cookie is required to have the LDAP admin password, and nothing dangerous is stored in the cookie nor on the server. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401943: Compiz crash problem solved.
Ok, the xserver upgrade had broken my nvidia driver. I only had to reinstall it to solve the problem. Sorry for the waste of time. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401961: conflicts with libneon26, making most neon-using packages uninstallable
Hi, On Thu, 2006-12-07 at 01:12 +0100, Rene Engelhard wrote: The Problem here is that libneon26 and libneon26-gnutls are *NOT* parallel installable. This causes bazaar to indirectly conflict with anything linked against the normal openssl linked version. [...] The real solution is to make -gnutls and the normal one (-openssl) both installable at the same time. OK, the corrected package is almost done. I have only one problem. The gnutls-dev package has libneon-gnutls.so as symlink to the real lib, don't know how to make it libneon.so . Should I, btw? Packages need libneon, should ask neon-config who to link with. See curl. Well, missed it, but will check it soon. Regards, Laszlo/GCS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: simpledb: FTBFS (amd64): cannot convert 'SQLINTEGER*' to 'SQLLEN*' for argument '6' to 'SQLRETURN SQLBindCol(void*, SQLUSMALLINT, SQLSMALLINT, void*, SQLLEN, SQLLEN*)'
Processing commands for [EMAIL PROTECTED]: severity 358448 serious Bug#358448: simpledb: FTBFS (amd64): cannot convert 'SQLINTEGER*' to 'SQLLEN*' for argument '6' to 'SQLRETURN SQLBindCol(void*, SQLUSMALLINT, SQLSMALLINT, void*, SQLLEN, SQLLEN*)' Severity set to `serious' from `normal' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 402000 is important
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 # 2.6.19 is not RC severity 402000 important Bug#402000: 1.0.8776-3 does not compile with 2.6.19 Severity set to `important' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401943: Compiz crash problem solved.
* Fred VIDIL wrote: Ok, the xserver upgrade had broken my nvidia driver. I only had to reinstall it to solve the problem. Sorry for the waste of time. I'm glad it's working again. Did you by any chance see exactly why it broke the nvidia driver? Perhaps this could be a bug in either the xserver package or the nvidia driver package? Thierry signature.asc Description: Digital signature
Bug#402066: klibc: FTBFS in testing
Package: klibc Version: 1.4.30-1 Severity: grave Justification: fails to build from source klibc is currently not buildable in testing because it build-depends on a package in unstable. This bug should be closed when klibc 1.4.30-2 and linux-headers-2.6.18-3 are both in testing. [EMAIL PROTECTED] a écrit : Automatic build of klibc_1.4.30-1 on qa by sbuild/amd64 85 Build started at 20061205-0637 ** Checking available source versions... Fetching source files... Reading package lists... Building dependency tree... Need to get 602kB of source archives. Get:1 http://debian.aurel32.net etch/main klibc 1.4.30-1 (dsc) [722B] Get:2 http://debian.aurel32.net etch/main klibc 1.4.30-1 (tar) [587kB] Get:3 http://debian.aurel32.net etch/main klibc 1.4.30-1 (diff) [14.3kB] Fetched 602kB in 0s (766kB/s) Download complete and in download only mode ** Using build dependencies supplied by package: Build-Depends: cdbs, debhelper (= 5.0.0), linux-headers-2.6.18-1, bison, flex Checking for already installed source dependencies... cdbs: already installed (0.4.47) debhelper: already installed (5.0.42 = 5.0.0 is satisfied) linux-headers-2.6.18-1: missing bison: missing flex: missing Checking for source dependency conflicts... /usr/bin/sudo /usr/bin/apt-get --purge $CHROOT_OPTIONS -q -y install linux-headers-2.6.18-1 bison flex Reading package lists... Building dependency tree... E: Couldn't find package linux-headers-2.6.18-1 apt-get failed. Package installation failed Trying to reinstall removed packages: Trying to uninstall newly installed packages: Source-dependencies not satisfied; skipping klibc ** Finished at 20061205-0637 Build needed 04:59:35, 0k disk space -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: interface naming conflicts (was: installation-report: Warning about boot partition on newworld powerpc.)
Processing commands for [EMAIL PROTECTED]: reassign 389355 udev Bug#389355: installation-report: Warning about boot partition on newworld powerpc. Bug reassigned from package `installation-reports' to `udev'. tags 389355 confirmed Bug#389355: installation-report: Warning about boot partition on newworld powerpc. There were no tags set. Tags added: confirmed severity 389355 serious Bug#389355: installation-report: Warning about boot partition on newworld powerpc. Severity set to `serious' from `minor' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#398899: Processed: Re: merging same remove request
unmerge 398899 severity 398899 serious reassign 398899 python-iconvcodec retitle 398899 python-iconvcodec: irrelevant for python 2.4; should not ship with etch unmerge 398039 severity 398039 serious reassign 398039 python-cjkcodecs retitle 398039 python-cjkcodecs: irrelevant for python 2.4, should not ship with etch thanks Hi, In order for the Release Team to keep track of packages that should be removed from testing due to release-critical bugs, the release-critical bugs need to be kept assigned to the package in question. (That's why #401675 etc were cloned from the original mails by a Release Manager). Fixing up the bug state with this message. Regards, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402063: vulnerable to overflow in PS handling (CVE-2006-5864)
On Thu, Dec 07, 2006, Kees Cook wrote: This is the same vulnerability as reported against gv as bug 398292, since evince has old gv code embedded (I've updated the wiki to reflect this: http://wiki.debian.org/EmbeddedCodeCopies) Thanks for the bug and the patch! I had flagged the Ubuntu security notice, but didn't have time to upload it yet. I saw that you updated 0.4 and 0.6, but not 0.1; perhaps you do not ship evince 0.1 anymore, but if you do, do you know whether is it affected? Thanks again, -- Loïc Minier [EMAIL PROTECTED] I have no strong feelings one way or the other. -- Neutral President
Processed: severity of 358448 is important
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 # never been built, not RC severity 358448 important Bug#358448: simpledb: FTBFS (amd64): cannot convert 'SQLINTEGER*' to 'SQLLEN*' for argument '6' to 'SQLRETURN SQLBindCol(void*, SQLUSMALLINT, SQLSMALLINT, void*, SQLLEN, SQLLEN*)' Severity set to `important' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: retitle 401842 to RM: gcc-4.0:several -- RoM; NBS
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.25 retitle 401842 RM: gcc-4.0:several -- RoM; NBS Bug#401842: RM -- gcc-4.0 binaries Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 398039 is normal, severity of 398899 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.25 # Removals from unstable are not release-critical severity 398039 normal Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Bug#401675: RM: python-cjkcodecs -- RoQA; python 2.3 only Severity set to `normal' from `serious' severity 398899 normal Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Bug#401634: RM: python-iconvcodec - RoM: python 2.3 only Severity set to `normal' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed (with 2 errors): Re: Processed: Re: merging same remove request
Processing commands for [EMAIL PROTECTED]: unmerge 398899 Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Bug#401634: RM: python-iconvcodec - RoM: python 2.3 only Disconnected #398899 from all other report(s). severity 398899 serious Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Severity set to `serious' from `normal' reassign 398899 python-iconvcodec Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Bug reassigned from package `ftp.debian.org' to `python-iconvcodec'. retitle 398899 python-iconvcodec: irrelevant for python 2.4; should not Bug#398899: RM: python-iconvcodec - RoM: python 2.3 only Changed Bug title. ship with etch Unknown command or malformed arguments to command. unmerge 398039 Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Bug#401675: RM: python-cjkcodecs -- RoQA; python 2.3 only Disconnected #398039 from all other report(s). severity 398039 serious Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Severity set to `serious' from `normal' reassign 398039 python-cjkcodecs Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Bug reassigned from package `ftp.debian.org' to `python-cjkcodecs'. retitle 398039 python-cjkcodecs: irrelevant for python 2.4, should not Bug#398039: RM: python-cjkcodecs - RoM: python 2.3 only Changed Bug title. ship with etch Unknown command or malformed arguments to command. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#389355: installation-report: Warning about boot partition on newworld powerpc.
On Thursday 07 December 2006 21:54, Marco d'Itri wrote: On Sep 25, arthur [EMAIL PROTECTED] wrote: After having rebooted on my freshly installed machine, I saw that my wifi interface was named eth2_rename. The bug was in the way /etc/udev/rules.d/z25_persistent-net.rules was generated. In fact the wifi interface and the FireWire one where both given the same name as you can see below : Come on, you reassign a 2.5 months-old bug and tag it serious+confirmed? This was fixed a long time ago. Well, imho, it is serious (having no network at boot time?) and it was confirmed after netinstalling etch RC1. And if it's so old, why hasn't the fix been backported back into testing? My mistake was that I forgot to see the numerous bug reports about this on udev. Konstantinos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401379: marked as done (gnome-games-data: conflicts with gnome-icon-theme)
Your message dated Thu, 07 Dec 2006 20:47:04 + with message-id [EMAIL PROTECTED] and subject line Bug#401379: fixed in gnome-games 1:2.16.2-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gnome-games-data Version: 1:2.8.3-2 Severity: serious During a test upgrade from Sarge to Etch I noticed the following packaging issue. Not sure if it's a conflict with the Sarge or Etch version of gnome-icon-theme. Cheers, FJP Preparing to replace gnome-games-data 1:2.8.3-2 (using .../gnome-games-data_1%3a2.16.2 -1_all.deb) ... Unpacking replacement gnome-games-data ... dpkg: error processing /var/cache/apt/archives/gnome-games-data_1%3a2.16.2-1_all.deb (--unpack): trying to overwrite `/usr/share/icons/hicolor/48x48/apps/gnome-gnomine.png', which is also in package gnome-icon-theme dpkg-deb: subprocess paste killed by signal (Broken pipe) Selecting previously deselected package gnome-cards-data. dpkg: regarding .../gnome-cards-data_1%3a2.16.2-1_all.deb containing gnome-cards-data: gnome-cards-data conflicts with gnome-games-data ( 1:2.14.2.1-1) gnome-games-data (version 1:2.8.3-2) is installed. dpkg: error processing /var/cache/apt/archives/gnome-cards-data_1%3a2.16.2-1_all.deb (--unpack): conflicting packages - not installing gnome-cards-data pgpWzOXdHlrR9.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: gnome-games Source-Version: 1:2.16.2-2 We believe that the bug you reported is fixed in the latest version of gnome-games, which is due to be installed in the Debian FTP archive: gnome-cards-data_2.16.2-2_all.deb to pool/main/g/gnome-games/gnome-cards-data_2.16.2-2_all.deb gnome-games-data_2.16.2-2_all.deb to pool/main/g/gnome-games/gnome-games-data_2.16.2-2_all.deb gnome-games_2.16.2-2.diff.gz to pool/main/g/gnome-games/gnome-games_2.16.2-2.diff.gz gnome-games_2.16.2-2.dsc to pool/main/g/gnome-games/gnome-games_2.16.2-2.dsc gnome-games_2.16.2-2_amd64.deb to pool/main/g/gnome-games/gnome-games_2.16.2-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Josselin Mouette [EMAIL PROTECTED] (supplier of updated gnome-games package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sun, 3 Dec 2006 04:45:34 +0100 Source: gnome-games Binary: gnome-cards-data gnome-games-data gnome-games Architecture: source all amd64 Version: 1:2.16.2-2 Distribution: unstable Urgency: high Maintainer: Josselin Mouette [EMAIL PROTECTED] Changed-By: Josselin Mouette [EMAIL PROTECTED] Description: gnome-cards-data - data files for the GNOME card games gnome-games - games for the GNOME desktop gnome-games-data - data files for the GNOME games Closes: 401379 Changes: gnome-games (1:2.16.2-2) unstable; urgency=high . * gnome-games-data conflicts with gnome-icon-theme ( 2.14). Closes: #401379. Files: f5120fea7a5f358a7b0aa86e17ec68ea 1662 gnome optional gnome-games_2.16.2-2.dsc 18a63b753cb386ad887a5bc578859cdb 48059 gnome optional gnome-games_2.16.2-2.diff.gz 1ff7450e2eaa775fe082d4fd47e4f869 5259204 gnome optional gnome-games-data_2.16.2-2_all.deb 6fcb42d3a8b4c1c9cb35b57f2f654c05 504956 gnome optional gnome-cards-data_2.16.2-2_all.deb d34138b516d080322497ec32afbbd7d2 841120 gnome optional gnome-games_2.16.2-2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFeHiirSla4ddfhTMRAnWqAKCjT+XCOpZBd38jGXELj4txj9SRmQCfabys 5hqFnycHCUKwT3963QUYK0w= =iOb+ -END PGP SIGNATURE- ---End Message---
Bug#402063: vulnerable to overflow in PS handling (CVE-2006-5864)
On Thu, Dec 07, 2006 at 10:12:14PM +0100, Loïc Minier wrote: Thanks for the bug and the patch! I had flagged the Ubuntu security notice, but didn't have time to upload it yet. Okay, great. I wanted to make sure all the upstreams had the bug recorded, just in case. :) The Gnome report is here: http://bugzilla.gnome.org/show_bug.cgi?id=383485 I saw that you updated 0.4 and 0.6, but not 0.1; perhaps you do not ship evince 0.1 anymore, but if you do, do you know whether is it affected? The earliest supported evince in Ubuntu is 0.4. As far as I can tell, if ps/ps.c exists in the codebase, it's vulnerable. (Since that file was embedded from a vulnerable version of gv.) Thanks! -- Kees Cook@outflux.net
Processed: severity of 401842 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.25 severity 401842 normal Bug#401842: RM: gcc-4.0:several -- RoM; NBS Severity set to `normal' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402071: botan1.4: FTBFS if /proc *is* mounted [amd64]
Package: botan1.4 Version: 1.4.12-1 Severity: grave Justification: fails to build from source botan1.4 uses a crappy perl code which reads /proc/cpuinfo to detect host type instead of standard config.guess/config.sub. This result on a false detection of an athlon instead of an athlon64 when /proc is mounted. It builds fine however with /proc/ unmounted. This also explain why this package does not build on mips/mipsel (but that's not RC). [EMAIL PROTECTED] a écrit : Automatic build of botan1.4_1.4.12-1 on qa by sbuild/amd64 85 Build started at 20061202-0134 ** Checking available source versions... Fetching source files... Reading package lists... Building dependency tree... Need to get 1810kB of source archives. Get:1 http://debian.aurel32.net etch/main botan1.4 1.4.12-1 (dsc) [641B] Get:2 http://debian.aurel32.net etch/main botan1.4 1.4.12-1 (tar) [1801kB] Get:3 http://debian.aurel32.net etch/main botan1.4 1.4.12-1 (diff) [7618B] Fetched 1810kB in 0s (6789kB/s) Download complete and in download only mode ** Using build dependencies supplied by package: Build-Depends: debhelper (= 4), libbz2-dev, libgmp3-dev, libssl-dev, perl, zlib1g-dev Checking for already installed source dependencies... debhelper: missing Using default version 5.0.42 libbz2-dev: missing libgmp3-dev: missing libssl-dev: missing perl: already installed (5.8.8-6.1) zlib1g-dev: missing Checking for source dependency conflicts... /usr/bin/sudo /usr/bin/apt-get --purge $CHROOT_OPTIONS -q -y install debhelper libbz2-dev libgmp3-dev libssl-dev zlib1g-dev Reading package lists... Building dependency tree... The following extra packages will be installed: file gettext gettext-base html2text intltool-debian libgmp3c2 libgmpxx4 libmagic1 po-debconf Suggested packages: dh-make cvs gettext-doc libgmp3-doc libmpfr-dev Recommended packages: curl wget lynx libmail-sendmail-perl libcompress-zlib-perl The following NEW packages will be installed: debhelper file gettext gettext-base html2text intltool-debian libbz2-dev libgmp3-dev libgmp3c2 libgmpxx4 libmagic1 libssl-dev po-debconf zlib1g-dev 0 upgraded, 14 newly installed, 0 to remove and 2 not upgraded. Need to get 0B/6927kB of archives. After unpacking 21.1MB of additional disk space will be used. WARNING: The following packages cannot be authenticated! gettext-base libmagic1 file html2text gettext intltool-debian po-debconf debhelper libbz2-dev libgmp3c2 libgmpxx4 libgmp3-dev zlib1g-dev libssl-dev Authentication warning overridden. Selecting previously deselected package gettext-base. (Reading database ... 10374 files and directories currently installed.) Unpacking gettext-base (from .../gettext-base_0.15-3_amd64.deb) ... Selecting previously deselected package libmagic1. Unpacking libmagic1 (from .../libmagic1_4.17-4_amd64.deb) ... Selecting previously deselected package file. Unpacking file (from .../archives/file_4.17-4_amd64.deb) ... Selecting previously deselected package html2text. Unpacking html2text (from .../html2text_1.3.2a-3_amd64.deb) ... Selecting previously deselected package gettext. Unpacking gettext (from .../gettext_0.15-3_amd64.deb) ... Selecting previously deselected package intltool-debian. Unpacking intltool-debian (from .../intltool-debian_0.35.0+20060710.1_all.deb) ... Selecting previously deselected package po-debconf. Unpacking po-debconf (from .../po-debconf_1.0.7_all.deb) ... Selecting previously deselected package debhelper. Unpacking debhelper (from .../debhelper_5.0.42_all.deb) ... Selecting previously deselected package libbz2-dev. Unpacking libbz2-dev (from .../libbz2-dev_1.0.3-6_amd64.deb) ... Selecting previously deselected package libgmp3c2. Unpacking libgmp3c2 (from .../libgmp3c2_2%3a4.2.1+dfsg-4_amd64.deb) ... Selecting previously deselected package libgmpxx4. Unpacking libgmpxx4 (from .../libgmpxx4_2%3a4.2.1+dfsg-4_amd64.deb) ... Selecting previously deselected package libgmp3-dev. Unpacking libgmp3-dev (from .../libgmp3-dev_2%3a4.2.1+dfsg-4_amd64.deb) ... Selecting previously deselected package zlib1g-dev. Unpacking zlib1g-dev (from .../zlib1g-dev_1%3a1.2.3-13_amd64.deb) ... Selecting previously deselected package libssl-dev. Unpacking libssl-dev (from .../libssl-dev_0.9.8c-3_amd64.deb) ... Setting up gettext-base (0.15-3) ... Setting up libmagic1 (4.17-4) ... Setting up file (4.17-4) ... Setting up html2text (1.3.2a-3) ... Setting up gettext (0.15-3) ... Setting up intltool-debian (0.35.0+20060710.1) ... Setting up po-debconf (1.0.7) ... Setting up debhelper (5.0.42) ... Setting up libbz2-dev (1.0.3-6) ... Setting up libgmp3c2 (4.2.1+dfsg-4) ... Setting up libgmpxx4 (4.2.1+dfsg-4) ... Setting up libgmp3-dev (4.2.1+dfsg-4) ... Setting up zlib1g-dev (1.2.3-13) ... Setting up libssl-dev (0.9.8c-3) ... Checking correctness of source dependencies... Toolchain
Bug#402073: Log for failed build of botan1.5_1.5.11-1 (dist=testing)
Package: botan1.5 Version: 1.5.11-1 Severity: grave Justification: fails to build from source botan1.5 uses a crappy perl code which reads /proc/cpuinfo to detect host type instead of standard config.guess/config.sub. This result on a false detection of an athlon instead of an athlon64 when /proc is mounted. It builds fine however with /proc/ unmounted. This also explain why this package does not build on mips/mipsel (but that's not RC). [EMAIL PROTECTED] a écrit : Automatic build of botan1.5_1.5.11-1 on qa by sbuild/amd64 85 Build started at 20061202-0134 ** Checking available source versions... Fetching source files... Reading package lists... Building dependency tree... Need to get 1381kB of source archives. Get:1 http://debian.aurel32.net etch/main botan1.5 1.5.11-1 (dsc) [641B] Get:2 http://debian.aurel32.net etch/main botan1.5 1.5.11-1 (tar) [1373kB] Get:3 http://debian.aurel32.net etch/main botan1.5 1.5.11-1 (diff) [7265B] Fetched 1381kB in 0s (7025kB/s) Download complete and in download only mode ** Using build dependencies supplied by package: Build-Depends: debhelper (= 4), libbz2-dev, libgmp3-dev, libssl-dev, perl, zlib1g-dev Checking for already installed source dependencies... debhelper: missing Using default version 5.0.42 libbz2-dev: missing libgmp3-dev: missing libssl-dev: missing perl: already installed (5.8.8-6.1) zlib1g-dev: missing Checking for source dependency conflicts... /usr/bin/sudo /usr/bin/apt-get --purge $CHROOT_OPTIONS -q -y install debhelper libbz2-dev libgmp3-dev libssl-dev zlib1g-dev Reading package lists... Building dependency tree... The following extra packages will be installed: file gettext gettext-base html2text intltool-debian libgmp3c2 libgmpxx4 libmagic1 po-debconf Suggested packages: dh-make cvs gettext-doc libgmp3-doc libmpfr-dev Recommended packages: curl wget lynx libmail-sendmail-perl libcompress-zlib-perl The following NEW packages will be installed: debhelper file gettext gettext-base html2text intltool-debian libbz2-dev libgmp3-dev libgmp3c2 libgmpxx4 libmagic1 libssl-dev po-debconf zlib1g-dev 0 upgraded, 14 newly installed, 0 to remove and 2 not upgraded. Need to get 0B/6927kB of archives. After unpacking 21.1MB of additional disk space will be used. WARNING: The following packages cannot be authenticated! gettext-base libmagic1 file html2text gettext intltool-debian po-debconf debhelper libbz2-dev libgmp3c2 libgmpxx4 libgmp3-dev zlib1g-dev libssl-dev Authentication warning overridden. Selecting previously deselected package gettext-base. (Reading database ... 10374 files and directories currently installed.) Unpacking gettext-base (from .../gettext-base_0.15-3_amd64.deb) ... Selecting previously deselected package libmagic1. Unpacking libmagic1 (from .../libmagic1_4.17-4_amd64.deb) ... Selecting previously deselected package file. Unpacking file (from .../archives/file_4.17-4_amd64.deb) ... Selecting previously deselected package html2text. Unpacking html2text (from .../html2text_1.3.2a-3_amd64.deb) ... Selecting previously deselected package gettext. Unpacking gettext (from .../gettext_0.15-3_amd64.deb) ... Selecting previously deselected package intltool-debian. Unpacking intltool-debian (from .../intltool-debian_0.35.0+20060710.1_all.deb) ... Selecting previously deselected package po-debconf. Unpacking po-debconf (from .../po-debconf_1.0.7_all.deb) ... Selecting previously deselected package debhelper. Unpacking debhelper (from .../debhelper_5.0.42_all.deb) ... Selecting previously deselected package libbz2-dev. Unpacking libbz2-dev (from .../libbz2-dev_1.0.3-6_amd64.deb) ... Selecting previously deselected package libgmp3c2. Unpacking libgmp3c2 (from .../libgmp3c2_2%3a4.2.1+dfsg-4_amd64.deb) ... Selecting previously deselected package libgmpxx4. Unpacking libgmpxx4 (from .../libgmpxx4_2%3a4.2.1+dfsg-4_amd64.deb) ... Selecting previously deselected package libgmp3-dev. Unpacking libgmp3-dev (from .../libgmp3-dev_2%3a4.2.1+dfsg-4_amd64.deb) ... Selecting previously deselected package zlib1g-dev. Unpacking zlib1g-dev (from .../zlib1g-dev_1%3a1.2.3-13_amd64.deb) ... Selecting previously deselected package libssl-dev. Unpacking libssl-dev (from .../libssl-dev_0.9.8c-3_amd64.deb) ... Setting up gettext-base (0.15-3) ... Setting up libmagic1 (4.17-4) ... Setting up file (4.17-4) ... Setting up html2text (1.3.2a-3) ... Setting up gettext (0.15-3) ... Setting up intltool-debian (0.35.0+20060710.1) ... Setting up po-debconf (1.0.7) ... Setting up debhelper (5.0.42) ... Setting up libbz2-dev (1.0.3-6) ... Setting up libgmp3c2 (4.2.1+dfsg-4) ... Setting up libgmpxx4 (4.2.1+dfsg-4) ... Setting up libgmp3-dev (4.2.1+dfsg-4) ... Setting up zlib1g-dev (1.2.3-13) ... Setting up libssl-dev (0.9.8c-3) ... Checking correctness of source dependencies... Toolchain
Bug#402063: marked as done (vulnerable to overflow in PS handling (CVE-2006-5864))
Your message dated Thu, 07 Dec 2006 21:32:03 + with message-id [EMAIL PROTECTED] and subject line Bug#402063: fixed in evince 0.4.0-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: evince Version: 0.4.0-2 Severity: critical Tags: security, patch This is the same vulnerability as reported against gv as bug 398292, since evince has old gv code embedded (I've updated the wiki to reflect this: http://wiki.debian.org/EmbeddedCodeCopies) Patch attached (applies to both 0.4.0 and 0.6.1). -- Kees Cook@outflux.net diff -Nur evince-0.4.0/ps/ps.c evince-0.4.0.new/ps/ps.c --- evince-0.4.0/ps/ps.c2005-06-17 06:33:00.0 -0700 +++ evince-0.4.0.new/ps/ps.c2006-12-04 12:28:32.280683848 -0800 @@ -1225,6 +1225,9 @@ quoted = 1; line++; while(*line !(*line == ')' level == 0)) { + if (cp - text = PSLINELENGTH - 2) { +return NULL; + } if(*line == '\\') { if(*(line + 1) == 'n') { *cp++ = '\n'; @@ -1295,8 +1298,12 @@ } } else { -while(*line !(*line == ' ' || *line == '\t' || *line == '\n')) +while(*line !(*line == ' ' || *line == '\t' || *line == '\n')) { + if (cp - text = PSLINELENGTH - 2) { +return NULL; + } *cp++ = *line++; +} } *cp = '\0'; if(next_char) ---End Message--- ---BeginMessage--- Source: evince Source-Version: 0.4.0-3 We believe that the bug you reported is fixed in the latest version of evince, which is due to be installed in the Debian FTP archive: evince_0.4.0-3.diff.gz to pool/main/e/evince/evince_0.4.0-3.diff.gz evince_0.4.0-3.dsc to pool/main/e/evince/evince_0.4.0-3.dsc evince_0.4.0-3_i386.deb to pool/main/e/evince/evince_0.4.0-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Loic Minier [EMAIL PROTECTED] (supplier of updated evince package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 7 Dec 2006 22:09:17 +0100 Source: evince Binary: evince Architecture: source i386 Version: 0.4.0-3 Distribution: unstable Urgency: high Maintainer: Sebastien Bacher [EMAIL PROTECTED] Changed-By: Loic Minier [EMAIL PROTECTED] Description: evince - Document (postscript, pdf) viewer Closes: 402063 Changes: evince (0.4.0-3) unstable; urgency=high . * SECURITY: new patch, 10_CVE-2006-5864.patch, fixes a buffer overflow in the PostScript processor; thanks Kees Cook; CVE-2006-5864; closes: #402063. Files: 130c97c29e463898fc248dd3fd47bea0 1631 gnome optional evince_0.4.0-3.dsc 1bd996db4037b6f158b397535f180a58 4745 gnome optional evince_0.4.0-3.diff.gz aef4ca7cb493d5c1d55063f939e29530 814298 gnome optional evince_0.4.0-3_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFeISQ4VUX8isJIMARAqe6AJ9t1CvGnDxMw0eWO58XMJxf5QkmbQCeKkxr BgrkSDiCBbwFOVkjpwL8z0A= =jyAI -END PGP SIGNATURE- ---End Message---
Bug#402079: cdck: unusable on arm, powerpc and s390 (char signedness)
Package: cdck Version: 0.5.2-2 Severity: grave Tags: patch Justification: renders package unusable Hi, the sizes of the cdck 0.5.2-2 packages, as seen on packages.debian.org [1] are suspiciously small on arm, powerpc and s390. Looking at the buildd logs, those architectures get this warning during build: cdck_main.cpp: In function 'int main(int, char**)': cdck_main.cpp:36: warning: comparison is always true due to limited range of data type Line 36 in cdck_main.cpp is the while loop for option parsing: char ch; [...] while ((ch = getopt(argc, argv, ?hivd:po:V))!=-1) { I believe that 'char ch' is unsigned rather than signed on the architectures listed above, and the compiler optimizes away most of the main program and the libraries because of this. The Arm Linux FAQ seems to confirm this [2]. Indeed, if I explicitly specify 'unsigned char ch' and test this on my i386, I get a smaller binary and the expected busy loop in option parsing. Based on this, I'm setting the severity to 'grave' although I haven't been able to test this on arm/powerpc/s390 myself. Trivial patch attached. [1] http://packages.debian.org/unstable/utils/cdck [2] http://www.arm.linux.org.uk/docs/faqs/signedchar.php Cheers, -- Niko Tyni [EMAIL PROTECTED] --- src/cdck_main.cpp 2006/12/07 21:51:56 1.1 +++ src/cdck_main.cpp 2006/12/07 21:53:25 @@ -21,7 +21,7 @@ int main (int argc, char *argv[]) { - char ch; + signed char ch; char *program_name = (strchr(argv[0], '/') == NULL) ? argv[0] : (strrchr(argv[0], '/') + 1); bool verbose = false;
Bug#402009: libcommoncpp2-dev library transition proposal (Fwd: Bug#402009: Multiple API-incompatible changes in Common C++ 1.5.3)
debian-release, I'm proposing a library transition for libcommoncpp2, the last upload contained a hidden backward-incompatible ABI change which has only come to light. I have patched upstream to bump the soname to 1.5.3 and this will generate a debian package of libcommoncpp2-1.5.3-0, which should then be able to go through a normal library transition. As for rdepends, the only package outside pkg-voip-maintainers control is glcpu who have been CC:ed on this package. If the transition goes ahead would the release team like us to manually upload the rdepends packages, or would binNMU's be more suitable/ quicker? Mark -- Forwarded Message -- Subject: Bug#402009: Multiple API-incompatible changes in Common C++ 1.5.3 Date: Thursday 07 December 2006 14:49 From: Mikael Magnusson [EMAIL PROTECTED] To: [EMAIL PROTECTED] As described in the Common C++ changelog, the new version contains multiple API changes, resulting in backward-incompatible ABI changes in the shared library. From Common C++ 1.5.2 to 1.5.3 - some code cleanup of operators and const members I'm including a diff which contains all changes of header files from 1.5.1 to 1.5.3. /Mikael --- --- commoncpp2-1.5.1/include/cc++/address.h 2006-10-01 14:07:12.0 +0200 +++ commoncpp2-1.5.3/include/cc++/address.h 2006-11-21 14:40:05.0 +0100 @@ -167,7 +167,7 @@ protected: struct in_addr netmask, network; - unsigned getMask(const char *cp); + unsigned getMask(const char *cp) const; public: /** * Get network address associated with this cidr. @@ -225,7 +225,7 @@ * @param saddr pointer to test. * @return true if member of cidr. */ - bool isMember(struct sockaddr *saddr); + bool isMember(const struct sockaddr *saddr) const; /** * See if a low level address object is a member of this cidr's net. @@ -233,14 +233,14 @@ * @param inaddr object to test. * @return true if member of cidr. */ - bool isMember(struct in_addr inaddr); -}; + bool isMember(const struct in_addr inaddr) const; -inline bool operator==(struct sockaddr *sa, IPV4Cidr cidr) - {return cidr.isMember(sa);}; + inline bool operator==(const struct sockaddr *a) const + {return isMember(a);}; -inline bool operator==(struct in_addr a, IPV4Cidr cidr) - {return cidr.isMember(a);}; + inline bool operator==(const struct in_addr a) const + {return isMember(a);}; +}; #ifdef CCXX_IPV6 /** @@ -255,7 +255,7 @@ protected: struct in6_addr netmask, network; - unsigned getMask(const char *cp); + unsigned getMask(const char *cp) const; public: /** * Get network address associated with this cidr. @@ -313,7 +313,7 @@ * @param saddr pointer to test. * @return true if member of cidr. */ - bool isMember(struct sockaddr *saddr); + bool isMember(const struct sockaddr *saddr) const; /** * See if a low level address object is a member of this cidr's net. @@ -321,14 +321,14 @@ * @param inaddr object to test. * @return true if member of cidr. */ - bool isMember(struct in6_addr inaddr); -}; + bool isMember(const struct in6_addr inaddr) const; -inline bool operator==(struct sockaddr *sa, IPV6Cidr cidr) - {return cidr.isMember(sa);}; + inline bool operator==(const struct sockaddr *sa) const + {return isMember(sa);}; -inline bool operator==(struct in6_addr a, IPV6Cidr cidr) - {return cidr.isMember(a);}; + inline bool operator==(const struct in6_addr a) const + {return isMember(a);}; +}; #endif --- commoncpp2-1.5.1/include/cc++/misc.h 2006-09-30 18:52:17.0 +0200 +++ commoncpp2-1.5.3/include/cc++/misc.h 2006-11-21 15:55:26.0 +0100 @@ -695,7 +695,7 @@ virtual void *getMemory(size_t size) = 0; public: - void *getPointer(const char *id); + void *getPointer(const char *id) const; void setPointer(const char *id, void *data); }; --- commoncpp2-1.5.1/include/cc++/thread.h 2006-04-27 21:16:53.0 +0200 +++ commoncpp2-1.5.3/include/cc++/thread.h 2006-11-21 14:37:09.0 +0100 @@ -1410,14 +1410,14 @@ * * @return true if the thread is still executing. */ - bool isRunning(void); + bool isRunning(void) const; /** * Check if this thread is detached. * * @return true if the thread is detached. */ - bool isDetached(void); + bool isDetached(void) const; /** * Blocking call which unlocks when thread terminates. @@ -1430,7 +1430,7 @@ * * @return true if the current context is this object. */ - bool isThread(void); + bool isThread(void) const; /** * Get system thread numeric identifier. @@ -1445,7 +1445,7 @@ * * @return debug name. */ - const char *getName(void) + const char *getName(void) const {return _name;}; /** @@ -1475,7 +1475,7 @@ {if (th._start) th._start-wait();}; #ifdef WIN32 - bool isCancelled(); + bool isCancelled() const; static DWORD waitThread(HANDLE hRef, timeout_t timeout); #endif
Processed: retitle 398899 to python-iconvcodec: irrelevant for python2.4, should not ship with etch
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.25 retitle 398899 python-iconvcodec: irrelevant for python2.4, should not ship with etch Bug#398899: python-iconvcodec: irrelevant for python 2.4; should not Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: retitle 398039 to python-cjkcodecs: irrelevant for python2.4, should not ship with etch
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.25 retitle 398039 python-cjkcodecs: irrelevant for python2.4, should not ship with etch Bug#398039: python-cjkcodecs: irrelevant for python 2.4, should not Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#400720: mozilla-plugin-vlc: vlc plugin broken: (no video)
Le mar 28 nov 06 à 09:50 +0100, Thomas Renard a écrit : Package: mozilla-plugin-vlc Version: 0.8.6-svn20061012.debian-1 Severity: normal When starting up any video the browser does no download but only shows a blackblank page opened with a (no video) message. This is the same for mp3 or sound files. I have this problem approximately for a month now (after an vlc update but I am not shure which version change it was) with firefox 1.5.0.7 and the actual iceweasel and also with no plugins installed. Autostart was at no by default when this svn snapshot was taken. it has been changed in the svn upstream. So you can check if it works with a build from nightlies.videolan.org or give us dome url which use to work and not longer does so i can check. Regards, -- Xtophe
Bug#397571: Bug#397676: [debiandoc-sgml-pkgs] Bug#397676: Bug#397571: debian-reference: FTBFS: ERROR: reference.zh-tw.pdf could not be generated properly
On Thu, Dec 07, 2006 at 06:58:19PM +0100, Frank Küster wrote: Osamu Aoki [EMAIL PROTECTED] wrote: I will do debian-reference later.(once debiandoc-sgml hit unstable) I have tried this, and there are still issues. I can confirm this with a pbuilder build. First of all, debian-reference as currently in sid (is there a public repository somewhere?) needs to depend (at least) on latex-cjk-chinese http://qref.sf.net and latex-cjk-chinese-arphic-bkai00mp. It (at least the upstream CVS) depends already on latex-cjk-chinese-arphic-bkai00mp and latex-cjk-all which itself depends on latex-cjk-chinese. If I install these packages, reference.zh-tw.pdf still fails. The first error is: I can build it well in my etch system but pbuilder still has issues with zh-tw: debiandoc2latexpdf: ERROR: reference.zh-tw.pdf could not be generated properly debiandoc2latexpdf: rerun with the -v option to found out why debiandoc2latexpdf: or check the log file reference.zh-tw.log make[1]: *** [reference.zh-tw.pdf] Error 1 make[1]: *** [reference.zh-tw.pdf] Error 1 I need to play with pbuilder to obtain the log file ... pbuilder debuild started in the source directory doesn't try to build the package. ! Improper alphabetic constant. This looks like an encoding problem? No, outside pbuilder it works well. Jens
Bug#397571: [debiandoc-sgml-pkgs] Bug#397676: Bug#397571: debian-reference: FTBFS: ERROR: reference.zh-tw.pdf could not be generated properly
From: Frank Küster [EMAIL PROTECTED] Osamu Aoki [EMAIL PROTECTED] wrote: On Sat, Dec 02, 2006 at 02:42:15PM +0100, Danai SAE-HAN wrote: I'm confident that this bug (#397571) is solved after new debiandoc-sgml and debian-reference packages have been released. Thanks. I uploaded debiandoc-sgml and one more package today. I will do debian-reference later.(once debiandoc-sgml hit unstable) I have tried this, and there are still issues. First of all, debian-reference as currently in sid (is there a public repository somewhere?) needs to depend (at least) on latex-cjk-chinese and latex-cjk-chinese-arphic-bkai00mp. debian-reference hasn't been updated yet in sid. You can get the source from http://qref.sourceforge.net/ . After building it, you get the unified .sgml files. Then make the TeX files using these commands: debiandoc2latex -l ja reference.ja.sgml debiandoc2latex -l zh_TW reference.zh-tw.sgml debiandoc2latex -l zh_CN reference.zh-cn.sgml If I install these packages, reference.zh-tw.pdf still fails. The first error is: ! Improper alphabetic constant. to be read again \textbackslash l.102 ...textbf{shell ABFCA5O}BDdA8D2A8D3B2[BB\textbackslash {}A8tB2CEBADEB2zAABAA6UADD3ADB1A6VA1C A5]ACA... A one-character control sequence belongs after a ` mark. So I'm essentially inserting \0 here. This looks like an encoding problem? Hmmm, I created the TeX file outside a pbuilder environment, copied it into a pbuilder environment and it works, of course after installing latex-cjk-all, latex-cjk-japanese-wadalab and latex-cjk-chinese-arphic-{bkai00mp,bsmi00lp,gbsn00lp,gkai00mp} I can compile it, until line 4174 because I hit a TeX capacity excession with pdflatex (still unpatched). Chapter 5. [67] [68] [69 ! TeX capacity exceeded, sorry [max level recursion of virtual fonts=10]. to be read again \endgroup [EMAIL PROTECTED]@protect l.4174 \chapter {Debian � ! == Fatal error occurred, the output PDF file is not finished! Transcript written on reference.zh-cn.log. So compiling works, but TeXlive does need to be patched. Could you try it with the following files? http://users.edpnet.be/vanmeel/TeX/reference.zh-cn.tex (in GB2312) http://users.edpnet.be/vanmeel/TeX/reference.zh-tw.tex (in Big5) I just received Jens' e-mail, so I'll have a look at that as well. Danai SAE-HAN 韓達耐 -- 題目:《傷春》 作者:陳與義(1090-1138) 廟堂無計可平戎,坐使甘泉照夕峰。 初怪上都聞戰馬,豈知窮海看飛龍。 孤臣霜發三千丈,每歲煙花一萬重。 稍喜長沙向延閣,疲兵敢犯犬羊鋒。
Bug#402079: cdck: unusable on arm, powerpc and s390 (char signedness)
On Thu, 07 Dec 2006 23:57:53 +0200, Niko Tyni wrote: the sizes of the cdck 0.5.2-2 packages, as seen on packages.debian.org [1] are suspiciously small on arm, powerpc and s390. Looking at the buildd logs, those architectures get this warning during build: [..] Trivial patch attached. Thanks alot Niko for your bug report, the good analysis and the patch. I'm travelling and I won't be home until Saturdarday night but then I'll fix the bug ASAP. Cheers, gregor -- .''`. http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4 : :' : debian: the universal operating system - http://www.debian.org/ `. `' member of https://www.vibe.at/ | how to reply: http://got.to/quote/ `- signature.asc Description: Digital signature
Processed: severity of 395863 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.14 severity 395863 normal Bug#395863: wmaker: FocusNextKey from the system-wide configuration invalid after upgrade Severity set to `normal' from `serious' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402093: mldonkey-server: Option users2 in users.ini triggers an fatal error
Package: mldonkey-server Version: 2.8.2-1 Severity: grave Justification: renders package unusable I upgraded mldonkey-server package today. Package is broken because of the newly included users2 option in users.ini. This option is explicitly announced in changelog but seems not to be a valid option for the mlnet release. Since /etc/init.d/mldonkey-server dies silently as usual (may need a bug report) I am forced to call the mlnet server directly from command line: MupoServer:/var/lib/mldonkey# sudo -u mldonkey /usr/bin/mlnet 2006/12/08 00:42:21 [cO] Starting MLDonkey 2.8.2 ... 2006/12/08 00:42:21 [cO] Language EN, locale ANSI_X3.4-1968, ulimit for open files 1024 2006/12/08 00:42:21 [cO] MLDonkey is working in . 2006/12/08 00:42:21 [Gettext] Loading language resource mlnet_strings.EN_ANSI_X3.4-1968 2006/12/08 00:42:21 [cO] loaded language resource file 2006/12/08 00:42:21 [DNS] Resolving [MupoServer] ... 2006/12/08 00:42:22 [DNS] Resolving [www.mldonkey.org] ... Exception: Failure(Options: not a valid user) while handling option:users2 in users.ini Aborting THis is the content of users.ini file (snipping password md5 hash) : users2 = [ [ admin; ]] I did install mlnet as after a purge of previously installed mldonkey-server files. Removing users2 by replacing it by the correct mlnet option users resolve the problem. I did a quick search session but I found nothing about users2 option. Guillaume -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-3-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages mldonkey-server depends on: ii adduser3.63 Add and remove users and groups ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy ii dpkg 1.13.24 package maintenance system for Deb ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libgcc11:4.1.1-20GCC support library ii libgd2-xpm 2.0.33-5.2GD Graphics Library version 2 ii libpng12-0 1.2.13-4 PNG library - runtime ii libstdc++6 4.1.1-20 The GNU Standard C++ Library v3 ii mime-support 3.28-1MIME files 'mime.types' 'mailcap ii ucf1.17 Update Configuration File: preserv ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- debconf information: * mldonkey-server/max_hard_download_rate: 0 * mldonkey-server/launch_at_startup: true mldonkey-server/max_alive: 48 mldonkey-server/run_as_user: mldonkey mldonkey-server/reown_file: false mldonkey-server/mldonkey_group: mldonkey mldonkey-server/mldonkey_niceness: 0 mldonkey-server/false_password: mldonkey-server/fasttrack_problem: * mldonkey-server/mldonkey_dir: /var/lib/mldonkey mldonkey-server/mldonkey_move: false * mldonkey-server/max_hard_upload_rate: 0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#397676: [debiandoc-sgml-pkgs] Bug#397676: Bug#397571: debian-reference: FTBFS: ERROR: reference.zh-tw.pdf could not be generated properly
From: Danai SAE-HAN (韓達耐) [EMAIL PROTECTED] http://users.edpnet.be/vanmeel/TeX/reference.zh-tw.tex (in Big5) Oops, I forgot to run bin/fixlatex on it. debiandoc2latex doesn't provide an s function like the other debiandoc2* commands. It's in my TODO list. Anyway, I've reuploaded a correct zh_TW version now, and zh_TW works in my pbuilder, even with the unpatched TeXlive. Cheers Danai SAE-HAN 韓達耐 -- 題目:《牧童詩》 作者:黃庭堅(1045-1105) 騎牛遠遠過前村,短笛橫吹隔隴聞。 多少長安名利客,機關用盡不如君。
Bug#402094: kernel-source-2.6.8: Intel drivers (net/e100.c, net/e1000/e1000_main.c)
Package: kernel-source-2.6.8 Version: 2.6.8-16sarge5 Severity: critical Justification: root security hole Noticed: Intel LAN Driver Buffer Overflow Local Privilege Escalation http://support.intel.com/support/network/sb/CS-023726.htm The Intel blurb says Linux, and specifically Debian, is affected also: Product Family OS Affected Driver Versions Corrected Driver Versions Intel PRO 10/100 Adapters Linux* 3.5.14 or previous3.5.17 or later Intel PRO/1000 AdaptersLinux 7.2.7 or previous 7.3.15 or later and it seems that: kernel-source-2.6.8/drivers/net/e100.c #define DRV_NAMEe100 #define DRV_VERSION 3.0.18 #define DRV_DESCRIPTION Intel(R) PRO/100 Network Driver #define DRV_COPYRIGHT Copyright(c) 1999-2004 Intel Corporation kernel-source-2.6.8/drivers/net/e1000/e1000_main.c char e1000_driver_name[] = e1000; char e1000_driver_string[] = Intel(R) PRO/1000 Network Driver; char e1000_driver_version[] = 5.2.52-k4; char e1000_copyright[] = Copyright (c) 1999-2004 Intel Corporation.; are quite old (so seem to be affected). Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm1.6 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-6 The GNU assembler, linker and bina ii bzip2 1.0.2-7high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#401894: marked as done (gnupg: [CVE-2006-6235] remotely controllable function pointer)
Your message dated Fri, 8 Dec 2006 00:33:12 -0200 with message-id [EMAIL PROTECTED] and subject line fixed in 1.4.6-1 upload has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gnupg Version: 1.4.1-1 Severity: grave Tags: security Justification: user security hole http://lwn.net/Articles/212909/ From: Werner Koch wk-AT-g10code.com To:bugtraq-AT-securityfocus.com Subject: GnuPG: remotely controllable function pointer [CVE-2006-6235] Date: Wed, 06 Dec 2006 16:58:16 +0100 Cc:lwn-AT-lwn.net GnuPG: remotely controllable function pointer [CVE-2006-6235] === 2006-12-04 Summary === Tavis Ormandy of the Gentoo security team identified a severe and exploitable bug in the processing of encrypted packets in GnuPG. [ Please do not send private mail in response to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). ] Impact == Using malformed OpenPGP packets an attacker is able to modify and dereference a function pointer in GnuPG. This is a remotely exploitable bug and affects any use of GnuPG where an attacker can control the data processed by GnuPG. It is not necessary limited to encrypted data, also signed data may be affected. Affected versions: All versions of GnuPG1.4.6 All versions of GnuPG-2 2.0.2 All beta versions of GnuPG-2 (1.9.0 .. 1.9.95) Affected tools: gpg, gpgv, gpg2 and gpgv2. Affected platforms: All. gpg-agent, gpgsm as well as other tools are not affected. A workaround is not known. Solution If you are using a vendor supplied version of GnuPG: * Wait for an update from your vendor. Vendors have been informed on Saturday December 2, less than a day after this bug has been reported. If you are using GnuPG 1.4: * Update as soon as possible to GnuPG 1.4.6. It has been uploaded to the usual location: ftp://ftp.gnupg.org/gcrypt/gnupg/. This version was due to be released anyway this week. See http://www.gnupg.org/download/ for details. * Or: As another and less intrusive option, apply the attached patch to GnuPG 1.4.5. This is the smallest possible fix. If you are using GnuPG 2.0: * Apply the attached patch against GnuPG 2.0.1. * Or: Stop using gpg2 and gpgv2, install GnuPG 1.4.6 and use gpg and gpgv instead. If you are using a binary Windows version of GnuPG: * A binary version of GnuPG 1.4.6 for Windows is available as usual. * Gpg4win 1.0.8, including GnuPG 1.4.6, is available. Please go to http://www.gpg4win.org . Background == GnuPG uses data structures called filters to process OpenPGP messages. These filters ware used in a similar way as a pipelines in the shell. For communication between these filters context structures are used. These are usually allocated on the stack and passed to the filter functions. At most places the OpenPGP data stream fed into these filters is closed before the context structure gets deallocated. While decrypting encrypted packets, this may not happen in all cases and the filter may use a void contest structure filled with garbage. An attacker may control this garbage. The filter context includes another context used by the low-level decryption to access the decryption algorithm. This is done using a function pointer. By carefully crafting an OpenPGP message, an attacker may control this function pointer and call an arbitrary function of the process. Obviously an exploit needs to prepared for a specific version, compiler, libc, etc to be successful - but it is definitely doable. Fixing this is obvious: We need to allocate the context on the heap and use a reference count to keep it valid as long as either the controlling code or the filter code needs it. We have checked all other usages of such a stack based filter contexts but fortunately found no other vulnerable places. This allows to release a relatively small patch. However, for reasons of code cleanness and easier audits we will soon start to change all these stack based filter contexts to heap based ones. Support === g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. As evident by the two vulnerabilities found within a week, a review of the entire code base should be undertaken as soon as
Bug#401898: marked as done (gnupg: remotely controllable function pointer)
Your message dated Fri, 8 Dec 2006 00:33:12 -0200 with message-id [EMAIL PROTECTED] and subject line fixed in 1.4.6-1 upload has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gnupg Version: 1.4.5-3 Severity: grave Tags: security Justification: user security hole According to an email that was sent to the gnupg-announce mailing list, the version of gnupg in unstable (as well as in stable) is vulnerable to remote attack. By introducing a malformed OpenPGP packet, an attacker can dereference a function pointer in GnuPG which can be used to control the data processed by GnuPG. All versions before 1.4.6 are affected, and the recommended fix is to upgrade to 1.4.6. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-amd64 Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gnupg depends on: ii gpgv 1.4.5-3 GNU privacy guard - signature veri ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co ii libc62.3.6.ds1-8 GNU C Library: Shared libraries ii libldap2 2.1.30-13.2 OpenLDAP libraries ii libreadline5 5.2-1 GNU readline and history libraries ii libusb-0.1-4 2:0.1.12-2 userspace USB programming library ii makedev 2.3.1-83creates device files in /dev ii zlib1g 1:1.2.3-13 compression library - runtime gnupg recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Version: 1.4.6-1 This bug has been fixed by the following upload to unstable; it remains open in stable: gnupg (1.4.6-1) unstable; urgency=high * New upstream release. * Fixes remotely controllable function pointer [CVE-2006-6235] * 27_filename_overflow.dpatch: merged upstream, dropped. * 24_gpgv_manpage_cleanup.dpatch: updated and a couple of additional trivial fixes. * debian/rules (binary-arch): info copy of manuals moved to /usr/share/info - remove them there instead. Manuals are now built from texi source, so install them from build tree, not top level. * debian/copyright: update to add OpenSSL exemption for keyserver helper tools. -- James Troup [EMAIL PROTECTED] Thu, 7 Dec 2006 02:54:51 + -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh ---End Message---
Bug#401914: marked as done (CVE-2006-6235: arbitrary indirect call in GnuPG)
Your message dated Fri, 8 Dec 2006 00:33:12 -0200 with message-id [EMAIL PROTECTED] and subject line fixed in 1.4.6-1 upload has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: gnupg Version: 1.4.5-3 Severity: grave Tags: security upstream From: Werner Koch [EMAIL PROTECTED] Subject: [Announce] GnuPG: remotely controllable function pointer [CVE-2006-6235] To: [EMAIL PROTECTED], info-gnu@gnu.org Date: Wed, 06 Dec 2006 16:55:52 +0100 GnuPG: remotely controllable function pointer [CVE-2006-6235] === 2006-12-04 Summary === Tavis Ormandy of the Gentoo security team identified a severe and exploitable bug in the processing of encrypted packets in GnuPG. [ Please do not send private mail in response to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). ] Impact == Using malformed OpenPGP packets an attacker is able to modify and dereference a function pointer in GnuPG. This is a remotely exploitable bug and affects any use of GnuPG where an attacker can control the data processed by GnuPG. It is not necessary limited to encrypted data, also signed data may be affected. Affected versions: All versions of GnuPG1.4.6 All versions of GnuPG-2 2.0.2 All beta versions of GnuPG-2 (1.9.0 .. 1.9.95) Affected tools: gpg, gpgv, gpg2 and gpgv2. Affected platforms: All. gpg-agent, gpgsm as well as other tools are not affected. A workaround is not known. [...] This is a patch against GnuPG 1.4.5. Change the directory to g10/ and apply this patch. 2006-12-02 Werner Koch [EMAIL PROTECTED] * encr-data.c: Allocate DFX context on the heap and not on the stack. Changes at several places. Fixes CVE-2006-6235. --- encr-data.c.orig2006-05-16 14:34:26.0 +0200 +++ encr-data.c 2006-12-04 11:58:53.0 +0100 @@ -44,7 +44,27 @@ typedef struct { char defer[20]; int defer_filled; int eof_seen; -} decode_filter_ctx_t; +int refcount; +} *decode_filter_ctx_t; + + +/* Helper to release the decode context. */ +static void +release_dfx_context (decode_filter_ctx_t dfx) +{ + if (!dfx) +return; + + assert (dfx-refcount); + if ( !--dfx-refcount ) +{ + cipher_close (dfx-cipher_hd); + dfx-cipher_hd = NULL; + md_close (dfx-mdc_hash); + dfx-mdc_hash = NULL; + xfree (dfx); +} +} / @@ -60,7 +80,10 @@ decrypt_data( void *procctx, PKT_encrypt unsigned blocksize; unsigned nprefix; -memset( dfx, 0, sizeof dfx ); + +dfx = xcalloc (1, sizeof *dfx); +dfx-refcount = 1; + if( opt.verbose !dek-algo_info_printed ) { const char *s = cipher_algo_to_string( dek-algo ); if( s ) @@ -79,15 +102,15 @@ decrypt_data( void *procctx, PKT_encrypt BUG(); if( ed-mdc_method ) { - dfx.mdc_hash = md_open( ed-mdc_method, 0 ); + dfx-mdc_hash = md_open ( ed-mdc_method, 0 ); if ( DBG_HASHING ) - md_start_debug(dfx.mdc_hash, checkmdc); + md_start_debug (dfx-mdc_hash, checkmdc); } -dfx.cipher_hd = cipher_open( dek-algo, -ed-mdc_method? CIPHER_MODE_CFB - : CIPHER_MODE_AUTO_CFB, 1 ); +dfx-cipher_hd = cipher_open ( dek-algo, + ed-mdc_method? CIPHER_MODE_CFB + : CIPHER_MODE_AUTO_CFB, 1 ); /* log_hexdump( thekey, dek-key, dek-keylen );*/ -rc = cipher_setkey( dfx.cipher_hd, dek-key, dek-keylen ); +rc = cipher_setkey ( dfx-cipher_hd, dek-key, dek-keylen ); if( rc == G10ERR_WEAK_KEY ) { log_info(_(WARNING: message was encrypted with @@ -105,7 +128,7 @@ decrypt_data( void *procctx, PKT_encrypt goto leave; } -cipher_setiv( dfx.cipher_hd, NULL, 0 ); +cipher_setiv ( dfx-cipher_hd, NULL, 0 ); if( ed-len ) { for(i=0; i (nprefix+2) ed-len; i++, ed-len-- ) { @@ -122,8 +145,8 @@ decrypt_data( void *procctx, PKT_encrypt else temp[i] = c; } -cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); -cipher_sync( dfx.cipher_hd ); +cipher_decrypt ( dfx-cipher_hd, temp, temp, nprefix+2); +cipher_sync ( dfx-cipher_hd ); p = temp; /* log_hexdump(
Bug#402103: sasl2-bin: Can anyone explain why did bug number 398534 got closed??
Package: sasl2-bin Version: 2.1.19.dfsg1-0.5 Severity: critical Justification: breaks the whole system I seem to miss the solution. It's December 7, i get a sasl2-bin update a postfix update and the mailserver is done. First i get: Dec 7 20:18:15 mta1 postfix/smtpd[25575]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory. Than I copy /etc/sasldb2 to /var/spool/postfix/etc/ and chmod to 644. Than i get: Dec 7 20:40:22 mta1 postfix/smtpd[28707]: warning: SASL authentication failure: Password verification failed Dec 7 20:40:22 mta1 postfix/smtpd[28707]: warning: 206-248-156-247.dsl.teksavvy.com[206.248.156.247]: SASL PLAIN authentication failed: authentication failure. To resolve the problem I had to revert back to 2.1.19.dfsg1-0.5. How is it postfix that is broken, Woudn't it be broken if I revert back? -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (650, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages sasl2-bin depends on: ii base-pas 3.5.11 Debian base system master password ii libc62.3.6.ds1-8 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library ii libdb4.2 4.2.52+dfsg-1 Berkeley v4.2 Database Libraries [ ii libkrb53 1.4.4-4 MIT Kerberos runtime libraries ii libldap2 2.1.30-13+b1OpenLDAP libraries ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libsasl2 2.1.19.dfsg1-0.5Authentication abstraction library ii libssl0. 0.9.8c-4SSL shared libraries sasl2-bin recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: your mail
Processing commands for [EMAIL PROTECTED]: tags 401454 + moreinfo Bug#401454: bmpx: exception when accepting albums There were no tags set. Tags added: moreinfo severity 401454 important Bug#401454: bmpx: exception when accepting albums Severity set to `important' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402079: marked as done (cdck: unusable on arm, powerpc and s390 (char signedness))
Your message dated Fri, 08 Dec 2006 06:02:02 + with message-id [EMAIL PROTECTED] and subject line Bug#402079: fixed in cdck 0.5.2-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: cdck Version: 0.5.2-2 Severity: grave Tags: patch Justification: renders package unusable Hi, the sizes of the cdck 0.5.2-2 packages, as seen on packages.debian.org [1] are suspiciously small on arm, powerpc and s390. Looking at the buildd logs, those architectures get this warning during build: cdck_main.cpp: In function 'int main(int, char**)': cdck_main.cpp:36: warning: comparison is always true due to limited range of data type Line 36 in cdck_main.cpp is the while loop for option parsing: char ch; [...] while ((ch = getopt(argc, argv, ?hivd:po:V))!=-1) { I believe that 'char ch' is unsigned rather than signed on the architectures listed above, and the compiler optimizes away most of the main program and the libraries because of this. The Arm Linux FAQ seems to confirm this [2]. Indeed, if I explicitly specify 'unsigned char ch' and test this on my i386, I get a smaller binary and the expected busy loop in option parsing. Based on this, I'm setting the severity to 'grave' although I haven't been able to test this on arm/powerpc/s390 myself. Trivial patch attached. [1] http://packages.debian.org/unstable/utils/cdck [2] http://www.arm.linux.org.uk/docs/faqs/signedchar.php Cheers, -- Niko Tyni [EMAIL PROTECTED] --- src/cdck_main.cpp 2006/12/07 21:51:56 1.1 +++ src/cdck_main.cpp 2006/12/07 21:53:25 @@ -21,7 +21,7 @@ int main (int argc, char *argv[]) { - char ch; + signed char ch; char *program_name = (strchr(argv[0], '/') == NULL) ? argv[0] : (strrchr(argv[0], '/') + 1); bool verbose = false; ---End Message--- ---BeginMessage--- Source: cdck Source-Version: 0.5.2-3 We believe that the bug you reported is fixed in the latest version of cdck, which is due to be installed in the Debian FTP archive: cdck_0.5.2-3.diff.gz to pool/main/c/cdck/cdck_0.5.2-3.diff.gz cdck_0.5.2-3.dsc to pool/main/c/cdck/cdck_0.5.2-3.dsc cdck_0.5.2-3_i386.deb to pool/main/c/cdck/cdck_0.5.2-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill [EMAIL PROTECTED] (supplier of updated cdck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 7 Dec 2006 21:26:36 -0800 Source: cdck Binary: cdck Architecture: source i386 Version: 0.5.2-3 Distribution: unstable Urgency: medium Maintainer: gregor herrmann [EMAIL PROTECTED] Changed-By: tony mancill [EMAIL PROTECTED] Description: cdck - verifies the quality of written CDs/DVDs Closes: 402079 Changes: cdck (0.5.2-3) unstable; urgency=medium . * apply signed char patch for arm, powerpc, and s390 (closes: #402079) (thanks to Niko Tyni for supplying the patch) * upload urgency set to medium due to bug severity on these arches Files: c4618a6a43b147bbb3bdaff17798752f 686 utils optional cdck_0.5.2-3.dsc a84fd72416189d7b7848c7761709fccb 171441 utils optional cdck_0.5.2-3.diff.gz 9a3ad32ecbec88a26d6ce8112af3a4aa 34124 utils optional cdck_0.5.2-3_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFePqepdwBkPlyvgMRAgTeAJ91XVuXlZDaiXFVZWvL4zr/Zi01SgCfSVEB tQY1pvR3PWNqMI1hgY5YLgM= =l/PU -END PGP SIGNATURE- ---End Message---