Processed: Re: Bug#414227: gcc-4.2: error trying to exec 'cc1': execvp: No such file or directory
Processing commands for [EMAIL PROTECTED]: severity 414227 important Bug#414227: gcc-4.2: error trying to exec 'cc1': execvp: No such file or directory Severity set to `important' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414227: gcc-4.2: error trying to exec 'cc1': execvp: No such file or directory
severity 414227 important thanks Brian M. Carlson writes: Package: gcc-4.2 Version: 4.2-20070307-1 Severity: grave When I try to run gcc-4.2, it says: gcc-4.2: error trying to exec 'cc1': execvp: No such file or directory Needless to say, a compiler that doesn't compile is rather useless, hence the severity. I discovered this whilst trying to build an autoconf-using program with gcc-4.2. Apparently, it is looking in /usr/lib/gcc/x86_64-linux-gnu/4.2.0, because if I symlink that to /usr/lib/gcc/x86_64-linux-gnu/4.2 (where cc1 is), it works. Note that /usr/lib/gcc/x86_64-linux-gnu/4.2.0 was an empty directory; I moved it out of the way to make the symlink. Merely moving it out of the way without creating the symlink did not cause gcc-4.2 to work. known; as a workaround, remove all *-4.2 packages and reinstall. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#409785: scala: FTBFS: concurrent is not a member of java.util
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, [mkdir] Created dir: /tmp/buildd/scala-2.3.2/simpbuild/dbc [starr] Compiling 65 source files to /tmp/buildd/scala-2.3.2/simpbuild/dbc [mkdir] Created dir: /tmp/buildd/scala-2.3.2/simpbuild/actors [starr] Compiling 19 source files to /tmp/buildd/scala-2.3.2/simpbuild/actors [starr] /tmp/buildd/scala-2.3.2/src/actors/scala/actors/JDK5Scheduler.scala:11 error: value concurrent is not a member of package java.util [starr] import java.util.concurrent.{ThreadPoolExecutor, [starr] ^ [starr] one error found BUILD FAILED /tmp/buildd/scala-2.3.2/debian/simpbuild.xml:291: Compile failed with 1 error; see the compiler error output for details. AFAIK java.util.concurrent library is JDK 1.5 feature. I think your pbuilder installed kaffe or gcj instead of sun-j2sdk to satisfy java-compiler and java-virtual-machine, but they haven't supported its version yet. Maintainer wrote a dependency as: Build-Depends: sun-java5-jdk | java-compiler, java-gcj-compat-dev, sun-java5-jre | java-virtual-machine, ant, debhelper (= 5) Hm, depending non-free-package from main-package seems very bad. Policy 2.2.1: main must not require a package outside of main for compilation or execution (thus, the package must not declare a Depends, Recommends, or Build-Depends relationship on a non-main package), Maintainer, did you build this pacakge with sun-java5-jdk? I think it's better to move this package since 2.3.2 to contrib section until gcj or other DFSG-free JDK support the 1.5 features. Thanks, - -- Kenshi Muto [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAkYCMfIACgkQQKW+7XLQPLEXEACfR9q+5Z1C1Q/KWrpnFPh3PUbJ lwQAn0YcHheMgChdi2tU+2+vz334tDWd =f+BE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414842: #401916
On Thu, March 22, 2007 7:42, Gordon Farquharson said: Do you know if your patch [1] you posted to #401916 is going to make it into etch? That patch really belongs to #414842 since it is a change to udev's scripts. I do expect that a version of udev which fixes #414842 will make it into Etch since #414842 is RC and the release managers seemed to agree when I asked them. I'm not a DD so I can't take responsibility for NMU'ing udev myself. And for anyone following these bug reports: the rootdelay parameter is more of a bandaid for #401916 (thus allowing its severity to be downgraded) but it's the best we can do so shortly before release, maks and I have been discussing some better solutions to implement post-Etch. -- David Härdeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415670: Postfix error
Hi, I can confirm best solution, at the moment, is to upgrade OpenSSL packages from unstable repository, using apt-pinning or a different way. I've update it and now totally works fine. Best Regards. Fabrizio signature.asc Description: This is a digitally signed message part
Bug#404148: i'm not convinced release notes are enough
tags 404148 patch thanks On Wed, Mar 14, 2007 at 01:24:30AM +0100, Christoph Anton Mitterer wrote: First of all,.. there is still no other solution than iommu=soft (at least as of my knowledge) and we had even someone on the bugreport at bugzilla.kernel.org who claimed that _only_ iommu=soft helped, but not BIOS memhole mapping = disabled. what is the performance impact of using the safe option on all hardware even that not affected by this bug? would using that option by default result in a noticable performance degrdation? It's unknown to me whether all other currently-supported systems even *work* if iommu=soft is set. As far as I know,.. everything should. For example Intel CPUs don't have an IOMMU at all,... Windows uses always a kind of software iommu (even on AMD CPUs). This is not the time to gamble with the kernel. In all doing respect, I think that it's a much greater risk to not use iommu=soft per default than doing so. Even if we imagine that there would by systems that don't work with the sw-iommu it's likely that they simply break (at boot time). And then the affected user at least knows that something is happening to him, while with no iommu=soft he would probably never realize that he has problems. That doesn't address how to set iommu=soft as a default, though. The only practical way that I see to accomplish this is in the kernel package itself, and there was doubt that there would be an opportunity to update the kernel again before release. Now, it's pretty clear that we will have a kernel update before etch is released, so we should proceed accordingly. If a targetted patch is available that sets iommu=soft for the chipset in question, I think this will never happen. The problem is simply: Kernel developers cannot tell which chipsets are affected, or which chipset/CPU combinations. We even don't know yet where the error comes from (CPU or nvidia chipset). According to Andi Kleen this is still being investiagted by nvidia and AMD. So such a patch would have to whitelist systems that are known to work, instead of blacklist the others. But AIUI the problem has so far only been reported on systems using an nvidia chipset, right? I'm not going to hold up as release-critical a bugfix for other systems where the problem hasn't been reported yet. If more information becomes available showing that the bug exists on non-nvidia systems, we should of course revisit it at that point. In the meantime, I don't see any reason why we shouldn't patch the kernel to disable hw iommu on nvidia systems only. I believe the attached patch should do this. Are you in a position to confirm that this does disable hw iommu for you? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ --- a/arch/x86_64/kernel/io_apic.c 2007-03-22 00:54:33.0 -0700 +++ b/arch/x86_64/kernel/io_apic.c 2007-03-22 01:13:06.0 -0700 @@ -344,6 +344,22 @@ timer override.\n); } #endif +#ifdef CONFIG_IOMMU + /* Forcibly disabling nvidia HW iommu, + per Debian bug #404148. */ + if ((end_pfn MAX_DMA32_PFN || + force_iommu) + !iommu_aperture_allowed) { + printk(KERN_INFO +Looks like an nvidia chipset. Disabling HW IOMMU. Override with \iommu=allowed\\n); +#ifdef CONFIG_SWIOTLB + swiotlb = 1; +#else + no_iommu = 1; +#endif + } +#endif + /* RED-PEN skip them on mptables too? */ return;
Bug#412799: linux-image-2.6.18-4-686 does not boot
On Wed, 2007-03-21 at 20:30 -0700, Steve Langasek wrote: On Wed, Mar 21, 2007 at 12:26:40PM +0100, Svante Signell wrote: .. Ok. First, would it be possible for you to reproduce /all/ the kernel output prior to this boot failure (or at least, all that's visible on the screen at the point of the hang)? The output you've quoted is much less than a screenful; is that really all that was output by the kernel prior to the hang? ... lost screen output ... isapnp: Scanning for PnP cards isapnp: No plug and play cards found Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq=4) is a 16550A serial8250: ttyS1 at I/O 0x3f8 (irq=4) is a 16550A 00:08: ttyS0 at I/O 0x3f8 (irq=4) is a 16550A 00:09: ttyS1 at I/O 0x3f8 (irq=4) is a 16550A RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize PNP: PS/2 Controllaer [PNP0303:PS2K,PNP0f03:PS2M] at 0x60,0x64 irq 1,12 serio: i8042 AUX port at 0x060,0x064 irq 12 serio: i8042 KBD port at 0x060,0x064 irq 1 mice: PS/2 mouse device common for all mice TCP bic registered NET: Registered protocol family 1 NET: Registered protocol family 17 NET: Registered protocol family 8 NET: Registered protocol family 20 Starting balanced_irq Using IPI No-Shortcut mode ACPI (supports S0 S1 S5) Time tsc clocksource has been installed. Freeing unised kernel memory: 196k freed Failed to execute /init Kernel panic - not synching: No init found. Try passing init= option to kernel. I assume the interesting output has scrolled away already (asynchronous output). Attached is a diff beteewn dmesg for 2.6.18-3-686 produced with yaird and 2.6.18-4-686 produced with mkinitramfs-kpkg Second, if you can email me the broken initramfs image, I can put it up on a webserver for others to examine, in addition to poking at it myself. (Emailing to the BTS seems like a bad idea, given that it's a 1MB+ file.) Done in a separate mail! Thanks, -- Svante Signell [EMAIL PROTECTED] --- dmesg_2.6.18-4-686 2007-03-22 08:44:57.0 +0100 +++ dmesg_2.6.18-3-686 2007-03-22 08:35:44.0 +0100 @@ -1,4 +1,4 @@ -Linux version 2.6.18-4-686 (Debian 2.6.18.dfsg.1-11) ([EMAIL PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Wed Feb 21 16:06:54 UTC 2007 +Linux version 2.6.18-3-686 (Debian 2.6.18-8) ([EMAIL PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-20)) #1 SMP Sun Dec 10 19:37:06 UTC 2006 BIOS-provided physical RAM map: BIOS-e820: - 0009fc00 (usable) BIOS-e820: 0009fc00 - 000a (reserved) @@ -36,9 +36,9 @@ Enabling APIC mode: Flat. Using 1 I/O APICs Using ACPI (MADT) for SMP configuration information Allocating PCI resources starting at 3000 (gap: 2800:d6c0) -Detected 463.915 MHz processor. +Detected 463.925 MHz processor. Built 1 zonelists. Total pages: 163824 -Kernel command line: BOOT_IMAGE=2618-4-686 ro root=301 +Kernel command line: BOOT_IMAGE=2618-3-686 ro root=301 mapped APIC to d000 (fee0) mapped IOAPIC to c000 (fec0) Enabling fast FPU save and restore... done. @@ -47,9 +47,9 @@ Console: colour VGA+ 80x25 Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) -Memory: 641716k/655296k available (1544k kernel code, 13108k reserved, 577k data, 196k init, 0k highmem) +Memory: 645024k/655296k available (1543k kernel code, 9800k reserved, 574k data, 196k init, 0k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. -Calibrating delay using timer specific routine.. 928.78 BogoMIPS (lpj=1857577) +Calibrating delay using timer specific routine.. 928.78 BogoMIPS (lpj=1857568) Security Framework v1.0.0 initialized SELinux: Disabled at boot. Capability LSM initialized @@ -69,7 +69,7 @@ SMP alternatives: switching to SMP code Booting processor 1/1 eip 3000 Initializing CPU#1 -Calibrating delay using timer specific routine.. 927.92 BogoMIPS (lpj=1855851) +Calibrating delay using timer specific routine.. 927.91 BogoMIPS (lpj=1855836) CPU: After generic identify, caps: 0183fbff CPU: After vendor identify, caps: 0183fbff CPU: L1 I cache: 16K, L1 D cache: 16K @@ -78,14 +78,14 @@ Intel machine check architecture supported. Intel machine check reporting enabled on CPU#1. CPU1: Intel Celeron (Mendocino) stepping 05 -Total of 2 processors activated (1856.71 BogoMIPS). +Total of 2 processors activated (1856.70 BogoMIPS). ENABLING IO-APIC IRQs ..TIMER: vector=0x31 apic1=0 pin1=2 apic2=-1 pin2=-1 checking TSC synchronization across 2 CPUs: passed. Brought up 2 CPUs -migration_cost=793 +migration_cost=794 checking if image is initramfs... it is -Freeing initrd memory: 4475k freed +Freeing initrd memory: 1175k freed NET: Registered protocol family 16 ACPI: bus type pci registered PCI:
Bug#415670: Postfix error
On Thu, Mar 22, 2007 at 09:11:37AM +0100, Fabrizio Regalli wrote: I can confirm best solution, at the moment, is to upgrade OpenSSL packages from unstable repository, using apt-pinning or a different way. I've update it and now totally works fine. No, the best solution at the moment is to install the 2.3.8-2+b1 postfix package that is already available in testing. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415636: Fixed upstream
Fixed upstream: http://www.lyx.org/trac/changeset/17506 Georg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414660: csound: writes garbage data to terminal, then quits
Sorry, there was a small bug in this patch -- when listing out the architectures where csound is supported, I accidentally left ppc64 and s390x in the list, even though these are 64-bit architectures. They're not likely to ever see this package built, so it's not a major issue for Debian, but if the next upload of csound doesn't have 64-bit support, these should also be dropped from the architecture list. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#411727: uswsusp.conf properly configured by 0.3~cvs20060928-7, but warning is displayed.
On Thu, 22 Mar 2007 00:27:27 +0100 Franklin PIAT [EMAIL PROTECTED] wrote: Package: uswsusp Followup-For: Bug #411727 Hello, Thank you for the fix you have submitted. Laptop users (including me) will be happy to have hibernation working out of the box. However, (sorry for that however ;) i have tested 0.3~cvs20060928-7 under d-i (by switching to console during installation and manually adding etch-proposed-updates to /target/etc/apt/sources.conf, then apt-get update). I had the error message during packages installation I also tested it under d-i, for me it worked fine. Did you purge the old uswsusp before installing the new one? I hope you didn't that would explain this report;) It will always keep the parameters it found in a configuration file. The fix I implemented will only work in case of a fresh install. This is policy, all changes in a configuration file on disk should be kept by maintainer scripts. In your case however (if I'm right) you had a configuration file lying around from the old uswsusp with the `wrong' parameter in it. grts Tim signature.asc Description: PGP signature
Processed: Re: Bug#412799: linux-image-2.6.18-4-686 does not boot
Processing commands for [EMAIL PROTECTED]: severity 412799 important Bug#412799: Linux-image-2.6-18-686 does not boot! Severity set to `important' from `serious' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#412799: linux-image-2.6.18-4-686 does not boot
severity 412799 important thanks On Thu, Mar 22, 2007 at 06:43:35AM +0100, Svante Signell wrote: On Wed, 2007-03-21 at 20:30 -0700, Steve Langasek wrote: On Wed, Mar 21, 2007 at 12:26:40PM +0100, Svante Signell wrote: ... Second, if you can email me the broken initramfs image, I can put it up on a webserver for others to examine, in addition to poking at it myself. (Emailing to the BTS seems like a bad idea, given that it's a 1MB+ file.) Attached is the broken initrd image. The screen output will be mailed later. Thanks, I've had a look and the cause of the failure is clear as soon as I unpack the initrd: $ ls -l lib/ total 548 drwxr-xr-x 3 vorlon vorlon 4096 2007-03-22 02:07 i686 -r-xr-xr-x 1 vorlon vorlon 117460 2007-03-22 02:07 ld-2.5.so lrwxrwxrwx 1 vorlon vorlon 11 2007-03-22 02:07 ld-linux.so.2 - ld-2.5.soso lrwxrwxrwx 1 vorlon vorlon 15 2007-03-22 02:07 libblkid.so.1 - libblkid.so.1.0 -r--r--r-- 1 vorlon vorlon 32248 2007-03-22 02:07 libblkid.so.1.0 -r--r--r-- 1 vorlon vorlon 66292 2007-03-22 02:07 libdevmapper.so.1.02 -r--r--r-- 1 vorlon vorlon 79368 2007-03-22 02:07 libselinux.so.1 -r--r--r-- 1 vorlon vorlon 219824 2007-03-22 02:07 libsepol.so.1 lrwxrwxrwx 1 vorlon vorlon 15 2007-03-22 02:07 libuuid.so.1 - libuuid.so.1.20 -r--r--r-- 1 vorlon vorlon 9128 2007-03-22 02:07 libuuid.so.1.2 drwxr-xr-x 3 vorlon vorlon 4096 2007-03-22 02:07 modules lib/ld-linux.so.2 is a broken symlink pointing to ld-2.5.soso. libuuid.so.1 is also a broken symlink, which would cause a failure later in the boot process if ld-linux.so.2 wasn't broken; as is ./lib/i686/cmov/libdl.so.2, a symlink pointing to libdl-2.5.somov. So, now it just bears determining why these symlinks are broken. That's more than a little unusual, frankly; somehow the target of each of these links seems to have gotten corrupted with extra characters after the end of the name, which to me suggests that the name is being written to a reused buffer and the string is not being null-terminated. Now how is that happening, when yaird is written in perl? Could you try running: /usr/sbin/yaird -d -o /tmp/yaird-output -f directory 2.6.18-4-686 and post the output? This should include debugging info about how yaird is trying to resolve the symlinks. It should also create a directory for you, /tmp/yaird-output, containing the contents that it think *should* have been written to the initramfs. Can you verify whether, within this directory, the symlinks for these libraries are broken the same way that they were in your initramfs image? Finally, it appears that you're using glibc 2.5 from experimental. Can you please downgrade to the unstable version of libc6, to check whether yaird works correctly when run on such a system? FWIW, especially given the last point, I think there's enough reason to think that yaird is not unusable in etch (it may not have a bug here at all), so I'm downgrading this report. Please keep me cc:ed on any replies though, and I'll do what I can to continue helping with the analysis of this error. For now I'll also hang on to the initramfs image you sent, but I'm not going to bother posting it anywhere unless it's needed for some other reason. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#404148: i'm not convinced release notes are enough
Processing commands for [EMAIL PROTECTED]: tags 404148 patch Bug#404148: kernel: data corruption with nvidia chipsets and IDE/SATA drives // memory hole mapping related bug?! There were no tags set. Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: bug 415788: postfix smtpd segfault
Processing commands for [EMAIL PROTECTED]: severity 415788 grave Bug#415788: postfix smtpd segfaults in TLS mode Severity set to `grave' from `important' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: postfix smtpd segfaults in TLS mode
Processing commands for [EMAIL PROTECTED]: forcemerge 415670 415788 Bug#415670: Postfix package 2.3.8-2 broken (etch) Bug#415788: postfix smtpd segfaults in TLS mode Bug#415681: upgrading postfix from 2.3.7-3 to 2.3.8-2 breaks mail service Bug#415727: After upgrading to 2.8.3, Postfix crashes on all incoming connections: warning: process /usr/lib/postfix/smtpd pid 12170 exit status 127 Forcibly Merged 415670 415681 415727 415788. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415670: postfix 2.3.8-2 broken my server
I have two server upgrade to 2.3.8-2. They have exactly same configuration except mail name etc. But the em64t box is working but 686 one doesn't. Hope this may help. -- Best regards, Zhijun(Jam), GUO [EMAIL PROTECTED]
Bug#415233: gpgme1.0: FTBFS: Can't find GNU Pth
Hi José Carlos, FWIW I'm not content with the implemented solution as far as inclusion in etch is concerned. Previous versions of the package clearly did not need libpth20, the new version does and the effect on the package's behavior as a result of this new library dep seem to be unknown. The package also includes this change: @@ -5,9 +5,6 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# This is the debhelper compatability version to use. -export DH_COMPAT=3 - # C compiler information CC = gcc CFLAGS = -Wall -g This is a behavior change from the previous version of the package, because DH_COMPAT takes precedence over debian/compat, so this is very much not a change that's suitable during a freeze. So unless the security team overrules me, I don't think this version of the package should be allowed into etch as-is. (It's also currently held out of etch because it depends on the security-fixed gnupg which is not yet available, but that problem should clear up on its own anyway with no effort on your part.) BTW, this is a regression between gpgme1.0 1.1.2-2 and 1.1.2-3; I believe the cause is the re-rolled '10_relibtoolize.patch', which AFAICS there was no reason to change in a security update. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Bug#414842: #401916
On Mar 22, David Härdeman [EMAIL PROTECTED] wrote: I do expect that a version of udev which fixes #414842 will make it into Etch since #414842 is RC and the release managers seemed to agree when I I will upload a new package in one or two days. -- ciao, Marco signature.asc Description: Digital signature
Bug#414832: diff for 2.0.3+dfsg1-2.1 NMU
Hi, Attached is the diff for my ktorrent 2.0.3+dfsg1-2.1 NMU. @the release team: please unblock ktorrent as it fixes an RC bug. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org diff -u ktorrent-2.0.3+dfsg1/debian/changelog ktorrent-2.0.3+dfsg1/debian/changelog --- ktorrent-2.0.3+dfsg1/debian/changelog +++ ktorrent-2.0.3+dfsg1/debian/changelog @@ -1,3 +1,13 @@ +ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix security issue (Closes: 414832, 414830): ++ drop patch from #414832 in debian/patches. ++ use quilt as a patches management system to deal with it. ++ urgency set to high due to RC bugfix. + + -- Pierre Habouzit [EMAIL PROTECTED] Thu, 22 Mar 2007 11:11:20 +0100 + ktorrent (2.0.3+dfsg1-2) unstable; urgency=low * Resolve FTBFS - remove nonportable -z now from LDFLAGS (Closes: 395897) diff -u ktorrent-2.0.3+dfsg1/debian/control ktorrent-2.0.3+dfsg1/debian/control --- ktorrent-2.0.3+dfsg1/debian/control +++ ktorrent-2.0.3+dfsg1/debian/control @@ -2,7 +2,7 @@ Section: kde Priority: optional Maintainer: Joel Johnson [EMAIL PROTECTED] -Build-Depends: debhelper (= 5.0.0), autotools-dev, kdelibs4-dev, libpcre3-dev, libx11-dev, libgmp3-dev +Build-Depends: debhelper (= 5.0.0), autotools-dev, kdelibs4-dev, libpcre3-dev, libx11-dev, libgmp3-dev, quilt Standards-Version: 3.7.2.0 Package: ktorrent diff -u ktorrent-2.0.3+dfsg1/debian/rules ktorrent-2.0.3+dfsg1/debian/rules --- ktorrent-2.0.3+dfsg1/debian/rules +++ ktorrent-2.0.3+dfsg1/debian/rules @@ -7,8 +7,9 @@ # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +QUILT_PATCH_DIR ?= debian/patches -config.status: configure +config.status: patch configure dh_testdir ifneq $(wildcard /usr/share/misc/config.sub) cp -f /usr/share/misc/config.sub config.sub @@ -27,19 +28,30 @@ $(MAKE) touch build-stamp -clean: +clean: unpatch dh_testdir dh_testroot - rm -f build-stamp + rm -f build-stamp [ ! -f Makefile ] || make distclean [ ! -f config.sub ] || rm -f config.sub [ ! -f config.guess ] || rm -f config.guess - dh_clean + dh_clean + +patch: debian/stamp-patched +debian/stamp-patched: + # quilt exits with 2 as return when there was nothing to do. + QUILT_PATCHES=$(QUILT_PATCH_DIR) quilt --quiltrc /dev/null push -a || test $$? = 2 + touch $@ + +unpatch: + # quilt exits with 2 as return when there was nothing to do. + QUILT_PATCHES=$(QUILT_PATCH_DIR) quilt --quiltrc /dev/null pop -a -R || test $$? = 2 + rm -rf .pc debian/stamp-patched install: build dh_testdir dh_testroot - dh_clean -k + dh_clean -k $(MAKE) install DESTDIR=$(CURDIR)/debian/ktorrent # Install linda/lintian overrides only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/debian/patches/series +++ ktorrent-2.0.3+dfsg1/debian/patches/series @@ -0,0 +1 @@ +kubuntu_03_security_fix.patch only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/debian/patches/kubuntu_03_security_fix.patch +++ ktorrent-2.0.3+dfsg1/debian/patches/kubuntu_03_security_fix.patch @@ -0,0 +1,67 @@ +diff -Nru ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/chunkcounter.cpp ktorrent-2.0.3+dfsg1/libktorrent/torrent/chunkcounter.cpp +--- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/chunkcounter.cpp 2006-10-09 11:04:10.0 -0500 ktorrent-2.0.3+dfsg1/libktorrent/torrent/chunkcounter.cpp 2007-03-11 11:33:38.0 -0500 +@@ -59,12 +59,13 @@ + + void ChunkCounter::inc(Uint32 idx) + { ++ if (idx cnt.size()) + cnt[idx]++; + } + + void ChunkCounter::dec(Uint32 idx) + { +- if (cnt[idx] 0) ++ if (idx cnt.size() cnt[idx] 0) + cnt[idx]--; + } + +diff -Nru ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/peer.cpp ktorrent-2.0.3+dfsg1/libktorrent/torrent/peer.cpp +--- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/peer.cpp 2006-10-09 11:04:10.0 -0500 ktorrent-2.0.3+dfsg1/libktorrent/torrent/peer.cpp 2007-03-11 11:35:27.0 -0500 +@@ -182,11 +182,21 @@ + { + Out() len err HAVE endl; + kill(); +- return; + } +- +-haveChunk(this,ReadUint32(tmp_buf,1)); +-pieces.set(ReadUint32(tmp_buf,1),true); ++else ++{ ++ Uint32 ch = ReadUint32(tmp_buf,1); ++ if (ch pieces.getNumBits()) ++ { ++ haveChunk(this,ch); ++ pieces.set(ch,true); ++ } ++ else ++ { ++ Out(SYS_CON|LOG_NOTICE) Received invalid have value, kicking peer endl; ++ kill(); ++ } ++} + break; + case BITFIELD: + if (len != 1 + pieces.getNumBytes()) +diff -Nru ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/torrent.cpp ktorrent-2.0.3+dfsg1/libktorrent/torrent/torrent.cpp +--- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/torrent.cpp 2006-10-09 11:04:10.0 -0500
Processed: update
Processing commands for [EMAIL PROTECTED]: retitle 400340 Source package contains non-free IETF RFC/I-D's Bug#400340: Contains non-free files. Changed Bug title to Source package contains non-free IETF RFC/I-D's from Contains non-free files.. (By the way, that Bug is currently marked as done.) thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414830: marked as done (Security issues with ktorrent. Fixed on 2.1.2.)
Your message dated Thu, 22 Mar 2007 11:17:02 + with message-id [EMAIL PROTECTED] and subject line Bug#414832: fixed in ktorrent 2.0.3+dfsg1-2.1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.1-1~mdx1 Severity: grave Tags: patch security Justification: user security hole I came across this piece of news: http://www.heise-security.co.uk/news/86661 which explains very briefly about two security issues in ktorrent. These have been solved on ktorrent 2.1.2 as explained on http://ktorrent.org/forum/viewtopic.php?t=1401 I know the frozen version is 2.0.3 which is somewhat far from the fixed version, so I looked into the svn respository(svn://anonsvn.kde.org/home/kde/trunk/extragear/network/ktorrent) and found that commit 640661 fixes the bug. I also attach it as patch, I hope it could apply cleanly to the frozen version. Thanks. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (800, 'unstable'), (500, 'testing'), (100, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20rs Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages ktorrent depends on: ii kdelibs4c2a 4:3.5.6.r1.dfsg.1-2 core libraries and binaries for al ii libacl1 2.2.42-1Access control list shared library ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libattr1 1:2.4.32-1.1Extended attribute shared library ii libaudio21.8-3 The Network Audio System (NAS). (s ii libavahi-client3 0.6.16-3Avahi client library ii libavahi-common3 0.6.16-3Avahi common library ii libc62.3.6.ds1-13GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libgamin0 [libfam0] 0.1.8-1 Client library for the gamin file ii libgcc1 1:4.1.1-21 GCC support library ii libgmp3c22:4.2.1+dfsg-4 Multiprecision arithmetic library ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libidn11 0.6.5-1 GNU libidn library, implementation ii libjpeg626b-13 The Independent JPEG Group's JPEG ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libqt3-mt3:3.3.7-3 Qt GUI Library (Threaded runtime v ii libsm6 1:1.0.1-3 X11 Session Management library ii libstdc++6 4.1.1-21The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-6 X11 client-side library ii libxcursor1 1.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii zlib1g 1:1.2.3-13 compression library - runtime ktorrent recommends no packages. -- no debconf information Index: libktorrent/torrent/torrent.cpp === --- libktorrent/torrent/torrent.cpp (revisión: 640660) +++ libktorrent/torrent/torrent.cpp (revisión: 640661) @@ -163,9 +163,15 @@ if (!v || v-data().getType() != Value::STRING) throw Error(i18n(Corrupted torrent!)); -path += v-data().toString(encoding); -if (j + 1 ln-getNumChildren()) - path += bt::DirSeparator(); +QString sd = v-data().toString(encoding); +// check for weirdness like .. , +// we don't want to write outside the user specified directories +if (sd != ..) +{ + path += sd; + if (j + 1 ln-getNumChildren()) + path += bt::DirSeparator(); +} } // we do not want empty dirs Index: libktorrent/torrent/chunkcounter.cpp ===
Bug#414830: marked as done (Security issues with ktorrent. Fixed on 2.1.2.)
Your message dated Thu, 22 Mar 2007 11:17:02 + with message-id [EMAIL PROTECTED] and subject line Bug#414830: fixed in ktorrent 2.0.3+dfsg1-2.1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.1-1~mdx1 Severity: grave Tags: patch security Justification: user security hole I came across this piece of news: http://www.heise-security.co.uk/news/86661 which explains very briefly about two security issues in ktorrent. These have been solved on ktorrent 2.1.2 as explained on http://ktorrent.org/forum/viewtopic.php?t=1401 I know the frozen version is 2.0.3 which is somewhat far from the fixed version, so I looked into the svn respository(svn://anonsvn.kde.org/home/kde/trunk/extragear/network/ktorrent) and found that commit 640661 fixes the bug. I also attach it as patch, I hope it could apply cleanly to the frozen version. Thanks. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (800, 'unstable'), (500, 'testing'), (100, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20rs Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages ktorrent depends on: ii kdelibs4c2a 4:3.5.6.r1.dfsg.1-2 core libraries and binaries for al ii libacl1 2.2.42-1Access control list shared library ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libattr1 1:2.4.32-1.1Extended attribute shared library ii libaudio21.8-3 The Network Audio System (NAS). (s ii libavahi-client3 0.6.16-3Avahi client library ii libavahi-common3 0.6.16-3Avahi common library ii libc62.3.6.ds1-13GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libgamin0 [libfam0] 0.1.8-1 Client library for the gamin file ii libgcc1 1:4.1.1-21 GCC support library ii libgmp3c22:4.2.1+dfsg-4 Multiprecision arithmetic library ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libidn11 0.6.5-1 GNU libidn library, implementation ii libjpeg626b-13 The Independent JPEG Group's JPEG ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libqt3-mt3:3.3.7-3 Qt GUI Library (Threaded runtime v ii libsm6 1:1.0.1-3 X11 Session Management library ii libstdc++6 4.1.1-21The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-6 X11 client-side library ii libxcursor1 1.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii zlib1g 1:1.2.3-13 compression library - runtime ktorrent recommends no packages. -- no debconf information Index: libktorrent/torrent/torrent.cpp === --- libktorrent/torrent/torrent.cpp (revisión: 640660) +++ libktorrent/torrent/torrent.cpp (revisión: 640661) @@ -163,9 +163,15 @@ if (!v || v-data().getType() != Value::STRING) throw Error(i18n(Corrupted torrent!)); -path += v-data().toString(encoding); -if (j + 1 ln-getNumChildren()) - path += bt::DirSeparator(); +QString sd = v-data().toString(encoding); +// check for weirdness like .. , +// we don't want to write outside the user specified directories +if (sd != ..) +{ + path += sd; + if (j + 1 ln-getNumChildren()) + path += bt::DirSeparator(); +} } // we do not want empty dirs Index: libktorrent/torrent/chunkcounter.cpp ===
Bug#414832: marked as done (ktorrent: security vulnerabilities fixed in newer upstream)
Your message dated Thu, 22 Mar 2007 11:17:02 + with message-id [EMAIL PROTECTED] and subject line Bug#414830: fixed in ktorrent 2.0.3+dfsg1-2.1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.0.3+dfsg1-2 Severity: grave Tags: security Justification: user security hole Hello Joel, long time no see... I guess some work lies ahead: | Bryan Burns of Juniper networks found 2 security vulnerabilities in | KTorrent. These have now been fixed in the 2.1.2 release. | | This is just 2.1.1 with these 2 fixes. It would be advisable to upgrade. as seen on http://ktorrent.org/forum/viewtopic.php?t=1401. This concerns http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385. Ubuntu Security Notice USN-436-1 has already been issued[0] on this matter. Even though these vulnerabilities don't affect the current stable release, they need to be fixed for the upcoming release Etch. Please extract the relevant patches and apply them to ktorrent as currently present in unstable. Changes for non-release-critical issues are no longer accepted for Etch as per the latest release update[0], so please stick to just these necessary changes. Once a fixed package will have been uploaded we need to ask the release managers to allow propagation to Etch. Cheers, Flo [0] http://www.ubuntu.com/usn/usn-436-1 [1] http://lists.debian.org/debian-devel-announce/2007/03/msg00012.html signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.1 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.1.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1.diff.gz ktorrent_2.0.3+dfsg1-2.1.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1.dsc ktorrent_2.0.3+dfsg1-2.1_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 11:11:20 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.1 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0918857e98518996c891d6c0bcfd51f1 663 kde optional ktorrent_2.0.3+dfsg1-2.1.dsc e210f4dad18fcbcdd4d41dcad502557a 5544 kde optional ktorrent_2.0.3+dfsg1-2.1.diff.gz 4cea68a9ea4d948a5feeef658bdb02d1 1583504 kde optional ktorrent_2.0.3+dfsg1-2.1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAmG0vGr7W6HudhwRAqvzAJ9rT2HhkzJ98Jff2xuDyk3WgylFuQCfUFaL t05wZTqC1eq46avtriUAkBY= =9iYO -END PGP SIGNATURE- ---End Message---
Bug#414832: marked as done (ktorrent: security vulnerabilities fixed in newer upstream)
Your message dated Thu, 22 Mar 2007 11:17:02 + with message-id [EMAIL PROTECTED] and subject line Bug#414832: fixed in ktorrent 2.0.3+dfsg1-2.1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.0.3+dfsg1-2 Severity: grave Tags: security Justification: user security hole Hello Joel, long time no see... I guess some work lies ahead: | Bryan Burns of Juniper networks found 2 security vulnerabilities in | KTorrent. These have now been fixed in the 2.1.2 release. | | This is just 2.1.1 with these 2 fixes. It would be advisable to upgrade. as seen on http://ktorrent.org/forum/viewtopic.php?t=1401. This concerns http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385. Ubuntu Security Notice USN-436-1 has already been issued[0] on this matter. Even though these vulnerabilities don't affect the current stable release, they need to be fixed for the upcoming release Etch. Please extract the relevant patches and apply them to ktorrent as currently present in unstable. Changes for non-release-critical issues are no longer accepted for Etch as per the latest release update[0], so please stick to just these necessary changes. Once a fixed package will have been uploaded we need to ask the release managers to allow propagation to Etch. Cheers, Flo [0] http://www.ubuntu.com/usn/usn-436-1 [1] http://lists.debian.org/debian-devel-announce/2007/03/msg00012.html signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.1 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.1.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1.diff.gz ktorrent_2.0.3+dfsg1-2.1.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1.dsc ktorrent_2.0.3+dfsg1-2.1_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 11:11:20 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.1 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0918857e98518996c891d6c0bcfd51f1 663 kde optional ktorrent_2.0.3+dfsg1-2.1.dsc e210f4dad18fcbcdd4d41dcad502557a 5544 kde optional ktorrent_2.0.3+dfsg1-2.1.diff.gz 4cea68a9ea4d948a5feeef658bdb02d1 1583504 kde optional ktorrent_2.0.3+dfsg1-2.1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAmG0vGr7W6HudhwRAqvzAJ9rT2HhkzJ98Jff2xuDyk3WgylFuQCfUFaL t05wZTqC1eq46avtriUAkBY= =9iYO -END PGP SIGNATURE- ---End Message---
Bug#332782: Please explain the etch-ignore tag
On Thu, Mar 22, 2007 at 12:49:49AM +0100, Francesco Poli wrote: - once a consensus is reached there, contact individual contributors to the release notes requesting a license grant Where can I find a comprehensive list of individual contributors (whose contribution is creative enough to grant them a copyright interest in the work)? It would have to be extracted from the CVS logs. Are there any others besides the ones who are credited in the footer of the contents page[2]? Yes, many, most of them Debian developers (like myself) who modified the sources. Let's start collecting agreements on the licensing: each of the above mentioned copyright holders, could you please tell (preferably with a OpenPGP-signed reply) whether you agree to license your contribution under the following terms? I'm not that list, but I agree with licensing my contributions under those terms. Javier signature.asc Description: Digital signature
Bug#400340: Bug#415751: Source package contains non-free IETF RFC/I-D
Alexander Sack - Debian Bugmail [EMAIL PROTECTED] writes: Hi, why do you post dupes? there already is #400340 which is still open. If I missed the point, reopen or let me know. Hi! Is #400340 really open? It is listed under 'Resolved bugs' on the tracker? http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=icedove#_4_2_5 [EMAIL PROTECTED] also said it is marked as done, when I changed the title so I can easier locate it in the future, see below. /Simon [EMAIL PROTECTED] (Debian Bug Tracking System) writes: Processing commands for [EMAIL PROTECTED]: retitle 400340 Source package contains non-free IETF RFC/I-D's Bug#400340: Contains non-free files. Changed Bug title to Source package contains non-free IETF RFC/I-D's from Contains non-free files.. (By the way, that Bug is currently marked as done.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415670: Postfix error
For sure. But actually, for example, the it.debian.org repository is not yet updated, so alternatively you can use the solution I said before. (or get the new postfix packages from one updated repository and install it) On Thu, Mar 22, 2007 at 09:11:37AM +0100, Fabrizio Regalli wrote: I can confirm best solution, at the moment, is to upgrade OpenSSL packages from unstable repository, using apt-pinning or a different way. I've update it and now totally works fine. No, the best solution at the moment is to install the 2.3.8-2+b1 postfix package that is already available in testing. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Bug#414929: could you try this patch
On Wed, 21 Mar 2007, Steve Langasek wrote: That's not what --oknodo means. Please see the manpage; --oknodo is exactly what's wanted here. Was start-stop-daemon fixed, then? In the past --oknodo behaved differently, which is the reason for the ammount of code in amavisd-new to make sure not running can be told apart from failed to stop... In fact, that's how I'd fix this bug if I had the time right now. Does this mean you don't have time (even with a patch), and would like an NMU? NMUs are usually welcome when I don't respond promptly. In fact, timidity has been NMUed already... I won't object to NMUs (0-day or delayed) to fix timidity. As long as they're done properly, with a NMU patch sent to the BTS, etc, they're welcome. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#404148: i'm not convinced release notes are enough
Steve Langasek wrote: In all doing respect, I think that it's a much greater risk to not use iommu=soft per default than doing so. Even if we imagine that there would by systems that don't work with the sw-iommu it's likely that they simply break (at boot time). And then the affected user at least knows that something is happening to him, while with no iommu=soft he would probably never realize that he has problems. That doesn't address how to set iommu=soft as a default, though. The only practical way that I see to accomplish this is in the kernel package itself, and there was doubt that there would be an opportunity to update the kernel again before release. One possibility would be too add it per default to the grub and lilo configs, perhaps with a pointer to this bug. This way every users could simply decide wheter to remove this or not. So such a patch would have to whitelist systems that are known to work, instead of blacklist the others. But AIUI the problem has so far only been reported on systems using an nvidia chipset, right? Yes (and perhaps no). First of all there were some people who had and Opteron and an Nvidia chipset and that much main memory etc etc. (I mean a system configuration where we would have supposed that they would suffer from the error) but they at least claimed to not suffer from it. Perhaps some BIOSes might somewho workaround (not solve) it. Another issue is the following: Just today someone added to the bugzilla.kernel.org bug that he probably has the same error but his system doesn't have an Nvidia chipset (see http://bugzilla.kernel.org/show_bug.cgi?id=7768). Anyway I don't believe that this is actually the same error. I'm not going to hold up as release-critical a bugfix for other systems where the problem hasn't been reported yet. If more information becomes available showing that the bug exists on non-nvidia systems, we should of course revisit it at that point. see above In the meantime, I don't see any reason why we shouldn't patch the kernel to disable hw iommu on nvidia systems only. I believe the attached patch should do this. Are you in a position to confirm that this does disable hw iommu for you? Unfortunately I'm not currently able to validate it, but I will forward it to the thread at lkml and to the bug at kernel.org. begin:vcard fn:Mitterer, Christoph Anton n:Mitterer;Christoph Anton email;internet:[EMAIL PROTECTED] x-mozilla-html:TRUE version:2.1 end:vcard
Bug#415776: pending
Sorry about that, I'll upload a fixed package tonight. Thanks for spotting it. -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgpNUt0TroEiD.pgp Description: PGP signature
Processed: severity of 415670 is important
Processing commands for [EMAIL PROTECTED]: severity 415670 important Bug#415670: Postfix package 2.3.8-2 broken (etch) Bug#415681: upgrading postfix from 2.3.7-3 to 2.3.8-2 breaks mail service Bug#415727: After upgrading to 2.8.3, Postfix crashes on all incoming connections: warning: process /usr/lib/postfix/smtpd pid 12170 exit status 127 Bug#415788: postfix smtpd segfaults in TLS mode Severity set to `important' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415117: [pkg-horde] Bug#415117: imp4: XSS vulnerability in search screen and thread view
Ola Lundqvist [EMAIL PROTECTED] wrote: Interesting! Will you create a fix for this? I took from the diff between imp-h3-4.1.4-rc1 and imp-h3-4.1.4 a working patch to fix the XSS vulnerability. I'm not really sure if I should submit a patch that would work against imp4_4.1.3-2 (in etch) or against imp4_4.1.3-3 (in sid)... Well, probably it will work against both. I'll send the patch after lunch. Best regards, -- Marcos Marado Sonaecom IT -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415739: marked as done (echoping is uninstallable)
Your message dated Thu, 22 Mar 2007 13:02:05 + with message-id [EMAIL PROTECTED] and subject line Bug#415739: fixed in echoping 5.2.0-4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: echoping Version: 5.2.0-3 Severity: grave # apt-get install echoping Reading package lists... Done Building dependency tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: echoping: Depends: libgnutls11 (= 1.0.16) but it is not installable E: Broken packages # apt-cache show echoping Package: echoping Priority: optional Section: net Installed-Size: 108 Maintainer: Dario Minnucci [EMAIL PROTECTED] Architecture: i386 Version: 5.2.0-3 Depends: libc6 (= 2.3.6-6), libgnutls11 (= 1.0.16), libidn11 (= 0.5.18) Filename: pool/main/e/echoping/echoping_5.2.0-3_i386.deb Size: 29308 MD5sum: 9502caab3262735989a71d32f171a6c6 SHA1: b63cf33df82ef98ebc6ceccb22045298236648e8 SHA256: 6adad603ac62cae082f924e39a6cd52c28a25946ffae578066b14d1e9af8c75c Description: A small test tool for TCP servers Can test if a server is listening on a remote machine and can measure the round-trip time. Tag: admin::monitoring, implemented-in::c, interface::commandline, network::client, network::scanner, protocol::{ipv6,smtp,ssl}, role::program, scope::application Looks to me like libgnutls11 was removed and is to be replaced by libgnutls13. Cheers, Martin. -- Feel free - 5 GB Mailbox, 50 FreeSMS/Monat ... Jetzt GMX ProMail testen: www.gmx.net/de/go/mailfooter/promail-out ---End Message--- ---BeginMessage--- Source: echoping Source-Version: 5.2.0-4 We believe that the bug you reported is fixed in the latest version of echoping, which is due to be installed in the Debian FTP archive: echoping_5.2.0-4.diff.gz to pool/main/e/echoping/echoping_5.2.0-4.diff.gz echoping_5.2.0-4.dsc to pool/main/e/echoping/echoping_5.2.0-4.dsc echoping_5.2.0-4_i386.deb to pool/main/e/echoping/echoping_5.2.0-4_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dario Minnucci [EMAIL PROTECTED] (supplier of updated echoping package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 13:48:40 +0100 Source: echoping Binary: echoping Architecture: source i386 Version: 5.2.0-4 Distribution: unstable Urgency: low Maintainer: Dario Minnucci [EMAIL PROTECTED] Changed-By: Dario Minnucci [EMAIL PROTECTED] Description: echoping - A small test tool for TCP servers Closes: 415739 Changes: echoping (5.2.0-4) unstable; urgency=low . * Rebuild against newer gnutls-dev package (Closes: #415739) Files: 1e1d0f8c3c82e5a5a08e4ae088faf509 594 net optional echoping_5.2.0-4.dsc afa015d3c2ee3be77d95aab1c9fce621 19931 net optional echoping_5.2.0-4.diff.gz 9b14501d60a8e9821f30e273ca97340a 29372 net optional echoping_5.2.0-4_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAntpxRSvjkukAcMRAjZ4AKCZVtJYxYJrYR/ysBKru+YQSrUJtgCg6VuW rkSPK854m+asVud0q69Y8co= =EcTc -END PGP SIGNATURE- ---End Message---
Bug#415117: [pkg-horde] Bug#415117: imp4: XSS vulnerability in search screen and thread view
On Thursday 22 March 2007 13:07, Marcos Marado wrote: Ola Lundqvist [EMAIL PROTECTED] wrote: Interesting! Will you create a fix for this? I took from the diff between imp-h3-4.1.4-rc1 and imp-h3-4.1.4 a working patch to fix the XSS vulnerability. I'm not really sure if I should submit a patch that would work against imp4_4.1.3-2 (in etch) or against imp4_4.1.3-3 (in sid)... Well, probably it will work against both. I'll send the patch after lunch. Here's the patch. It was created to be applied against imp4_4.1.3-2. Can I help in anything else? -- Marcos Marado Sonaecom IT diff -ru imp-h3-4.1.3/templates/search/fields.inc imp-h3-4.1.3-fixed/templates/search/fields.inc --- imp-h3-4.1.3/templates/search/fields.inc 2006-01-01 07:02:09.0 + +++ imp-h3-4.1.3-fixed/templates/search/fields.inc 2007-03-22 13:11:00.0 + @@ -21,7 +21,7 @@ ($imp_search_fields[$curr_field]['type'] == IMP_SEARCH_BODY) || ($imp_search_fields[$curr_field]['type'] == IMP_SEARCH_TEXT)): ? td class=item0 leftAlign - input type=text name=search_text[?php echo $i ?] size=40 ?php if (!empty($search['text'][$i])) echo 'value=' . $search['text'][$i] . ' '; ?/ + input type=text name=search_text[?php echo $i ?] size=40 ?php if (!empty($search['text'][$i])) echo 'value=' . htmlspecialchars($search['text'][$i]) . ' '; ?/ input type=checkbox name=search_text_not[?php echo $i ?] ?php if (!empty($search['text_not'][$i])) echo 'checked=checked '; ?/ em?php echo _(Do NOT match) ?/em /td diff -ru imp-h3-4.1.3/templates/search/header.inc imp-h3-4.1.3-fixed/templates/search/header.inc --- imp-h3-4.1.3/templates/search/header.inc 2006-02-08 21:28:57.0 + +++ imp-h3-4.1.3-fixed/templates/search/header.inc 2007-03-22 13:11:00.0 + @@ -2,12 +2,12 @@ input type=hidden name=actionID value=update_search / input type=hidden name=delete_field_id value= / ?php if ($edit_query_id): ? -input type=hidden name=edit_query_id value=?php echo $edit_query_id ? / +input type=hidden name=edit_query_id value=?php echo htmlspecialchars($edit_query_id) ? / ?php endif; ? ?php if (!empty($search['mbox'])): ? -input type=hidden name=mbox value=?php echo $search['mbox'] ? / +input type=hidden name=mbox value=?php echo htmlspecialchars($search['mbox']) ? / ?php elseif ($subscribe): ? -input type=hidden name=show_subscribed_only value=?php echo $shown ? / +input type=hidden name=show_subscribed_only value=?php echo htmlspecialchars($shown) ? / ?php endif; ? div align=center table border=0 cellspacing=0 cellpadding=2 width=100% diff -ru imp-h3-4.1.3/templates/search/main.inc imp-h3-4.1.3-fixed/templates/search/main.inc --- imp-h3-4.1.3/templates/search/main.inc 2006-02-15 01:29:27.0 + +++ imp-h3-4.1.3-fixed/templates/search/main.inc 2007-03-22 13:11:00.0 + @@ -77,7 +77,7 @@ /tr ?php if (!empty($search['mbox'])): ? - input id=preselected_folders type=hidden name=search_folders[] value=?php echo $search['mbox'] ? / + input id=preselected_folders type=hidden name=search_folders[] value=?php echo htmlspecialchars($search['mbox']) ? / ?php else: ? tr td class=smallheader leftAlign colspan=2?php echo _(Message folders) ?/td @@ -126,7 +126,7 @@ ?php endif; ? tr td class=item1 leftAlign nowrap=nowrap - em?php echo _(Virtual folder label) ?:/emnbsp;input type=text id=vfolder_label name=vfolder_label ?php if (!empty($search['vfolder_label'])) echo 'value=' . $search['vfolder_label'] . ' '; ?/ + em?php echo _(Virtual folder label) ?:/emnbsp;input type=text id=vfolder_label name=vfolder_label ?php if (!empty($search['vfolder_label'])) echo 'value=' . htmlspecialchars($search['vfolder_label']) . ' '; ?/ /td /tr /table diff -ru imp-h3-4.1.3/thread.php imp-h3-4.1.3-fixed/thread.php --- imp-h3-4.1.3/thread.php 2006-02-21 07:32:36.0 + +++ imp-h3-4.1.3-fixed/thread.php 2007-03-22 13:12:38.0 + @@ -119,7 +119,7 @@ $headers-buildAddressLinks('from', Horde::selfUrl(true), true, true); $curr_msg['date'] = $headers-getValue('date'); $curr_msg['from'] = $headers-getValue('from'); -$subject_header = $headers-getValue('subject'); + $subject_header = @htmlspecialchars($headers-getValue('subject'), ENT_COMPAT, NLS::getCharset()); if ($mode == 'thread') { if (empty($subject)) { $subject = preg_replace('/^re:\s*/i', '', $subject_header);
Bug#316389: [Pkg-db-devel] Bug#316389: Please apply this patch
The bug listed here incorrectly links to my site. It should have linked to the official BDB site, as this bug is from the BDB folks themselves. http://www.oracle.com/technology/products/berkeley-db/db/update/4.2.52/patch.4.2.52.html In particular, this is patch #5. It is *required* for the later OpenLDAP 2.2 and all of OpenLDAP 2.3 to work right. The severity here needs to raised to grave, as the OpenLDAP distributed with etch cannot function correctly without this patch. Just to clarify here for all fascinated readers: This bug is, or was originally, about the patch at http://www.openldap.org/devel/cvsweb.cgi/~checkout~/build/Attic/BerkeleyDB42.patch?rev=1.5.4.1hideattic=1sortbydate=0 According to OpenLDAP CVS commit logs and this Faq-O-Matic entry, http://www.openldap.org/faq/data/cache/44.html this unofficial BDB patch is obsoleted by OpenLDAP 2.3. The vendor patch to which Quanah refers was the subject of a brief mailing list thread beginning here http://lists.alioth.debian.org/pipermail/pkg-db-devel/2007-February/001157.html and continuing here http://lists.alioth.debian.org/pipermail/pkg-db-devel/2007-March/001161.html but no bug report was generated as a result of that thread as far as I am aware. In the interest of making me less confused, I am presently going to make a new bug that is explicitly about vendor patch #5. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: bdb patches for openldap
Processing commands for [EMAIL PROTECTED]: clone 316389 -1 Bug#316389: Please add the transactions patch to db4.2 Bug 316389 cloned as bug 415840. retitle -1 vendor patch #5 is necessary for OpenLDAP Bug#415840: Please add the transactions patch to db4.2 Changed Bug title to vendor patch #5 is necessary for OpenLDAP from Please add the transactions patch to db4.2. submitter -1 Quanah Gibson-Mount [EMAIL PROTECTED] Bug#415840: vendor patch #5 is necessary for OpenLDAP Changed Bug submitter from Peter Marschall [EMAIL PROTECTED] to Quanah Gibson-Mount [EMAIL PROTECTED]. quit Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316389: marked as done (Please add the transactions patch to db4.2)
Your message dated Thu, 22 Mar 2007 10:37:00 -0400 with message-id [EMAIL PROTECTED] and subject line patch no longer claimed to be needed has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: db4.2 Severity: wishlist Tags: patch Hi, please consider adding the transactions patch (attached) to db4.2. This patch is recommended for OpenLDAP 2.2.6 and 2.2.27, while it is required for all higher OpenLDAP versions (2.2.28 enginieering as well as 2.3.x). Accordung to OpenLDAP developers db4.2 is the recommended Berkeley DB library for OpenLDAP. So not having this patch in Debian's db4.2 would hinder the further development of openldap2.x packages in Debian. You may find further finormation about this patch on Standord's Directory pages where it was first published (accoeding to my knowledge): http://www.stanford.edu/services/directory/openldap/configuration/openldap-build-42.html As you can see the patch is quite trivial and does not affect packages that are not aware of the flag introduced with this patch. (BTW, I have db 4.2 with this patch running for half a year without any problems [except the need to re-build my private package whenever a new official package comes out ;-]) Please do not hesitate to to aks if you have any questions. Thanks in advance PEter -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) ## transactions.patch by Quanah Gibson-Mount [EMAIL PROTECTED] ## ## fixes transaction behaviour; required for openLDAP ## published on Stanford's Directory Services pages: ## http://www.stanford.edu/services/directory/openldap/configuration/openldap-build-42.html --- dbinc/db.in +++ dbinc/db.in 2004-09-09 18:30:00.547903000 -0700 @@ -839,6 +839,7 @@ #define TXN_NOWAIT 0x040 /* Do not wait on locks. */ #define TXN_RESTORED 0x080 /* Transaction has been restored. */ #define TXN_SYNC 0x100 /* Sync on prepare and commit. */ +#define TXN_NOLOG 0x200 /* Do not log this transaction. */ u_int32_t flags; }; --- txn/txn.c +++ txn/txn.c 2004-09-09 18:32:14.559561000 -0700 @@ -127,7 +127,7 @@ if ((ret = __db_fchk(dbenv, txn_begin, flags, DB_DIRTY_READ | DB_TXN_NOWAIT | - DB_TXN_NOSYNC | DB_TXN_SYNC)) != 0) + DB_TXN_NOSYNC | DB_TXN_SYNC | DB_TXN_NOT_DURABLE )) != 0) return (ret); if ((ret = __db_fcchk(dbenv, txn_begin, flags, DB_TXN_NOSYNC, DB_TXN_SYNC)) != 0) @@ -193,6 +193,8 @@ F_SET(txn, TXN_SYNC); if (LF_ISSET(DB_TXN_NOWAIT)) F_SET(txn, TXN_NOWAIT); + if (LF_ISSET(DB_TXN_NOT_DURABLE)) + F_SET(txn, TXN_NOLOG); if ((ret = __txn_begin_int(txn, 0)) != 0) goto err; @@ -328,7 +330,7 @@ * We should set this value when we write the first log record, not * here. */ - if (DBENV_LOGGING(dbenv)) + if (DBENV_LOGGING(dbenv) !F_ISSET(txn, TXN_NOLOG)) __log_txn_lsn(dbenv, begin_lsn, NULL, NULL); else ZERO_LSN(begin_lsn); ---End Message--- ---BeginMessage--- Since http://www.openldap.org/faq/data/cache/44.html says this patch is irrelevant with OpenLDAP 2.3 (the version slated for etch), I am closing this bug. ---End Message---
Bug#415233: gpgme1.0: FTBFS: Can't find GNU Pth
On Thu, Mar 22, 2007 at 03:13:28AM -0700, Steve Langasek wrote: Hi José Carlos, FWIW I'm not content with the implemented solution as far as inclusion in etch is concerned. Previous versions of the package clearly did not need libpth20, the new version does and the effect on the package's behavior as a result of this new library dep seem to be unknown. Basically I agree, but due to time constrains I didn't have to check or apply other way to build it. Anayway, as it generates different .so files for each library, I didn't think that it would imply a problem for etch. The package also includes this change: @@ -5,9 +5,6 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# This is the debhelper compatability version to use. -export DH_COMPAT=3 - # C compiler information CC = gcc CFLAGS = -Wall -g This is a behavior change from the previous version of the package, because DH_COMPAT takes precedence over debian/compat, so this is very much not a change that's suitable during a freeze. Mmmm. I made that change, but I though that I had rolled it back later. So unless the security team overrules me, I don't think this version of the package should be allowed into etch as-is. (It's also currently held out of etch because it depends on the security-fixed gnupg which is not yet available, but that problem should clear up on its own anyway with no effort on your part.) BTW, this is a regression between gpgme1.0 1.1.2-2 and 1.1.2-3; I believe the cause is the re-rolled '10_relibtoolize.patch', which AFAICS there was no reason to change in a security update. The only reason is that the package was not able to build without that rehashed 10_relibtoolize patch. I will try again tonight to build the package with the older patch, perhaps it was a problem on my side only. BTW, if you want make any test, you can find my repo at http://svn.tribulaciones.org Thanks -- Jose Carlos Garcia Sogo [EMAIL PROTECTED]
Bug#414832: diff for 2.0.3+dfsg1-2.2 NMU
Hi, Attached is the diff for my ktorrent 2.0.3+dfsg1-2.2 NMU. This one is without touching the build-system (no quilt dependency). @the RM: please unblock this one that is less intrusive. @the maintainer: you can keep the 2.1 NMU in your packaging the 2.2 is IMHO gross, but the previous one was not complying with the FREEZE requirements. Cheers, -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org diff -u ktorrent-2.0.3+dfsg1/debian/changelog ktorrent-2.0.3+dfsg1/debian/changelog --- ktorrent-2.0.3+dfsg1/debian/changelog +++ ktorrent-2.0.3+dfsg1/debian/changelog @@ -1,3 +1,21 @@ +ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Redo the previous patch without kilt, integrating it into the buildsystem +directly (yuck !). + + -- Pierre Habouzit [EMAIL PROTECTED] Thu, 22 Mar 2007 16:41:39 +0100 + +ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix security issue (Closes: 414832, 414830): ++ drop patch from #414832 in debian/patches. ++ use quilt as a patches management system to deal with it. ++ urgency set to high due to RC bugfix. + + -- Pierre Habouzit [EMAIL PROTECTED] Thu, 22 Mar 2007 11:11:20 +0100 + ktorrent (2.0.3+dfsg1-2) unstable; urgency=low * Resolve FTBFS - remove nonportable -z now from LDFLAGS (Closes: 395897) only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/peer.cpp +++ ktorrent-2.0.3+dfsg1/libktorrent/torrent/peer.cpp @@ -182,11 +182,21 @@ { Out() len err HAVE endl; kill(); - return; } - -haveChunk(this,ReadUint32(tmp_buf,1)); -pieces.set(ReadUint32(tmp_buf,1),true); +else +{ + Uint32 ch = ReadUint32(tmp_buf,1); + if (ch pieces.getNumBits()) + { + haveChunk(this,ch); + pieces.set(ch,true); + } + else + { + Out(SYS_CON|LOG_NOTICE) Received invalid have value, kicking peer endl; + kill(); + } +} break; case BITFIELD: if (len != 1 + pieces.getNumBytes()) only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/torrent.cpp +++ ktorrent-2.0.3+dfsg1/libktorrent/torrent/torrent.cpp @@ -141,9 +141,13 @@ if (!v || v-data().getType() != Value::STRING) throw Error(i18n(Corrupted torrent!)); -path += v-data().toString(encoding); -if (j + 1 ln-getNumChildren()) - path += bt::DirSeparator(); +QString sd = v-data().toString(encoding); +if (sd != ..) +{ + path += sd; + if (j + 1 ln-getNumChildren()) + path += bt::DirSeparator(); +} } // we do not want empty dirs only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/chunkcounter.cpp +++ ktorrent-2.0.3+dfsg1/libktorrent/torrent/chunkcounter.cpp @@ -59,12 +59,13 @@ void ChunkCounter::inc(Uint32 idx) { + if (idx cnt.size()) cnt[idx]++; } void ChunkCounter::dec(Uint32 idx) { - if (cnt[idx] 0) + if (idx cnt.size() cnt[idx] 0) cnt[idx]--; } signature.asc Description: Digital signature
Bug#395897: marked as done (FTBFS: now: No such file or directory)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#395897: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.0.3+dfsg1-1 Severity: serious Justification: no longer builds from source ktorrent fails to build on some architectures, e. g. alpha: [...] /bin/sh ../libtool --silent --mode=link --tag=CXX alpha-linux-gnu-g++ -Wnon-virtual-dtor -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -O2 -Wformat-security -Wmissing-format-attribute -fno-exceptions -fno-check-new -fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT -DQT_NO_TRANSLATION -fexceptions-Wl -z now -o libktorrent.la -rpath /usr/lib -L/usr/lib -L/usr/share/qt3/lib libktorrent_la.all_cpp.lo ../libktorrent/net/libnet.la ../libktorrent/datachecker/libdatachecker.la ../libktorrent/mse/libmse.la ../libktorrent/migrate/libmigrate.la ../libktorrent/util/libutil.la ../libktorrent/torrent/libtorrent.la ../libktorrent/kademlia/libkademlia.la ../libktorrent/interfaces/libinterfaces.la -lkparts alpha-linux-gnu-g++: now: No such file or directory make[4]: *** [libktorrent.la] Error 1 make[4]: Leaving directory `/tmp/ktorrent-2.0.3+dfsg1/libktorrent' Full log at http://buildd.debian.org/fetch.cgi?pkg=ktorrentver=2.0.3%2Bdfsg1-1arch=alphastamp=1161724018file=log Falk -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: alpha Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.2 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.2.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.diff.gz ktorrent_2.0.3+dfsg1-2.2.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.dsc ktorrent_2.0.3+dfsg1-2.2_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 16:41:39 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.2 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 313659 340766 348605 349983 349983 357096 378947 384131 392687 395897 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low . * Non-maintainer upload. * Redo the previous patch without kilt, integrating it into the buildsystem directly (yuck !). . ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0db410f001e3614a6ba8fe26a069ab06 656 kde optional ktorrent_2.0.3+dfsg1-2.2.dsc 3c8d1ffcf96174259a5dc2c1bda54f20 5292 kde optional ktorrent_2.0.3+dfsg1-2.2.diff.gz c287020ca811a4810d7189484cb7badc 1583536 kde optional ktorrent_2.0.3+dfsg1-2.2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAqV+vGr7W6HudhwRAvb/AKCCpM1lPPLfqQfYK32FX4WvZwZrowCdGF/e Td1ILEvKieQAFMtaC4In2D8= =cjNx -END PGP SIGNATURE- ---End Message---
Bug#414830: marked as done (Security issues with ktorrent. Fixed on 2.1.2.)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#414830: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.1-1~mdx1 Severity: grave Tags: patch security Justification: user security hole I came across this piece of news: http://www.heise-security.co.uk/news/86661 which explains very briefly about two security issues in ktorrent. These have been solved on ktorrent 2.1.2 as explained on http://ktorrent.org/forum/viewtopic.php?t=1401 I know the frozen version is 2.0.3 which is somewhat far from the fixed version, so I looked into the svn respository(svn://anonsvn.kde.org/home/kde/trunk/extragear/network/ktorrent) and found that commit 640661 fixes the bug. I also attach it as patch, I hope it could apply cleanly to the frozen version. Thanks. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (800, 'unstable'), (500, 'testing'), (100, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20rs Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages ktorrent depends on: ii kdelibs4c2a 4:3.5.6.r1.dfsg.1-2 core libraries and binaries for al ii libacl1 2.2.42-1Access control list shared library ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libattr1 1:2.4.32-1.1Extended attribute shared library ii libaudio21.8-3 The Network Audio System (NAS). (s ii libavahi-client3 0.6.16-3Avahi client library ii libavahi-common3 0.6.16-3Avahi common library ii libc62.3.6.ds1-13GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libgamin0 [libfam0] 0.1.8-1 Client library for the gamin file ii libgcc1 1:4.1.1-21 GCC support library ii libgmp3c22:4.2.1+dfsg-4 Multiprecision arithmetic library ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libidn11 0.6.5-1 GNU libidn library, implementation ii libjpeg626b-13 The Independent JPEG Group's JPEG ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libqt3-mt3:3.3.7-3 Qt GUI Library (Threaded runtime v ii libsm6 1:1.0.1-3 X11 Session Management library ii libstdc++6 4.1.1-21The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-6 X11 client-side library ii libxcursor1 1.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii zlib1g 1:1.2.3-13 compression library - runtime ktorrent recommends no packages. -- no debconf information Index: libktorrent/torrent/torrent.cpp === --- libktorrent/torrent/torrent.cpp (revisión: 640660) +++ libktorrent/torrent/torrent.cpp (revisión: 640661) @@ -163,9 +163,15 @@ if (!v || v-data().getType() != Value::STRING) throw Error(i18n(Corrupted torrent!)); -path += v-data().toString(encoding); -if (j + 1 ln-getNumChildren()) - path += bt::DirSeparator(); +QString sd = v-data().toString(encoding); +// check for weirdness like .. , +// we don't want to write outside the user specified directories +if (sd != ..) +{ + path += sd; + if (j + 1 ln-getNumChildren()) + path += bt::DirSeparator(); +} } // we do not want empty dirs Index: libktorrent/torrent/chunkcounter.cpp ===
Bug#414832: marked as done (ktorrent: security vulnerabilities fixed in newer upstream)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#414830: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.0.3+dfsg1-2 Severity: grave Tags: security Justification: user security hole Hello Joel, long time no see... I guess some work lies ahead: | Bryan Burns of Juniper networks found 2 security vulnerabilities in | KTorrent. These have now been fixed in the 2.1.2 release. | | This is just 2.1.1 with these 2 fixes. It would be advisable to upgrade. as seen on http://ktorrent.org/forum/viewtopic.php?t=1401. This concerns http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385. Ubuntu Security Notice USN-436-1 has already been issued[0] on this matter. Even though these vulnerabilities don't affect the current stable release, they need to be fixed for the upcoming release Etch. Please extract the relevant patches and apply them to ktorrent as currently present in unstable. Changes for non-release-critical issues are no longer accepted for Etch as per the latest release update[0], so please stick to just these necessary changes. Once a fixed package will have been uploaded we need to ask the release managers to allow propagation to Etch. Cheers, Flo [0] http://www.ubuntu.com/usn/usn-436-1 [1] http://lists.debian.org/debian-devel-announce/2007/03/msg00012.html signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.2 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.2.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.diff.gz ktorrent_2.0.3+dfsg1-2.2.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.dsc ktorrent_2.0.3+dfsg1-2.2_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 16:41:39 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.2 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 313659 340766 348605 349983 349983 357096 378947 384131 392687 395897 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low . * Non-maintainer upload. * Redo the previous patch without kilt, integrating it into the buildsystem directly (yuck !). . ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0db410f001e3614a6ba8fe26a069ab06 656 kde optional ktorrent_2.0.3+dfsg1-2.2.dsc 3c8d1ffcf96174259a5dc2c1bda54f20 5292 kde optional ktorrent_2.0.3+dfsg1-2.2.diff.gz c287020ca811a4810d7189484cb7badc 1583536 kde optional ktorrent_2.0.3+dfsg1-2.2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAqV+vGr7W6HudhwRAvb/AKCCpM1lPPLfqQfYK32FX4WvZwZrowCdGF/e Td1ILEvKieQAFMtaC4In2D8= =cjNx -END PGP SIGNATURE- ---End Message---
Bug#357096: marked as done (FTBFS with G++ 4.1: misc errors)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#357096: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 1.1-2.1 Severity: important Tags: fixed-upstream Your package fails to build with G++ 4.1. I'm filing this bug as important for now, but when 4.1 will be the default compiler in unstable (probably in a few weeks) I'll upgrade this to serious. The good news is that is fixed in ktorrent-1.2rc2 already. Automatic build of ktorrent_1.1-2.1 on bigsur by sbuild/mips 1.94 ... mips-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I. -I.. -I./.. -I/usr/include/kde -I/usr/share/qt3/include -I. -DQT_THREAD_SUPPORT -D_REENTRANT -Wnon-virtual-dtor -Wno-long-long -Wundef -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -O2 -Wformat-security -Wmissing-format-attribute -fno-exceptions -fno-check-new -fno-common -DQT_CLEAN_NAMESPACE -DQT_NO_ASCII_CAST -DQT_NO_STL -DQT_NO_COMPAT -DQT_NO_TRANSLATION -fexceptions -MT bdecoder.lo -MD -MP -MF .deps/bdecoder.Tpo -c bdecoder.cpp -fPIC -DPIC -o .libs/bdecoder.o bdecoder.cpp: In member function 'bt::BDictNode* bt::BDecoder::parseDict()': bdecoder.cpp:72: error: 'Out' was not declared in this scope bdecoder.cpp:77: error: 'Out' was not declared in this scope bdecoder.cpp:95: error: 'Out' was not declared in this scope bdecoder.cpp: In member function 'bt::BListNode* bt::BDecoder::parseList()': bdecoder.cpp:103: error: 'Out' was not declared in this scope bdecoder.cpp:120: error: 'Out' was not declared in this scope bdecoder.cpp: In member function 'bt::BValueNode* bt::BDecoder::parseInt()': bdecoder.cpp:150: error: 'Out' was not declared in this scope bdecoder.cpp:163: error: 'Out' was not declared in this scope bdecoder.cpp: In member function 'bt::BValueNode* bt::BDecoder::parseString()': bdecoder.cpp:213: error: 'Out' was not declared in this scope bdecoder.cpp:215: error: 'Out' was not declared in this scope make[3]: *** [bdecoder.lo] Error 1 make[3]: Leaving directory `/build/tbm/ktorrent-1.1/libtorrent' -- Martin Michlmayr http://www.cyrius.com/ ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.2 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.2.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.diff.gz ktorrent_2.0.3+dfsg1-2.2.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.dsc ktorrent_2.0.3+dfsg1-2.2_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 16:41:39 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.2 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 313659 340766 348605 349983 349983 357096 378947 384131 392687 395897 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low . * Non-maintainer upload. * Redo the previous patch without kilt, integrating it into the buildsystem directly (yuck !). . ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0db410f001e3614a6ba8fe26a069ab06 656 kde optional ktorrent_2.0.3+dfsg1-2.2.dsc 3c8d1ffcf96174259a5dc2c1bda54f20 5292 kde optional ktorrent_2.0.3+dfsg1-2.2.diff.gz c287020ca811a4810d7189484cb7badc 1583536 kde optional
Bug#414832: marked as done (ktorrent: security vulnerabilities fixed in newer upstream)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#414832: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.0.3+dfsg1-2 Severity: grave Tags: security Justification: user security hole Hello Joel, long time no see... I guess some work lies ahead: | Bryan Burns of Juniper networks found 2 security vulnerabilities in | KTorrent. These have now been fixed in the 2.1.2 release. | | This is just 2.1.1 with these 2 fixes. It would be advisable to upgrade. as seen on http://ktorrent.org/forum/viewtopic.php?t=1401. This concerns http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385. Ubuntu Security Notice USN-436-1 has already been issued[0] on this matter. Even though these vulnerabilities don't affect the current stable release, they need to be fixed for the upcoming release Etch. Please extract the relevant patches and apply them to ktorrent as currently present in unstable. Changes for non-release-critical issues are no longer accepted for Etch as per the latest release update[0], so please stick to just these necessary changes. Once a fixed package will have been uploaded we need to ask the release managers to allow propagation to Etch. Cheers, Flo [0] http://www.ubuntu.com/usn/usn-436-1 [1] http://lists.debian.org/debian-devel-announce/2007/03/msg00012.html signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.2 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.2.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.diff.gz ktorrent_2.0.3+dfsg1-2.2.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.dsc ktorrent_2.0.3+dfsg1-2.2_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 16:41:39 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.2 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 313659 340766 348605 349983 349983 357096 378947 384131 392687 395897 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low . * Non-maintainer upload. * Redo the previous patch without kilt, integrating it into the buildsystem directly (yuck !). . ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0db410f001e3614a6ba8fe26a069ab06 656 kde optional ktorrent_2.0.3+dfsg1-2.2.dsc 3c8d1ffcf96174259a5dc2c1bda54f20 5292 kde optional ktorrent_2.0.3+dfsg1-2.2.diff.gz c287020ca811a4810d7189484cb7badc 1583536 kde optional ktorrent_2.0.3+dfsg1-2.2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAqV+vGr7W6HudhwRAvb/AKCCpM1lPPLfqQfYK32FX4WvZwZrowCdGF/e Td1ILEvKieQAFMtaC4In2D8= =cjNx -END PGP SIGNATURE- ---End Message---
Bug#349983: marked as done (ktorrent: [m68k] FTBFS: autotools)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#349983: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 1.1-2 Severity: serious Justification: no longer builds from source Automatic build of ktorrent_1.1-2 on garkin by sbuild/m68k 85 Build started at 20060126-1053 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 4.0.0), autotools-dev, kdelibs4-dev, libpcre3-dev, libx11-dev [...] /usr/bin/make make[1]: Entering directory `/build/buildd/ktorrent-1.1' cd . /bin/sh /build/buildd/ktorrent-1.1/admin/missing --run aclocal-1.6 /build/buildd/ktorrent-1.1/admin/missing: line 46: aclocal-1.6: command not found WARNING: `aclocal-1.6' is missing on your system. You should only need it if you modified `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . \ /bin/sh /build/buildd/ktorrent-1.1/admin/missing --run automake-1.6 --gnu Makefile /build/buildd/ktorrent-1.1/admin/missing: line 46: automake-1.6: command not found WARNING: `automake-1.6' is missing on your system. You should only need it if you modified `Makefile.am', `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . perl admin/am_edit Makefile.in cd . rm -f configure cd . /usr/bin/make -f admin/Makefile.common configure make[2]: Entering directory `/build/buildd/ktorrent-1.1' ./admin/cvs.sh: line 11: autoconf: command not found make[2]: *** [configure] Error 1 The package fails to build on other arches as well, at least on powerpc with the same problem, see: http://buildd.debian.org/build.php?pkg=ktorrent Christian ---End Message--- ---BeginMessage--- Source: ktorrent Source-Version: 2.0.3+dfsg1-2.2 We believe that the bug you reported is fixed in the latest version of ktorrent, which is due to be installed in the Debian FTP archive: ktorrent_2.0.3+dfsg1-2.2.diff.gz to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.diff.gz ktorrent_2.0.3+dfsg1-2.2.dsc to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2.dsc ktorrent_2.0.3+dfsg1-2.2_amd64.deb to pool/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit [EMAIL PROTECTED] (supplier of updated ktorrent package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 16:41:39 +0100 Source: ktorrent Binary: ktorrent Architecture: source amd64 Version: 2.0.3+dfsg1-2.2 Distribution: unstable Urgency: high Maintainer: Joel Johnson [EMAIL PROTECTED] Changed-By: Pierre Habouzit [EMAIL PROTECTED] Description: ktorrent - BitTorrent client for KDE Closes: 313659 340766 348605 349983 349983 357096 378947 384131 392687 395897 414830 414832 Changes: ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low . * Non-maintainer upload. * Redo the previous patch without kilt, integrating it into the buildsystem directly (yuck !). . ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix security issue (Closes: 414832, 414830): + drop patch from #414832 in debian/patches. + use quilt as a patches management system to deal with it. + urgency set to high due to RC bugfix. Files: 0db410f001e3614a6ba8fe26a069ab06 656 kde optional ktorrent_2.0.3+dfsg1-2.2.dsc 3c8d1ffcf96174259a5dc2c1bda54f20 5292 kde optional ktorrent_2.0.3+dfsg1-2.2.diff.gz c287020ca811a4810d7189484cb7badc 1583536 kde optional ktorrent_2.0.3+dfsg1-2.2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAqV+vGr7W6HudhwRAvb/AKCCpM1lPPLfqQfYK32FX4WvZwZrowCdGF/e Td1ILEvKieQAFMtaC4In2D8= =cjNx -END PGP SIGNATURE- ---End Message---
Bug#414830: marked as done (Security issues with ktorrent. Fixed on 2.1.2.)
Your message dated Thu, 22 Mar 2007 16:02:03 + with message-id [EMAIL PROTECTED] and subject line Bug#414832: fixed in ktorrent 2.0.3+dfsg1-2.2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: ktorrent Version: 2.1-1~mdx1 Severity: grave Tags: patch security Justification: user security hole I came across this piece of news: http://www.heise-security.co.uk/news/86661 which explains very briefly about two security issues in ktorrent. These have been solved on ktorrent 2.1.2 as explained on http://ktorrent.org/forum/viewtopic.php?t=1401 I know the frozen version is 2.0.3 which is somewhat far from the fixed version, so I looked into the svn respository(svn://anonsvn.kde.org/home/kde/trunk/extragear/network/ktorrent) and found that commit 640661 fixes the bug. I also attach it as patch, I hope it could apply cleanly to the frozen version. Thanks. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (800, 'unstable'), (500, 'testing'), (100, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20rs Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages ktorrent depends on: ii kdelibs4c2a 4:3.5.6.r1.dfsg.1-2 core libraries and binaries for al ii libacl1 2.2.42-1Access control list shared library ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi ii libattr1 1:2.4.32-1.1Extended attribute shared library ii libaudio21.8-3 The Network Audio System (NAS). (s ii libavahi-client3 0.6.16-3Avahi client library ii libavahi-common3 0.6.16-3Avahi common library ii libc62.3.6.ds1-13GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libgamin0 [libfam0] 0.1.8-1 Client library for the gamin file ii libgcc1 1:4.1.1-21 GCC support library ii libgmp3c22:4.2.1+dfsg-4 Multiprecision arithmetic library ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libidn11 0.6.5-1 GNU libidn library, implementation ii libjpeg626b-13 The Independent JPEG Group's JPEG ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libqt3-mt3:3.3.7-3 Qt GUI Library (Threaded runtime v ii libsm6 1:1.0.1-3 X11 Session Management library ii libstdc++6 4.1.1-21The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-6 X11 client-side library ii libxcursor1 1.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii zlib1g 1:1.2.3-13 compression library - runtime ktorrent recommends no packages. -- no debconf information Index: libktorrent/torrent/torrent.cpp === --- libktorrent/torrent/torrent.cpp (revisión: 640660) +++ libktorrent/torrent/torrent.cpp (revisión: 640661) @@ -163,9 +163,15 @@ if (!v || v-data().getType() != Value::STRING) throw Error(i18n(Corrupted torrent!)); -path += v-data().toString(encoding); -if (j + 1 ln-getNumChildren()) - path += bt::DirSeparator(); +QString sd = v-data().toString(encoding); +// check for weirdness like .. , +// we don't want to write outside the user specified directories +if (sd != ..) +{ + path += sd; + if (j + 1 ln-getNumChildren()) + path += bt::DirSeparator(); +} } // we do not want empty dirs Index: libktorrent/torrent/chunkcounter.cpp ===
Bug#415852: x11-common: List of package files missing
Package: x11-common Version: 1:7.1.0-15 Severity: grave Justification: renders package unusable I couldn't install x11-common due error: (Polish): brak listy plikow pakietu 'x11-common' (English - my translation): the file list of package 'x11-common' missing -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) -- debconf information: x11-common/xwrapper/nice_value: 0 x11-common/xwrapper/allowed_users: Console Users Only x11-common/xwrapper/actual_allowed_users: console x11-common/xwrapper/nice_value/error: x11-common/x11r6_bin_not_empty: x11-common/upgrade_issues: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reopen 390369
Processing commands for [EMAIL PROTECTED]: reopen 390369 Bug#390369: nbsmtp: Doesn't provide working /usr/sbin/sendmail as an MTA should 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug reopened, originator not changed. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#390369: nbsmtp: Doesn't provide working /usr/sbin/sendmail as an MTA should
Hi, I have reopened this bug because, as the original submitter wrote, nbsmtp does not work with reportbug: $ reportbug konqueror [...] Report will be sent to Debian Bug Tracking System [EMAIL PROTECTED] Submit this report on konqueror (e to edit) [Y|n|a|c|e|i|l|m|p|q|?]? Sending message via /usr/sbin/sendmail... /usr/sbin/sendmail: invalid option -- o Usage: /usr/sbin/sendmail -f [EMAIL PROTECTED] -h relayhost [OPTIONS] (use -H for help) Original write failed, wrote bug report to /tmp/reportbug-konqueror-20070322-26169-wVqWeM I dont't know what the -o option is supposed to do, but nbsmtp should support it. -- Laurent Bonnaud. http://www.lis.inpg.fr/pages_perso/bonnaud/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#390369: nbsmtp: Doesn't provide working /usr/sbin/sendmail as an MTA should
On Thu, 2007-03-22 at 17:24 +0100, Laurent Bonnaud wrote: I have reopened this bug because, as the original submitter wrote, nbsmtp does not work with reportbug: Furthermore since I installed nbsmtp I did not receive any e-mail from cron, which is a big problem. -- Laurent Bonnaud. http://www.lis.inpg.fr/pages_perso/bonnaud/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415852: x11-common: List of package files missing
tags 415852 moreinfo unreproducible thanks On Thu, Mar 22, 2007 at 17:12:39 +0100, Wojciech Zareba wrote: I couldn't install x11-common due error: (Polish): brak listy plikow pakietu 'x11-common' (English - my translation): the file list of package 'x11-common' missing Hi, Please provide more information about what you were doing, which version (if any) of x11-common was already installed, how you're trying to install the package, and the complete output of LC_ALL=C apt-get install x11-common. Thanks, Julien signature.asc Description: Digital signature
Processed: Re: Bug#415852: x11-common: List of package files missing
Processing commands for [EMAIL PROTECTED]: tags 415852 moreinfo unreproducible Bug#415852: x11-common: List of package files missing There were no tags set. Tags added: moreinfo, unreproducible thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 415745 is serious
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.1 severity 415745 serious Bug#415745: chown: `zabbix': invalid user Severity set to `serious' from `normal' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reopening 415745
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.1 reopen 415745 Bug#415745: chown: `zabbix': invalid user 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug reopened, originator not changed. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415745: marked as done (chown: `zabbix': invalid user)
Your message dated Thu, 22 Mar 2007 17:17:05 + with message-id [EMAIL PROTECTED] and subject line Bug#415745: fixed in zabbix 1:1.1.4-10 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: zabbix-server-pgsql Version: 1:1.1.4-9 Severity: normal Setting up zabbix-server-pgsql (1.1.4-9) ... dbconfig-common: writing config to /etc/dbconfig-common/zabbix-server-pgsql.conf Creating config file /etc/dbconfig-common/zabbix-server-pgsql.conf with new version Creating config file /etc/zabbix/zabbix_server.conf with new version chown: `zabbix': invalid user ^ creating postgres user zabbix: success. verifying creation of user: success. creating database zabbix: success. verifying database zabbix exists: success. populating database via sql... done. dbconfig-common: flushing administrative password Starting Zabbix server: zabbix_server Note the error message I suspect this is because in the postinst, dbc_go is before the addgroup and adduser in the configure section below. ⋮ dbc_go zabbix-server-pgsql $@ # here if [ $1 = configure ]; then if ! getent group zabbix /dev/null 21 ; then addgroup --system --quiet zabbix # --- but created here fi if ! getent passwd zabbix /dev/null 21 ; then adduser --quiet \ # --- and here --system --disabled-login --ingroup zabbix \ --home /var/run/zabbix-server/ --no-create-home \ zabbix fi chown zabbix:zabbix /var/log/zabbix-server -R chown zabbix:zabbix /var/run/zabbix-server -R fi ⋮ -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages zabbix-server-pgsql depends on: ii adduser 3.102Add and remove users and groups ii dbconfig-common 1.8.29+etch1 common framework for packaging dat ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii fping 2.4b2-to-ipv6-14 sends ICMP ECHO_REQUEST packets to ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libldap22.1.30-13.3 OpenLDAP libraries ii libpq4 8.1.8-1 PostgreSQL C client library ii libsnmp95.2.3-7 NET SNMP (Simple Network Managemen ii logrotate 3.7.1-3 Log rotation utility Versions of packages zabbix-server-pgsql recommends: ii postgresql-8.18.1.8-1object-relational SQL database, ve ii snmpd 5.2.3-7NET SNMP (Simple Network Managemen -- debconf information: zabbix-server-pgsql/remote/port: zabbix-server-pgsql/pgsql/admin-user: postgres zabbix-server-pgsql/db/app-user: zabbix zabbix-server-pgsql/pgsql/authmethod-admin: ident zabbix-server-pgsql/pgsql/method: unix socket zabbix-server-pgsql/remove-error: abort zabbix-server-pgsql/upgrade-error: abort zabbix-server-pgsql/internal/skip-preseed: false * zabbix-server-pgsql/pgsql/authmethod-user: password zabbix-server-pgsql/dbconfig-upgrade: true zabbix-server-pgsql/dbconfig-reinstall: false zabbix-server-pgsql/pgsql/changeconf: false zabbix-server-pgsql/passwords-do-not-match: zabbix-server-pgsql/pgsql/no-empty-passwords: zabbix-server-pgsql/install-error: abort zabbix-server-pgsql/internal/reconfiguring: false zabbix-server-pgsql/pgsql/manualconf: zabbix-server-pgsql/database-type: pgsql * zabbix-server-pgsql/dbconfig-install: true zabbix-server-pgsql/purge: false zabbix-server-pgsql/dbconfig-remove: zabbix-server-pgsql/db/dbname: zabbix zabbix-server-pgsql/remote/host: zabbix-server-pgsql/upgrade-backup: true zabbix-server-pgsql/remote/newhost: ---End Message--- ---BeginMessage--- Source: zabbix Source-Version: 1:1.1.4-10 We believe that the bug you reported is fixed in the latest version of zabbix, which is due to be installed in the Debian FTP archive: zabbix-agent_1.1.4-10_amd64.deb to pool/main/z/zabbix/zabbix-agent_1.1.4-10_amd64.deb zabbix-frontend-php_1.1.4-10_all.deb to pool/main/z/zabbix/zabbix-frontend-php_1.1.4-10_all.deb zabbix-server-mysql_1.1.4-10_amd64.deb to pool/main/z/zabbix/zabbix-server-mysql_1.1.4-10_amd64.deb zabbix-server-pgsql_1.1.4-10_amd64.deb to
Bug#415860: openoffice.org: Writer does not close its files properly
Package: openoffice.org Version: 2.0.4.dfsg.2-6 Severity: grave Justification: causes non-serious data loss Scenario 1: 1. Open/create a document 2. Save as Word 3. Close the document 4. Try to copy the document from a Mac (through Samba) 5. The Mac copies some part of the file, then errors out with Resource deadlock avoided, resulting in an incomplete copy If instead of this we try to open the file from a GUI application, the GUI application may crash Scenario 2: 1-2. Same as scenario 1 3. Quit OpenOffice completely 4. Same as scenario 1 No problem occurs in scenario 2 This shows that, somehow, closing the document is not enough to release all the file locks on the document, and some parts of the file are still locked. Trying to copy on such semi-closed files results in a copy that is corrupted. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.28-ow1 Locale: LANG=zh_TW.Big5, LC_CTYPE=zh_TW.Big5 (charmap=BIG5) Versions of packages openoffice.org depends on: ii openoffice.org-base 2.0.4.dfsg.2-6 OpenOffice.org office suite - data ii openoffice.org-calc 2.0.4.dfsg.2-6 OpenOffice.org office suite - spre ii openoffice.org-core 2.0.4.dfsg.2-6 OpenOffice.org office suite archit ii openoffice.org-draw 2.0.4.dfsg.2-6 OpenOffice.org office suite - draw ii openoffice.org-impress2.0.4.dfsg.2-6 OpenOffice.org office suite - pres ii openoffice.org-java-commo 2.0.4.dfsg.2-6 OpenOffice.org office suite Java s ii openoffice.org-math 2.0.4.dfsg.2-6 OpenOffice.org office suite - equa ii openoffice.org-writer 2.0.4.dfsg.2-6 OpenOffice.org office suite - word openoffice.org recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability
Package: konqueror Version: 4:3.5.6.dfsg.1-2 Severity: grave Tags: security Justification: user security hole Hi, here is the problem: http://www.kde.org/info/security/advisory-20070206-1.txt The problem is also probably present in the KDE versions in sid and etch. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (100, 'unstable'), (99, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20-1-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) -- Laurent Bonnaud. http://www.lis.inpg.fr/pages_perso/bonnaud/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415864: aic7xxx: aic7892(B): BUG: soft lockup detected on CPU#0
Package: linux-image-2.6.18-4-amd64 Version: 2.6.18.dfsg.1-11 Severity: critical Justification: breaks the whole system + netinstall iso lo, well, ive several live cd systems 2.6.19.5i386 that oops and hang boot in aic7xxx init, only one booting here is knoppix 5.2, the latest unofficial debian stable 2.6.8-12-amd64-generic, which says ACPI: PCI interrupt :00:06.0[A] - GSI 17 (level, low) - IRQ 17 aic7xxx: PCI0:6:0 MEM region 0x0 unavailable. Cannot memory map device. but works ok, a debian etch 2.6.18-4-amd64 which says: SCSI subsystem initialized GSI 16 sharing vector 0xA9 and IRQ 16 ACPI: PCI Interrupt :00:06.0[A] - GSI 17 (level, low) - IRQ 169 BUG: soft lockup detected on CPU#0! Call Trace: IRQ [802a3fec] softlockup_tick+0xdb/0xed [802881df] update_process_times+0x42/0x68 [8026cbd8] smp_local_timer_interrupt+0x23/0x47 [8026d2cc] smp_apic_timer_interrupt+0x41/0x47 [8025904a] apic_timer_interrupt+0x66/0x6c EOI [8038a412] pci_conf1_write+0x0/0xc9 [88053718] :aic7xxx:ahc_pci_test_register_access+0xc2/0x391 [880536a5] :aic7xxx:ahc_pci_test_register_access+0x4f/0x391 [88059416] :aic7xxx:ahc_pci_map_registers+0x1bb/0x239 [880523d2] :aic7xxx:ahc_pci_config+0x4c/0x12d0 [80389fb7] pcibios_set_master+0x1e/0x84 [88059186] :aic7xxx:ahc_linux_pci_dev_probe+0x13e/0x213 [80317eea] pci_device_probe+0xdf/0x147 [8036b9db] driver_probe_device+0x52/0xa8 [8036ba96] __driver_attach+0x0/0x9a [8036bae6] __driver_attach+0x50/0x9a [8036ba96] __driver_attach+0x0/0x9a [8036b458] bus_for_each_dev+0x43/0x6e [8036b09a] bus_add_driver+0x7e/0x130 [803180c4] __pci_register_driver+0x57/0x7d [8805903e] :aic7xxx:ahc_linux_pci_init+0x17/0x21 [8806e325] :aic7xxx:ahc_linux_init+0x325/0x336 [8027d27d] default_wake_function+0x0/0xe [8025e2e5] __down_read+0x12/0x9a [80294fa1] __link_module+0x0/0x25 [802200e5] __up_read+0x13/0x8a [80297695] sys_init_module+0x16cc/0x1882 [802584d6] system_call+0x7e/0x83 BUG: soft lockup detected on CPU#0! a kernel.org 2.6.20 with K8 config set but built in a 32Bit debian sid environment, but works ok, and finally the latest kernel.org 2.6.20.3 AMD K8 built on debian amd64 etch userland that hangs boot on aic7xxx init without magic sysreq keys functionality: Loading iSCSI transport class v2.0-724. ACPI: PCI Interrupt :00:06.0[A] - GSI 17 (level, low) - IRQ 17 ... Kernel alive - Kernel direct mapping tables up to 1 @ 8000-d000 according to the stack above this should be a pci adaptor mem resources prob. tweaking boot parameters did not fix. now trying latest scsi git and be on ##kernel at freenode if Q. update: no fix so far in kernel.org scsi-rc-fixes.git, just on building a scsi dev git kernel with change from K8-x86_64 generic Kconfig and full debug, examining driver code and will report if i find the cause. y tom SysRq : Resetting Linux version 2.6.20.3amd64 ([EMAIL PROTECTED]) (gcc version 4.1.2 20061115 (prerelease7 Command line: root=/dev/sda1 ro single console=ttyS0,115200n8 aic7xxx=debug=255 BIOS-provided physical RAM map: BIOS-e820: - 0009fc00 (usable) BIOS-e820: 0009fc00 - 000a (reserved) BIOS-e820: 000e4000 - 0010 (reserved) BIOS-e820: 0010 - 1ffd (usable) BIOS-e820: 1ffd - 1ffde000 (ACPI data) BIOS-e820: 1ffde000 - 2000 (ACPI NVS) BIOS-e820: fec0 - fec01000 (reserved) BIOS-e820: ff78 - 0001 (reserved) end_pfn_map = 1048576 DMI 2.3 present. Zone PFN ranges: DMA 0 - 4096 DMA324096 - 1048576 Normal1048576 - 1048576 early_node_map[2] active PFN ranges 0:0 - 159 0: 256 - 131024 ACPI: PM-Timer IO Port: 0x808 ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled) Processor #0 (Bootup-CPU) ACPI: LAPIC (acpi_id[0x02] lapic_id[0x81] disabled) ACPI: IOAPIC (id[0x01] address[0xfec0] gsi_base[0]) IOAPIC[0]: apic_id 1, address 0xfec0, GSI 0-23 ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level) Setting APIC routing to flat Using ACPI (MADT) for SMP configuration information Nosave address range: 0009f000 - 000a Nosave address range: 000a - 000e4000 Nosave address range: 000e4000 - 0010 Allocating PCI resources starting at 3000 (gap: 2000:dec0) Built 1 zonelists. Total pages: 127672 Kernel command line: root=/dev/sda1 ro single console=ttyS0,115200n8 aic7xxx=de5 Initializing CPU#0 PID hash table entries: 2048 (order: 11, 16384 bytes) time.c: Using 3.579545 MHz WALL PM GTOD PIT/TSC timer. time.c: Detected 2000.164 MHz processor. Console: colour VGA+ 80x25 Dentry cache hash table
Bug#415865: asterisk_1:1.4.2~dfsg-1(experimental/ia64/alkman): FTBFS: Missing dep on autoconf
Package: asterisk Version: 1:1.4.2~dfsg-1 Severity: serious Tags: experimental Heya, | Automatic build of asterisk_1:1.4.2~dfsg-1 on alkman by sbuild/ia64 98-farm | Build started at 20070320-2350 | ** [...] | Checking correctness of source dependencies... | Toolchain package versions: libc6.1-dev_2.3.6.ds1-13 linux-kernel-headers_2.6.18-7 gcc-4.1_4.1.1-21 g++-4.1_4.1.1-21 binutils_2.17-3 libstdc++6-4.1-dev_4.1.1-21 libstdc++6_4.1.1-21 | -- [...] | if [ ! -r configure.debian_sav ]; then cp -a configure configure.debian_sav; fi | ./bootstrap.sh # also runs autoonf. TODO: currently not needed. | ./bootstrap.sh: line 4: autoconf: command not found | Please install autoconf and run bootstrap.sh again! | make: *** [config.status] Error 1 A complete build log can be found at http://experimental.debian.net/build.php?arch=ia64pkg=asteriskver=1:1.4.2~dfsg-1 Build-depending on autoconf seems like a good idea if you are trying to use it. Marc -- Fachbegriffe der Informatik - Einfach erklärt 214: NOC Ein Raum, in dem Leute auf Monitore starren und auf Rotes Piepen warten. (Gesehen von Marc Haber auf #dana.de) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415867: coq_8.1+dfsg-1(experimental/ia64/alkman): FTBFS: Expects files that get lost while building
Package: coq Version: 8.1+dfsg-1 Severity: serious Tags: experimental | Automatic build of coq_8.1+dfsg-1 on alkman by sbuild/ia64 98-farm | Build started at 20070316-1946 | ** [...] | OCAMLOPT -a -o lib/lib.cmxa [...] | cp lib/lib.cma kernel/kernel.cma library/library.cma pretyping/pretyping.cma interp/interp.cma proofs/proofs.cma parsing/parsing.cma tactics/tactics.cma toplevel/toplevel.cma parsing/highparsing.cma tactics/hightactics.cma contrib/contrib.cma lib/lib.cmxa kernel/kernel.cmxa library/library.cmxa pretyping/pretyping.cmxa interp/interp.cmxa proofs/proofs.cmxa parsing/parsing.cmxa tactics/tactics.cmxa toplevel/toplevel.cmxa parsing/highparsing.cmxa tactics/hightactics.cmxa contrib/contrib.cmxa /build/buildd/coq-8.1+dfsg/debian/tmp/usr/lib/coq | cp: cannot stat `lib/lib.cmxa': No such file or directory | cp: cannot stat `kernel/kernel.cmxa': No such file or directory | cp: cannot stat `library/library.cmxa': No such file or directory | cp: cannot stat `pretyping/pretyping.cmxa': No such file or directory | cp: cannot stat `interp/interp.cmxa': No such file or directory | cp: cannot stat `proofs/proofs.cmxa': No such file or directory | cp: cannot stat `parsing/parsing.cmxa': No such file or directory | cp: cannot stat `tactics/tactics.cmxa': No such file or directory | cp: cannot stat `toplevel/toplevel.cmxa': No such file or directory | cp: cannot stat `parsing/highparsing.cmxa': No such file or directory | cp: cannot stat `tactics/hightactics.cmxa': No such file or directory | cp: cannot stat `contrib/contrib.cmxa': No such file or directory | make[1]: *** [install-library] Error 1 | make[1]: Leaving directory `/build/buildd/coq-8.1+dfsg' | make: *** [install] Error 2 | ** | Build finished at 20070316-2201 | FAILED [dpkg-buildpackage died] | Build needed 02:12:00, 146980k disk space A complete build log can be found at http://experimental.debian.net/build.php?arch=ia64pkg=coqver=8.1+dfsg-1 Somehow these files get lost during the build, or ocamlopt outputs them to the wrong place. Marc -- BOFH #357: I'd love to help you -- it's just that the Boss won't let me near the computer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 415864 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.26 severity 415864 normal Bug#415864: aic7xxx: aic7892(B): BUG: soft lockup detected on CPU#0 Severity set to `normal' from `critical' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415868: gdal_1.4.0-1(experimental/amd64/xenophanes): FTBFS: jasper/jas_tmr.h: No such file or directory
Package: gdal Version: 1.4.0-1 Severity: serious Tags: experimental | Automatic build of gdal_1.4.0-1 on xenophanes by sbuild/amd64 98-farm | Build started at 20070312-0010 | ** [...] | Get:13 http://sinclair.farm.ftbfs.de experimental/main libjasper1 1.900.1-1 [148kB] | Get:14 http://sinclair.farm.ftbfs.de experimental/main libjasper-dev 1.900.1-1 [557kB] [...] | make[3]: Entering directory `/build/buildd/gdal-1.4.0/frmts/jpeg2000' | /bin/sh /build/buildd/gdal-1.4.0/libtool --mode=compile g++ -Wall -O2 -g -O2 -I/build/buildd/gdal-1.4.0/port -I/build/buildd/gdal-1.4.0/gcore -I/build/buildd/gdal-1.4.0/alg -I/build/buildd/gdal-1.4.0/ogr -I/build/buildd/gdal-1.4.0/ogr/ogrsf_frmts -I../libjasper/include -DOGR_ENABLED -I/build/buildd/gdal-1.4.0/port -c -o ../o/jpeg2000dataset.o jpeg2000dataset.cpp | g++ -Wall -O2 -g -O2 -I/build/buildd/gdal-1.4.0/port -I/build/buildd/gdal-1.4.0/gcore -I/build/buildd/gdal-1.4.0/alg -I/build/buildd/gdal-1.4.0/ogr -I/build/buildd/gdal-1.4.0/ogr/ogrsf_frmts -I../libjasper/include -DOGR_ENABLED -I/build/buildd/gdal-1.4.0/port -c jpeg2000dataset.cpp -fPIC -DPIC -o ../o/.libs/jpeg2000dataset.o | In file included from jpeg2000dataset.cpp:100: | /usr/include/jasper/jasper.h:82:28: error: jasper/jas_tmr.h: No such file or directory | make[3]: *** [../o/jpeg2000dataset.o] Error 1 A complete build log can be found at http://experimental.debian.net/build.php?arch=amd64pkg=gdalver=1.4.0-1 Could this be a problem with the new jasper version? Marc -- Fachbegriffe der Informatik - Einfach erklärt 227: Benutzerdokumentation Alte Kodelistings sauber geheftet. (Manfred Worm Schäfer) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415860: openoffice.org: Writer does not close its files properly
tag 415860 + moreinfo thanks [ please wrap your lines sensefully ] Ambrose Li wrote: Package: openoffice.org Version: 2.0.4.dfsg.2-6 Severity: grave Justification: causes non-serious data loss hmmm Don't think so, see below Scenario 1: 1. Open/create a document 2. Save as Word 3. Close the document 4. Try to copy the document from a Mac (through Samba) 5. The Mac copies some part of the file, then errors out with Resource deadlock avoided, resulting in an incomplete copy If instead of this we try to open the file from a GUI application, the GUI application may crash [...] This shows that, somehow, closing the document is not enough to release all the file locks on the document, and some parts of the file are still locked. Trying to copy on such semi-closed files results in a copy that is corrupted. This alone is (imho) no (non-)serious data loss because you a) still have the copy on the Mac and b) it can easily be worked around (by closing OOo). Of course, if you remove the old copy You didn't say move, though, but copy. And mv (at least on Linux) only removes the original file when the mv is successful (afaik). And how did you use the file anyway? Using OOo on the Mac and just copy it over? Or using OOo on your normal system (saving to that samba share on the Mac) and then trying to copy it from there while OOo still being open? I'll ask upstream... Regards, Rene -- .''`. Ren? Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' [EMAIL PROTECTED] | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73 signature.asc Description: Digital signature
Bug#415874: matplotlib_0.90.0-1(experimental/amd64/xenophanes): FTBFS: gtk/gtk.h: No such file or directory
Package: matplotlib Version: 0.90.0-1 Severity: serious Tags: experimental | Automatic build of matplotlib_0.90.0-1 on xenophanes by sbuild/amd64 98-farm | Build started at 20070322-1753 | ** [...] | building 'matplotlib.backends._na_backend_gdk' extension | gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/local/include -I/usr/include -I. -I/usr/local/include -I/usr/include -I. -I/usr/include/pygtk-2.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/python2.4 -c src/_na_backend_gdk.c -o build/temp.linux-x86_64-2.4/src/_na_backend_gdk.o -DNUMARRAY=1 | In file included from src/_na_backend_gdk.c:17: | /usr/include/pygtk-2.0/pygtk/pygtk.h:8:21: error: gtk/gtk.h: No such file or directory A complete build log can be found at http://experimental.debian.net/build.php?arch=amd64pkg=matplotlibver=0.90.0-1 It looks like a -I/usr/include/gtk-2.0/ would help here. Marc -- Fachbegriffe der Informatik - Einfach erklärt 199: Customer Relationship Management-Software Serienbrieffunktion (Matthias Leisi) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415876: ruby-yarv_0.4.1-1(experimental/ia64/alkman): FTBFS: 'ucontext_t' undeclared (first use in this function)
Package: ruby-yarv Version: 0.4.1-1 Severity: serious Tags: experimental | Automatic build of ruby-yarv_0.4.1-1 on alkman by sbuild/ia64 98-farm | Build started at 20070322-1802 | ** [...] | cc -g -Wall -O2 -DRUBY_EXPORT -I. -I. -c gc.c | gc.c: In function 'rb_source_filename': | gc.c:567: warning: dereferencing type-punned pointer will break strict-aliasing rules | gc.c: In function 'gc_mark_children': | gc.c:985: warning: suggest parentheses around + or - inside shift | gc.c:985: warning: suggest parentheses around + or - inside shift | gc.c: In function 'obj_free': | gc.c:1239: warning: suggest parentheses around comparison in operand of | gc.c:1247: warning: format '%p' expects type 'void *', but argument 3 has type 'VALUE' | gc.c: In function 'garbage_collect': | gc.c:1337: error: 'ucontext_t' undeclared (first use in this function) A complete build log can be found at http://experimental.debian.net/build.php?arch=ia64pkg=ruby-yarvver=0.4.1-1 This looks like a missing #include of ucontext.h (for which you check in configure...) Marc -- Fachbegriffe der Informatik - Einfach erklärt 192: Strong international Encryption Triple-ROT13 (Carsten Lechte) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316389: [Pkg-db-devel] Bug#316389: Please apply this patch
--On Thursday, March 22, 2007 10:15 AM -0400 Clint Adams [EMAIL PROTECTED] wrote: The bug listed here incorrectly links to my site. It should have linked to the official BDB site, as this bug is from the BDB folks themselves. http://www.oracle.com/technology/products/berkeley-db/db/update/4.2.52/ patch.4.2.52.html In particular, this is patch #5. It is *required* for the later OpenLDAP 2.2 and all of OpenLDAP 2.3 to work right. The severity here needs to raised to grave, as the OpenLDAP distributed with etch cannot function correctly without this patch. Just to clarify here for all fascinated readers: This bug is, or was originally, about the patch at http://www.openldap.org/devel/cvsweb.cgi/~checkout~/build/Attic/BerkeleyD B42.patch?rev=1.5.4.1hideattic=1sortbydate=0 According to OpenLDAP CVS commit logs and this Faq-O-Matic entry, http://www.openldap.org/faq/data/cache/44.html this unofficial BDB patch is obsoleted by OpenLDAP 2.3. The vendor patch to which Quanah refers was the subject of a brief mailing list thread beginning here http://lists.alioth.debian.org/pipermail/pkg-db-devel/2007-February/00115 7.html and continuing here http://lists.alioth.debian.org/pipermail/pkg-db-devel/2007-March/001161.h tml but no bug report was generated as a result of that thread as far as I am aware. In the interest of making me less confused, I am presently going to make a new bug that is explicitly about vendor patch #5. Thanks! --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415877: evolution-data-server_1.8.2-1(experimental/ia64/alkman): FTBFS: gtk-doc: Running scanner libebook-scan - Scan failed
Package: evolution-data-server Version: 1.8.2-1 Severity: serious Tags: experimental | Automatic build of evolution-data-server_1.8.2-1 on alkman by sbuild/ia64 98-farm | Build started at 20070322-1804 | ** [...] | gtk-doc: Linking scanner | cc -g -Wall -O2 -fPIC -Wall -Wmissing-prototypes -Wno-sign-compare -o .libs/libebook-scan .libs/libebook-scan.o -pthread ../../../../addressbook/libebook/.libs/libebook-1.2.so -L/usr/lib /build/buildd/evolution-data-server-1.8.2/camel/.libs/libcamel-1.2.so -lkrb5 -lk5crypto -lcom_err -lgssapi_krb5 -lssl3 -lsmime3 -lnss3 -lsoftokn3 /build/buildd/evolution-data-server-1.8.2/libedataserver/.libs/libedataserver-1.2.so -lplc4 -lplds4 -lnspr4 -ldb /usr/lib/libgnome-2.so /usr/lib/libpopt.so /usr/lib/libgnomevfs-2.so -lm /usr/lib/libxml2.so /usr/lib/libgnutls.so /usr/lib/libtasn1.so -lz /usr/lib/libgcrypt.so -lnsl /usr/lib/libgpg-error.so /usr/lib/libavahi-glib.so /usr/lib/libavahi-common.so /usr/lib/libavahi-client.so -lresolv -lutil /usr/lib/libbonobo-2.so /usr/lib/libgconf-2.so /usr/lib/libbonobo-activation.so /usr/lib/libORBitCosNaming-2.so /usr/lib/libORBit-2.so /usr/lib/libgmodule-2.0.so -ldl /usr/lib/libgthread-2.0.so -lpthread /usr/lib/libgobject-2.0.so /usr/lib/libglib-2.0.so -lrt | creating libebook-scan | gtk-doc: Running scanner libebook-scan | Scan failed: | make[6]: *** [scan-build.stamp] Error 255 A complete build log can be found at http://experimental.debian.net/build.php?arch=ia64pkg=evolution-data-serverver=1.8.2-1 I have no idea what the problem could be here... Marc -- BOFH #72: Satan did it -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 415776
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.9.27 tags 415776 + pending Bug#415776: libtext-vfile-asdata-perl: Must depend on libclass-accessor-chained-perl There were no tags set. Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415878: Xserver crashes since update from 1:7.1.0-12 to 1:7.1.0-15 with the nvidia driver
Package: xserver-xorg Version: 1:7.1.0-15 Severity: critical Hello, since I upgraded xserver-xorg from 1:7.1.0-12 to 1:7.1.0-15 the X-server crashes on startup (from Xorg.0.log): [...] (II) Initializing extension GLX Backtrace: 0: /usr/bin/X(xf86SigHandler+0x6d) [0x4802ed] 1: /lib/libc.so.6 [0x39e1e2f110] 2: /lib/libc.so.6(__ctype_tolower_loc+0x25) [0x39e1e292c5] 3: /usr/bin/X(xf86nameCompare+0xfe) [0x4a4cde] 4: /usr/bin/X(InitInput+0x103) [0x45ea23] 5: /usr/bin/X(main+0x337) [0x430e57] 6: /lib/libc.so.6(__libc_start_main+0xda) [0x39e1e1c4ca] 7: /usr/bin/X(FontFileCompleteXLFD+0x9a) [0x43026a] Fatal server error: Caught signal 11. Server aborting I reinstalled the hole nvidia.* packages, but the the problem still exist under debian/unstable AMD64. Also I tried the nvidia packages from experimental with the same result. Building the nvidia-package against other (self compiled) kernel makes no different. Attached you will find the complete Xorg.0.log output and the xorg.conf file. The normal nv driver works fine. Bye Daniel -- = (gnu)PGP signierter Key vom heise c't Magazin verfügbar. http://www.heise.de/security/dienste/pgp/ = # nvidia-xconfig: X configuration file generated by nvidia-xconfig # nvidia-xconfig: version 1.0 ([EMAIL PROTECTED]) Sun Mar 19 06:25:19 UTC 2006 # /etc/X11/xorg.conf (xorg X Window System server configuration file) # # This file was generated by dexconf, the Debian X Configuration tool, using # values from the debconf database. # # Edit this file with caution, and see the /etc/X11/xorg.conf manual page. # (Type man /etc/X11/xorg.conf at the shell prompt.) # # This file is automatically updated on xserver-xorg package upgrades *only* # if it has not been modified since the last upgrade of the xserver-xorg # package. # # If you have edited this file but would like it to be automatically updated # again, run the following command: # sudo dpkg-reconfigure -phigh xserver-xorg Section ServerLayout Identifier Default Layout Screen Default Screen 0 0 InputDeviceGeneric Keyboard InputDeviceConfigured Mouse EndSection Section Files # path to defoma fonts FontPathunix/:7100 # FontPath/usr/share/fonts/X11/misc # FontPath/usr/X11R6/lib/X11/fonts/misc # FontPath/usr/share/fonts/X11/cyrillic # FontPath/usr/X11R6/lib/X11/fonts/cyrillic # FontPath/usr/share/fonts/X11/100dpi/:unscaled # FontPath/usr/X11R6/lib/X11/fonts/100dpi/:unscaled # FontPath/usr/share/fonts/X11/75dpi/:unscaled # FontPath/usr/X11R6/lib/X11/fonts/75dpi/:unscaled # FontPath/usr/share/fonts/X11/Type1 # FontPath/usr/X11R6/lib/X11/fonts/Type1 # FontPath/usr/share/fonts/X11/100dpi # FontPath/usr/X11R6/lib/X11/fonts/100dpi # FontPath/usr/share/fonts/X11/75dpi # FontPath/usr/X11R6/lib/X11/fonts/75dpi # FontPath/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType EndSection Section Module Load bitmap #Load ddc Load dbe Load extmod Load freetype Load glx Load int10 Load type1 Load vbe # beryltest! #Load i2c #Load dbe #Load dri EndSection Section InputDevice Identifier Generic Keyboard Driver kbd Option CoreKeyboard Option XkbRules xorg Option XkbModel pc105 Option XkbLayout de #Option XkbVariant nodeadkeys EndSection Section InputDevice Identifier Configured Mouse Driver mouse Option CorePointer Option Device /dev/input/mice Option Protocol ExplorerPS/2 EndSection Section Monitor Identifier Iiyama HorizSync 27.0 - 96.0 VertRefresh 50.0 - 160.0 Modeline [EMAIL PROTECTED] 156.43 1280 1312 1904 1936 1024 1043 1056 1076 Option DPMS EndSection Section Device Identifier NVIDIA Corporation NV40 [GeForce 6200?] Driver nvidia #Driver nv Option UseEdidFreqs false #OptionUseEdidDpi FALSE #Option NvAGP 3 #Option UseDisplayDevice CRT-1 #Option CursorShadow true #OptionAllowGLXWithComposite true #OptionAccelMethod EXA #OptionTwinView #Option HorizSync DFP-0: 30-65; CRT-0: 27-96 #Option VertRefresh DFP-0: 50-75; CRT-0: 50-160 #Option TwinViewOrientation Clone #Option MetaModes DFP-0: 1024x768; CRT-0: 1024x768 #beryl #Option AddARGBGLXVisuals On EndSection Section Screen Identifier Default Screen Device NVIDIA Corporation NV40 [GeForce 6200?] MonitorIiyama
Bug#403116: libinstrudeo: FTBFS: usr/bin/ld: /usr/lib/libftgl.a(FTFont.o): relocation R_X86_64_32S against `vtable for FTFont' can not be used when making a
found 403116 0.1.4-3 thanks Hi, It seems this is back in 0.1.4-3. 0.1.4-2+b1 build earlier this month didn't have the problem and still showed this during configure: checking for main in -lftgl_pic... yes And it also linked to it. Now it's showing: checking for main in -lftgl... yes And also linking to it. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: libinstrudeo: FTBFS: usr/bin/ld: /usr/lib/libftgl.a(FTFont.o): relocation R_X86_64_32S against `vtable for FTFont' can not be used when making a
Processing commands for [EMAIL PROTECTED]: found 403116 0.1.4-3 Bug#403116: libinstrudeo: FTBFS: usr/bin/ld: /usr/lib/libftgl.a(FTFont.o): relocation R_X86_64_32S against `vtable for FTFont' can not be used when making a Bug marked as found in version 0.1.4-3. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415879: libinstrudeo_0.1.4-3(hppa/unstable): FTBFS: non-PIC in shared lib
Package: libinstrudeo Version: 0.1.4-3 Severity: serious There was an error while trying to autobuild your package: Automatic build of libinstrudeo_0.1.4-3 on bld-3 by sbuild/hppa 98 Build started at 20070322-0321 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 5), autotools-dev, zlib1g-dev, libgsm1-dev, libdts-dev, ftgl-dev, libvorbis-dev, libtheora-dev, libavformat-dev, libssl-dev, libglut3-dev, libcurl3-dev, libglibmm-2.4-dev, libxml++2.6-dev, libavcodec-dev, dpatch [...] hppa-linux-gnu-g++ -shared -nostdlib /usr/lib/gcc/hppa-linux-gnu/4.1.2/../../../crti.o /usr/lib/gcc/hppa-linux-gnu/4.1.2/crtbeginS.o .libs/isdcommentbox.o .libs/isddatafile.o .libs/isdexporter.o .libs/isdffmpegexporter.o .libs/isdglobjfile.o .libs/isdglwidget.o .libs/isdimporter.o .libs/isdlogger.o .libs/isdobject.o .libs/isdrecording.o .libs/isdrecordingmetainfo.o .libs/isdrectangle.o .libs/isdroundedbox.o .libs/isdseekbackcalculator.o .libs/isdtextballoon2D.o .libs/isdtextballoon.o .libs/isdutils.o .libs/isdvideocanvas.o .libs/isdvideoproperties.o .libs/isdvnclogimporter.o .libs/isdwscategory.o .libs/isdwscommunicator.o .libs/isdwsftptransmitter.o .libs/isdwsplatform.o .libs/isdxmlfile.o .libs/glm.o .libs/isdcaptoverlay.o -Wl,--whole-archive ../../src/libinstrudeo/webservice/.libs/libisdws.a -Wl,--no-whole-archive -L/usr/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err -lresolv /usr/lib/libidn.so -ldl -lcrypto /usr/lib/libogg.so /usr/lib/libfreetype.so /usr/lib/libxml++-2.6.so /usr/lib/libxml2.so /usr/lib/libglibmm-2.4.so /usr/lib/libgobject-2.0.so /usr/lib/libsigc-2.0.so /usr/lib/libglib-2.0.so /usr/lib/libcurl.so -lGL -lglut -lssl -lavutil -lavformat -lavcodec /usr/lib/libtheora.so /usr/lib/libvorbisenc.so /usr/lib/libvorbis.so -lftgl -ldts -lgsm -ldc1394_control -lz -L/usr/lib/gcc/hppa-linux-gnu/4.1.2 -L/usr/lib/gcc/hppa-linux-gnu/4.1.2/../../.. -lstdc++ -lm -lgcc -lc -lgcc_s /usr/lib/gcc/hppa-linux-gnu/4.1.2/crtendS.o /usr/lib/gcc/hppa-linux-gnu/4.1.2/../../../crtn.o -Wl,-z -Wl,defs -Wl,-soname -Wl,libinstrudeo.so.0 -o .libs/libinstrudeo.so.0.0.0 /usr/bin/ld: /usr/lib/libftgl.a(FTFont.o): relocation R_PARISC_DPREL21L can not be used when making a shared object; recompile with -fPIC /usr/lib/libftgl.a: could not read symbols: Bad value collect2: ld returned 1 exit status make[5]: *** [libinstrudeo.la] Error 1 make[5]: Leaving directory `/build/buildd/libinstrudeo-0.1.4/src/libinstrudeo' make[4]: *** [all-recursive] Error 1 make[4]: Leaving directory `/build/buildd/libinstrudeo-0.1.4/src/libinstrudeo' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/build/buildd/libinstrudeo-0.1.4/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/build/buildd/libinstrudeo-0.1.4' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/libinstrudeo-0.1.4' make: *** [build-stamp] Error 2 A full build log can be found at: http://buildd.debian.org/build.php?arch=hppapkg=libinstrudeover=0.1.4-3
Bug#415776: marked as done (libtext-vfile-asdata-perl: Must depend on libclass-accessor-chained-perl)
Your message dated Thu, 22 Mar 2007 19:17:04 + with message-id [EMAIL PROTECTED] and subject line Bug#415776: fixed in libtext-vfile-asdata-perl 0.0.5-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: libtext-vfile-asdata-perl Version: 0.0.5-1 Severity: grave Justification: renders package unusable Running the very simple script attached below results in the following: $ ./test-text-vfile-asdata.pl Base class package Class::Accessor::Chained::Fast is empty. (Perhaps you need to `use' the module which defines that package first.) at /usr/share/perl5/Text/vFile/asData.pm line 5 BEGIN failed--compilation aborted at /usr/share/perl5/Text/vFile/asData.pm line 5. Compilation failed in require at ./test-text-vfile-asdata.pl line 3. BEGIN failed--compilation aborted at ./test-text-vfile-asdata.pl line 3. Installing the libclass-accessor-chained-perl package fixes the problem. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.17-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libtext-vfile-asdata-perl depends on: ii perl 5.8.8-6.1 Larry Wall's Practical Extraction libtext-vfile-asdata-perl recommends no packages. -- no debconf information -- Rafael #!/usr/bin/perl use Text::vFile::asData; my $data = Text::vFile::asData-new-parse (main::DATA); __DATA__ BEGIN:VCARD VERSION:2.1 N:ADAC END:VCARD ---End Message--- ---BeginMessage--- Source: libtext-vfile-asdata-perl Source-Version: 0.0.5-2 We believe that the bug you reported is fixed in the latest version of libtext-vfile-asdata-perl, which is due to be installed in the Debian FTP archive: libtext-vfile-asdata-perl_0.0.5-2.diff.gz to pool/main/libt/libtext-vfile-asdata-perl/libtext-vfile-asdata-perl_0.0.5-2.diff.gz libtext-vfile-asdata-perl_0.0.5-2.dsc to pool/main/libt/libtext-vfile-asdata-perl/libtext-vfile-asdata-perl_0.0.5-2.dsc libtext-vfile-asdata-perl_0.0.5-2_all.deb to pool/main/libt/libtext-vfile-asdata-perl/libtext-vfile-asdata-perl_0.0.5-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Neil Williams [EMAIL PROTECTED] (supplier of updated libtext-vfile-asdata-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 22 Mar 2007 18:57:06 + Source: libtext-vfile-asdata-perl Binary: libtext-vfile-asdata-perl Architecture: source all Version: 0.0.5-2 Distribution: unstable Urgency: low Maintainer: Neil Williams [EMAIL PROTECTED] Changed-By: Neil Williams [EMAIL PROTECTED] Description: libtext-vfile-asdata-perl - generic perl module to read and write vfile files Closes: 415776 Changes: libtext-vfile-asdata-perl (0.0.5-2) unstable; urgency=low . * Must depend on libclass-accessor-chained-perl (Closes: #415776) * Set Architecture: all Files: 3cb5823ff4b4f7a8cb07822dc467beb9 688 perl optional libtext-vfile-asdata-perl_0.0.5-2.dsc 5d70b26e07ed787eacd8d9449ed73e59 1472 perl optional libtext-vfile-asdata-perl_0.0.5-2.diff.gz 3e927d212040af25b4a2bbb6b820aef7 11032 perl optional libtext-vfile-asdata-perl_0.0.5-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGAtKIiAEJSii8s+MRAu8HAJoDCwSQtNtV7I1o+0LpXvhIJFxUcACdESFc NkWc0qRkRAC/Cugo0gzgK38= =e41Q -END PGP SIGNATURE- ---End Message---
Processed: Re: Bug#415860: openoffice.org: Writer does not close its files properly
Processing commands for [EMAIL PROTECTED]: tag 415860 + moreinfo Bug#415860: openoffice.org: Writer does not close its files properly There were no tags set. Tags added: moreinfo thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#392472: terminate called after throwing an instance of 'Glib::FileError'
Hello, I have a same problem. This due to the absence of the /usr/share/pixmaps/gnome-logo-icon-transparent.png icon You can get this icon in source package http://downloads.sourceforge.net/parchive/gpar2-0.3.tar.gz?modtime=1141153935big_mirror=0 Regards, -- Nicolas Joseph Responsable de la rubrique C C++ de developpez.com http://nicolasj.developpez.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415878: Xserver crashes since update from 1:7.1.0-12 to 1:7.1.0-15 with the nvidia driver
severity 415878 important tags 415878 moreinfo unreproducible thanks On Thu, Mar 22, 2007 at 19:56:03 +0100, Daniel Schröter wrote: Package: xserver-xorg Version: 1:7.1.0-15 Severity: critical Hello, since I upgraded xserver-xorg from 1:7.1.0-12 to 1:7.1.0-15 the X-server crashes on startup (from Xorg.0.log): The xserver-xorg package is basically empty. Which version of the nvidia drivers and of xserver-xorg-core are installed (and was the crash related to an upgrade of either of these packages, or to a change in your config file)? [...] (II) Initializing extension GLX Backtrace: 0: /usr/bin/X(xf86SigHandler+0x6d) [0x4802ed] 1: /lib/libc.so.6 [0x39e1e2f110] 2: /lib/libc.so.6(__ctype_tolower_loc+0x25) [0x39e1e292c5] 3: /usr/bin/X(xf86nameCompare+0xfe) [0x4a4cde] 4: /usr/bin/X(InitInput+0x103) [0x45ea23] 5: /usr/bin/X(main+0x337) [0x430e57] 6: /lib/libc.so.6(__libc_start_main+0xda) [0x39e1e1c4ca] 7: /usr/bin/X(FontFileCompleteXLFD+0x9a) [0x43026a] If you could rebuild the xorg-server package with debugging symbols and reproduce the crash within gdb, that would probably help. Thanks, Julien signature.asc Description: Digital signature
Bug#415885: zeroc-ice_3.2.0-1(ia64/unstable): FTBFS: non-PIC in shared lib
Package: zeroc-ice Version: 3.2.0-1 Severity: serious There was an error while trying to autobuild your package: Automatic build of zeroc-ice_3.2.0-1 on caballero by sbuild/ia64 98 Build started at 20070322-1933 [...] ** Using build dependencies supplied by package: Build-Depends: cdbs (= 0.4.27-1), debhelper (= 4.2.0), patchutils (= 0.2.25), libdb4.5++-dev | libdb++-dev, libreadline5-dev | libreadline-dev, libexpat1-dev, libssl-dev, libbz2-dev, zlib1g-dev | libz-dev [...] c++ -shared -DHAVE_ENDIAN_H -DHAVE_LIMITS_H -L../../lib -o ../../lib/libIceUtil.so.3.2.0 -Wl,-h,libIceUtil.so.32 ArgVector.o Base64.o Cond.o ConvertUTF.o CountDownLatch.o CtrlCHandler.o Exception.o Shared.o InputUtil.o MD5.o MD5I.o Options.o OutputUtil.o Random.o RWRecMutex.o RecMutex.o StaticMutex.o StringUtil.o Thread.o ThreadException.o Time.o UUID.o Unicode.o -lpthread /usr/bin/ld: Exception.o: @gprel relocation against dynamic symbol IceUtil::IllegalArgumentException::_name /usr/bin/ld: Exception.o: @gprel relocation against dynamic symbol IceUtil::NullHandleException::_name /usr/bin/ld: Exception.o: @gprel relocation against dynamic symbol IceUtil::Exception::_name /usr/bin/ld: Exception.o: @gprel relocation against dynamic symbol IceUtil::nullHandleAbort /usr/bin/ld: Exception.o: @gprel relocation against dynamic symbol IceUtil::nullHandleAbort /usr/bin/ld: final link failed: Nonrepresentable section on output collect2: ld returned 1 exit status make[3]: *** [../../lib/libIceUtil.so.3.2.0] Error 1 make[3]: Leaving directory `/build/buildd/zeroc-ice-3.2.0/src/IceUtil' make[2]: *** [all] Error 1 make[2]: Leaving directory `/build/buildd/zeroc-ice-3.2.0/src' make[1]: *** [all] Error 1 make[1]: Leaving directory `/build/buildd/zeroc-ice-3.2.0' make: *** [debian/stamp-makefile-build] Error 2 A full build log can be found at: http://buildd.debian.org/build.php?arch=ia64pkg=zeroc-icever=3.2.0-1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415886: zeroc-icee_1.1.0-8(hppa/unstable): FTBFS: non-PIC in shared lib
Package: zeroc-icee Version: 1.1.0-8 Severity: serious There was an error while trying to autobuild your package: Automatic build of zeroc-icee_1.1.0-8 on bld-3 by sbuild/hppa 98 Build started at 20070322-1336 [...] ** Using build dependencies supplied by package: Build-Depends: cdbs (= 0.4.27-1), debhelper (= 4.2.0), slice2cppe (= 1.1.0) [...] c++ -c -I.. -I../../include -DICE_API_EXPORTS -DHAVE_ENDIAN_H -DHAVE_LIMITS_H ../../src/TcpTransport/EndpointFactory.cpp c++ -c -I.. -I../../include -DICE_API_EXPORTS -DHAVE_ENDIAN_H -DHAVE_LIMITS_H ../../src/TcpTransport/TcpEndpoint.cpp c++ -c -I.. -I../../include -DICE_API_EXPORTS -DHAVE_ENDIAN_H -DHAVE_LIMITS_H ../../src/TcpTransport/Transceiver.cpp rm -f ../../lib/libIceE.so.1.1.0 c++ -shared -DHAVE_ENDIAN_H -DHAVE_LIMITS_H -L../../lib -o ../../lib/libIceE.so.1.1.0 -Wl,-h,libIceE.so.11 BasicStream.o Buffer.o BuiltinSequences.o Communicator.o Cond.o Connection.o Current.o DefaultsAndOverrides.o Endpoint.o ExceptionBase.o FacetMap.o FactoryTable.o FactoryTableDef.o Identity.o IdentityUtil.o Incoming.o IncomingConnectionFactory.o Initialize.o Instance.o LocalException.o LocalObject.o Locator.o LocatorF.o LocatorInfo.o Logger.o LoggerF.o LoggerI.o LoggerUtil.o Network.o Object.o ObjectAdapter.o ObjectAdapterFactory.o OperationMode.o Outgoing.o OutgoingConnectionFactory.o Properties.o Proxy.o ProxyFactory.o RecMutex.o Reference.o ReferenceFactory.o Router.o RouterF.o RouterInfo.o RoutingTable.o RWRecMutex.o SafeStdio.o ServantManager.o Shared.o StaticMutex.o StringUtil.o Thread.o ThreadException.o Time.o TraceLevels.o TraceUtil.o UnknownEndpoint.o UUID.o Acceptor.o Connector.o EndpointFactory.o TcpEndpoint.o Transceiver.o -ldl -lpthread /usr/bin/ld: BasicStream.o: relocation R_PARISC_DPREL21L can not be used when making a shared object; recompile with -fPIC BasicStream.o: could not read symbols: Bad value collect2: ld returned 1 exit status make[3]: *** [../../lib/libIceE.so.1.1.0] Error 1 make[3]: Leaving directory `/build/buildd/zeroc-icee-1.1.0/src/IceE' make[2]: *** [all] Error 1 make[2]: Leaving directory `/build/buildd/zeroc-icee-1.1.0/src' make[1]: *** [all] Error 1 make[1]: Leaving directory `/build/buildd/zeroc-icee-1.1.0' make: *** [debian/stamp-makefile-build] Error 2 A full build log can be found at: http://buildd.debian.org/build.php?arch=hppapkg=zeroc-iceever=1.1.0-8 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 390369
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.1 tags 390369 - unreproducible Bug#390369: nbsmtp: Doesn't provide working /usr/sbin/sendmail as an MTA should Tags were: unreproducible Tags removed: unreproducible End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability
#wonder if I get this right reassign 415861 kdelibs4c2a found 415861 4:3.5.5a.dfsg.1-5 notfound 415861 4:3.5.5a.dfsg.1-6 found 415861 4:3.5.6.r1.dfsg.1-1 notfound 415861 4:3.5.6.r1.dfsg.1-2 notfound 409868 4:3.5.6.r1.dfsg.1-2 forcemerge 415864 409868 thanks The problem is also probably present in the KDE versions in sid and etch. Hi! Most konqueror securitybugs are actually from kdelibs, as it is here the rendering stuff is. Both the sid/etch and the experimental changelog for kdelibs4c2a shows this CVE. Closing this bug. /Sune -- How could I send to the proxy? First from Mac you should never save a CD memory for doubleclicking the driver to a controller on a hardware. pgpCrMbj8UBK5.pgp Description: PGP signature
Processed (with 1 errors): Re: Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability
Processing commands for [EMAIL PROTECTED]: #wonder if I get this right reassign 415861 kdelibs4c2a Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability Bug reassigned from package `konqueror' to `kdelibs4c2a'. found 415861 4:3.5.5a.dfsg.1-5 Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability Bug marked as found in version 4:3.5.5a.dfsg.1-5. notfound 415861 4:3.5.5a.dfsg.1-6 Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability Bug marked as not found in version 4:3.5.5a.dfsg.1-6. found 415861 4:3.5.6.r1.dfsg.1-1 Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability Bug marked as found in version 4:3.5.6.r1.dfsg.1-1. notfound 415861 4:3.5.6.r1.dfsg.1-2 Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability Bug marked as not found in version 4:3.5.6.r1.dfsg.1-2. notfound 409868 4:3.5.6.r1.dfsg.1-2 Bug#409868: CVE-2007-0537: does not properly parse HTML comments in TITLE tag Bug marked as not found in version 4:3.5.6.r1.dfsg.1-2. (By the way, this Bug is currently marked as done.) forcemerge 415864 409868 Bug#415864: aic7xxx: aic7892(B): BUG: soft lockup detected on CPU#0 Bug#409868: CVE-2007-0537: does not properly parse HTML comments in TITLE tag Mismatch - only Bugs in the same package can be forcibly merged: Bug 409868 is not in the same package as 415864 thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332782: Please explain the etch-ignore tag
On Wed, 21 Mar 2007 17:21:10 -0700 Steve Langasek wrote: On Thu, Mar 22, 2007 at 12:49:49AM +0100, Francesco Poli wrote: [...] This is effectively a clarical error What do you mean by clarical? I'm sorry to ask, but I am not an English native speaker and no dictionary could help... clerical. Sorry, typo. Ah, understood: an error made in copying or writing, dict says. At any rate, it's a clerical error that has not yet been corrected... [...] Debian hardly (if ever) relies on implicit permission grants from third parties: That's not true. Lots of patches are committed, by our upstreams and by our developers, with only implicit grants. Ack (even though I think it would be far better to grant explicit licenses for patches, especially when the work they are based on is released under a non-copyleft license...). However I feel that the two scenarios are not comparable: when someone contributes a patch to be incorporated into a work, he/she can be assumed to be OK with the license of the work. On the other hand, a completely new work (such as the release notes) is not so convincingly implicitly licensed in a DFSG-free manner (under which specific license, anyway?) just because the general Debian documentation policy states that it will. [...] Where can I find a comprehensive list of individual contributors (whose contribution is creative enough to grant them a copyright interest in the work)? Are there any others besides the ones who are credited in the footer of the contents page[2]? I would suggest also checking the cvs log for the repository. Well, I've just noticed that there's no link to the _Release Notes_ source from the dedicated page[3]. This should be fixed as well, I think. [3] http://www.debian.org/releases/testing/releasenotes I suppose I can find the source here[4], but I would need confirmation before going on and possibly dig into the *wrong* source!! ;-) Even better: could you please suggest a command-line that I can use to checkout the source? [4] http://cvs.debian.org/ddp/manuals.sgml/release-notes/?cvsroot=debian-doc Any more practical way of getting the complete list of contributors? -- http://frx.netsons.org/doc/nanodocs/etch_workstation_install.html Need to read a Debian etch installation walk-through? . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpcfaDxXpQJx.pgp Description: PGP signature
Processed: Re: Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability
Processing commands for [EMAIL PROTECTED]: #trying again close 415861 4:3.5.5a.dfsg.1-6 Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 4:3.5.5a.dfsg.1-6, send any further explanations to Laurent Bonnaud [EMAIL PROTECTED] close 415861 4:3.5.6.r1.dfsg.1-2 Bug#415861: CVE-2007-0537: khtml/konqueror title XSS vulnerability 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 4:3.5.6.r1.dfsg.1-2, send any further explanations to Laurent Bonnaud [EMAIL PROTECTED] close 409868 4:3.5.6.r1.dfsg.1-2 Bug#409868: CVE-2007-0537: does not properly parse HTML comments in TITLE tag 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 4:3.5.6.r1.dfsg.1-2, send any further explanations to Kees Cook [EMAIL PROTECTED] thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Raising severity to release-critical
Processing commands for [EMAIL PROTECTED]: severity 401758 critical Bug#401758: leaks file descriptors (connections to the LDAP server) Severity set to `critical' from `important' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415840: marked as done (vendor patch #5 is necessary for OpenLDAP)
Your message dated Thu, 22 Mar 2007 20:47:03 + with message-id [EMAIL PROTECTED] and subject line Bug#415840: fixed in db4.2 4.2.52+dfsg-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: db4.2 Severity: wishlist Tags: patch Hi, please consider adding the transactions patch (attached) to db4.2. This patch is recommended for OpenLDAP 2.2.6 and 2.2.27, while it is required for all higher OpenLDAP versions (2.2.28 enginieering as well as 2.3.x). Accordung to OpenLDAP developers db4.2 is the recommended Berkeley DB library for OpenLDAP. So not having this patch in Debian's db4.2 would hinder the further development of openldap2.x packages in Debian. You may find further finormation about this patch on Standord's Directory pages where it was first published (accoeding to my knowledge): http://www.stanford.edu/services/directory/openldap/configuration/openldap-build-42.html As you can see the patch is quite trivial and does not affect packages that are not aware of the flag introduced with this patch. (BTW, I have db 4.2 with this patch running for half a year without any problems [except the need to re-build my private package whenever a new official package comes out ;-]) Please do not hesitate to to aks if you have any questions. Thanks in advance PEter -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) ## transactions.patch by Quanah Gibson-Mount [EMAIL PROTECTED] ## ## fixes transaction behaviour; required for openLDAP ## published on Stanford's Directory Services pages: ## http://www.stanford.edu/services/directory/openldap/configuration/openldap-build-42.html --- dbinc/db.in +++ dbinc/db.in 2004-09-09 18:30:00.547903000 -0700 @@ -839,6 +839,7 @@ #define TXN_NOWAIT 0x040 /* Do not wait on locks. */ #define TXN_RESTORED 0x080 /* Transaction has been restored. */ #define TXN_SYNC 0x100 /* Sync on prepare and commit. */ +#define TXN_NOLOG 0x200 /* Do not log this transaction. */ u_int32_t flags; }; --- txn/txn.c +++ txn/txn.c 2004-09-09 18:32:14.559561000 -0700 @@ -127,7 +127,7 @@ if ((ret = __db_fchk(dbenv, txn_begin, flags, DB_DIRTY_READ | DB_TXN_NOWAIT | - DB_TXN_NOSYNC | DB_TXN_SYNC)) != 0) + DB_TXN_NOSYNC | DB_TXN_SYNC | DB_TXN_NOT_DURABLE )) != 0) return (ret); if ((ret = __db_fcchk(dbenv, txn_begin, flags, DB_TXN_NOSYNC, DB_TXN_SYNC)) != 0) @@ -193,6 +193,8 @@ F_SET(txn, TXN_SYNC); if (LF_ISSET(DB_TXN_NOWAIT)) F_SET(txn, TXN_NOWAIT); + if (LF_ISSET(DB_TXN_NOT_DURABLE)) + F_SET(txn, TXN_NOLOG); if ((ret = __txn_begin_int(txn, 0)) != 0) goto err; @@ -328,7 +330,7 @@ * We should set this value when we write the first log record, not * here. */ - if (DBENV_LOGGING(dbenv)) + if (DBENV_LOGGING(dbenv) !F_ISSET(txn, TXN_NOLOG)) __log_txn_lsn(dbenv, begin_lsn, NULL, NULL); else ZERO_LSN(begin_lsn); ---End Message--- ---BeginMessage--- Source: db4.2 Source-Version: 4.2.52+dfsg-2 We believe that the bug you reported is fixed in the latest version of db4.2, which is due to be installed in the Debian FTP archive: db4.2-util_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/db4.2-util_4.2.52+dfsg-2_i386.deb db4.2_4.2.52+dfsg-2.diff.gz to pool/main/d/db4.2/db4.2_4.2.52+dfsg-2.diff.gz db4.2_4.2.52+dfsg-2.dsc to pool/main/d/db4.2/db4.2_4.2.52+dfsg-2.dsc libdb4.2++-dev_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2++-dev_4.2.52+dfsg-2_i386.deb libdb4.2++c2_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2++c2_4.2.52+dfsg-2_i386.deb libdb4.2-dev_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2-dev_4.2.52+dfsg-2_i386.deb libdb4.2-java-dev_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2-java-dev_4.2.52+dfsg-2_i386.deb libdb4.2-java_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2-java_4.2.52+dfsg-2_i386.deb libdb4.2-tcl_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2-tcl_4.2.52+dfsg-2_i386.deb libdb4.2_4.2.52+dfsg-2_i386.deb to pool/main/d/db4.2/libdb4.2_4.2.52+dfsg-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution
Bug#390369: -o is not one option
it is a series of options from ssmtps sendmail manpage Most sendmail options are irrelevent to sSMTP. Those marked ``ignored'' or ``default'' have no effect on mail transfer. Those marked ``unsup- ported'' are fatal errors. Those marked ``simulated'' are not errors, but the result is for the program to exit with an informative message. A sort of fatal non-error. . -oAfile (ignored) Use alternate alias file. -oc(ignored) Delay ``expensive'' connections. -od(ignored) Set the delivery mode to interactive/synchronous, background or queue (Always interactive). -oD(ignored) Run newaliases if required. -oe(ignored) Set error processing to mail, write, print or quit. (Always print). -oFmode (ignored) The mode to use when creating temporary files. -of(ignored) Save UNIX-system-style ``From'' lines at the front of messages. -ogN (ignored) Set group ID to use when calling mailers. -oHfile (ignored) Set SMTP help file. -oi(default) Do not take dots on a line by themselves as a message terminator. -oLn (ignored) The log level. -om(default) Send to ``me'' (the sender) also if in an alias. -oo(unsupported) If set, this message may have old style headers. -oQqueuedir (ignored) Select the directory in which to queue messages. -ortimeout (ignored) The timeout on reads. -oSfile (ignored) Save statistics in the named file. -os(ignored) Always instantiate the queue. -oTtime (ignored) Set timeout on messages. -otstz,dtz (ignored) Set the name of the time zone. someone familiar with getopt will be required to provide a patch for nbsmtp that provides similar functionality. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.17/730 - Release Date: 22/03/2007 07:44
Bug#415898: DoS: mysqld dies with BOOLEAN full text search
Package: mysql-server-5.0 Version: 5.0.32-7etch1 Severity: grave Tags: security Justification: user security hole It's the thir time the server dies, it happened twice with previous version in Etch and it just happened again with the current one, which I thought solved the problem. The server dies with the SELECT query shown below. The three times occured right after a WHERE MATCH () AGAINST ('word' IN BOOLEAN MODE) where were used and the word's first character was an utf-8 accented char. I tried repeating the bug in another server, but it only happens randomly in a very busy web server (http://meneame.net). ar 22 21:44:31 web4 mysqld[4459]: thd=0x2be008d0 Mar 22 21:44:31 web4 mysqld[4459]: Attempting backtrace. You can use the following information to find out Mar 22 21:44:31 web4 mysqld[4459]: where mysqld died. If you see no messages after this, something went Mar 22 21:44:31 web4 mysqld[4459]: terribly wrong... Mar 22 21:44:31 web4 mysqld[4459]: Cannot determine thread, fp=0x404e5190, backtrace may not be correct. Mar 22 21:44:31 web4 mysqld[4459]: Stack range sanity check OK, backtrace follows: Mar 22 21:44:31 web4 mysqld[4459]: (nil) Mar 22 21:44:31 web4 mysqld[4459]: Stack trace seems successful - bottom reached Mar 22 21:44:31 web4 mysqld[4459]: Please read http://dev.mysql.com/doc/mysql/en/using-stack-trace.html and follow instructions on how to resolve the stack trace. Resolved Mar 22 21:44:31 web4 mysqld[4459]: stack trace is much more helpful in diagnosing the problem, so please do Mar 22 21:44:31 web4 mysqld[4459]: resolve it Mar 22 21:44:31 web4 mysqld[4459]: Trying to get some variables. Mar 22 21:44:31 web4 mysqld[4459]: Some pointers may be invalid and cause the dump to abort... Mar 22 21:44:31 web4 mysqld[4459]: thd-query at 0xeda6f0 = SELECT count(*) FROM links WHERE MATCH (link_url, link_url_title, link_title, link_content, link_tags) AGAINST ('Écija' IN BOOLEAN MODE) AND (link_status != 'discard' OR (link_status = 'discard' AND link_date date_sub(now(), interval 7 day) AND link_votes 0)) Mar 22 21:44:31 web4 mysqld[4459]: thd-thread_id=206439 -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages mysql-server-5.0 depends on: ii adduser3.102 Add and remove users and groups ii debconf [debconf-2.0] 1.5.11Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libdbi-perl1.53-1Perl5 database interface by Tim Bu ii libgcc11:4.1.1-21GCC support library ii libmysqlclient15off5.0.32-7etch1 mysql database client library ii libncurses55.5-5 Shared libraries for terminal hand ii libreadline5 5.2-2 GNU readline and history libraries ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3 ii libwrap0 7.6.dbs-13Wietse Venema's TCP wrappers libra ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii mysql-client-5.0 5.0.32-7etch1 mysql database client binaries ii mysql-common 5.0.32-7etch1 mysql database common files (e.g. ii passwd 1:4.0.18.1-7 change and administer password and ii perl 5.8.8-7 Larry Wall's Practical Extraction ii psmisc 22.3-1Utilities that use the proc filesy ii zlib1g 1:1.2.3-13compression library - runtime Versions of packages mysql-server-5.0 recommends: ii mailx1:8.1.2-0.20050715cvs-1 A simple mail user agent -- debconf information: mysql-server-5.0/really_downgrade: false mysql-server-5.0/need_sarge_compat: false mysql-server-5.0/start_on_boot: true mysql-server/error_setting_password: mysql-server-5.0/nis_warning: mysql-server-5.0/postrm_remove_databases: false mysql-server-5.0/need_sarge_compat_done: true
Bug#415898: DoS: mysqld dies with BOOLEAN full text search
tags 415898 + moreinfo Hello Ricardo On 2007-03-22 Ricardo Galli wrote: The server dies with the SELECT query shown below. The three times occured right after a WHERE MATCH () AGAINST ('word' IN BOOLEAN MODE) where were used and the word's first character was an utf-8 accented char. Please send me a mysqldump --opt ... links dump and preferably the binary files from /var/lib/mysql/database/links.* so that I can verify the problem. If they contain private data just send me the output from SHOW CREATE TABLE links; and maybe one or two example lines that can be used to try your query. (Most crashes only happen with specific combinations of field types and indices so this would be really useful before spending time to find the cause of the bug) bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#415878: Xserver crashes since update from 1:7.1.0-12 to 1:7.1.0-15 with the nvidia driver
Processing commands for [EMAIL PROTECTED]: severity 415878 important Bug#415878: Xserver crashes since update from 1:7.1.0-12 to 1:7.1.0-15 with the nvidia driver Severity set to `important' from `critical' tags 415878 moreinfo unreproducible Bug#415878: Xserver crashes since update from 1:7.1.0-12 to 1:7.1.0-15 with the nvidia driver There were no tags set. Tags added: moreinfo, unreproducible thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 415852 is normal
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.1 severity 415852 normal Bug#415852: x11-common: List of package files missing Severity set to `normal' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed (with 5 errors): Re: Bug#415898: DoS: mysqld dies with BOOLEAN full text search
Processing commands for [EMAIL PROTECTED]: tags 415898 + moreinfo Bug#415898: DoS: mysqld dies with BOOLEAN full text search Tags were: security Tags added: moreinfo Hello Ricardo Unknown command or malformed arguments to command. On 2007-03-22 Ricardo Galli wrote: Unknown command or malformed arguments to command. The server dies with the SELECT query shown below. The three times Unknown command or malformed arguments to command. occured right after a WHERE MATCH () AGAINST ('word' IN BOOLEAN MODE) Unknown command or malformed arguments to command. where were used and the word's first character was an utf-8 accented Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415902: rhapsody: One vulnerability per IRC command
Package: rhapsody Severity: grave Tags: security Justification: user security hole Rhapsody has format string and buffer overflow vulnerabilities in almost every IRC command it supports: http://www.securityfocus.com/archive/1/archive/1/463092/100/0/threaded Given that it includes so many Secure programming 101 errors, that it only has six users in popcon, was never part of a stable release and is a very early 0.2x version the correct fix appears to be to remove it from Etch and let it mature for Lenny. It's not that Debian is short of IRC clients. Cheers, Moritz -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332782: Please explain the etch-ignore tag
On Thu, Mar 22, 2007 at 09:12:54PM +0100, Francesco Poli wrote: I suppose I can find the source here[4], but I would need confirmation before going on and possibly dig into the *wrong* source!! ;-) Even better: could you please suggest a command-line that I can use to checkout the source? Yes, that's the source. As for a command line to check out the source see http://www.debian.org/doc/ddp [4] http://cvs.debian.org/ddp/manuals.sgml/release-notes/?cvsroot=debian-doc Any more practical way of getting the complete list of contributors? Yes: $ grep author release-notes.ent,v en/release-notes.en.sgml,v | awk '{print $4}' | sort | uniq -c | sort -n [ slightly edited, for clarity ] 73 fjp - Frans Pop 43 jfs - Javier Fernandez-Sanguino (me) 36 robster - Rob Bradford 24 aba - Andreas Barth 19 jseidel - Jens Seidel 4 djpig- Frank Lichtenheld 3 fbothamy - Frédéric Bothamy 2 joy - Josip Rodin 1 spaillar - Simon Paillard 1 barbier - Denis Barbier The number before the the (debian) login is the number of commits they made to the source. Regards Javier signature.asc Description: Digital signature
Bug#415898: DoS: mysqld dies with BOOLEAN full text search
On Thursday 22 March 2007 22:49:38 Christian Hammers wrote: tags 415898 + moreinfo Hello Ricardo On 2007-03-22 Ricardo Galli wrote: The server dies with the SELECT query shown below. The three times occured right after a WHERE MATCH () AGAINST ('word' IN BOOLEAN MODE) where were used and the word's first character was an utf-8 accented char. Please send me a mysqldump --opt ... links dump and preferably the binary files from /var/lib/mysql/database/links.* so that I can verify the problem. If they contain private data just send me the output from SHOW CREATE TABLE links; and maybe one or two example lines that can be used to try your query. I just created a tar.bz2, it's about 84 MB, so you can downloaded from http://meneame.net/archives/links.tar.bz2 I just checked last logs and found another which stored the last sql, which is similar: Mar 20 22:15:02 web4 mysqld[1]: Trying to get some variables. Mar 20 22:15:02 web4 mysqld[1]: Some pointers may be invalid and cause the dump to abort... Mar 20 22:15:02 web4 mysqld[1]: thd-query at 0xd77690 = SELECT count(*) FROM links WHERE MATCH (link_url, link_url_title, link_title, link_content, link_tags) AGAINST ('único' IN BOOLEAN MODE) AND (link_status != 'discard' OR (link_status = 'discard' AND link_date date_sub(now(), interval 7 day) AND link_votes 0)) Thanks, -- ricardo galli GPG id C8114D34 http://mnm.uib.es/gallir/
Processed: severity of 415860 is important
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.1 # eh, is this even a bug in a Debian package? severity 415860 important Bug#415860: openoffice.org: Writer does not close its files properly Severity set to `important' from `grave' End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332782: Please explain the etch-ignore tag
On Thu, Mar 22, 2007 at 11:24:33PM +0100, Javier Fernández-Sanguino Peña wrote: Yes: $ grep author release-notes.ent,v en/release-notes.en.sgml,v | awk '{print $4}' | sort | uniq -c | sort -n [ slightly edited, for clarity ] 73 fjp - Frans Pop 43 jfs - Javier Fernandez-Sanguino (me) 36 robster - Rob Bradford 24 aba - Andreas Barth 19 jseidel - Jens Seidel 4 djpig- Frank Lichtenheld 3 fbothamy - Frédéric Bothamy 2 joy - Josip Rodin 1 spaillar - Simon Paillard 1 barbier - Denis Barbier The number before the the (debian) login is the number of commits they made to the source. That won't be comprehensive though, because there are a limited number of authorized committers who often commit changes contributed by others. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Bug#332782: Please explain the etch-ignore tag
On Thu, Mar 22, 2007 at 09:12:54PM +0100, Francesco Poli wrote: I would suggest also checking the cvs log for the repository. Well, I've just noticed that there's no link to the _Release Notes_ source from the dedicated page[3]. This should be fixed as well, I think. [3] http://www.debian.org/releases/testing/releasenotes I suppose I can find the source here[4], but I would need confirmation before going on and possibly dig into the *wrong* source!! ;-) Even better: could you please suggest a command-line that I can use to checkout the source? [4] http://cvs.debian.org/ddp/manuals.sgml/release-notes/?cvsroot=debian-doc cvs -d :pserver:[EMAIL PROTECTED]/cvs/debian-doc co ddp/manuals.sgml/release-notes followed by cvs log within the checkout tree. (and since it's cvs, you get a separate cvs log for every file in the tree, yay crappy...) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#332782: Please explain the etch-ignore tag
On Thursday 22 March 2007 23:24, Javier Fernández-Sanguino Peña wrote: $ grep author release-notes.ent,v en/release-notes.en.sgml,v | awk '{print $4}' | sort | uniq -c | sort -n [ slightly edited, for clarity ] 73 fjp - Frans Pop 43 jfs - Javier Fernandez-Sanguino (me) 36 robster - Rob Bradford 24 aba - Andreas Barth 19 jseidel - Jens Seidel 4 djpig- Frank Lichtenheld 3 fbothamy - Frédéric Bothamy 2 joy - Josip Rodin 1 spaillar - Simon Paillard 1 barbier - Denis Barbier The number before the the (debian) login is the number of commits they made to the source. Unfortunately committers are not the same as contributors. A lot more people have contributed text to the release notes through mails to the debian-doc mailing list and bug reports that were committed by the people who have edited the release notes. pgpoPGKElSb99.pgp Description: PGP signature
Processed: Re: Bug#414929: could you try this patch
Processing commands for [EMAIL PROTECTED]: tags 414929 patch Bug#414929: timidity can't be removed/purged/upgraded Tags were: confirmed Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]