Bug#446268: vim ABRT: glibc: vim: invalid next size (fast): 0x00000000007fd430
also sprach James Vega <[EMAIL PROTECTED]> [2007.10.16.1421 +0100]: > Yes, it was included in 1:7.1-135+1. I was just noting the actual > patch that fixed the bug in case someone has to use a hypothetical > 7.1-080 package from distribution X. If they check for > has('patch073') instead of patch('135') they'll rightly have > 'preserveindent' enabled. Oh, doh! I was running +058 before, wasn't I? Sorry, I was a bit slow today... -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems "solange man nicht die moral des christentums als kapitalverbrechen am leben empfindet, haben dessen verteidiger gutes spiel." - friedrich nietzsche digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#446730: bittornado: fails to start: ImportError: No module named BitTornado
On 10/16/07, Josselin Mouette <[EMAIL PROTECTED]> wrote: > First of all, bittornado failed to upgrade. I think this was either > caused by a prerm failure or an unpack failure, leading in the end to > have only bittornado 0.3.18-3 installed. So there's probably a bug in > bittornado. It would be nice if you could tell us how I'm not sure what the bug could be in bittornado, as I have done the same upgrade on 2 machines and the other maintainer has as well, all without problems. One difference I noted is that Lionel also upgraded python-support at the same time, so I downgraded bittornado to do the same upgrade. Here are the results, which generated no errors at all: 2007-10-16 23:11:17 upgrade python-support 0.6.4 0.7.4 2007-10-16 23:11:17 status half-configured python-support 0.6.4 2007-10-16 23:11:17 status unpacked python-support 0.6.4 2007-10-16 23:11:17 status half-installed python-support 0.6.4 2007-10-16 23:11:18 status half-installed python-support 0.6.4 2007-10-16 23:11:18 status unpacked python-support 0.7.4 2007-10-16 23:11:18 status unpacked python-support 0.7.4 2007-10-16 23:11:18 upgrade bittornado-gui 0.3.18-3 0.3.18-4 2007-10-16 23:11:18 status half-configured bittornado-gui 0.3.18-3 2007-10-16 23:11:18 status unpacked bittornado-gui 0.3.18-3 2007-10-16 23:11:18 status half-installed bittornado-gui 0.3.18-3 2007-10-16 23:11:18 status half-installed bittornado-gui 0.3.18-3 2007-10-16 23:11:18 status unpacked bittornado-gui 0.3.18-4 2007-10-16 23:11:18 status unpacked bittornado-gui 0.3.18-4 2007-10-16 23:11:18 upgrade bittornado 0.3.18-3 0.3.18-4 2007-10-16 23:11:18 status half-configured bittornado 0.3.18-3 2007-10-16 23:11:19 status unpacked bittornado 0.3.18-3 2007-10-16 23:11:19 status half-installed bittornado 0.3.18-3 2007-10-16 23:11:19 status half-installed bittornado 0.3.18-3 2007-10-16 23:11:19 status unpacked bittornado 0.3.18-4 2007-10-16 23:11:19 status unpacked bittornado 0.3.18-4 2007-10-16 23:11:20 status unpacked python-support 0.7.4 2007-10-16 23:11:20 status half-configured python-support 0.7.4 2007-10-16 23:11:20 status installed python-support 0.7.4 2007-10-16 23:11:20 status unpacked bittornado 0.3.18-4 2007-10-16 23:11:20 status half-configured bittornado 0.3.18-4 2007-10-16 23:11:22 status installed bittornado 0.3.18-4 2007-10-16 23:11:22 status unpacked bittornado-gui 0.3.18-4 2007-10-16 23:11:22 status half-configured bittornado-gui 0.3.18-4 2007-10-16 23:11:22 status installed bittornado-gui 0.3.18-4 One interesting thing I noticed was that the bittornado 0.3.18-4 in the archive depends on python-support >= 0.7.1, whereas the one I built locally only depends on python-support >= 0.2. I assume that means it was built (by my sponsor) with a newer version of python-support than mine was, which I'm not sure how it would cause this problem, but I thought I'd mention it anyway. Thanks, Cameron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#438704: [patch] grun: As of gtk 2.12, #438704 causes a segfault on
> I have created a complete patch for this bug. I will ask for > sponsorship to upload this as an NMU in 7 days. This patch has been uploaded as -14.1 and is currently waiting in the delayed/6 queue. Please, if you don't agree with the patch, cancel the delayed upload by making a higher numbered one. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446976: libapache2-mod-bt: crashes when request handler handles request
Package: libapache2-mod-bt Version: 0.0.19+p4.2340-1 Severity: grave Justification: renders package unusable I've written a configuration based loosely on the one provided with the package. Also requests, include /, /register, etc cause the apache subprocess to segfault. Here is the vhost block, identifiers masked... ServerName tracker.foo.bar DocumentRoot /var/www/foo.bar/tracker/ CustomLog /var/www/foo.bar/.access_log.tracker combined ErrorLog /var/www/foo.bar/.error_log.tracker ServerSignature off Tracker On TrackerHome /var/lib/mod_bt TrackerFlags AllowScrapeFull TrackerDetailURL /details/ Alias /mod_bt.css /usr/share/doc/libbtutil0/html/mod_bt.css SetHandler modbt-root Options +Includes SetOutputFilter INCLUDES SetHandler modbt-announce SetHandler modbt-scrape SetHandler modbt-details SetHandler modbt-register Sefault messages appear in /var/log/apache2/error.log, nothing is left in /var/www/foo.bar/.error_log.tracker. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.16-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libapache2-mod-bt depends on: ii apache2-mpm-prefork 2.2.3-3.1Traditional model for Apache HTTPD ii apache2.2-common2.2.3-3.1Next generation, scalable, extenda ii libbttracker0 0.0.19+p4.2340-1 BitTorrent Tracker Library ii libbtutil0 0.0.19+p4.2340-1 BitTorrent utility library libapache2-mod-bt recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446973: lunar-applet: Missing and incorrect copyright/licensing information
Hi, On 10/17/07, Ming Hua <[EMAIL PROTECTED]> wrote: > Package: lunar-applet > Version: 1.6-1 > Severity: serious > Justification: Policy 2.3, I suppose > > Lunar-applet is apparently a derivative work of the clock applet in > gnome-panel. The gnome-panel source has FSF as the copyright owner, > with many authors. However, lunar-applet's packaging documentation > /usr/share/doc/lunar-applet/copyright doesn't mention this at all. > (The upstream README mentions this, but it's in Chinese. Reading the > source makes this obvious, though, as many file in src/ still keeps the > original copyright header from gnome-panel.) > > If it's only missing upstream author information, this bug is probably > not "serious" severity. After all, both lunar-applet and the clock > applet code are licensed under GPL v2 or later. > > However, on closer inspection, I found the copyright/licensing situation > of lunar-applet very messy: > > For example, the src/lunar.c is a modified version of the > applets/clock/clock.c file in gnome-panel, but the header in lunar.c > doesn't say anything about the modification, which probably violates > clause 2(a) of GPL v2. > > Now worse, the file gtkchinesecalendar/gtkchinesecalendar.h claims LGPL > v2 license (which by itself needs clarification in Debian's copyright > file), but also says it contains code from lunar package with "Copyright > (C) 1988,1989,1991,1992 Fung F. Lee and Ricky Yeung", but lunar is GPL > v2 or later. I'm not sure if it's possible to mix GPL and LGPL code in > one file or one project, but even if it's okay, it should at least be > clearly noted. > > And then things gets ugly -- the file gtkchinesecalendar/tables.h looks > like derivative work of lunar code, but the copyright and licensing > notice at the top of the file is completely removed, and the file in > lunar-applet doesn't have any copyright/licensing information. > > In summary, I find the copyright and licensing information of > lunar-applet package very incomplete and confusing. Some of the code > there probably even violates GPL/LGPL. I'm disappointed to see the > maintainers doing a poor work on copyright/license auditing, and I'm > surprised that this passed through FTP master's inspection. > Nevertheless, I hope this bug can cause closer inspection of the whole > codebase of lunar-applet. > first, it's LEGAL to license every piece of lunar-applet in GPL v2 and later. and an updated copyright file is in attachment, it's in the format proposed in http://wiki.debian.org/Proposals/CopyrightFormat please help check whether I make any mistake or missing something, thanks. to yetist, how about fix following issue: 1. you modification src/lunar.c but not document the license part 2. if gtkchinesecalendar/gtkchinesecalendar.h is derived from lunar, you can't license it under LGPL. 3. you does not document the license issue of gtkchinesecalendar/tables.h, if it's derived from lunar, please document it. if not, how about add a comment in README or somewhere. 4. how about update your copyright file to reflect your license issue in this project and thanks for your great work in lunar-applet. thanks. -- Best Regards, LI Daobing copyright Description: Binary data
Processed: Re: Bug#446857: can't build qgis on arm
Processing commands for [EMAIL PROTECTED]: > severity 446857 normal Bug#446857: can't build qgis on arm Severity set to `normal' from `grave' > notfound 446857 4.2.2-2 Bug#446857: can't build qgis on arm Bug no longer marked as found in version 4.2.2-2. > reassign 446857 g++-4.1 Bug#446857: can't build qgis on arm Bug reassigned from package `gcc-4.2' to `g++-4.1'. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446974: x11proto-render-dev: /usr/include/X11/extensions/renderproto.h fails to compile
Package: x11proto-render-dev Version: 2:0.9.3-2 Severity: grave Justification: renders package unusable $ gcc -c /usr/include/X11/extensions/renderproto.h -o /tmp/foo In file included from /usr/include/X11/extensions/renderproto.h:30: /usr/include/X11/extensions/render.h:29: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘Glyph’ /usr/include/X11/extensions/render.h:30: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘GlyphSet’ /usr/include/X11/extensions/render.h:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘Picture’ /usr/include/X11/extensions/render.h:32: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘PictFormat’ -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (10, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-k7 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages x11proto-render-dev depends on: ii x11-common1:7.3+2X Window System (X.Org) infrastruc x11proto-render-dev recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446973: lunar-applet: Missing and incorrect copyright/licensing information
Package: lunar-applet Version: 1.6-1 Severity: serious Justification: Policy 2.3, I suppose Lunar-applet is apparently a derivative work of the clock applet in gnome-panel. The gnome-panel source has FSF as the copyright owner, with many authors. However, lunar-applet's packaging documentation /usr/share/doc/lunar-applet/copyright doesn't mention this at all. (The upstream README mentions this, but it's in Chinese. Reading the source makes this obvious, though, as many file in src/ still keeps the original copyright header from gnome-panel.) If it's only missing upstream author information, this bug is probably not "serious" severity. After all, both lunar-applet and the clock applet code are licensed under GPL v2 or later. However, on closer inspection, I found the copyright/licensing situation of lunar-applet very messy: For example, the src/lunar.c is a modified version of the applets/clock/clock.c file in gnome-panel, but the header in lunar.c doesn't say anything about the modification, which probably violates clause 2(a) of GPL v2. Now worse, the file gtkchinesecalendar/gtkchinesecalendar.h claims LGPL v2 license (which by itself needs clarification in Debian's copyright file), but also says it contains code from lunar package with "Copyright (C) 1988,1989,1991,1992 Fung F. Lee and Ricky Yeung", but lunar is GPL v2 or later. I'm not sure if it's possible to mix GPL and LGPL code in one file or one project, but even if it's okay, it should at least be clearly noted. And then things gets ugly -- the file gtkchinesecalendar/tables.h looks like derivative work of lunar code, but the copyright and licensing notice at the top of the file is completely removed, and the file in lunar-applet doesn't have any copyright/licensing information. In summary, I find the copyright and licensing information of lunar-applet package very incomplete and confusing. Some of the code there probably even violates GPL/LGPL. I'm disappointed to see the maintainers doing a poor work on copyright/license auditing, and I'm surprised that this passed through FTP master's inspection. Nevertheless, I hope this bug can cause closer inspection of the whole codebase of lunar-applet. Ming 2007.10.16 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446968: alsa-base: Alsa only works after /etc/init.d/alsa restart, then fails again later
Package: alsa-base Version: 1.0.14-2 Severity: grave Justification: renders package unusable After upgrading my kernel from 2.6.18-4 to 2.6.21 (now 2.6.22), I noticed mplayer stoped playing video files, and stalled immediately after opening. I filed a bug report with mplayer (bug #445731). I later learned that the problem was not mplayer specific; any application that attempted to work with alsa stalled (including the gnome sound system). I tired building modules for alsa using module-assistant, and it appeared to work. However, I think it only appeared to work because it cause alsa to reload. After the system rebooted alsa still had the same problem. When the system is started, to prevent applications that work with alsa from stalling, I have to run /etc/init.d/alsa force-reload. This allows sound to start working again. However, once sound is working again, if I try to play a movie file, mplayer works for a few seconds and stalls (as it did before alsa was reloaded). I tried this with totem, and, though it didn't stall, sound suddenly cut out. So, alsa starts working after the reload, but then stops again. If I try playing the file yet again, it will still play (without locking up immediately), but it still locks up later. I have tried reinstalling the alsa-base and alsa-utils packages, but nothing has worked so far. -- Package-specific info: --- Begin additional package status --- Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii libasound2 1.0.14a-2 ALSA library --- End additional package status --- --- Begin /proc/asound/version --- Advanced Linux Sound Architecture Driver Version 1.0.14 (Thu May 31 09:03:25 2007 UTC). --- End /proc/asound/version --- --- Begin /proc/asound/cards --- 0 [Tumbler]: PMac Tumbler - PowerMac Tumbler PowerMac Tumbler (Dev 21) Sub-frame 0 --- End /proc/asound/cards --- --- Begin /dev/snd/ listing --- total 0 crw-rw 1 root audio 116, 0 2007-10-16 20:55 controlC0 crw-rw 1 root audio 116, 16 2007-10-16 20:55 pcmC0D0p crw-rw 1 root audio 116, 33 2007-10-16 20:55 timer --- End /dev/snd/ listing --- -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.22-2-powerpc Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages alsa-base depends on: ii linux-sound-base 1.0.14-2 base package for ALSA and OSS soun ii lsof 4.78.dfsg.1-3 List open files ii module-init-tools 3.3-pre11-4 tools for managing Linux kernel mo Versions of packages alsa-base recommends: ii alsa-utils1.0.14-2 ALSA utilities Versions of packages libasound2 depends on: ii libc6 2.6.1-1GNU C Library: Shared libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#445797: fixed in libcaca 0.99.beta12.debian-3
On Tue, Oct 16, 2007, Frank Küster wrote: > Please don't do it that way. Both because it's a bad idea and because > we intend to file bugs about this soon (read: as soon as one among the > TeX team has some free time, which might well be next year). > > It's a bad idea because the texlive metapackage is a package targetted > at users who write documents, not at build-deps. It's a package which is > supposed to pull in what a novice/standard/whatever TeX user probably > wants. But we're not yet there, so we might still have to make some > changes: Add this package, drop that other one. > > Consequently, at least at the moment, the texlive metapackage is a > moving target with respect to "I need this particular font". You are > risking that your package FTBFS once we find out that most people won't > need that font package (or should not use it because it's obsolete). > Better check which individual package is needed. Okay, you make perfect sense. Can you suggest a strategy that lets me know the required font? Of course I can test packages one after the other but I'd like to understand what's going on if possible. Cheers, -- Sam.
Bug#445798: marked as done (libkarma: FTBFS: tries to open files in my homedir)
Your message dated Wed, 17 Oct 2007 01:02:04 + with message-id <[EMAIL PROTECTED]> and subject line Bug#445798: fixed in libkarma 0.0.6-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: libkarma version: 0.0.6-2 Severity: serious User: [EMAIL PROTECTED] Usertags: qa-ftbfs-20071007 qa-ftbfs Justification: FTBFS on i386 Hi, During a rebuild of all packages in sid, your package failed to build on i386. Relevant part: dpkg-source: building libkarma in libkarma_0.0.6-2.dsc debian/rules build test -d debian/patched || install -d debian/patched dpatch apply-all applying patch 01_use_DESTDIR to ./ ... ok. applying patch 05_add_karma-sharp_dllmap to ./ ... ok. applying patch 06_fix_shlib_build_and_install to ./ ... ok. applying patch 08_dynamically_link_tools to ./ ... ok. applying patch 15_install_docs to ./ ... ok. applying patch 20_install_playlist_show_as_example to ./ ... ok. applying patch 25_tool_manpages to ./ ... ok. applying patch 50_add_write_smalldb_debug_info to ./ ... ok. applying patch 51_fix_dmap_and_playlist_counts to ./ ... ok. applying patch 52_check_for_upload_errors to ./ ... ok. applying patch 60_fix_prop_count_off_by_ones to ./ ... ok. applying patch 70_fix_prop-write-smalldb_retval to ./ ... ok. dpatch cat-all >>patch-stampT mv -f patch-stampT patch-stamp dh_testdir /usr/bin/make make[1]: Entering directory `/build/user/libkarma-0.0.6' cd src && /usr/bin/make make[2]: Entering directory `/build/user/libkarma-0.0.6/src' gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o errors.o errors.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o fdb.o fdb.c fdb.c: In function 'lk_fdb_getlist': fdb.c:128: warning: 'n_tok' may be used uninitialized in this function fdb.c: In function 'lk_fdb_load': fdb.c:59: warning: 'n_tok' may be used uninitialized in this function gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o hash.o hash.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o karma.o karma.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o karmaLan.o karmaLan.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o karmaUsb.o karmaUsb.c karmaUsb.c: In function 'lk_karmaUsb_load_database_smalldb': karmaUsb.c:500: warning: 'tmpnum' may be used uninitialized in this function karmaUsb.c:500: note: 'tmpnum' was declared here gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o md5.o md5.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o mountSearch.o mountSearch.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o mp3.o mp3.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o playlist.o playlist.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o properties.o properties.c properties.c: In function 'lk_properties_import': properties.c:85: warning: 'n_tok' may be used uninitialized in this function properties.c: In function 'lk_properties_write_property': properties.c:509: warning: 'str' may be used uninitialized in this function gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall -pedantic -ggdb -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wredundant-decls -Wno-unused -c -o rio_rw.o rio_rw.c gcc -Wall -g -O2 -fPIC -D_REENTRANT -Wall
Bug#446858: Still a file conflict with sketch.1
skencil 0.6.17-11 still contains /usr/share/man/man1/sketch.1.gz, which is a file conflict and presumably a mistake. Peace, Dylan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#443937: marked as done (openafs-modules-source: Bizzare failures when building on a newer cc/glibc)
Your message dated Wed, 17 Oct 2007 00:47:05 + with message-id <[EMAIL PROTECTED]> and subject line Bug#443937: fixed in openafs 1.4.5~pre2.dfsg1-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: openafs-modules-source Version: 1.4.4.dfsg1-7 Severity: grave Justification: renders package unusable I just built a new x86_64 machine to bridge AFS/NFS/CIFS and after logging in to an AFS id, I found this: ls -l /u1/cobdev/cobbuild/ total 21 ?- ? ?? ?? /u1/cobdev/cobbuild/bin.tar ?- ? ?? ?? /u1/cobdev/cobbuild/cobol ?- ? ?? ?? /u1/cobdev/cobbuild/cobolw3 ?- ? ?? ?? /u1/cobdev/cobbuild/cobolw4 ?- ? ?? ?? /u1/cobdev/cobbuild/cobolw5 ?- ? ?? ?? /u1/cobdev/cobbuild/cobolwp ?- ? ?? ?? /u1/cobdev/cobbuild/nohup.out ?- ? ?? ?? /u1/cobdev/cobbuild/private ?- ? ?? ?? /u1/cobdev/cobbuild/scheduled ?- ? ?? ?? /u1/cobdev/cobbuild/windows drwxr-xr-x 2 cobbuild cobdev 2048 2007-09-06 14:34 AIX I thought it might be a 64bit, or new kernel issue, as 2.6.22.5 on my x86_32 box worked fine... However, using 2.6.22.5 on the _64 box still showed the error :( So I compiled 2.6.22.7 on the _32 box and see the exact same failure ! This likely coincides with the kernel-headers sharing 32bit and 64bit headers for portions - and I'm guessing is 32bit vs 64bit alignment and/or size issue. -- System Information: Debian Release: lenny/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22.7 (SMP w/1 CPU core; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openafs-modules-source depends on: ii bison 1:2.3.dfsg-5 A parser generator that is compati ii debhelper 5.0.56 helper programs for debian/rules ii flex2.5.33-12A fast lexical analyzer generator. ii kernel-package 11.001 A utility for building Linux kerne ii module-assistant0.10.11 tool to make module package creati openafs-modules-source recommends no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: openafs Source-Version: 1.4.5~pre2.dfsg1-1 We believe that the bug you reported is fixed in the latest version of openafs, which is due to be installed in the Debian FTP archive: libopenafs-dev_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/libopenafs-dev_1.4.5~pre2.dfsg1-1_i386.deb libpam-openafs-kaserver_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/libpam-openafs-kaserver_1.4.5~pre2.dfsg1-1_i386.deb openafs-client_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/openafs-client_1.4.5~pre2.dfsg1-1_i386.deb openafs-dbg_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/openafs-dbg_1.4.5~pre2.dfsg1-1_i386.deb openafs-dbserver_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/openafs-dbserver_1.4.5~pre2.dfsg1-1_i386.deb openafs-doc_1.4.5~pre2.dfsg1-1_all.deb to pool/main/o/openafs/openafs-doc_1.4.5~pre2.dfsg1-1_all.deb openafs-fileserver_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/openafs-fileserver_1.4.5~pre2.dfsg1-1_i386.deb openafs-kpasswd_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/openafs-kpasswd_1.4.5~pre2.dfsg1-1_i386.deb openafs-krb5_1.4.5~pre2.dfsg1-1_i386.deb to pool/main/o/openafs/openafs-krb5_1.4.5~pre2.dfsg1-1_i386.deb openafs-modules-source_1.4.5~pre2.dfsg1-1_all.deb to pool/main/o/openafs/openafs-modules-source_1.4.5~pre2.dfsg1-1_all.deb openafs_1.4.5~pre2.dfsg1-1.diff.gz to pool/main/o/openafs/openafs_1.4.5~pre2.dfsg1-1.diff.gz openafs_1.4.5~pre2.dfsg1-1.dsc to pool/main/o/openafs/openafs_1.4.5~pre2.dfsg1-1.dsc openafs_1.4.5~pre2.dfsg1.orig.tar.gz to pool/main/o/openafs/openafs_1.4.5~pre2.dfsg1.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the m
Processed: fixed 446891 in 1:4.2.4p4+dfsg-1
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.10.9 > fixed 446891 1:4.2.4p4+dfsg-1 Bug#446891: ntp: problem of dependency related to libssl0.9.8 Bug marked as fixed in version 1:4.2.4p4+dfsg-1. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
On Wed, 17 Oct 2007 03:01:24 am Nico Golde wrote: > Hi, > > * Nico Golde <[EMAIL PROTECTED]> [2007-10-16 17:59]: > > Hi Kel, > > > > * Kel Modderman <[EMAIL PROTECTED]> [2007-10-16 17:14]: > > > tags 446824 pending > > > thanks > > > > > > On Tue, 16 Oct 2007 08:37:31 am Nico Golde wrote: > > > > | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a > > > > | denial of service (panic) via a beacon frame with a large length > > > > | value in the extended supported rates (xrates) element, which > > > > | triggers an assertion error, related to > > > > | net80211/ieee80211_scan_ap.c and > > > > | net80211/ieee80211_scan_sta.c. > > > > > > net80211/ieee80211_scan_ap.c in not vulnerable in any stable release > > > from madwifi.org[0], the CVE is slightly misleading in regards to that > > > detail. > > > > Well I never said it is :) But thanks for the information, I > > checked this and added it as not-affected to the security > > tracker. > > Correction, I misunderstood you, thanks Moritz for pointing > me to this. At least the code in ieee80211_scan_sta.c is > vulnerable in the Debian versions if I don't miss anything. > Kind regards > Nico Yes, thats correct. ieee80211_scan_sta.c is vulnerable in all upstream and debian versions. Kel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#445635: azureus still does not start
Please do the following as root and report if it worked out: update-alternatives --auto swt.jar Regards, Amir -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446960: i386 build of axiom is missing all shlibs dependencies
package: axiom version: 20050901-9 severity: serious justification: violates section 3.5 of debian policy all shlibs dependencies are missing from the i386 build of axiom. This seems to have been a build environment related problem so a binnmu should fix it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#445731: marked as done (mplayer stops working after kernel update to 2.6.21)
Your message dated Tue, 16 Oct 2007 18:00:10 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#445731: mplayer stops working after kernel update to 2.6.21 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: mplayer Version: 1.0~rc1-16 Severity: grave Justification: renders package unusable Hello. I recently attempted to upgrade my system's kernel to the latest version in testing (2.6.22-2-powerpc) from 2.6.18-4-powerpc. After updating the kernel, I tried to play a file in mplayer. A player window appeared, as though the file was going to play, but nothing happened. Also, the counter was not moving - it was as though the movie was on pause on a completely black scene. If I tried to seek, the movie would skip to the frame and show a still image of that point (the counter would display the time, but still did not move). The program did not display any error messages and would still quit normally. I tried using different vo drivers, attempted playing different file types, and reinstalled the mplayer package, but nothing worked. I downgraded the kernel back to 2.6.18-4-powerpc and mplayer now works normally again. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.18-4-powerpc Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mplayer depends on: ii debconf [debconf-2 1.5.14Debian configuration management sy ii libasound2 1.0.14a-2 ALSA library ii libatk1.0-01.20.0-1 The ATK accessibility toolkit ii libaudiofile0 0.2.6-7 Open-source version of SGI's audio ii libc6 2.6.1-1 GNU C Library: Shared libraries ii libcaca0 0.99.beta11.debian-3 colour ASCII art library ii libcairo2 1.4.10-1+b2 The Cairo 2D vector graphics libra ii libcdparanoia0 3.10+debian~pre0-5+b1 audio extraction tool for sampling ii libcucul0 0.99.beta11.debian-3 low-level Unicode character drawin ii libdirectfb-0.9-25 0.9.25.1-6direct frame buffer graphics - sha ii libdvdread30.9.7-3 library for reading DVDs ii libesd-alsa0 [libe 0.2.36-3 Enlightened Sound Daemon (ALSA) - ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.3.5-1 FreeType 2 font engine, shared lib ii libgcc11:4.2.1-4 GCC support library ii libgl1-mesa-glx [l 7.0.1-2 A free implementation of the OpenG ii libglib2.0-0 2.14.0-2 The GLib library of C routines ii libgtk2.0-02.10.13-1 The GTK+ graphical user interface ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii liblircclient0 0.8.0-12 LIRC client library ii liblzo11.08-3data compression library (old vers ii libncurses55.6+20070908-1Shared libraries for terminal hand ii libogg01.1.3-2 Ogg Bitstream Library ii libpango1.0-0 1.18.2-1 Layout and rendering of internatio ii libpng12-0 1.2.15~beta5-2PNG library - runtime ii libsdl1.2debian1.2.11-9 Simple DirectMedia Layer ii libsmbclient 3.0.26a-1 shared library that allows applica ii libspeex1 1.1.12-3 The Speex Speech Codec ii libstdc++6 4.2.1-4 The GNU Standard C++ Library v3 ii libtheora0 1.0~beta1-1 The Theora Video Compression Codec ii libungif4g 4.1.4-5+b1shared library for GIF images ii libx11-6 2:1.0.3-7 X11 client-side library ii libxcursor11:1.1.9-1 X cursor management library ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio ii libxi6 2:1.1.3-1 X11 Input extension library ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library ii libxrandr2 2:1.2.2-1 X11 RandR extension library ii libxrender11:0.9.4-1 X Rendering Extension client libra ii libxv1 1:1.0.3-1 X11 Video extension library ii libxvmc1 1:1.0.4-2
Processed: Re: Bug#446913: opal includes the file include/codec/ilbccodec.h, making it not DFSG-free
Processing commands for [EMAIL PROTECTED]: > severity 446913 important Bug#446913: opal includes the file include/codec/ilbccodec.h, making it not DFSG-free Severity set to `important' from `serious' > tags 446913 moreinfo Bug#446913: opal includes the file include/codec/ilbccodec.h, making it not DFSG-free There were no tags set. Tags added: moreinfo > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446913: opal includes the file include/codec/ilbccodec.h, making it not DFSG-free
severity 446913 important tags 446913 moreinfo thanks Alain, On Tue, Oct 16, 2007 at 05:32:56PM +0200, Alain Kalker wrote: > Package: opal > Version: 2.2.11~dfsg1-1 > Severity: grave > > The source tarball for opal ships the file include/codec/ilbccodec.h, > Although it is not used in the build, one can argue that this file is > technically part of the iLBC codec, making the package not DFSG-free. reading into that file I find * Copyright (c) 1999-2000 Equivalence Pty. Ltd. which doesn't really look like it's an original part of the iLBC codec. Which parts do you think are copied over and need to be removed? -- Best regards, Kilian signature.asc Description: Digital signature
Bug#441407: CVE-2007-4650: security bugs in the WebDAV and Reupload modules
On Mon, Sep 10, 2007 at 04:02:14PM -0400, Michael Schultheiss wrote: > fixed 441407 2.2.3-1 > kthxbye > > Thijs Kinkhorst wrote: > > Package: gallery2 > > Version: 2.1.2-2 > > Severity: serious > > Tags: security > > > > Hi, > > > > As you know Gallery 2.2.3 has been released which fixes several > > security bugs in the WebDAV and Reupload modules. Could you please > > asess whether an update for etch is necessary? > > I'll check with upstream and let you know. What's the result? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446929: marked as done (ncurses-bin: references hidden symbols (?))
Your message dated Tue, 16 Oct 2007 21:02:09 + with message-id <[EMAIL PROTECTED]> and subject line Bug#446929: fixed in ncurses 5.6+20071013-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: ncurses-bin Version: 5.5-5 Severity: serious $ infocmp |wc -l 50 $ sudo dpkg -i /var/cache/apt/archives/ncurses-bin_5.5-5_i386.deb dpkg - warning: downgrading ncurses-bin from 5.6+20071006-3 to 5.5-5. (Reading database ... 53958 files and directories currently installed.) Preparing to replace ncurses-bin 5.6+20071006-3 (using .../ncurses-bin_5.5-5_i386.deb) ... Unpacking replacement ncurses-bin ... Setting up ncurses-bin (5.5-5) ... $ infocmp |wc -l infocmp: symbol lookup error: infocmp: undefined symbol: _nc_disable_period 0 My limited understanding leads me to believe that this function wasn't meant to be exported in ncurses/stable, so was removed or renamed in ncurses/unstable. --- End Message --- --- Begin Message --- Source: ncurses Source-Version: 5.6+20071013-1 We believe that the bug you reported is fixed in the latest version of ncurses, which is due to be installed in the Debian FTP archive: lib64ncurses5-dev_5.6+20071013-1_i386.deb to pool/main/n/ncurses/lib64ncurses5-dev_5.6+20071013-1_i386.deb lib64ncurses5_5.6+20071013-1_i386.deb to pool/main/n/ncurses/lib64ncurses5_5.6+20071013-1_i386.deb libncurses5-dbg_5.6+20071013-1_i386.deb to pool/main/n/ncurses/libncurses5-dbg_5.6+20071013-1_i386.deb libncurses5-dev_5.6+20071013-1_i386.deb to pool/main/n/ncurses/libncurses5-dev_5.6+20071013-1_i386.deb libncurses5_5.6+20071013-1_i386.deb to pool/main/n/ncurses/libncurses5_5.6+20071013-1_i386.deb libncursesw5-dbg_5.6+20071013-1_i386.deb to pool/main/n/ncurses/libncursesw5-dbg_5.6+20071013-1_i386.deb libncursesw5-dev_5.6+20071013-1_i386.deb to pool/main/n/ncurses/libncursesw5-dev_5.6+20071013-1_i386.deb libncursesw5_5.6+20071013-1_i386.deb to pool/main/n/ncurses/libncursesw5_5.6+20071013-1_i386.deb ncurses-base_5.6+20071013-1_all.deb to pool/main/n/ncurses/ncurses-base_5.6+20071013-1_all.deb ncurses-bin_5.6+20071013-1_i386.deb to pool/main/n/ncurses/ncurses-bin_5.6+20071013-1_i386.deb ncurses-term_5.6+20071013-1_all.deb to pool/main/n/ncurses/ncurses-term_5.6+20071013-1_all.deb ncurses_5.6+20071013-1.diff.gz to pool/main/n/ncurses/ncurses_5.6+20071013-1.diff.gz ncurses_5.6+20071013-1.dsc to pool/main/n/ncurses/ncurses_5.6+20071013-1.dsc ncurses_5.6+20071013.orig.tar.gz to pool/main/n/ncurses/ncurses_5.6+20071013.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated ncurses package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 16 Oct 2007 20:43:00 +0200 Source: ncurses Binary: ncurses-base lib64ncurses5 libncursesw5-dev libncursesw5-dbg ncurses-bin libncurses5 libncursesw5 libncurses5-dev ncurses-term lib32ncurses5-dev lib32ncurses5 libncurses5-dbg lib64ncurses5-dev Architecture: source i386 all Version: 5.6+20071013-1 Distribution: unstable Urgency: low Maintainer: Daniel Baumann <[EMAIL PROTECTED]> Changed-By: Daniel Baumann <[EMAIL PROTECTED]> Description: lib64ncurses5 - Shared libraries for terminal handling (64-bit) lib64ncurses5-dev - Developer's libraries for ncurses (64-bit) libncurses5 - Shared libraries for terminal handling libncurses5-dbg - Debugging/profiling libraries for ncurses libncurses5-dev - Developer's libraries and docs for ncurses libncursesw5 - Shared libraries for terminal handling (wide character support) libncursesw5-dbg - Debugging/profiling libraries for ncurses libncursesw5-dev - Developer's libraries for ncursesw ncurses-base - Descriptions of common terminal types ncurses-bin - Terminal-related programs and man pages ncurses-term - Additional terminal type definitions Closes: 446929 Changes: ncurses (5.6+20071013-1) unstable; urgency=low . * New upstream patch level. * Rising shlibs to '>= 5.6+20071006-3' (Closes: #446929). Files: 2a19711dd1dbb455360058bb5cf108eb 911 libs standard ncurses_5.6+20071013-1.ds
Bug#446824: marked as done (CVE-2007-5448 remote denial of service via crafted beacon frame)
Your message dated Tue, 16 Oct 2007 21:02:06 + with message-id <[EMAIL PROTECTED]> and subject line Bug#446824: fixed in madwifi 1:0.9.3.2-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: madwifi-source Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for madwifi-source. CVE-2007-5448[0]: | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial | of service (panic) via a beacon frame with a large length value in the | extended supported rates (xrates) element, which triggers an assertion | error, related to net80211/ieee80211_scan_ap.c and | net80211/ieee80211_scan_sta.c. If you fix this vulnerability please also include the CVE id in your changelog entry. This is fixed in upstream svn on: http://madwifi.org/changeset/2736 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpZbBKZXbZln.pgp Description: PGP signature --- End Message --- --- Begin Message --- Source: madwifi Source-Version: 1:0.9.3.2-2 We believe that the bug you reported is fixed in the latest version of madwifi, which is due to be installed in the Debian FTP archive: madwifi-source_0.9.3.2-2_all.deb to pool/non-free/m/madwifi/madwifi-source_0.9.3.2-2_all.deb madwifi_0.9.3.2-2.diff.gz to pool/non-free/m/madwifi/madwifi_0.9.3.2-2.diff.gz madwifi_0.9.3.2-2.dsc to pool/non-free/m/madwifi/madwifi_0.9.3.2-2.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kel Modderman <[EMAIL PROTECTED]> (supplier of updated madwifi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 16 Oct 2007 18:00:28 +1000 Source: madwifi Binary: madwifi-source Architecture: source all Version: 1:0.9.3.2-2 Distribution: unstable Urgency: high Maintainer: Debian madwifi team <[EMAIL PROTECTED]> Changed-By: Kel Modderman <[EMAIL PROTECTED]> Description: madwifi-source - source for the Multiband Atheros Driver for WiFi Closes: 446039 446090 446824 Changes: madwifi (1:0.9.3.2-2) unstable; urgency=high . * Add fix_2.6.23_include_fs_h.dpatch for linux 2.6.23 compatibility. (Closes: #446090, #446039) * Add 10_CVE-2007-5448_sanitize_xrates.dpatch to fix CVE-2007-5448: - DoS vulnerability via kassert from poor checking of xrate element in scan results (Closes: #446824) * Adjust Vcs fields of debian/control to format of current concensus. * Use Homepage field of debian/control. Files: 7441cdd080643468a14f311b52b7cffe 928 non-free/net optional madwifi_0.9.3.2-2.dsc 9fb20df8b0fcfa2dd8b7d13ad992ef02 13060 non-free/net optional madwifi_0.9.3.2-2.diff.gz c6b68c386d2c0f3f399c40159c7daaf7 3529994 non-free/net optional madwifi-source_0.9.3.2-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHFSTz/pqN2EBUqwgRAuAzAKCQ+K7WhOUlrWwGivxJXSFLy4thlQCfXkMk EMF8bJUpLqPbt8q+K9vZ9b0= =hc6z -END PGP SIGNATURE- --- End Message ---
Bug#446950: sun-java5-bin: crashes xterm on installation
Package: sun-java5-bin Version: 1.5.0-10-3 Severity: serious This "bug" may be covering a bunch of packages, I suspect, actually. Either way, what I'm seeing is totally unacceptable for a "stable" release. After noticing that azureus doesn't work anymore (it used to), i.e., crashes, popup windows not closing, top showing java use 101 (yes, 101) %CPU, etc., etc., started looking for java. Found realpath /usr/bin/java to be /usr/bin/gij-4.1. Decided to get Sun's (actually I think I always had it and don't remember switching). OK, apt-get install sun-java5-jdk, but xterm running this crashes, can't even notice what the problem is. Next I'm told to do dpkg --configure -a, repeating install after that crashes xterm again (while setting up sun-java5-bin). After a few tries, decided to remove the misbehaving sun-java5 packages, this finally allows a glimpse as to what might be wrong: kaste(3): sudo apt-get remove --purge sun-java5-bin Reading package lists... Done Building dependency tree... Done The following packages will be REMOVED: sun-java5-bin sun-java5-jre 0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded. 2 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Do you want to continue [Y/n]? y dpkg: error processing sun-java5-bin (--remove): Package is in a very bad inconsistent state - you should reinstall it before attempting a removal. dpkg: error processing sun-java5-jre (--remove): Package is in a very bad inconsistent state - you should reinstall it before attempting a removal. Errors were encountered while processing: sun-java5-bin sun-java5-jre E: Sub-process /usr/bin/dpkg returned an error code (1) Well, at least xterm doesn't crash this time. Before this, my system was perfectly "up-to-date", BTW, so this is quite a shock. To summarize, the way I see it: 1) sun-java5-* really broken. 2) dpkg crashing due to sun-java5-* brokenness. 3) dpkg crashing and taking xterm with it. 4) azureus completely unusable with gij-4.1. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20 Locale: LANG=lv_LV.UTF-8, LC_CTYPE=lv_LV.UTF-8 (charmap=UTF-8) -- debconf information: shared/accepted-sun-dlj-v1-1: false shared/error-sun-dlj-v1-1: shared/present-sun-dlj-v1-1: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#444435: marked as done (openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers())
Your message dated Tue, 16 Oct 2007 19:57:26 + with message-id <[EMAIL PROTECTED]> and subject line Bug#35: fixed in openssl 0.9.7e-3sarge5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: openssl Version: 0.9.8c-4, 0.9.7e-3sarge4 Severity: critical Tags: sarge, etch, security According to http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 is not yet available): Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. According to the German IT news magazin "Heise Online", 0.9.7m and 0.9.8e are also affected: http://www.heise.de/security/news/meldung/96710 Original source seems to be this Bugtraq posting: http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded According to this posting, all lower versions are affected, too. The release dates of 0.9.8e and 0.9.7m and the time line in the above mentioned Bugtraq posting suggest that not only 0.9.7l and 0.9.8d but also 0.9.7m and 0.9.8e are affected -- as Heise wrote. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22.3-amd64-1 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages openssl depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libssl0.9.80.9.8c-4 SSL shared libraries ii zlib1g 1:1.2.3-13compression library - runtime openssl recommends no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: openssl Source-Version: 0.9.7e-3sarge5 We believe that the bug you reported is fixed in the latest version of openssl, which is due to be installed in the Debian FTP archive: libcrypto0.9.7-udeb_0.9.7e-3sarge5_i386.udeb to pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_i386.udeb libssl-dev_0.9.7e-3sarge5_i386.deb to pool/main/o/openssl/libssl-dev_0.9.7e-3sarge5_i386.deb libssl0.9.7_0.9.7e-3sarge5_i386.deb to pool/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_i386.deb openssl_0.9.7e-3sarge5.diff.gz to pool/main/o/openssl/openssl_0.9.7e-3sarge5.diff.gz openssl_0.9.7e-3sarge5.dsc to pool/main/o/openssl/openssl_0.9.7e-3sarge5.dsc openssl_0.9.7e-3sarge5_i386.deb to pool/main/o/openssl/openssl_0.9.7e-3sarge5_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kurt Roeckx <[EMAIL PROTECTED]> (supplier of updated openssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 29 Sep 2007 11:21:18 +0200 Source: openssl Binary: libssl-dev openssl libcrypto0.9.7-udeb libssl0.9.7 Architecture: source i386 Version: 0.9.7e-3sarge5 Distribution: oldstable-security Urgency: low Maintainer: [EMAIL PROTECTED] Changed-By: Kurt Roeckx <[EMAIL PROTECTED]> Description: libcrypto0.9.7-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.7 - SSL shared libraries openssl- Secure Socket Layer (SSL) binary and related cryptographic tools Closes: 35 Changes: openssl (0.9.7e-3sarge5) oldstable-security; urgency=low . * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). (Closes: #35) * Call dh_fixperms before dh_strip so that stripping actually works. Files: d19d0a6a8faf12e7e2abe6b82409af05 639 utils optional openssl_0.9.7e-3sarge5.dsc b64d10acf6285197d3ad8e923883b6d7 30634 utils optional openssl_0.9.7e-3sarge5.diff.gz 8e96029826588f227906f859bc60667d 916446 utils optional openssl_0.9.7e-3sarge5_i386.deb 337fe2d6a280d9a761c04c20d434fe9c 2194088 libs standard libssl0.9.7_0.9.7e-3sarge5_i386.deb f97dde687e4bddebb7d87cebfb925058 452446 debian-installer optional libcrypto0.9.7-udeb_0.9.7e-3sarge5_i386.udeb d104ace51eba364a5ce0a50989eee2a0 2560372 libdevel optional libssl-dev_0.9.7e-3sarge5_i386
Bug#444460: marked as done (openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers())
Your message dated Tue, 16 Oct 2007 19:56:45 + with message-id <[EMAIL PROTECTED]> and subject line Bug#60: fixed in openssl097 0.9.7k-3.1etch1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: openssl Version: 0.9.8c-4, 0.9.7e-3sarge4 Severity: critical Tags: sarge, etch, security According to http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 is not yet available): Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. According to the German IT news magazin "Heise Online", 0.9.7m and 0.9.8e are also affected: http://www.heise.de/security/news/meldung/96710 Original source seems to be this Bugtraq posting: http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded According to this posting, all lower versions are affected, too. The release dates of 0.9.8e and 0.9.7m and the time line in the above mentioned Bugtraq posting suggest that not only 0.9.7l and 0.9.8d but also 0.9.7m and 0.9.8e are affected -- as Heise wrote. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22.3-amd64-1 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages openssl depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libssl0.9.80.9.8c-4 SSL shared libraries ii zlib1g 1:1.2.3-13compression library - runtime openssl recommends no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: openssl097 Source-Version: 0.9.7k-3.1etch1 We believe that the bug you reported is fixed in the latest version of openssl097, which is due to be installed in the Debian FTP archive: libssl0.9.7-dbg_0.9.7k-3.1etch1_i386.deb to pool/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch1_i386.deb libssl0.9.7_0.9.7k-3.1etch1_i386.deb to pool/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch1_i386.deb openssl097_0.9.7k-3.1etch1.diff.gz to pool/main/o/openssl097/openssl097_0.9.7k-3.1etch1.diff.gz openssl097_0.9.7k-3.1etch1.dsc to pool/main/o/openssl097/openssl097_0.9.7k-3.1etch1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kurt Roeckx <[EMAIL PROTECTED]> (supplier of updated openssl097 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 29 Sep 2007 11:39:38 +0200 Source: openssl097 Binary: libssl0.9.7-dbg libssl0.9.7 Architecture: source i386 Version: 0.9.7k-3.1etch1 Distribution: stable-security Urgency: low Maintainer: [EMAIL PROTECTED] Changed-By: Kurt Roeckx <[EMAIL PROTECTED]> Description: libssl0.9.7 - SSL shared libraries libssl0.9.7-dbg - Symbol tables for libssl and libcrypt Closes: 60 Changes: openssl097 (0.9.7k-3.1etch1) stable-security; urgency=low . * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). (Closes: #60) Files: b7a4e535383394c3be009e3a1df09bdd 769 utils optional openssl097_0.9.7k-3.1etch1.dsc be6bba1d67b26eabb48cf1774925416f 3292692 utils optional openssl097_0.9.7k.orig.tar.gz dc2f489812286cecb705f5b77d523a1e 33285 utils optional openssl097_0.9.7k-3.1etch1.diff.gz cded472858b38935b95aa798e72e0555 2284392 oldlibs extra libssl0.9.7_0.9.7k-3.1etch1_i386.deb 4f181f50322b488f9eed50fc167d0712 4642676 libdevel extra libssl0.9.7-dbg_0.9.7k-3.1etch1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG/laTYrVLjBFATsMRAo0yAJsExpmRPLuIlLQ5XFAK856eQbGHCQCeMYCI u25c08lt1khFbn9Pruz643I= =LZCJ -END PGP SIGNATURE- --- End Message ---
Bug#444430: marked as done (CVE-2007-4993 privilege escalation)
Your message dated Tue, 16 Oct 2007 19:56:36 + with message-id <[EMAIL PROTECTED]> and subject line Bug#30: fixed in xen-3.0 3.0.3-0-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf file whose | contents are used in exec statements. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4993 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpz6ZbbmYO6g.pgp Description: PGP signature --- End Message --- --- Begin Message --- Source: xen-3.0 Source-Version: 3.0.3-0-3 We believe that the bug you reported is fixed in the latest version of xen-3.0, which is due to be installed in the Debian FTP archive: xen-3.0_3.0.3-0-3.diff.gz to pool/main/x/xen-3.0/xen-3.0_3.0.3-0-3.diff.gz xen-3.0_3.0.3-0-3.dsc to pool/main/x/xen-3.0/xen-3.0_3.0.3-0-3.dsc xen-docs-3.0_3.0.3-0-3_all.deb to pool/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-3_all.deb xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb to pool/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb to pool/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb to pool/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <[EMAIL PROTECTED]> (supplier of updated xen-3.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Fri, 05 Oct 2007 07:44:54 + Source: xen-3.0 Binary: xen-docs-3.0 xen-hypervisor-3.0.3-1-i386-pae xen-utils-3.0.3-1 xen-hypervisor-3.0.3-1-i386 xen-hypervisor-3.0.3-1-amd64 xen-ioemu-3.0.3-1 Architecture: source amd64 all Version: 3.0.3-0-3 Distribution: stable-security Urgency: low Maintainer: Debian Xen Team <[EMAIL PROTECTED]> Changed-By: Bastian Blank <[EMAIL PROTECTED]> Description: xen-docs-3.0 - documentation for XEN, a Virtual Machine Monitor xen-hypervisor-3.0.3-1-amd64 - The Xen Hypervisor on AMD64 xen-ioemu-3.0.3-1 - XEN administrative tools xen-utils-3.0.3-1 - XEN administrative tools Closes: 444007 30 Changes: xen-3.0 (3.0.3-0-3) stable-security; urgency=low . * Use linux-support-2.6.18-5. * Don't use exec with untrusted values in pygrub. (closes: #30) See CVE-2007-4993. * Add bounds checks for cirrus bitblit memory accesses in qemu. (closes: #444007) See CVE-2007-1320. Files: d42726f5a374bfb8eb1a6618174ff893 1115 misc extra xen-3.0_3.0.3-0-3.dsc 71257a2d977a601594c70c9eac0a121b 6127238 misc extra xen-3.0_3.0.3-0.orig.tar.gz 64f2dd856726a95d88fe48531e987ff4 28697 misc extra xen-3.0_3.0.3-0-3.diff.gz b91af7395e7a1169be06ced33ef56daa 533396 misc extra xen-docs-3.0_3.0.3-0-3_all.deb b4ceb2935cf07339c98b7aa67709a508 368012 misc extra xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb f7f8a51f48c87072fe2c0ffd03e066aa 331438 misc extra xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb 7957630a8fcd612e7492b7d14a36512d 269956 misc extra xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkcF74QACgkQLkAIIn9ODhHMdwCdFuApz8nO5qMHNW8vtuzCMeoe 0TMAoLwgN3zun2jpDc5s6gUW9MRH7Ofw =zeJ0 -END PGP SIGNATURE- --- End Message ---
Bug#444007: marked as done (CVE-2007-1320 multiple heap based buffer overflows)
Your message dated Tue, 16 Oct 2007 19:56:36 + with message-id <[EMAIL PROTECTED]> and subject line Bug#444007: fixed in xen-3.0 3.0.3-0-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-1320[0]: | Multiple heap-based buffer overflows in the cirrus_invalidate_region | function in the Cirrus VGA extension in QEMU 0.8.2 might allow local | users to execute arbitrary code via unspecified vectors related to | "attempting to mark non-existent regions as dirty," aka the "bitblt" | heap overflow. If you fix this vulnerability please also include the CVE id in your changelog entry. This also affects xen in etch. Please have a look at: http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00021.html http://xenbits.xensource.com/xen-unstable.hg?rev/9e86260b95a4 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpjRu7pJWf8n.pgp Description: PGP signature --- End Message --- --- Begin Message --- Source: xen-3.0 Source-Version: 3.0.3-0-3 We believe that the bug you reported is fixed in the latest version of xen-3.0, which is due to be installed in the Debian FTP archive: xen-3.0_3.0.3-0-3.diff.gz to pool/main/x/xen-3.0/xen-3.0_3.0.3-0-3.diff.gz xen-3.0_3.0.3-0-3.dsc to pool/main/x/xen-3.0/xen-3.0_3.0.3-0-3.dsc xen-docs-3.0_3.0.3-0-3_all.deb to pool/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-3_all.deb xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb to pool/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb to pool/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb to pool/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <[EMAIL PROTECTED]> (supplier of updated xen-3.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Fri, 05 Oct 2007 07:44:54 + Source: xen-3.0 Binary: xen-docs-3.0 xen-hypervisor-3.0.3-1-i386-pae xen-utils-3.0.3-1 xen-hypervisor-3.0.3-1-i386 xen-hypervisor-3.0.3-1-amd64 xen-ioemu-3.0.3-1 Architecture: source amd64 all Version: 3.0.3-0-3 Distribution: stable-security Urgency: low Maintainer: Debian Xen Team <[EMAIL PROTECTED]> Changed-By: Bastian Blank <[EMAIL PROTECTED]> Description: xen-docs-3.0 - documentation for XEN, a Virtual Machine Monitor xen-hypervisor-3.0.3-1-amd64 - The Xen Hypervisor on AMD64 xen-ioemu-3.0.3-1 - XEN administrative tools xen-utils-3.0.3-1 - XEN administrative tools Closes: 444007 30 Changes: xen-3.0 (3.0.3-0-3) stable-security; urgency=low . * Use linux-support-2.6.18-5. * Don't use exec with untrusted values in pygrub. (closes: #30) See CVE-2007-4993. * Add bounds checks for cirrus bitblit memory accesses in qemu. (closes: #444007) See CVE-2007-1320. Files: d42726f5a374bfb8eb1a6618174ff893 1115 misc extra xen-3.0_3.0.3-0-3.dsc 71257a2d977a601594c70c9eac0a121b 6127238 misc extra xen-3.0_3.0.3-0.orig.tar.gz 64f2dd856726a95d88fe48531e987ff4 28697 misc extra xen-3.0_3.0.3-0-3.diff.gz b91af7395e7a1169be06ced33ef56daa 533396 misc extra xen-docs-3.0_3.0.3-0-3_all.deb b4ceb2935cf07339c98b7aa67709a508 368012 misc extra xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb f7f8a51f48c87072fe2c0ffd03e066aa 331438 misc extra xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb 7957630a8fcd612e7492b7d14a36512d 269956 misc extra xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkcF74QACgkQLkAIIn9ODhHMdwCdFuApz8nO5qMHNW8vtuzCMeoe 0TMAoLwgN3zun2jpDc5s6gUW9MRH7Ofw =zeJ0 -END PGP SIGNATURE- --- End Message ---
Processed: Bug#446690: cl-mcclim: Failure in building mcclim
Processing commands for [EMAIL PROTECTED]: > severity 446690 important Bug#446690: cl-mcclim: Failure in building mcclim Severity set to `important' from `grave' > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#445797: fixed in libcaca 0.99.beta12.debian-3
Hi Sam, Sam Hocevar (Debian packages) <[EMAIL PROTECTED]> wrote: > libcaca (0.99.beta12.debian-3) unstable; urgency=low > . >* debian/control: > + Build-depend on texlive instead of all the other texlive-* packages so >that we have the proper fonts at build time (Closes: #445797). Please don't do it that way. Both because it's a bad idea and because we intend to file bugs about this soon (read: as soon as one among the TeX team has some free time, which might well be next year). It's a bad idea because the texlive metapackage is a package targetted at users who write documents, not at build-deps. It's a package which is supposed to pull in what a novice/standard/whatever TeX user probably wants. But we're not yet there, so we might still have to make some changes: Add this package, drop that other one. Consequently, at least at the moment, the texlive metapackage is a moving target with respect to "I need this particular font". You are risking that your package FTBFS once we find out that most people won't need that font package (or should not use it because it's obsolete). Better check which individual package is needed. Regards, Frank -- Frank Küster Debian Developer (teTeX/TeXLive)
Bug#446785: apertium-preprocess-transfer: Segmentation fault
tags 446785 + patch thanks On Tue, Oct 16, 2007 at 12:00:23AM +0100, Francis Tyers wrote: > > > > > Program terminated with signal 11, Segmentation fault. > > #0 ~ApertiumRE (this=0x7fff) at apertium_re.cc:17 > > 17if(!empty) > > (gdb) bt > > #0 ~ApertiumRE (this=0x7fff) at apertium_re.cc:17 > > #1 0x2ad2c9d9e594 in TransferData::writeRegexps ( > > this=, output=0xb2cb20) at transfer_data.cc:185 > > #2 0x2ad2c9d9e6e0 in TransferData::write (this=0x7fffe0fa6918, > > output=0xb2cb20) at transfer_data.cc:142 > > #3 0x2ad2c9da560d in TRXReader::write (this=0x7fffe0fa68d0, > > [EMAIL PROTECTED]) at trx_reader.cc:328 > > #4 0x00400f4f in main (argc=, > > argv=0x7fffe0fa6c28) at transferpp.cc:40 > > (gdb) p empty > > Cannot access memory at address 0x7fff > > (gdb) p &empty > > $1 = (bool *) 0x7fff So, I've been looking at it, and I found a few problems: - You're using new char[size] to allocate something but using "delete" instead of delete [] to free it. - The same variable can also be allocated by pcre_malloc() but you still "delete" it instead of calling pcre_free(). - You call pcre_fullinfo() with "what" set to PCRE_INFO_SIZE, which expects a size_t *, but you pass it an int *. On 64 bit arches this will of course overwrite things it shouldn't. - fwrite() also returns a size_t instead of an int. I've solved the first 2 by using pcre_malloc() instead of new, which really is what you should be doing. I think you're just lucky that things don't randomly break. The other was just replacing int with size_t. patch is attached. Kurt --- apertium/apertium_re.cc.old 2007-10-16 19:06:54.0 +0200 +++ apertium/apertium_re.cc 2007-10-16 21:42:45.0 +0200 @@ -16,7 +16,7 @@ { if(!empty) { -delete reinterpret_cast(re); +pcre_free(re); } empty = true; } @@ -25,7 +25,7 @@ ApertiumRE::read(FILE *input) { unsigned int size = Compression::multibyte_read(input); - re = reinterpret_cast(new char[size]); + re = static_cast(pcre_malloc(size)); if(size != fread(re, 1, size, input)) { cerr << L"Error reading regexp" << endl; @@ -61,7 +61,7 @@ exit(EXIT_FAILURE); } - int size; + size_t size; int rc = pcre_fullinfo(re, NULL, PCRE_INFO_SIZE, &size); if(rc < 0) { @@ -71,8 +71,8 @@ Compression::multibyte_write(size, output); - rc = fwrite(re, 1, size, output); - if(rc != size) + size_t rc2 = fwrite(re, 1, size, output); + if(rc2 != size) { wcerr << L"Error writing precompiled regex\n" << endl; exit(EXIT_FAILURE);
Processed: Re: Bug#446785: apertium-preprocess-transfer: Segmentation fault
Processing commands for [EMAIL PROTECTED]: > tags 446785 + patch Bug#446785: apertium-preprocess-transfer: Segmentation fault There were no tags set. Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#445805: marked as done (libmoosex-getopt-perl: FTBFS: failed tests)
Your message dated Tue, 16 Oct 2007 19:47:11 + with message-id <[EMAIL PROTECTED]> and subject line Bug#445805: fixed in libmoosex-getopt-perl 0.05-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: libmoosex-getopt-perl version: 0.05-1 Severity: serious User: [EMAIL PROTECTED] Usertags: qa-ftbfs-20071007 qa-ftbfs Justification: FTBFS on i386 Hi, During a rebuild of all packages in sid, your package failed to build on i386. Relevant part: /usr/bin/perl Build test t/000_loadok t/001_basic...ok t/002_custom_option_type..ok t/003_inferred_option_typeok t/pod.ok t/pod_coverage # Failed test 'Pod coverage on MooseX::Getopt::OptionTypeMap' # in /usr/share/perl5/Test/Pod/Coverage.pm at line 126. # Coverage for MooseX::Getopt::OptionTypeMap is 75.0%, with 1 naked subroutine: # meta # Looks like you failed 1 test of 3. dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED test 2 Failed 1/3 tests, 66.67% okay Failed Test Stat Wstat Total Fail Failed List of Failed --- t/pod_coverage.t1 256 31 33.33% 2 Failed 1/6 test scripts, 83.33% okay. 1/71 subtests failed, 98.59% okay. make: *** [install-stamp] Error 1 The full build log is available from http://people.debian.org/~lucas/logs/2007/10/07 A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on about 50 AMD64 nodes of the Grid'5000 platform, using a clean chroot containing a sid i386 environment. Internet was not accessible from the build systems. -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | --- End Message --- --- Begin Message --- Source: libmoosex-getopt-perl Source-Version: 0.05-2 We believe that the bug you reported is fixed in the latest version of libmoosex-getopt-perl, which is due to be installed in the Debian FTP archive: libmoosex-getopt-perl_0.05-2.diff.gz to pool/main/libm/libmoosex-getopt-perl/libmoosex-getopt-perl_0.05-2.diff.gz libmoosex-getopt-perl_0.05-2.dsc to pool/main/libm/libmoosex-getopt-perl/libmoosex-getopt-perl_0.05-2.dsc libmoosex-getopt-perl_0.05-2_all.deb to pool/main/libm/libmoosex-getopt-perl/libmoosex-getopt-perl_0.05-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Damyan Ivanov <[EMAIL PROTECTED]> (supplier of updated libmoosex-getopt-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 16 Oct 2007 22:34:07 +0300 Source: libmoosex-getopt-perl Binary: libmoosex-getopt-perl Architecture: source all Version: 0.05-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <[EMAIL PROTECTED]> Changed-By: Damyan Ivanov <[EMAIL PROTECTED]> Description: libmoosex-getopt-perl - A Moose role for processing command line options Closes: 445805 Changes: libmoosex-getopt-perl (0.05-2) unstable; urgency=medium . [ Damyan Ivanov ] * Bumped urgency to medium, as we fix FTBFS bug * added create_pachlist=0 to install call to avoid creating .packlist files. Thanks, lintian * Move testsuite from install to build target * Fix debian/watch to not capture orig.tar.gz file extension . [ gregor herrmann ] * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser field (source stanza); Homepage field (source stanza). Removed: XS- Vcs-Svn fields. . [ Rene Mayorga ] * Adding patch from Niko Tiny <[EMAIL PROTECTED]> + Include a propper pod section for Moose Metaclass, in order to past the pod-coverage test (Closes: #445805) * debian/control - Add quilt as Build-Depends-Indep * debian/rules - We use quilt now * Add myself to Uploaders Files: 5a52ab74f9283498818ee0c4bb9684b6 1051 perl optional libmoosex-getopt-perl_0.05-2.dsc a058
Processed: Re: Processed: reassign FTBFS to scons
Processing commands for [EMAIL PROTECTED]: > forcemerge 444204 444543 Bug#444204: scons: version 0.97.0d20070918-1 fails to clean csound 5.06 but 0.97.0d20070809-1 doesn't Bug#444543: abakus: FTBFS: __str__ returned non-string (type instance) Forcibly Merged 444204 444543. > severity 444204 serious Bug#444204: scons: version 0.97.0d20070918-1 fails to clean csound 5.06 but 0.97.0d20070809-1 doesn't Bug#444543: abakus: FTBFS: __str__ returned non-string (type instance) Severity set to `serious' from `normal' > kthxbye Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 444737 is grave, merging 435278 444737
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.10.9 > severity 444737 grave Bug#444737: warzone2100: SEGFAULT on Load Capmaign Severity set to `grave' from `important' > merge 435278 444737 Bug#435278: Segfault on loading campaign Bug#444737: warzone2100: SEGFAULT on Load Capmaign Bug#435749: Loading a game crashes the game Merged 435278 435749 444737. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446929: closed by Daniel Baumann <[EMAIL PROTECTED]> (reply to [EMAIL PROTECTED]) (Re: Bug#446929: ncurses-bin: references hidden symbols (?))
On Tue, Oct 16, 2007 at 06:21:03PM +, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the ncurses-bin package: > > #446929: ncurses-bin: references hidden symbols (?) > > It has been closed by Daniel Baumann <[EMAIL PROTECTED]> (reply to [EMAIL > PROTECTED]). > > Their explanation is attached below. If this explanation is > unsatisfactory and you have not received a better one in a separate > message then please contact Daniel Baumann <[EMAIL PROTECTED]> (reply to > [EMAIL PROTECTED]) by replying > to this email. > > Debian bug tracking system administrator > (administrator, Debian Bugs database) > > X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 > (2006-07-26) on rietz.debian.org > X-Spam-Level: > X-Spam-Status: No, score=-7.9 required=4.0 tests=BAYES_00,FORGED_RCVD_HELO, > FROMDEVELOPER,HAS_BUG_NUMBER autolearn=no > version=3.1.4-bugs.debian.org_2005_01_02 > Date: Tue, 16 Oct 2007 20:15:50 +0200 > From: Daniel Baumann <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Organization: Debian GNU/Linux - The Universal Operating System > To: Justin Pryzby <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: Re: Bug#446929: ncurses-bin: references hidden symbols (?) > X-Enigmail-Version: 0.95.0 > > Justin Pryzby wrote: > > My limited understanding leads me to believe that this function wasn't > > meant to be exported in ncurses/stable, so was removed or renamed in > > ncurses/unstable. > > no, it's part of libtic. you can't mix stable and unstable packages of > ncurses; they do not work. I think that should be declared, right? Partial upgrades are "supposed to" be supported. At least shouldn't the it be declared as a conflicts? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446929: marked as done (ncurses-bin: references hidden symbols (?))
Your message dated Tue, 16 Oct 2007 20:15:50 +0200 with message-id <[EMAIL PROTECTED]> and subject line Bug#446929: ncurses-bin: references hidden symbols (?) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: ncurses-bin Version: 5.5-5 Severity: serious $ infocmp |wc -l 50 $ sudo dpkg -i /var/cache/apt/archives/ncurses-bin_5.5-5_i386.deb dpkg - warning: downgrading ncurses-bin from 5.6+20071006-3 to 5.5-5. (Reading database ... 53958 files and directories currently installed.) Preparing to replace ncurses-bin 5.6+20071006-3 (using .../ncurses-bin_5.5-5_i386.deb) ... Unpacking replacement ncurses-bin ... Setting up ncurses-bin (5.5-5) ... $ infocmp |wc -l infocmp: symbol lookup error: infocmp: undefined symbol: _nc_disable_period 0 My limited understanding leads me to believe that this function wasn't meant to be exported in ncurses/stable, so was removed or renamed in ncurses/unstable. --- End Message --- --- Begin Message --- Justin Pryzby wrote: > My limited understanding leads me to believe that this function wasn't > meant to be exported in ncurses/stable, so was removed or renamed in > ncurses/unstable. no, it's part of libtic. you can't mix stable and unstable packages of ncurses; they do not work. -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ --- End Message ---
Bug#446931: FTBFS on powerpc: Unknown target in build.sh
Package: llvm Version: 1.8b-1 Severity: serious Tags: patch Justification: fails to build from source -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This patch for build.sh allows llvm to build on powerpc. Though maybe the 'power' line was intended for this and should be replaced? - -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (102, 'experimental') Architecture: powerpc (ppc) Kernel: Linux 2.6.22-2-powerpc Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHFPxDWoGvjmrbsgARAn1sAJ9peLn5wQFtZ85MX6bTlgrWZaPyrgCfS5x8 RJDVtsNDl6cOqxVkTK0swIc= =IZL6 -END PGP SIGNATURE- diff -up -ru llvm-1.8b.orig/build.sh llvm-1.8b/build.sh --- llvm-1.8b.orig/build.sh 2007-10-16 19:50:29.0 +0200 +++ llvm-1.8b/build.sh 2007-10-16 18:37:51.0 +0200 @@ -26,6 +26,8 @@ sparc64) OTHER_CONFIG_OPTIONS="--target ;; power)OTHER_CONFIG_OPTIONS="--target=power-linux" ;; +ppc*) OTHER_CONFIG_OPTIONS="--target=powerpc-linux" + ;; alpha)OTHER_CONFIG_OPTIONS="--target=alpha-linux" ;; *)echo "? unsupported architecture: \'$ARCH\'"
Bug#446885: marked as done (Broken dependency related to gimp-print)
Your message dated Tue, 16 Oct 2007 13:59:55 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#446885: Broken dependency related to gimp-print has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: gimp Version: 2.4.0~rc2-1 Severity: serious --- Please enter the report below this line. --- It is not possible to upgrade gimp because apt wants to uninstall gimp-print. The dependencies should be fixed (maybe set the dependency on gimp-gutenprint instead of on gimp-print?). --- System information. --- Architecture: i386 Kernel: Linux 2.6.22-2-686 Debian Release: lenny/sid 990 unstable www.debian-multimedia.org 990 unstable ftp.uk.debian.org 500 stable dl.google.com 500 experimental www.debian-multimedia.org 1 experimental ftp.uk.debian.org --- Package information. --- Depends (Version) | Installed ==-+-== gimp-data (>= 2.4.0~rc2) | 2.4.0~rc2-1 gimp-data (<< 2.4.0~rc2-z) | 2.4.0~rc2-1 libaa1 (>= 1.2) | 1.4p5-32 libart-2.0-2 (>= 2.3.18) | 2.3.19-3 libatk1.0-0 (>= 1.13.2) | 1.20.0-1 libc6 (>= 2.6-1) | 2.6.1-5 libcairo2 (>= 1.4.0) | 1.4.10-1 libdbus-1-3 (>= 1.1.1) | 1.1.1-3 libdbus-glib-1-2 (>= 0.74) | 0.74-1 libexif12 | 0.6.16-2 libfontconfig1 (>= 2.4.0) | 2.4.2-1.2 libfreetype6 (>= 2.3.5) | 2.3.5-1+b1 libgimp2.0 (>= 2.4.0~rc1) | 2.4.0~rc3-1 libglib2.0-0 (>= 2.14.0) | 2.14.1-5 libgtk2.0-0 (>= 2.10.12-3) | 2.12.0-3 libhal1 (>= 0.5.9) | 0.5.9.1-6 libjpeg62 | 6b-14 liblcms1 (>= 1.15-1) | 1.16-6 libmng1 (>= 1.0.3-1) | 1.0.9-1 libpango1.0-0 (>= 1.18.1) | 1.18.2-2 libpng12-0 (>= 1.2.13-4) | 1.2.15~beta5-3 libpoppler-glib1 (>= 0.5.1) | 0.5.4-6.2 librsvg2-2 (>= 2.18.1) | 2.18.2-1 libtiff4 | 3.8.2-7 libwmf0.2-7 (>= 0.2.8.4) | 0.2.8.4-6 libx11-6 | 2:1.0.3-7 libxcursor1 (>> 1.1.2) | 1:1.1.9-1 libxext6 | 1:1.0.3-2 libxfixes3 (>= 1:4.0.1) | 1:4.0.3-2 libxi6 | 2:1.1.3-1 libxinerama1 | 1:1.0.2-1 libxmu6 | 1:1.0.3-1 libxpm4 | 1:3.5.7-1 libxrandr2 (>= 2:1.2.0) | 2:1.2.2-1 libxrender1 | 1:0.9.4-1 zlib1g (>= 1:1.2.3.3.dfsg-1) | 1:1.2.3.3.dfsg-6 --- End Message --- --- Begin Message --- gimp conflicts with gimp-print, since it's been replaced by gimp-gutenprint, now stuck in NEW until it gets added to the archive. gimp does not depend on either gimp-print or gimp-gutenprint. --- End Message ---
Bug#446927: ghostscript-doc: file conflict with ghostscript
Package: ghostscript-doc Version: 8.61.dfsg.1~svn8187-1 Severity: grave Justification: renders package unusable (uninstallable) Unpacking ghostscript-doc (from .../ghostscript-doc_8.61.dfsg.1~svn8187-1_all.deb) ... dpkg: error processing /var/cache/apt/archives/ghostscript-doc_8.61.dfsg.1~svn8187-1_all.deb (--unpack): trying to overwrite `/usr/share/doc/ghostscript/Issues.htm', which is also in package ghostscript dpkg-deb: subprocess paste killed by signal (Broken pipe) -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.22.6 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages ghostscript-doc depends on: ii ghostscript8.61.dfsg.1~svn8187-1 The GPL Ghostscript PostScript/PDF ghostscript-doc recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446929: ncurses-bin: references hidden symbols (?)
Package: ncurses-bin Version: 5.5-5 Severity: serious $ infocmp |wc -l 50 $ sudo dpkg -i /var/cache/apt/archives/ncurses-bin_5.5-5_i386.deb dpkg - warning: downgrading ncurses-bin from 5.6+20071006-3 to 5.5-5. (Reading database ... 53958 files and directories currently installed.) Preparing to replace ncurses-bin 5.6+20071006-3 (using .../ncurses-bin_5.5-5_i386.deb) ... Unpacking replacement ncurses-bin ... Setting up ncurses-bin (5.5-5) ... $ infocmp |wc -l infocmp: symbol lookup error: infocmp: undefined symbol: _nc_disable_period 0 My limited understanding leads me to believe that this function wasn't meant to be exported in ncurses/stable, so was removed or renamed in ncurses/unstable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#440661: marked as done (lirc-modules-source: Fails with 2.6.21 in lenny)
Your message dated Tue, 16 Oct 2007 19:17:26 +0200 with message-id <[EMAIL PROTECTED]> and subject line Done in 0.80.0-13 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: lirc-modules-source Version: 0.8.0-12 Severity: grave Justification: renders package unusable This will cause the package to be unusable in testing. Here is my lirc-modules-source.buildlog.2.6.21-2-k7.1188827725 sed -e "s! \$KVERS!`sed -n -e '/UTS_RELEASE/s/^[^"]*"\([^"]*\)".*$/\1/p' /usr/src/linux/include/linux/version.h`!g; s!\$KSRC!/usr/src/linux!; s!\$KARCH!i386!; s!\$KEMAIL!!; s!\$KMAINT!!; s! \$KDREV!"Custom.1.00"!; s!\$DEBDATE!Mon, 03 Sep 2007 08:55:25 -0500!" debian/control.in > debian/control /usr/bin/make -f debian/rules clean make[1]: Entering directory `/usr/src/modules/lirc' dh_testdir dh_testroot rm -f build-stamp configure-stamp # Add here commands to clean up after the build process. /usr/bin/make clean make[2]: Entering directory `/usr/src/modules/lirc' /usr/bin/make clean -C drivers SUBDIRS="lirc_serial lirc_parallel lirc_i2c lirc_sir lirc_dev lirc_gpio lirc_it87 lirc_bt829 lirc_atiusb" make[3]: Entering directory `/usr/src/modules/lirc/drivers' Making clean in lirc_atiusb make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_atiusb' test -z "lirc_atiusb.o .lirc_atiusb.o.flags lirc_atiusb.mod.c lirc_atiusb.ko *~" || rm -f lirc_atiusb.o .lirc_atiusb.o.flags lirc_atiusb.mod.c lirc_atiusb.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_atiusb' Making clean in lirc_bt829 make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_bt829' test -z "lirc_bt829.o .lirc_bt829.o.flags lirc_bt829.mod.c lirc_bt829.ko *~" || rm -f lirc_bt829.o .lirc_bt829.o.flags lirc_bt829.mod.c lirc_bt829.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_bt829' Making clean in lirc_it87 make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_it87' test -z "lirc_it87.o .lirc_it87.o.flags lirc_it87.mod.c lirc_it87.ko *~" || rm -f lirc_it87.o .lirc_it87.o.flags lirc_it87.mod.c lirc_it87.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_it87' Making clean in lirc_gpio make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_gpio' test -z "lirc_gpio.o .lirc_gpio.o.flags lirc_gpio.mod.c lirc_gpio.ko *~" || rm -f lirc_gpio.o .lirc_gpio.o.flags lirc_gpio.mod.c lirc_gpio.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_gpio' Making clean in lirc_dev make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_dev' test -z "lirc_dev.o .lirc_dev.o.flags lirc_dev.mod.c lirc_dev.ko *~" || rm -f lirc_dev.o .lirc_dev.o.flags lirc_dev.mod.c lirc_dev.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_dev' Making clean in lirc_sir make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_sir' test -z "lirc_sir.o .lirc_sir.o.flags lirc_sir.mod.c lirc_sir.ko *~" || rm -f lirc_sir.o .lirc_sir.o.flags lirc_sir.mod.c lirc_sir.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_sir' Making clean in lirc_i2c make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_i2c' test -z "lirc_i2c.o .lirc_i2c.o.flags lirc_i2c.mod.c lirc_i2c.ko *~" || rm -f lirc_i2c.o .lirc_i2c.o.flags lirc_i2c.mod.c lirc_i2c.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_i2c' Making clean in lirc_parallel make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_parallel' test -z "lirc_parallel.o .lirc_parallel.o.flags lirc_parallel.mod.c lirc_parallel.ko *~" || rm -f lirc_parallel.o .lirc_parallel.o.flags lirc_parallel.mod.c lirc_parallel.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_parallel' Making clean in lirc_serial make[4]: Entering directory `/usr/src/modules/lirc/drivers/lirc_serial' test -z "lirc_serial.o .lirc_serial.o.flags lirc_serial.mod.c lirc_serial.ko *~" || rm -f lirc_serial.o .lirc_serial.o.flags lirc_serial.mod.c lirc_serial.ko *~ rm -rf .libs _libs rm -f *.o core *.core rm -f *.lo make[4]: Leaving directory `/usr/src/modules/lirc/drivers/lirc_serial' Making clean
Bug#440661: Done in 0.80.0-13
Package: lirc-modules-source Version: 0.80.0-13 This duplicate of #440494 and 436166 has been resolved in Version 0.80.0-13 of lirc-modules-source -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446891: [pkg-ntp-maintainers] Bug#446891: ntp: problem of dependency related to libssl0.9.8
Le Tuesday 16 October 2007 15:27:19, vous avez écrit : > Version: 4.2.4p4+dfsg-1 > > Am Montag, 15. Oktober 2007 schrieb GALLIEN Matthieu: > > since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to > > start. > > Time to upgrade. Yeah sure, I will upgrade as soon as the package is built !!! -- Gallien Matthieu
Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
Hi, * Nico Golde <[EMAIL PROTECTED]> [2007-10-16 17:59]: > Hi Kel, > * Kel Modderman <[EMAIL PROTECTED]> [2007-10-16 17:14]: > > tags 446824 pending > > thanks > > > > On Tue, 16 Oct 2007 08:37:31 am Nico Golde wrote: > > > | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial > > > | of service (panic) via a beacon frame with a large length value in the > > > | extended supported rates (xrates) element, which triggers an assertion > > > | error, related to net80211/ieee80211_scan_ap.c and > > > | net80211/ieee80211_scan_sta.c. > > > > net80211/ieee80211_scan_ap.c in not vulnerable in any stable release from > > madwifi.org[0], the CVE is slightly misleading in regards to that detail. > > Well I never said it is :) But thanks for the information, I > checked this and added it as not-affected to the security > tracker. Correction, I misunderstood you, thanks Moritz for pointing me to this. At least the code in ieee80211_scan_sta.c is vulnerable in the Debian versions if I don't miss anything. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpm1wLsgCUMH.pgp Description: PGP signature
Bug#433127: system unbootable after update to linux-image-2.6.21-2
Hi, I am writing to say the same thing happens to me when I upgrade to 2.6.22-2-k7 and I didn't wnat to open a new bugreport. The workaround worked just fine for me. cheers, -- Gunther Furtado [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446916: maxima: Maxima fails to start with locale configured to el_gr.utf8
Package: maxima Version: 5.10.0-6 Severity: grave Tags: l10n Justification: renders package unusable Maxima on my system decided to stop starting/working recently. I am running debian etch (4.0) stable (i386). Here is what happens: $ maxima Maxima encountered a Lisp error: Error in SETQ [or a callee]: 0 and 2 are illegal as :START and :END for the sequence "". Automatically continuing. To reenable the Lisp debugger set *debugger-hook* to nil. Error in SUBSEQ [or a callee]: The tag RETURN-FROM-DEBUGGER is undefined. Fast links are on: do (use-fast-links nil) for debugging Broken at CONDITIONS::CLCS-UNIVERSAL-ERROR-HANDLER. Type :H for Help. 1 (Continue) Maxima top-level 2 (Abort) Return to top level. dbl:MAXIMA>> I have tried the following, unsuccesful steps, so far: 1) Uninstall and purge the package and reinstall it using apt-get. 2) Try running maxima as a different user. However on another system (32bit) that I have running also debian etch stable, maxima seems to be working so apparently this seems to be a system specific problem. After LOTS of searching I realised that the problem was due to the localisation settings. In the past I was running with the locale set to posix. Here are my current settings: $ locale LANG=el_GR.UTF-8 LC_CTYPE=el_GR.UTF-8 LC_NUMERIC=el_GR.UTF-8 LC_TIME=el_GR.UTF-8 LC_COLLATE=el_GR.UTF-8 LC_MONETARY=el_GR.UTF-8 LC_MESSAGES=en_US.UTF-8 LC_PAPER=el_GR.UTF-8 LC_NAME=el_GR.UTF-8 LC_ADDRESS=el_GR.UTF-8 LC_TELEPHONE=el_GR.UTF-8 LC_MEASUREMENT=el_GR.UTF-8 LC_IDENTIFICATION=el_GR.UTF-8 LC_ALL= When I unset all those variables (or set the locale to posix) maxima works fine again. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.21asrock Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8) Versions of packages maxima depends on: di gnuplot-nox 4.0.0-5A command-line driven interactive Versions of packages maxima recommends: ii gv1:3.6.2-3 PostScript and PDF viewer for X pn maxima-share (no description available) -- no debconf information CPU: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz The kernel has smp support but otherwise normal 32bit kernel that has been running for many months. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: oops
Processing commands for [EMAIL PROTECTED]: > severity 446913 serious Bug#446913: opal includes the file include/codec/ilbccodec.h, making it not DFSG-free Severity set to `serious' from `grave' > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
Hi Kel, * Kel Modderman <[EMAIL PROTECTED]> [2007-10-16 17:14]: > tags 446824 pending > thanks > > On Tue, 16 Oct 2007 08:37:31 am Nico Golde wrote: > > | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial > > | of service (panic) via a beacon frame with a large length value in the > > | extended supported rates (xrates) element, which triggers an assertion > > | error, related to net80211/ieee80211_scan_ap.c and > > | net80211/ieee80211_scan_sta.c. > > net80211/ieee80211_scan_ap.c in not vulnerable in any stable release from > madwifi.org[0], the CVE is slightly misleading in regards to that detail. Well I never said it is :) But thanks for the information, I checked this and added it as not-affected to the security tracker. > Package awaiting sponsorship. If you need a sponsor contact my by private mail I can sponsor this for you. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgphXIeTYTSPz.pgp Description: PGP signature
Bug#444938: pkinit does not belong in libkrb53
Yeah. I'm expecting the upstream 1.6.3 release today or tomorrow. I can upload that with a new package for pkinit and that will close this bug. --Sam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446913: opal includes the file include/codec/ilbccodec.h, making it not DFSG-free
Package: opal Version: 2.2.11~dfsg1-1 Severity: grave The source tarball for opal ships the file include/codec/ilbccodec.h, Although it is not used in the build, one can argue that this file is technically part of the iLBC codec, making the package not DFSG-free. --- System information. --- Architecture: i386 Kernel: Linux 2.6.22-2-686 Debian Release: lenny/sid 500 unstabledownload.xs4all.nl 500 testing download.xs4all.nl 500 testing debian-mirrors.sdinet.de 1 experimentaldownload.xs4all.nl --- Package information. --- Depends (Version) | Installed ===-+-=== | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 446906 is serious
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.10.7ubuntu5 > severity 446906 serious Bug#446906: gnome-screensaver does not grab keyboard input Severity set to `serious' from `important' > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: pyicqt: diff for NMU version 0.8a-1.1
Processing commands for [EMAIL PROTECTED]: > tags 436935 + patch Bug#436935: pyicqt: please add patch for bug with "'module' object has no attribute 'checkPID'" Tags were: patch Tags added: patch > tags 439778 + patch Bug#439778: pyicqt: Missing dependency python-pyopenssl There were no tags set. Tags added: patch > tags 441023 + patch Bug#441023: pyicqt not starting There were no tags set. Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#436935: pyicqt: diff for NMU version 0.8a-1.1
tags 436935 + patch tags 439778 + patch tags 441023 + patch thanks Hi, Attached is the diff for my pyicqt 0.8a-1.1 NMU, which I'm just uploading to DELAYED/7. -- Michal Čihař | http://cihar.com | http://blog.cihar.com diff -u pyicqt-0.8a/debian/patches/00list pyicqt-0.8a/debian/patches/00list --- pyicqt-0.8a/debian/patches/00list +++ pyicqt-0.8a/debian/patches/00list @@ -2,0 +3 @@ +03_fix-current-twisted diff -u pyicqt-0.8a/debian/changelog pyicqt-0.8a/debian/changelog --- pyicqt-0.8a/debian/changelog +++ pyicqt-0.8a/debian/changelog @@ -1,3 +1,13 @@ +pyicqt (0.8a-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix crash with current twisted (Closes: #436935, #441023). + * Fix missing dependency (Closes: #439778). + * I know there could be done more for this package, but this is just a NMU +to fix most annoying breakages. + + -- Michal Čihař <[EMAIL PROTECTED]> Tue, 16 Oct 2007 22:43:52 +0900 + pyicqt (0.8a-1) unstable; urgency=low * Initial release (Closes: #406659) diff -u pyicqt-0.8a/debian/control pyicqt-0.8a/debian/control --- pyicqt-0.8a/debian/control +++ pyicqt-0.8a/debian/control @@ -9,7 +9,7 @@ Package: pyicqt Architecture: all -Depends: ${python:Depends}, python-twisted (>=2.0.0), python-twisted-web (>=0.5.0), python-twisted-words (>= 0.1.0), python-crypto, adduser, ${misc:Depends} +Depends: ${python:Depends}, python-twisted (>=2.0.0), python-twisted-web (>=0.5.0), python-twisted-words (>= 0.1.0), python-crypto, adduser, ${misc:Depends}, python-pyopenssl Suggests: jabberd2 | jabber | ejabberd Recommends: python-nevow (>= 0.4.1), python-mysqldb (>= 1.0.0), python-imaging Description: ICQ transport for Jabber only in patch2: unchanged: --- pyicqt-0.8a.orig/debian/patches/03_fix-current-twisted.dpatch +++ pyicqt-0.8a/debian/patches/03_fix-current-twisted.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_fix-current-twisted.dpatch by Michal Čihař <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Imports correct module within current twisted. + [EMAIL PROTECTED]@ +diff -urNad pyicqt-0.8a~/src/main.py pyicqt-0.8a/src/main.py +--- pyicqt-0.8a~/src/main.py 2007-06-04 10:10:36.0 +0900 pyicqt-0.8a/src/main.py 2007-10-16 22:54:18.0 +0900 +@@ -89,7 +89,10 @@ + import signal + signal.signal(signal.SIGHUP, reloadConfig) + # Load scripts for PID and daemonizing +- from twisted.scripts import twistd ++ try: ++ from twisted.scripts import _twistd_unix as twistd ++ except: ++ from twisted.scripts import twistd + + selectWarning = "Unable to install any good reactors (kqueue, cf, epoll, poll).\nWe fell back to using select. You may have scalability problems.\nThis reactor will not support more than 1024 connections +at a time. You may silence this message by choosing 'select' or 'default' as your reactor in the transport config." + if config.reactor and len(config.reactor) > 0:
Bug#446691: defrag: should this package be removed?
severity 446691 normal reassign 446691 ftp.debian.org retitle 446691 RM: defrag -- RoM; orphaned upstream and out of sync with common ext2/3 features thanks Lucas Nussbaum <[EMAIL PROTECTED]> writes: > Package: defrag > Version: 0.73pjm1-8 > Severity: serious > User: [EMAIL PROTECTED] > Usertags: proposed-removal > > Hi, > > While reviewing some packages, your package came up as a possible > candidate for removal from Debian, because: > > * 4 RC bugs, opened for a long time, with no resolution path in sight. > * only really works with old ext2 filesystems. > * dangerous with modern ext2/ext3 FS, without telling so (#396449). > > I think that it would be much better to remove it from Debian for now. > There's no point in keeping it just to collect RC bugs. If upstream > work happens, you can always re-upload it... > > If you think that it should be orphaned instead of being removed from > Debian, please reply to this bug and tell so. > > If you agree, sending the following commands to [EMAIL PROTECTED] > should do it (after replacing nn with this bug's number): > severity nn normal > reassign nn ftp.debian.org > retitle nn RM: -- RoM; > thanks > > For more information, see > http://wiki.debian.org/ftpmaster_Removals > http://ftp-master.debian.org/removals.txt > > If you disagree and want to continue to maintain this package, please > just close this bug, preferably in an upload also fixing the other > issues. > > Thank you, There is a new attempt to make an defrag for ext2/3/4 in the works, very early works, that will do online defragmentation. But I believe this is so far away from being usable that it is not worth waiting for. I think the next generation defrag can (and probably should anyway) go through NEW again when the time comes. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#446691: defrag: should this package be removed?
Processing commands for [EMAIL PROTECTED]: > severity 446691 normal Bug#446691: defrag: should this package be removed? Severity set to `normal' from `serious' > reassign 446691 ftp.debian.org Bug#446691: defrag: should this package be removed? Bug reassigned from package `defrag' to `ftp.debian.org'. > retitle 446691 RM: defrag -- RoM; orphaned upstream and out of sync with > common ext2/3 features Bug#446691: defrag: should this package be removed? Changed Bug title to `RM: defrag -- RoM; orphaned upstream and out of sync with common ext2/3 features' from `defrag: should this package be removed?'. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446891: marked as done (ntp: problem of dependency related to libssl0.9.8)
Your message dated Tue, 16 Oct 2007 15:24:58 +0200 with message-id <[EMAIL PROTECTED]> and subject line Bug#446891: ntp: problem of dependency related to libssl0.9.8 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: ntp Version: 1:4.2.4p3+dfsg-1 Severity: grave Justification: renders package unusable Hi, since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to start. I got this error message: ntpd [EMAIL PROTECTED] Mon Aug 27 23:51:28 UTC 2007 (1) ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 and this is the same with the stable version: ntpd [EMAIL PROTECTED] Sun Mar 4 13:27:01 UTC 2007 (1) ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 thanks in advance for your help -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (900, 'unstable'), (500, 'testing'), (2, 'stable'), (1, 'experimental') Architecture: powerpc (ppc) Kernel: Linux 2.6.23-1-powerpc Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) (ignored: LC_ALL set to fr_FR) Shell: /bin/sh linked to /bin/bash Versions of packages ntp depends on: ii adduser 3.105 add and remove users and groups ii libc6 2.6.1-5GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libreadline5 5.2-3 GNU readline and history libraries ii libssl0.9.8 0.9.8f-1 SSL shared libraries ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii netbase 4.30 Basic TCP/IP networking system ii perl 5.8.8-11 Larry Wall's Practical Extraction ntp recommends no packages. -- no debconf information -- GALLIEN Matthieu --- End Message --- --- Begin Message --- Le mardi 16 octobre 2007, Cyril Brulebois a écrit : > GALLIEN Matthieu <[EMAIL PROTECTED]> (15/10/2007): > > Package: ntp > > Version: 1:4.2.4p3+dfsg-1 > > Severity: grave > > Justification: renders package unusable > > > > Hi, > > Hi. > > > since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to > > start. I got this error message: > > > > ntpd [EMAIL PROTECTED] Mon Aug 27 23:51:28 UTC 2007 (1) > > ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 > > Duplicate of #446710 & #446711. > See http://packages.qa.debian.org/n/ntp/news/20071015T121718Z.html Sorry, you are true and I have looked too fast at the bug reports. Sorry for the noise. I close the bug report. > > > and this is the same with the stable version: > > > > ntpd [EMAIL PROTECTED] Sun Mar 4 13:27:01 UTC 2007 (1) > > ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 > > Do you mean you're trying to run packages from mixed distribution? If > so, that wouldn't look like a bug a grave bug in this package… No in fact, I have libssl and ntp from unstable and I cannot start ntp due to a version mismatch with libssl. I have just try to have a working ntp by installing the stable version but that have also the same problem, however this bug report was against the unstable version of ntp. > > Cheers, -- GALLIEN Matthieu --- End Message ---
Bug#446268: vim ABRT: glibc: vim: invalid next size (fast): 0x00000000007fd430
On Tue, Oct 16, 2007 at 01:42:44PM +0100, martin f krafft wrote: > also sprach James Vega <[EMAIL PROTECTED]> [2007.10.16.1252 +0100]: > > 'patch073' was the actual patch that fixed the bug, so that would be a > > more distribution agnostic check for those of us that have to use more > > than just Debian systems. > > And patch073 was not included in 1:7.1-135+1? That seems a bit odd. Yes, it was included in 1:7.1-135+1. I was just noting the actual patch that fixed the bug in case someone has to use a hypothetical 7.1-080 package from distribution X. If they check for has('patch073') instead of patch('135') they'll rightly have 'preserveindent' enabled. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#446891: marked as done (ntp: problem of dependency related to libssl0.9.8)
Your message dated Tue, 16 Oct 2007 15:27:19 +0200 with message-id <[EMAIL PROTECTED]> and subject line [pkg-ntp-maintainers] Bug#446891: ntp: problem of dependency related to libssl0.9.8 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: ntp Version: 1:4.2.4p3+dfsg-1 Severity: grave Justification: renders package unusable Hi, since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to start. I got this error message: ntpd [EMAIL PROTECTED] Mon Aug 27 23:51:28 UTC 2007 (1) ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 and this is the same with the stable version: ntpd [EMAIL PROTECTED] Sun Mar 4 13:27:01 UTC 2007 (1) ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 thanks in advance for your help -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (900, 'unstable'), (500, 'testing'), (2, 'stable'), (1, 'experimental') Architecture: powerpc (ppc) Kernel: Linux 2.6.23-1-powerpc Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) (ignored: LC_ALL set to fr_FR) Shell: /bin/sh linked to /bin/bash Versions of packages ntp depends on: ii adduser 3.105 add and remove users and groups ii libc6 2.6.1-5GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libreadline5 5.2-3 GNU readline and history libraries ii libssl0.9.8 0.9.8f-1 SSL shared libraries ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii netbase 4.30 Basic TCP/IP networking system ii perl 5.8.8-11 Larry Wall's Practical Extraction ntp recommends no packages. -- no debconf information -- GALLIEN Matthieu --- End Message --- --- Begin Message --- Version: 4.2.4p4+dfsg-1 Am Montag, 15. Oktober 2007 schrieb GALLIEN Matthieu: > since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to > start. Time to upgrade. --- End Message ---
Bug#443294: marked as done (ragel - FTBFS: glibc detected *** fig2dev: double free or corruption (!prev): 0x00479008 ***)
Your message dated Tue, 16 Oct 2007 13:17:04 + with message-id <[EMAIL PROTECTED]> and subject line Bug#443294: fixed in ragel 5.23-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: ragel Version: 5.23-1 Severity: serious There was an error while trying to autobuild your package: > Automatic build of ragel_5.23-1 on lxdebian.bfinv.de by sbuild/s390 98 [...] > make[1]: Entering directory `/build/buildd/ragel-5.23/doc' > fig2dev -L pdf bmconcat.fig bmconcat.pdf > CRIT: typecheck in .knownget > Operand stack: > 0 --nostringval-- setuserparams --nostringval-- VMReclaim 0 -2048 > -2048 VMReclaim 0 > Error in ghostcript command > command was: gs -q -dNOPAUSE -sAutoRotatePages=None > -dAutoFilterColorImages=false -dColorImageFilter=/FlateEncode > -sDEVICE=pdfwrite -dPDFSETTINGS=/prepress -sOutputFile=bmconcat.pdf - -c quit > *** glibc detected *** fig2dev: double free or corruption (!prev): 0x00479008 > *** > === Backtrace: = > /lib/libc.so.6[0x4015fc60] > /lib/libc.so.6(cfree+0x76)[0x4016178a] > /lib/libc.so.6(fclose+0x11a)[0x4014fade] > fig2dev(sin+0x19e8)[0x403ff8] > /lib/libc.so.6(__libc_start_main+0xc2)[0x401090b2] > fig2dev(ceil+0x58)[0x402788] > === Memory map: > 0040-0046a000 r-xp fe:00 279980 > /usr/bin/fig2dev > 0046a000-0046e000 rw-p 00069000 fe:00 279980 > /usr/bin/fig2dev > 0046e000-0049a000 rwxp 0046e000 00:00 0 > [heap] > 4000-4001d000 r-xp fe:00 279437 > /lib/ld-2.6.1.so > 4001d000-4001f000 rw-p 0001c000 fe:00 279437 > /lib/ld-2.6.1.so > 4001f000-4002 rw-p 4001f000 00:00 0 > 40023000-40047000 r-xp fe:00 302064 > /usr/lib/libpng12.so.0.15.0 > 40047000-40048000 rw-p 00024000 fe:00 302064 > /usr/lib/libpng12.so.0.15.0 > 40048000-40058000 r-xp fe:00 302090 > /usr/lib/libXpm.so.4.11.0 > 40058000-40059000 rw-p f000 fe:00 302090 > /usr/lib/libXpm.so.4.11.0 > 40059000-400ef000 r-xp fe:00 279444 > /lib/libm-2.6.1.so > 400ef000-400f r--p 00095000 fe:00 279444 > /lib/libm-2.6.1.so > 400f-400f1000 rw-p 00096000 fe:00 279444 > /lib/libm-2.6.1.so > 400f1000-40237000 r-xp fe:00 279440 > /lib/libc-2.6.1.so > 40237000-40238000 r--p 00146000 fe:00 279440 > /lib/libc-2.6.1.so > 40238000-4023a000 rw-p 00147000 fe:00 279440 > /lib/libc-2.6.1.so > 4023a000-4023e000 rw-p 4023a000 00:00 0 > 4023e000-40254000 r-xp fe:00 425991 > /usr/lib/libz.so.1.2.3.3 > 40254000-40255000 rw-p 00015000 fe:00 425991 > /usr/lib/libz.so.1.2.3.3 > 40255000-40358000 r-xp fe:00 302017 > /usr/lib/libX11.so.6.2.0 > 40358000-4035c000 rw-p 00102000 fe:00 302017 > /usr/lib/libX11.so.6.2.0 > 4035c000-4035e000 r-xp fe:00 302013 > /usr/lib/libXau.so.6.0.0 > 4035e000-4035f000 rw-p 1000 fe:00 302013 > /usr/lib/libXau.so.6.0.0 > 4035f000-40364000 r-xp fe:00 302015 > /usr/lib/libXdmcp.so.6.0.0 > 40364000-40365000 rw-p 4000 fe:00 302015 > /usr/lib/libXdmcp.so.6.0.0 > 40365000-40368000 r-xp fe:00 279443 > /lib/libdl-2.6.1.so > 40368000-40369000 r--p 2000 fe:00 279443 > /lib/libdl-2.6.1.so > 40369000-4036a000 rw-p 3000 fe:00 279443 > /lib/libdl-2.6.1.so > 4036a000-4036c000 rw-p 4036a000 00:00 0 > 4036f000-40376000 r-xp fe:00 279551 > /lib/libnss_compat-2.6.1.so > 40376000-40377000 r--p 7000 fe:00 279551 > /lib/libnss_compat-2.6.1.so > 40377000-40378000 rw-p 8000 fe:00 279551 > /lib/libnss_compat-2.6.1.so > 40378000-4038e000 r-xp fe:00 279447 > /lib/libnsl-2.6.1.so > 4038e000-4038f000 r--p 00015000 fe:00 279447 > /lib/libnsl-2.6.1.so > 4038f000-4039 rw-p 00016000 fe:00 27944
Bug#446891: ntp: problem of dependency related to libssl0.9.8
GALLIEN Matthieu <[EMAIL PROTECTED]> (15/10/2007): > Package: ntp > Version: 1:4.2.4p3+dfsg-1 > Severity: grave > Justification: renders package unusable > > Hi, Hi. > since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to start. > I got this error message: > > ntpd [EMAIL PROTECTED] Mon Aug 27 23:51:28 UTC 2007 (1) > ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 Duplicate of #446710 & #446711. See http://packages.qa.debian.org/n/ntp/news/20071015T121718Z.html > and this is the same with the stable version: > > ntpd [EMAIL PROTECTED] Sun Mar 4 13:27:01 UTC 2007 (1) > ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 Do you mean you're trying to run packages from mixed distribution? If so, that wouldn't look like a bug a grave bug in this package… Cheers, -- Cyril Brulebois signature.asc Description: Digital signature
Bug#446893: nifticlib: Tests fail on ARM
Package: nifticlib Version: 0.5-1 Severity: serious Justification: no longer builds from source I just became aware that this package fails to build on 'arm' since version 0.5-1. While the actual building works (some of) the tests fail: Here is the list of failed tests for version: 0.5 The following tests FAILED: 3 - nifti1_test_n1 (Failed) 4 - nifti1_test_n2 (Failed) 5 - nifti1_test_a2 (Failed) 6 - nifti1_test_zn1 (Failed) 7 - nifti1_test_zn2 (Failed) 8 - nifti1_test_za2 (Failed) 9 - nifti_tool_n1 (Failed) 10 - nifti_tool_n2 (Failed) 11 - nifti_tool_a2 (Failed) 12 - nifti_tool_zn1 (Failed) 13 - nifti_tool_zn2 (Failed) 14 - nifti_tool_za2 (Failed) 15 - nifti_tool_diff_hdr (Failed) 16 - nifti_tool_diff_nims (Failed) 17 - nifti_tool_copy_brick_list (Failed) 20 - nifti_tool_strip_extras (Failed) With version 0.6 the situation seems to have improved, but two tests are still failing: The following tests FAILED: 17 - nifti_tool_copy_brick_list (Failed) 20 - nifti_tool_strip_extras (Timeout) The full build logs are available on this page: http://buildd.debian.org/build.php?arch=arm&pkg=nifticlib -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable'), (200, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) -- GPG key: 1024D/3144BE0F Michael Hanke http://apsy.gse.uni-magdeburg.de/hanke ICQ: 48230050 signature.asc Description: Digital signature
Bug#446268: vim ABRT: glibc: vim: invalid next size (fast): 0x00000000007fd430
also sprach James Vega <[EMAIL PROTECTED]> [2007.10.16.1252 +0100]: > 'patch073' was the actual patch that fixed the bug, so that would be a > more distribution agnostic check for those of us that have to use more > than just Debian systems. And patch073 was not included in 1:7.1-135+1? That seems a bit odd. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#446891: ntp: problem of dependency related to libssl0.9.8
Package: ntp Version: 1:4.2.4p3+dfsg-1 Severity: grave Justification: renders package unusable Hi, since I have upgraded libssl0.9.8 yesterday, ntpd completely refuses to start. I got this error message: ntpd [EMAIL PROTECTED] Mon Aug 27 23:51:28 UTC 2007 (1) ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 and this is the same with the stable version: ntpd [EMAIL PROTECTED] Sun Mar 4 13:27:01 UTC 2007 (1) ntpd: OpenSSL version mismatch. Built against 90805f, you have 908070 thanks in advance for your help -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (900, 'unstable'), (500, 'testing'), (2, 'stable'), (1, 'experimental') Architecture: powerpc (ppc) Kernel: Linux 2.6.23-1-powerpc Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) (ignored: LC_ALL set to fr_FR) Shell: /bin/sh linked to /bin/bash Versions of packages ntp depends on: ii adduser 3.105 add and remove users and groups ii libc6 2.6.1-5GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libreadline5 5.2-3 GNU readline and history libraries ii libssl0.9.8 0.9.8f-1 SSL shared libraries ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip ii netbase 4.30 Basic TCP/IP networking system ii perl 5.8.8-11 Larry Wall's Practical Extraction ntp recommends no packages. -- no debconf information -- GALLIEN Matthieu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446858: skencil also contains /usr/bin/sketch
David Bremner wrote: > I will discuss this with the skencil > maintainer and see about the best way to fix this. this was actually not intended, i simply forgot to remove the link, which is fixed in skencil 0.6.17-11. Regards, Daniel -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446268: vim ABRT: glibc: vim: invalid next size (fast): 0x00000000007fd430
On Tue, Oct 16, 2007 at 12:09:36PM +0100, martin f krafft wrote: > also sprach martin f krafft <[EMAIL PROTECTED]> [2007.10.11.1625 +0100]: > > set et pi > > if has('patch135') 'patch073' was the actual patch that fixed the bug, so that would be a more distribution agnostic check for those of us that have to use more than just Debian systems. > set pi > endif > > for those who can't upgrade. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#446885: Broken dependency related to gimp-print
Package: gimp Version: 2.4.0~rc2-1 Severity: serious --- Please enter the report below this line. --- It is not possible to upgrade gimp because apt wants to uninstall gimp-print. The dependencies should be fixed (maybe set the dependency on gimp-gutenprint instead of on gimp-print?). --- System information. --- Architecture: i386 Kernel: Linux 2.6.22-2-686 Debian Release: lenny/sid 990 unstable www.debian-multimedia.org 990 unstable ftp.uk.debian.org 500 stable dl.google.com 500 experimental www.debian-multimedia.org 1 experimental ftp.uk.debian.org --- Package information. --- Depends (Version) | Installed ==-+-== gimp-data (>= 2.4.0~rc2) | 2.4.0~rc2-1 gimp-data (<< 2.4.0~rc2-z) | 2.4.0~rc2-1 libaa1 (>= 1.2) | 1.4p5-32 libart-2.0-2 (>= 2.3.18) | 2.3.19-3 libatk1.0-0 (>= 1.13.2) | 1.20.0-1 libc6 (>= 2.6-1) | 2.6.1-5 libcairo2 (>= 1.4.0) | 1.4.10-1 libdbus-1-3 (>= 1.1.1) | 1.1.1-3 libdbus-glib-1-2 (>= 0.74) | 0.74-1 libexif12 | 0.6.16-2 libfontconfig1 (>= 2.4.0) | 2.4.2-1.2 libfreetype6 (>= 2.3.5) | 2.3.5-1+b1 libgimp2.0 (>= 2.4.0~rc1) | 2.4.0~rc3-1 libglib2.0-0 (>= 2.14.0) | 2.14.1-5 libgtk2.0-0 (>= 2.10.12-3) | 2.12.0-3 libhal1 (>= 0.5.9) | 0.5.9.1-6 libjpeg62 | 6b-14 liblcms1 (>= 1.15-1) | 1.16-6 libmng1 (>= 1.0.3-1) | 1.0.9-1 libpango1.0-0 (>= 1.18.1) | 1.18.2-2 libpng12-0 (>= 1.2.13-4) | 1.2.15~beta5-3 libpoppler-glib1 (>= 0.5.1) | 0.5.4-6.2 librsvg2-2 (>= 2.18.1) | 2.18.2-1 libtiff4 | 3.8.2-7 libwmf0.2-7 (>= 0.2.8.4) | 0.2.8.4-6 libx11-6 | 2:1.0.3-7 libxcursor1 (>> 1.1.2) | 1:1.1.9-1 libxext6 | 1:1.0.3-2 libxfixes3 (>= 1:4.0.1) | 1:4.0.3-2 libxi6 | 2:1.1.3-1 libxinerama1 | 1:1.0.2-1 libxmu6 | 1:1.0.3-1 libxpm4 | 1:3.5.7-1 libxrandr2 (>= 2:1.2.0) | 2:1.2.2-1 libxrender1 | 1:0.9.4-1 zlib1g (>= 1:1.2.3.3.dfsg-1) | 1:1.2.3.3.dfsg-6
Bug#446268: vim ABRT: glibc: vim: invalid next size (fast): 0x00000000007fd430
also sprach martin f krafft <[EMAIL PROTECTED]> [2007.10.11.1625 +0100]: > set et pi if has('patch135') set pi endif for those who can't upgrade. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#430319: marked as done (ldbl128 transition for alpha, powerpc, sparc, s390)
Your message dated Tue, 16 Oct 2007 11:02:11 + with message-id <[EMAIL PROTECTED]> and subject line Bug#430319: fixed in pdl 1:2.4.3-4 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: pdl Severity: serious User: [EMAIL PROTECTED] Usertags: goal-ldbl128 Discussed in http://lists.debian.org/debian-devel/2007/05/msg01173.html With glibc-2.5 and gcc-4.1.2 (and gcc-4.2), the 'long double' data type did change from a 64bit representation to a 128bit representation on alpha, powerpc, sparc, s390. To allow partial upgrades of packages, we will need to rename all packages holding libraries with the long double data type in their API. Both libc and libstdc++ do not need to be renamed, because they support both representations. We rename the library packages on all architectures to avoid name mismatches between architectures (you can avoid the renaming by supporting both datatype representations in the library as done in glibc and libstdc++, but unless a library is prepared for that, it does not seem to be worth the effort). It is suggested to rename a package libfoo1 to libfoo1ldbl; please wait with the renaming if the package depends on another library package which needs renaming. This package has been indentified as one with header files in /usr/include matching 'long *double'. Please close this bug report if it is a false positive, or rename the package accordingly. --- End Message --- --- Begin Message --- Source: pdl Source-Version: 1:2.4.3-4 We believe that the bug you reported is fixed in the latest version of pdl, which is due to be installed in the Debian FTP archive: pdl_2.4.3-4.diff.gz to pool/main/p/pdl/pdl_2.4.3-4.diff.gz pdl_2.4.3-4.dsc to pool/main/p/pdl/pdl_2.4.3-4.dsc pdl_2.4.3-4_i386.deb to pool/main/p/pdl/pdl_2.4.3-4_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Henning Glawe <[EMAIL PROTECTED]> (supplier of updated pdl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 16 Oct 2007 10:25:18 +0200 Source: pdl Binary: pdl Architecture: source i386 Version: 1:2.4.3-4 Distribution: unstable Urgency: low Maintainer: Henning Glawe <[EMAIL PROTECTED]> Changed-By: Henning Glawe <[EMAIL PROTECTED]> Description: pdl- perl data language: Perl extensions for numerics Closes: 304217 379932 415426 424345 430319 Changes: pdl (1:2.4.3-4) unstable; urgency=low . * clean up leftover files not caught by pdl's distclean target (closes: #424345) * clearly state in PDL::Fit::Gaussian synopsis that PDL has to be loaded first (closes: #379932) * apply patch for uniqvec/qsortvec from upstream BTS (closes: #415426) * encode Latin1 characters in POD documentation as roff * postprocess the "reduce" manpage's NAME section to remove roff macros (closes: #304217) * remove misplaced whitespace characters from changelog * fix the menu entry to reflect current menu policy * add lintian override to ignore the missing html files; they are generated in the postinst script, so lintian can not see them * fix the gsl version check * comment out the dump() calls in t/xvals.t test, as this seems to confuse the test result parser * rebuild for the ldbl128 transition (closes: #430319) Files: 239dbd80825690155f533f23eef165cf 819 math optional pdl_2.4.3-4.dsc e0ef3e546f7c8d6f846db05bd99b1a05 4354 math optional pdl_2.4.3-4.diff.gz 6588e804faedfde0f8a0563761b33b24 5234546 math optional pdl_2.4.3-4_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHFJfggjOm0i0vde8RAmN+AKCyljxGdsIdvwbOX1krNYZuaAht/wCfaW3o l4gSXeb7F5IF0hcvu3f6jqg= =Xchr -END PGP SIGNATURE- --- End Message ---
Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host
severity 446862 wishlist tags -security On Tue, October 16, 2007 12:06, Stephen Gran wrote: > Really? As you yourself noted, the default install doesn't give fewer > privileges to [EMAIL PROTECTED] over [EMAIL PROTECTED] I don't see a > privilege > escalation for the normal install here, so I don't see how this is a > security problem or a grave bug. > > I agree it's a useful patch to allow admins to decrease the privilege of > [EMAIL PROTECTED] if they prefer. I am not involved in phpmyadmin > maintenance, so I won't do any bug triage beyond this comment, but I > suggest downgrading to wishlist, retitiling "I would like to be able to > discover if this is a remote connection", and removing the security tag. I agree with Stephen here. This is expected behaviour of phpmyadmin and anyone installing it knowingly opens up local access to their database from Apache, as that is exactly the point of the package. phpMyAdmin warns you clearly if you have no root password set for MySQL to help avoid the most blatant holes. That MySQL does not set a root password on initial install is a debatable issue but it seems to be a design decision by MySQL. I'll investigate the patch later to see whether we can do something useful with it, thanks. But it's not a security issue so I'm marking the bug appropriately. Thijs
Processed (with 5 errors): Re: Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host
Processing commands for [EMAIL PROTECTED]: > severity 446862 wishlist Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host Severity set to `wishlist' from `critical' > tags -security Unknown command or malformed arguments to command. > On Tue, October 16, 2007 12:06, Stephen Gran wrote: Unknown command or malformed arguments to command. > > Really? As you yourself noted, the default install doesn't give fewer Unknown command or malformed arguments to command. > > privileges to [EMAIL PROTECTED] over [EMAIL PROTECTED] I don't see a > > privilege Unknown command or malformed arguments to command. > > escalation for the normal install here, so I don't see how this is a Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host
This one time, at band camp, Anon Sricharoenchai said: > Package: phpmyadmin > Version: 4:2.6.2-3sarge5 > Severity: critical > Justification: root security hole > Tags: security patch > > Since, phpmyadmin is on apache, and apache can be accessed from remote > host, so remote host can access mysql's [EMAIL PROTECTED] via phpmyadmin. > This will break mysql security policy. Really? As you yourself noted, the default install doesn't give fewer privileges to [EMAIL PROTECTED] over [EMAIL PROTECTED] I don't see a privilege escalation for the normal install here, so I don't see how this is a security problem or a grave bug. I agree it's a useful patch to allow admins to decrease the privilege of [EMAIL PROTECTED] if they prefer. I am not involved in phpmyadmin maintenance, so I won't do any bug triage beyond this comment, but I suggest downgrading to wishlist, retitiling "I would like to be able to discover if this is a remote connection", and removing the security tag. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Bug#443561: marked as forwarded (off_t size changed causing ABI breakage, but ABI was not bumped)
Your message dated Tue, 16 Oct 2007 11:38:41 +0200 with message-id <[EMAIL PROTECTED]> has caused the Debian Bug report #443561, regarding off_t size changed causing ABI breakage, but ABI was not bumped to be marked as having been forwarded to the upstream software author(s) Jeffrey Stedfast <[EMAIL PROTECTED]>. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Hello Jeffrey, Attached is another bugreport I should've forwarded earlier. By enabling large file support, the size of off_t changes, and therefore the size of any struct containing a field of type off_t. The API is still compatible, but the ABI is not. The best way to "fix" this is to bump the soname. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]> --- Begin Message --- Package: libgmime-2.0-2 Severity: serious Version: 2.2.10-1 libgmime-2.0-2 introduced an ABI breakage in 2.2.10-1 by activating LFS. GMime has a streaming API which uses off_t, and that changed size. From the build logs: Automatic build of gmime2.2_2.2.9-1 on ninsei by sbuild/i386 99.99 checking size of off_t... 4 Automatic build of gmime2.2_2.2.10-1 on ninsei by sbuild/i386 99.99 checking size of off_t... 8 Also this causes gmime-sharp to pass incorectly sized parameters being passed to the streaming functions causing crashes (asserts), see #442173. -- Regards, Mirco 'meebey' Bauer PGP-Key ID: 0xEEF946C8 FOSS Developer[EMAIL PROTECTED] http://www.meebey.net/ PEAR Developer[EMAIL PROTECTED] http://pear.php.net/ Debian Developer [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: This is a digitally signed message part --- End Message --- signature.asc Description: Digital signature --- End Message ---
Processed: reassign FTBFS to scons
Processing commands for [EMAIL PROTECTED]: > reassign 444543 scons Bug#444543: abakus: FTBFS: __str__ returned non-string (type instance) Bug reassigned from package `abakus' to `scons'. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#443990: marked as done (After GNOME upgrade, all swing applications crash on startup)
Your message dated Tue, 16 Oct 2007 09:47:02 + with message-id <[EMAIL PROTECTED]> and subject line Bug#443990: fixed in bug-buddy 2.20.1+dfsg-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: sun-java6-jre Version: 6-02-1 Severity: grave Justification: renders package unusable Since the transition to GNOME 2.20 and the latest Gtk+, all swing applications crash on startup, here is the console output of freemind starting: 25.09.2007 10:38:33 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Aktualisieren des Look And Feel... 25.09.2007 10:38:33 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Task: null (1) last 0.836 seconds. Total: 0.836 25.09.2007 10:38:33 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Beginnig task:FreeMind.progress.updateLookAndFeel 25.09.2007 10:38:33 freemind.main.FreeMind updateLookAndFeel INFO: Default (System) Look & Feel: com.sun.java.swing.plaf.gtk.GTKLookAndFeel 25.09.2007 10:38:34 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Controller erzeugen... 25.09.2007 10:38:34 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Task: FreeMind.progress.updateLookAndFeel (2) last 1.382 seconds. Total: 2.218 25.09.2007 10:38:34 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Beginnig task:FreeMind.progress.createController /usr/lib/bug-buddy/: No such file or directory. I suspected that this was related to the new clearlooks theme, which has been changed in Gnome 2.20, however, after switching to the old default Gtk theme, the application would still crash on startup, albeit a little later: 25.09.2007 10:43:09 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Beginnig task:FreeMind.progress.buildScreen 25.09.2007 10:43:09 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Start beendet. 25.09.2007 10:43:09 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Task: FreeMind.progress.buildScreen (9) last 0.399 seconds. Total: 50.652 25.09.2007 10:43:09 freemind.main.FreeMindSplash$FeedBackImpl progress INFO: Beginnig task:FreeMind.progress.endStartup (:32075): Gtk-CRITICAL **: gtk_paint_box: assertion `style->depth == gdk_drawable_get_depth (window)' failed (:32075): Gtk-CRITICAL **: gtk_paint_box: assertion `style->depth == gdk_drawable_get_depth (window)' failed /usr/lib/bug-buddy/: No such file or director -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-k7 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sun-java6-jre depends on: ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy ii java-common 0.26 Base of all Java packages ii locales 2.6.1-5GNU C Library: National Language ( ii sun-java6-bin 6-02-1 Sun Java(TM) Runtime Environment ( Versions of packages sun-java6-jre recommends: ii gsfonts-x11 0.20 Make Ghostscript fonts available t -- debconf information: sun-java6-jre/stopthread: true * shared/accepted-sun-dlj-v1-1: true sun-java6-jre/jcepolicy: shared/error-sun-dlj-v1-1: * shared/present-sun-dlj-v1-1: --- End Message --- --- Begin Message --- Source: bug-buddy Source-Version: 2.20.1+dfsg-1 We believe that the bug you reported is fixed in the latest version of bug-buddy, which is due to be installed in the Debian FTP archive: bug-buddy_2.20.1+dfsg-1.diff.gz to pool/main/b/bug-buddy/bug-buddy_2.20.1+dfsg-1.diff.gz bug-buddy_2.20.1+dfsg-1.dsc to pool/main/b/bug-buddy/bug-buddy_2.20.1+dfsg-1.dsc bug-buddy_2.20.1+dfsg-1_amd64.deb to pool/main/b/bug-buddy/bug-buddy_2.20.1+dfsg-1_amd64.deb bug-buddy_2.20.1+dfsg.orig.tar.gz to pool/main/b/bug-buddy/bug-buddy_2.20.1+dfsg.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Josselin Mouette <[EMAIL PROTECTED]> (supplier of updated bug-buddy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailin
Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
tags 446824 pending thanks On Tue, 16 Oct 2007 08:37:31 am Nico Golde wrote: > | Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial > | of service (panic) via a beacon frame with a large length value in the > | extended supported rates (xrates) element, which triggers an assertion > | error, related to net80211/ieee80211_scan_ap.c and > | net80211/ieee80211_scan_sta.c. net80211/ieee80211_scan_ap.c in not vulnerable in any stable release from madwifi.org[0], the CVE is slightly misleading in regards to that detail. Package awaiting sponsorship. Thanks, Kel. [0] http://madwifi.org/changeset/2749 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame
Processing commands for [EMAIL PROTECTED]: > tags 446824 pending Bug#446824: CVE-2007-5448 remote denial of service via crafted beacon frame Tags were: patch security Tags added: pending > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446850: marked as done (cpad-kernel-source: can't install)
Your message dated Tue, 16 Oct 2007 09:02:03 + with message-id <[EMAIL PROTECTED]> and subject line Bug#446850: fixed in cpad-kernel 0.10-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: cpad-kernel-source Version: 0.10-4 Severity: grave Justification: renders package unusable $ sudo apt-get install cpad-kernel-source Reading package lists... Done Building dependency tree Reading state information... Done cpad-kernel-source is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 210 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up cpad-kernel-source (0.10-4) ... /var/lib/dpkg/info/cpad-kernel-source.postinst: line 49: [: too many arguments Warning: kernel headers don't match running Linux version. Building cpad module for Linux _CODE 13263 (this may take a few minutes)...dpkg: error processing cpad-kernel-source (--configure): subprocess post-installation script returned error exit status 2 Errors were encountered while processing: cpad-kernel-source E: Sub-process /usr/bin/dpkg returned an error code (1) -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cpad-kernel-source depends on: ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii make 3.81-3 The GNU version of the "make" util Versions of packages cpad-kernel-source recommends: pn cpad-common(no description available) -- debconf information: cpad-kernel-source/wrong_kernel: false cpad-kernel-source/recompile: true cpad-kernel-source/kernel: /usr/src/linux/ cpad-kernel-source/module: true cpad-kernel-source/erase: false cpad-kernel-source/verbose: false cpad-kernel-source/module_location: --- End Message --- --- Begin Message --- Source: cpad-kernel Source-Version: 0.10-5 We believe that the bug you reported is fixed in the latest version of cpad-kernel, which is due to be installed in the Debian FTP archive: cpad-common_0.10-5_all.deb to pool/main/c/cpad-kernel/cpad-common_0.10-5_all.deb cpad-kernel-dev_0.10-5_all.deb to pool/main/c/cpad-kernel/cpad-kernel-dev_0.10-5_all.deb cpad-kernel-source_0.10-5_all.deb to pool/main/c/cpad-kernel/cpad-kernel-source_0.10-5_all.deb cpad-kernel_0.10-5.diff.gz to pool/main/c/cpad-kernel/cpad-kernel_0.10-5.diff.gz cpad-kernel_0.10-5.dsc to pool/main/c/cpad-kernel/cpad-kernel_0.10-5.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ron Lee <[EMAIL PROTECTED]> (supplier of updated cpad-kernel package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Tue, 16 Oct 2007 17:16:53 +0930 Source: cpad-kernel Binary: cpad-kernel-dev cpad-common cpad-kernel-source Architecture: source all Version: 0.10-5 Distribution: unstable Urgency: low Maintainer: Ron Lee <[EMAIL PROTECTED]> Changed-By: Ron Lee <[EMAIL PROTECTED]> Description: cpad-common - common files to support the Synaptics cPad driver kernel modules cpad-kernel-dev - kernel header for the Synaptics cPad driver cpad-kernel-source - source for the Synaptics cPad driver Closes: 446850 Changes: cpad-kernel (0.10-5) unstable; urgency=low . * Fix for later kernels that moved UTS_RELEASE to a different file. Closes: #446850 Files: f26cf45e9d55c1225703b4a0a02c5d62 617 devel optional cpad-kernel_0.10-5.dsc 0080d3e36ce075f355bb011b52c7ddc5 32642 devel optional cpad-kernel_0.10-5.diff.gz 0839ac3527dcadf30a9c6b79243c945a 75064 devel optional cpad-kernel-source_0.10-5_all.deb 7a4f21888c4f0e2f89176449e0f54740 6898 libdevel optional cpad-common_0.10-5_all.deb ea06cd39c21b3fd475b50c9225af 7104 libdevel optional cpad-kernel-dev_0.10-5_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHFG/up4BCHGgCHO
Bug#441198: binNMU request for gtkmathview on amd64 [Was: Re: Bug#441198: Crash on amd64]
On Mon, Oct 15, 2007 at 02:48:16AM -0700, Steve Langasek wrote: > ... also, after manually installing libxpm-dev for the build and installing > the resulting packages, I still get a segfault on amd64. So binNMUs don't > seem to be the answer here. Thanks for this investigation, I've just reported #446864 for the t1lib issue. Since upstream has just released 0.8.0 I'll wait for the above bug to be solved and then give again a try to the latest upstream. Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ... now what? [EMAIL PROTECTED],debian.org,bononia.it} -%- http://www.bononia.it/zack/ (15:56:48) Zack: e la demo dema ?/\All one has to do is hit the (15:57:15) Bac: no, la demo scema\/right keys at the right time signature.asc Description: Digital signature
Processed: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host
Processing commands for [EMAIL PROTECTED]: > package phpmyadmin Ignoring bugs not assigned to: phpmyadmin > notfound 446862 2.9.1.1-4 Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host Bug no longer marked as found in version 2.9.1.1-4. > found 446862 4:2.9.1.1-4 Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host Bug marked as found in version 4:2.9.1.1-4. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host
Processing commands for [EMAIL PROTECTED]: > package phpmyadmin Ignoring bugs not assigned to: phpmyadmin > found 446862 2.9.1.1-4 Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host Bug marked as found in version 2.9.1.1-4. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446864: missing dep on libxpm-dev (or spurious -lXpm in .la file)
Package: libt1-dev Version: 5.1.1-1 Severity: serious File: /usr/lib/libt1x.la Compiling against libt1-dev fails if libxpm-dev is not installed. Either it should be declared as a dependency of libt1-dev, or the reference to -lXpm in /usr/lib/libt1x.la file should be removed. Severity serious since this bug induces FTBFSs in other packages, which used to build just fine. As an example see the gtkmathview (source) package and #441198 (note that the bug per se is not due to libt1-dev, but in the bug log an example of the FTBFS induced by libt1-dev is reported). TIA, Cheers. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libt1-dev depends on: ii libice-dev 2:1.0.4-1X11 Inter-Client Exchange library ii libsm-dev 2:1.0.3-1+b1 X11 Inter-Client Exchange library ii libt1-5 5.1.1-1 Type 1 font rasterizer library - r ii libx11-dev 2:1.0.3-7X11 client-side library (developme ii libxext-dev 1:1.0.3-2X11 miscellaneous extensions libra Versions of packages libt1-dev recommends: ii libt1-doc 5.1.1-1Type 1 font rasterizer library - d -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446858: skencil also contains /usr/bin/sketch
> "Michal" == Michal Politowski <[EMAIL PROTECTED]> writes: Michal> sketch and skencil install different /usr/bin/sketch Michal> commands, which is forbidden by the policy as it makes Michal> them uninstallable at the same time. Thank you for the report. I will discuss this with the skencil maintainer and see about the best way to fix this. All the best David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446862: phpmyadmin: default config allow mysql's [EMAIL PROTECTED] access from remote host
Package: phpmyadmin Version: 4:2.6.2-3sarge5 Severity: critical Justification: root security hole Tags: security patch Since, phpmyadmin is on apache, and apache can be accessed from remote host, so remote host can access mysql's [EMAIL PROTECTED] via phpmyadmin. This will break mysql security policy. I would like to suggest the patch to set default mysql host, by determining the network interface to which the client is connecting. * If connecting by http://localhost/phpmyadmin, the mysql host will be 'localhost'. * If connecting by http://hostname.hostdomain/phpmyadmin, the mysql host will be 'hostname.hostdomain'. * If php can't determine client information; for security reason, 'localhost.localdomain' will be set as mysql host. (By default, '[EMAIL PROTECTED]' will get the same privileges as other remote root access, '[EMAIL PROTECTED]', in mysql.) This will make phpmyadmin to be able to serve remote access, while not breaking security setting in mysql. One can still leave blank password in mysql's [EMAIL PROTECTED], by not worrying about it can be remotely accessed. The attached file is the patch for version 2.6.2-3sarge5 and 2.9.1.1-4. -- System Information: Debian Release: testing/unstable Architecture: i386 (i686) Kernel: Linux 2.6.10-5-386 Locale: LANG=C, LC_CTYPE=thai Versions of packages phpmyadmin depends on: ii apache [httpd] 1.3.31-6ubuntu0.9Versatile, high-performance HTTP s ii debconf 1.4.29ubuntu4Debian configuration management sy ii php44:4.3.8-3ubuntu7.15 A server-side, HTML-embedded scrip ii php4-cgi4:4.3.10-10ubuntu4.8 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.8-3ubuntu7.15 MySQL module for php4 ii ucf 1.07 Update Configuration File: preserv -- debconf information excluded diff --exclude='.*.swp' -ur phpmyadmin-2.6.2-3sarge5.orig/config.inc.php phpmyadmin-2.6.2-3sarge5/config.inc.php --- phpmyadmin-2.6.2-3sarge5.orig/config.inc.php 2007-10-16 11:40:28.613403000 +0700 +++ phpmyadmin-2.6.2-3sarge5/config.inc.php 2007-10-16 15:10:53.231170048 +0700 @@ -64,11 +64,32 @@ /** * Server(s) configuration */ +function non_fake_server_name($server_name) { +if (!isset($_SERVER['SERVER_ADDR'])) return false; +// HTTP_HOST can be in the format, "host:port" +list($server_name) = explode(':', $server_name); +foreach (gethostbynamel($server_name) as $ip) { +if ($_SERVER['SERVER_ADDR'] == $ip) return true; +} return false; +} +// By default, '[EMAIL PROTECTED]' will get the same privileges as +// other remote root access ('[EMAIL PROTECTED]') in mysql. +// For security reason, assume remote access using 'localhost.localdomain', +// when client information is missing. +if (empty($_SERVER)) $client_dependent_localhost = 'localhost.localdomain'; +// Client may fake "Host:" header. +elseif (isset($_SERVER['SERVER_NAME']) && non_fake_server_name($_SERVER['SERVER_NAME'])) +$client_dependent_localhost = $_SERVER['SERVER_NAME']; +elseif (isset($_SERVER['HTTP_HOST']) && non_fake_server_name($_SERVER['HTTP_HOST'])) +list($client_dependent_localhost) = explode(':', $_SERVER['HTTP_HOST']); +elseif (isset($_SERVER['SERVER_ADDR'])) +$client_dependent_localhost = $_SERVER['SERVER_ADDR']; +else $client_dependent_localhost = 'localhost.localdomain'; $i = 0; // The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use $cfg['Servers'][0]. // You can disable a server config entry by setting host to ''. $i++; -$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname or IP address +$cfg['Servers'][$i]['host'] = $client_dependent_localhost; // MySQL hostname or IP address $cfg['Servers'][$i]['port'] = ''; // MySQL port - leave blank for default port $cfg['Servers'][$i]['socket']= ''; // Path to the socket - leave blank for default socket $cfg['Servers'][$i]['connect_type'] = 'socket';// How to connect to MySQL server ('tcp' or 'socket') diff --exclude='.*.swp' -ur phpmyadmin-2.9.1.1-4.orig/debian/src/config.inc.php phpmyadmin-2.9.1.1-4/debian/src/config.inc.php --- phpmyadmin-2.9.1.1-4.orig/debian/src/config.inc.php 2007-10-16 10:28:42.024104000 +0700 +++ phpmyadmin-2.9.1.1-4/debian/src/config.inc.php 2007-10-16 15:17:54.682099768 +0700 @@ -7,6 +7,28 @@ // Load secret generated on postinst include('/etc/phpmyadmin/blowfish_secret.inc.php'); +function non_fake_server_name($server_name) { +if (!isset($_SERVER['SERVER_ADDR'])) return false; +// HTTP_HOST can be in the format, "host:port" +list($server_name) = explode(':', $server_name); +foreach (gethostbynamel($server_name) as $ip) { +if ($_SERVER['SERVER_ADDR'] == $ip) return true; +} return false; +} +// By default, '[EMAIL PROTECTED]' will get the same privileges as +// other remote root access ('[EMAIL PROTECTED]') in mysql. +// For security reason, assume remote access using 'localhos
Bug#446857: can't build qgis on arm
Francesco Paolo Lovergine <[EMAIL PROTECTED]> (16/10/2007): > Package: gcc-4.2 > Version: 4.2.2-2 > Severity: grave Hi. > See > http://buildd.debian.org/fetch.cgi?pkg=qgis;ver=0.8.1-2;arch=arm;stamp=1192513709 Well, hmm, from the log: | Toolchain package versions: libc6-dev_2.6.1-3 gcc-4.2_4.2.1-5 g++-4.2_ binutils_2.18-1 libstdc++6-4.2-dev_ libstdc++6_4.2.1-5 Why is there no version for g++-4.2 and libstdc++6-4.2-dev? > See http://gcc.gnu.org/bugs.html> for instructions. > For Debian GNU/Linux specific bug reporting instructions, > see . Either these instructions are outdated, or there's still gcc-4.1 there. The same problem happens e.g. pour osgcal, see: http://buildd.debian.org/fetch.cgi?&pkg=osgal&ver=0.6.1-2&arch=arm&stamp=1192052664 (And Aurélien Jarno confirmed the osgal package built fine with an up-to-date toolchain.) Putting [EMAIL PROTECTED] in the loop, it looks like the chroots might need to be upgraded. Cheers, -- Cyril Brulebois signature.asc Description: Digital signature
Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability
severity 446451 normal thanks On Tue, October 16, 2007 09:40, Michal ÄihaÅ wrote: > And it looks to be exploitable only with MSIE with disabled UTF-8 urls. Yeah... which is not the default. Only exploitable with a specific browser with a specific environment is quite obscure. > BTW: There will be yet another XSS fixed soon (already fixed in SVN, > release will probably happen today), so you should probably wait with > uploading new version :-). For stable, I propose to not release a DSA for this issue (CVE-2007-5386) specifically. If a DSA is needed in the future for another issue we can include the fix then while we're at it. I'll follow Michals advice for waiting for the new upstream before taking more action here. It's not urgent currently. Thijs
Bug#446858: skencil also contains /usr/bin/sketch
Package: sketch Version: 1:0.2.27-3 Severity: serious Justification: Policy 10.1 sketch and skencil install different /usr/bin/sketch commands, which is forbidden by the policy as it makes them uninstallable at the same time. -- Michał Politowski Talking has been known to lead to communication if practiced carelessly. signature.asc Description: Digital signature
Bug#446299: May be the same bug as #443905
Hi, The error log is quite long. So I attach it at the end. One important thing is: the crashing is not reproduceable all the time although the success rate is so low :( On 10/12/07, Michael Koch <[EMAIL PROTECTED]> wrote: > Hello, > > This looks very much like bug #446328. > > > Sorry, I have really no idea about this. Can you please run strace on > eclipse and look for failed system calls? > > > Cheers, > Michael > -- HZ execve("/usr/bin/eclipse", ["eclipse"], [/* 40 vars */]) = 0 brk(0) = 0x80f3000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f28000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=50788, ...}) = 0 mmap2(NULL, 50788, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f1b000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libncurses.so.5", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\241"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=194284, ...}) = 0 mmap2(NULL, 198196, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7eea000 mmap2(0xb7f18000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2d) = 0xb7f18000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/i686/cmov/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\n\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size=9684, ...}) = 0 mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ee6000 mmap2(0xb7ee8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7ee8000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/i686/cmov/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260a\1"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1335720, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ee5000 mmap2(NULL, 1340944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d9d000 mmap2(0xb7edf000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x142) = 0xb7edf000 mmap2(0xb7ee2000, 9744, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ee2000 close(3)= 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d9c000 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7d9c6b0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 mprotect(0xb7edf000, 4096, PROT_READ) = 0 munmap(0xb7f1b000, 50788) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 open("/dev/tty", O_RDWR|O_NONBLOCK|O_LARGEFILE) = 3 close(3)= 0 brk(0) = 0x80f3000 brk(0x80f4000) = 0x80f4000 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1276880, ...}) = 0 mmap2(NULL, 1276880, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7c64000 close(3)= 0 brk(0x80f5000) = 0x80f5000 brk(0x80f6000) = 0x80f6000 getuid32() = 1000 getgid32() = 1000 geteuid32() = 1000 getegid32() = 1000 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 time(NULL) = 1192522176 brk(0x80f7000) = 0x80f7000 open("/proc/meminfo", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f27000 read(3, "MemTotal: 508388 kB\nMemFre"..., 1024) = 728 close(3)= 0 munmap(0xb7f27000, 4096)= 0 brk(0x80f8000) = 0x80f8000 rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0 uname({sys="Linux", node="debian", ...}) = 0 brk(0x80f9000) = 0x80f9000 stat64("/home/hzwang", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat64(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 getpid()
Bug#446857: can't build qgis on arm
Package: gcc-4.2 Version: 4.2.2-2 Severity: grave See http://buildd.debian.org/fetch.cgi?pkg=qgis;ver=0.8.1-2;arch=arm;stamp=1192513709 /build/buildd/qgis-0.8.1/src/plugins/grass/qgsgrassedit.cpp: At global scope: /build/buildd/qgis-0.8.1/src/plugins/grass/qgsgrassedit.cpp:1840: internal compiler error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See http://gcc.gnu.org/bugs.html> for instructions. For Debian GNU/Linux specific bug reporting instructions, see . The bug is not reproducible, so it is likely a hardware or OS problem. make[3]: *** [src/plugins/grass/CMakeFiles/grassplugin.dir/qgsgrassedit.o] Error 1 make[3]: Leaving directory `/build/buildd/qgis-0.8.1' make[2]: *** [src/plugins/grass/CMakeFiles/grassplugin.dir/all] Error 2 make[2]: Leaving directory `/build/buildd/qgis-0.8.1' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/qgis-0.8.1' make: *** [build-stamp] Error 2 -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages gcc-4.2 depends on: ii binutils 2.18-1 The GNU assembler, linker and bina ii cpp-4.2 4.2.2-2The GNU C preprocessor ii gcc-4.2-base 4.2.2-2The GNU Compiler Collection (base ii libc6 2.6.1-5GNU C Library: Shared libraries ii libgcc1 1:4.2.2-2 GCC support library ii libgomp1 4.2.2-2GCC OpenMP (GOMP) support library Versions of packages gcc-4.2 recommends: ii libc6-dev 2.6.1-5GNU C Library: Development Librari -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446825: Agree
Hi all, The current version of ghostscript may indeed confuse users since it does not provide output device for X11 while it claims to do so. Let ghostscript not to provide gs and gs-*, however, may not be a final solution. The main reason is that the original gs-* packages are in fact not splitted into two versions at all: X version and non-X version. Therefore, given the new packaging policy, the packages, which depend on gs or gs-gpl or gs-esp, have to be repackaged now; each package must know whether it needs X11.so or not and then depends on ghostscript-x or ghostscript. This solution is clean but time demanding. By the way, a suggestion for the names of packages: is it possible to change ghostscript-x to ghostscript, and rename ghostscript to ghostscript-nox? This naming policy may be more consistent with other debian packages. e.g., vim and vim-nox, emacs22 and emacs22-nox, etc. Thanks. -- HZ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446596: marked as done (gcj-4.2: libgcj.spec: No such file or directory)
Your message dated Tue, 16 Oct 2007 07:47:15 + with message-id <[EMAIL PROTECTED]> and subject line Bug#446596: fixed in gcj-4.2 4.2.2-3 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: gcj-4.2 Version: 4.2.2-2 Severity: serious Hi, When building librepository I see the following error: /usr/bin/gcj-4.2 -c -g -O2 -fPIC -findirect-dispatch -fjni librepository-0.1.1.jar.1.jar -o librepository-0.1.1.jar.1.o gcj-4.2: libgcj.spec: No such file or directory make[1]: *** [librepository-0.1.1.jar.1.o] Error 1 Kurt --- End Message --- --- Begin Message --- Source: gcj-4.2 Source-Version: 4.2.2-3 We believe that the bug you reported is fixed in the latest version of gcj-4.2, which is due to be installed in the Debian FTP archive: gappletviewer-4.2_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/gappletviewer-4.2_4.2.2-3_hppa.deb gappletviewer-4.2_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/gappletviewer-4.2_4.2.2-3_i386.deb gcj-4.2-base_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/gcj-4.2-base_4.2.2-3_hppa.deb gcj-4.2-base_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/gcj-4.2-base_4.2.2-3_i386.deb gcj-4.2_4.2.2-3.diff.gz to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-3.diff.gz gcj-4.2_4.2.2-3.dsc to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-3.dsc gcj-4.2_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-3_hppa.deb gcj-4.2_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/gcj-4.2_4.2.2-3_i386.deb gij-4.2_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/gij-4.2_4.2.2-3_hppa.deb gij-4.2_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/gij-4.2_4.2.2-3_i386.deb libgcj-doc_4.2.2-3_all.deb to pool/main/g/gcj-4.2/libgcj-doc_4.2.2-3_all.deb libgcj8-1-awt_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/libgcj8-1-awt_4.2.2-3_hppa.deb libgcj8-1-awt_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/libgcj8-1-awt_4.2.2-3_i386.deb libgcj8-1_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/libgcj8-1_4.2.2-3_hppa.deb libgcj8-1_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/libgcj8-1_4.2.2-3_i386.deb libgcj8-dbg_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/libgcj8-dbg_4.2.2-3_hppa.deb libgcj8-dbg_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/libgcj8-dbg_4.2.2-3_i386.deb libgcj8-dev_4.2.2-3_hppa.deb to pool/main/g/gcj-4.2/libgcj8-dev_4.2.2-3_hppa.deb libgcj8-dev_4.2.2-3_i386.deb to pool/main/g/gcj-4.2/libgcj8-dev_4.2.2-3_i386.deb libgcj8-jar_4.2.2-3_all.deb to pool/main/g/gcj-4.2/libgcj8-jar_4.2.2-3_all.deb libgcj8-src_4.2.2-3_all.deb to pool/main/g/gcj-4.2/libgcj8-src_4.2.2-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose <[EMAIL PROTECTED]> (supplier of updated gcj-4.2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sun, 14 Oct 2007 17:53:38 +0200 Source: gcj-4.2 Binary: libgcj-doc gcjwebplugin-4.2 gappletviewer-4.2 gij-4.2 gcj-4.2 libgcj8-1 gcj-4.2-base libgcj8-1-awt libgcj8-dev libgcj8-src libgcj8-dbg libgcj8-jar Architecture: all hppa i386 source Version: 4.2.2-3 Distribution: unstable Urgency: low Maintainer: Debian GCC Maintainers <[EMAIL PROTECTED]> Changed-By: Matthias Klose <[EMAIL PROTECTED]> Description: gappletviewer-4.2 - Standalone application to execute Java (tm) applets gcj-4.2- The GNU compiler for Java(TM) gcj-4.2-base - The GNU Compiler Collection (gcj base package) gij-4.2- The GNU Java bytecode interpreter libgcj-doc - libgcj API documentation and example programs libgcj8-1 - Java runtime library for use with gcj libgcj8-1-awt - AWT peer runtime libraries for use with gcj libgcj8-dbg - Debugging symbols for libraries provided in libgcj8-dev libgcj8-dev - Java development headers and static library for use with gcj libgcj8-jar - Java runtime library for use with gcj (jar files) libgcj8-src - libgcj java sources for use in eclipse Closes: 446596 Changes: gcj-4.2 (4.2.2-3) unstable; urgency=low . * Upload as gcj-4.2 (closes: #446596). . gcc-4.2 (4.2.2-3) unstable; urgency=low . * Update to SVN 20071014 from the ubuntu/gcc-4_2-branch. - Fix build failure in libjava on mips/mipsel. * Make 4.2.2-2 a requirement for frontends built from separate source
Bug#446451: phpmyadmin: CVE-2007-5386 XSS vulnerability
Hi On Tue, 16 Oct 2007 08:24:57 +0200 Thijs Kinkhorst <[EMAIL PROTECTED]> wrote: > tags 446451 moreinfo > thanks > > Hi Steffen, > > On Saturday 13 October 2007 07:26, Steffen Joeris wrote: > > Cross-site scripting (XSS) vulnerability in scripts/setup.php > > in phpMyAdmin 2.11.1, when accessed by a browser that does > > not URL-encode requests, allows remote attackers to inject > > arbitrary web script or HTML via the query string. NOTE: some > > of these details are obtained from third party information. > > I've seen this fix in upstream SVN but couldn't think of a case where this is > exploitable by anyone than the user himself. I will look into it but I'm not > sure that this is a grave issue. A concrete exploit scenario is welcome. And it looks to be exploitable only with MSIE with disabled UTF-8 urls. BTW: There will be yet another XSS fixed soon (already fixed in SVN, release will probably happen today), so you should probably wait with uploading new version :-). -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Processed: fixed 446505 in 1:1.3.9-3
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.10.9 > fixed 446505 1:1.3.9-3 Bug#446505: wesnoth: not meant for unstable Bug marked as fixed in version 1:1.3.9-3. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#446730: bittornado: fails to start: ImportError: No module named BitTornado
Hi, Le mardi 16 octobre 2007 à 08:08 +0200, Lionel Elie Mamane a écrit : > On Mon, Oct 15, 2007 at 11:10:30PM +0200, Josselin Mouette wrote: > > Le lundi 15 octobre 2007 ? 13:23 -0700, Cameron Dale a ?crit : > >> On 10/15/07, Lionel Elie Mamane <[EMAIL PROTECTED]> wrote: > > >>> /var/log/aptitude.1.gz:[UPGRADE] bittornado 0.3.18-3 -> 0.3.18-4 > > > I take it that bittornado worked before this upgrade. > > Yes. The previous bittornado upgrade was in May and I'm sure I used it > since then :) It is possible, though, that a previous upgrade of > python-support or python2.x broke it; I don't use bittornado often. > > > Could you send the corresponding /var/log/dpkg.log? I'm interested > > to know whether other things were updated in the same run, and in > > which order. > > Among others, python-support. Wow, from your dpkg.log I can gather at least 3 issues. 2007-10-09 10:38:41 upgrade python-support 0.6.4 0.7.4 2007-10-09 10:38:41 status half-configured python-support 0.6.4 2007-10-09 10:38:41 status unpacked python-support 0.6.4 2007-10-09 10:38:41 status half-installed python-support 0.6.4 2007-10-09 10:38:42 status half-installed python-support 0.6.4 2007-10-09 10:38:42 status unpacked python-support 0.7.4 2007-10-09 10:38:42 status unpacked python-support 0.7.4 2007-10-09 10:45:25 upgrade bittornado-gui 0.3.18-3 0.3.18-4 2007-10-09 10:45:25 status half-configured bittornado-gui 0.3.18-3 2007-10-09 10:45:26 status unpacked bittornado-gui 0.3.18-3 2007-10-09 10:45:26 status half-installed bittornado-gui 0.3.18-3 2007-10-09 10:45:26 status half-installed bittornado-gui 0.3.18-3 2007-10-09 10:45:26 status unpacked bittornado-gui 0.3.18-4 2007-10-09 10:45:26 status unpacked bittornado-gui 0.3.18-4 2007-10-09 10:45:26 upgrade bittornado 0.3.18-3 0.3.18-4 2007-10-09 10:45:26 status half-configured bittornado 0.3.18-3 2007-10-09 10:45:28 status installed bittornado 0.3.18-3 2007-10-09 10:54:58 status unpacked python-support 0.7.4 2007-10-09 10:54:58 status half-configured python-support 0.7.4 2007-10-09 10:54:58 status installed python-support 0.7.4 First of all, bittornado failed to upgrade. I think this was either caused by a prerm failure or an unpack failure, leading in the end to have only bittornado 0.3.18-3 installed. So there's probably a bug in bittornado. It would be nice if you could tell us how Secondly, when an upgrade fails, the old postinst is executed with the "abort-upgrade" option. In this case, it seems a convention in debhelper snippets not to do anything. *This is definitely a bug* for several of them, including dh_pysupport. I will fix python-support for that issue and report another bug against debhelper. Thirdly, I notice that the postinst was executed before python-support was considered installed. This is harmless as it should work when only unpacked, but as bittornado has a Depends: on python-support, this looks like a bug in dpkg. Cheer up, four bugs in one :) -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Processed: severity of 446650 is important
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.10.7ubuntu5 > severity 446650 important Bug#446650: lirc-modules-source: Don't compile with 2.6.23.1 Severity set to `important' from `grave' > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: orpie
Processing commands for [EMAIL PROTECTED]: > tag 94 upstream Bug#94: orpie_1.5.1-2 (hppa/unstable): FTBFS: "Architectures with double-word alignment for doubles are not supported" There were no tags set. Tags added: upstream > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]