Bug#497216: wordpress: CVE-2008-3747 information leak, does not always force ssl
Hi, the following CVE (Common Vulnerabilities Exposures) id was published for wordpress. Hello and thank you for reporting. There is a patch on: http://trac.wordpress.org/attachment/ticket/7359/edit_links_ssl.diff The patch appears to be good. I should be able to provide the new package very soon. Thank you again. Cheers. Andrea De Iacovo signature.asc Description: Questa è una parte del messaggio firmata digitalmente
Bug#497216: wordpress: CVE-2008-3747 information leak, does not always force ssl
Hi I've made a new wordpress package [1] to fix cve-2008-3747. Could you please upload it? [1]: http://mentors.debian.net/debian/pool/main/w/wordpress Thank you very much. Cheers Andrea De Iacovo signature.asc Description: Questa è una parte del messaggio firmata digitalmente
Bug#497064: marked as done (python-django: copyright information lacking)
Your message dated Sun, 31 Aug 2008 09:41:51 +0200 with message-id [EMAIL PROTECTED] and subject line Copyright updated, HTML doc available has caused the Debian Bug report #497064, regarding python-django: copyright information lacking to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 497064: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497064 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: python-django Severity: serious Hi, I'm afraid that the package lacks copyright/licensing information (and Lawrence Journal-World doesn't hold copyrights anymore). Copyright notices for at least the following copyright holders are missing: Django Software Foundation Yahoo (some CSS) Simon Willison License? Justin Bronn Robert Coup Bob Ippolito Python Software Foundation CherryPy Team Note that you need to reproduce licensing information in debian/copyright, links are not enough (i.e. download the licensing information and add a note where you downloaded it from and when). Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ ---End Message--- ---BeginMessage--- Version: 1.0~beta2+ds-1 The copyright file has been updated in this version and the HTML documentation is now generated and shipped. Hence closing those 2 bugs. David: you should have taken care to close those bugs but you didn't... when you incremented the version, you should have ensured that the .changes files included the entry for the version that was rejected by using -v1.0~beta1-1 in your dpkg-builpackage/debuild command line. Unfortunately, even your previous changelog entry didn't contain the required Closes items so that would not have been enough alone. Are you subscribed to the PTS of python-django ? This would be required if you want to effectively co-maintain the package. BTW I appreciate your help but I was nevertheless surprised that you didn't contact the few people who maintained the package up to now before working on it. Cheers, -- Raphaël Hertzog Le best-seller français mis à jour pour Debian Etch : http://www.ouaza.com/livre/admin-debian/ ---End Message---
Bug#482248: kwave: FTBFS: help_de.docbook:1743: element itemizedlist: validity error
clone 482248 reassign -1 wnpp retitle -1 O: kwave -- sound editor for KDE severity -1 normal thanks On 31/08/08 at 09:36 +0200, forwarded by www.sneakemail.com wrote: Lucas Nussbaum lucas-at-lucas-nussbaum.net |Kwave-Debian-Bugrequests| wrote: [...] That might be specific to the Debian packaging. Do you know if Bertrand Songis [EMAIL PROTECTED] is still active? It's the only package he maintains in Debian. If he isn't, it might be better to orphan the package and see if someone is interested in picking it up. Seems that this is neccessary, I tried to contact Bertrand Songis several times in the last weeks but got no response. So what are the next steps? Is there something I should do? Hi Thomas, I've just orphaned kwave. That means that anyone can now adopt it. (including you) If you are interested, please get in touch with the Debian KDE Extras Team [EMAIL PROTECTED] team (it's not mandatory, but they probably will be able to provide valuable feedback help). -- | Lucas Nussbaum | [EMAIL PROTECTED] http://www.lucas-nussbaum.net/ | | jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging as pending bugs that are closed by packages in NEW
Processing commands for [EMAIL PROTECTED]: # Sun Aug 31 08:03:08 UTC 2008 # Tagging as pending bugs that are closed by packages in NEW # http://ftp-master.debian.org/new.html # # Source package in NEW: scalemail tags 377089 + pending Bug number 377089 not found. (Is it archived?) # Source package in NEW: scalemail tags 380941 + pending Bug number 380941 not found. (Is it archived?) # Source package in NEW: scalemail tags 378905 + pending Bug number 378905 not found. (Is it archived?) # Source package in NEW: blobwars tags 495484 + pending Bug#495484: blobwars: Contains non-free sound and music There were no tags set. Tags added: pending # Source package in NEW: blobwars tags 288173 + pending Bug#288173: should split out an Architecture: all data package There were no tags set. Tags added: pending # Source package in NEW: libpdfrenderer-java tags 497104 + pending Bug#497104: ITP: libpdfrenderer-java -- Java PDF renderer and viewer There were no tags set. Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497250: flashplugin-nonfree: unable to make /usr/lib/mozilla/plugins/flash-mozilla.so.dpkg-tmp a symlink
Package: flashplugin-nonfree Version: 1:1.7 Severity: grave Justification: renders package unusable Bart, I have issues installing 1.7 from scratch: Setting up flashplugin-nonfree (1:1.7) ... update-alternatives: unable to make /usr/lib/mozilla/plugins/flash-mozilla.so.dpkg-tmp a symlink to /etc/alternatives/flash-mozilla.so: No such file or directory dpkg: error processing flashplugin-nonfree (--configure): subprocess post-installation script returned error exit status 2 Errors were encountered while processing: flashplugin-nonfree E: Sub-process /usr/bin/dpkg returned an error code (1) Mark -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages flashplugin-nonfree depends on: ii debconf [debconf-2.0] 1.5.23Debian configuration management sy ii fontconfig 2.6.0-1 generic font configuration library ii gnupg 1.4.9-3 GNU privacy guard - a free PGP rep ii libatk1.0-01.22.0-1 The ATK accessibility toolkit ii libc6 2.7-13GNU C Library: Shared libraries ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra ii libexpat1 2.0.1-4 XML parsing C library - runtime li ii libfontconfig1 2.6.0-1 generic font configuration library ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libglib2.0-0 2.17.4-1 The GLib library of C routines ii libgtk2.0-02.12.11-3 The GTK+ graphical user interface ii libice62:1.0.4-1 X11 Inter-Client Exchange library ii libpango1.0-0 1.20.5-2 Layout and rendering of internatio ii libpng12-0 1.2.27-1 PNG library - runtime ii libsm6 2:1.1.0-1 X11 Session Management library ii libx11-6 2:1.1.4-2 X11 client-side library ii libxau61:1.0.3-3 X11 authorisation library ii libxcursor11:1.1.9-1 X cursor management library ii libxdmcp6 1:1.0.2-3 X11 Display Manager Control Protoc ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio ii libxi6 2:1.1.3-1 X11 Input extension library ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxrandr2 2:1.2.3-1 X11 RandR extension library ii libxrender11:0.9.4-2 X Rendering Extension client libra ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii wget 1.11.4-1 retrieves files from the web ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime flashplugin-nonfree recommends no packages. Versions of packages flashplugin-nonfree suggests: ii iceweasel 3.0.1-1lightweight web browser based on M ii konqueror-nsplugins 4:4.1.0-1 Netscape plugin support for Konque pn msttcorefonts none (no description available) ii ttf-dejavu2.25-3 Metapackage to pull in ttf-dejavu- pn ttf-xfree86-nonfree none (no description available) ii x-ttcidfont-conf 29 TrueType and CID fonts configurati pn xfs none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497216: wordpress: CVE-2008-3747 information leak, does not always force ssl
I've made a new wordpress package [1] to fix cve-2008-3747. Could you please upload it? uploaded, thanks! Thijs pgp7EOXLo2v9n.pgp Description: PGP signature
Bug#497216: marked as done (wordpress: CVE-2008-3747 information leak, does not always force ssl)
Your message dated Sun, 31 Aug 2008 09:32:09 + with message-id [EMAIL PROTECTED] and subject line Bug#497216: fixed in wordpress 2.5.1-6 has caused the Debian Bug report #497216, regarding wordpress: CVE-2008-3747 information leak, does not always force ssl to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 497216: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497216 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: wordpress Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities Exposures) id was published for wordpress. CVE-2008-3747[0]: | The (1) get_edit_post_link and (2) get_edit_comment_link functions in | wp-includes/link-template.php in WordPress before 2.6.1 do not force | SSL communication in the intended situations, which might allow remote | attackers to gain administrative access by sniffing the network for a | cookie. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. There is a patch on: http://trac.wordpress.org/attachment/ticket/7359/edit_links_ssl.diff Please ping me via private mail if you need a sponsor for the upload. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3747 http://security-tracker.debian.net/tracker/CVE-2008-3747 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgphBOHTitqqJ.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: wordpress Source-Version: 2.5.1-6 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive: wordpress_2.5.1-6.diff.gz to pool/main/w/wordpress/wordpress_2.5.1-6.diff.gz wordpress_2.5.1-6.dsc to pool/main/w/wordpress/wordpress_2.5.1-6.dsc wordpress_2.5.1-6_all.deb to pool/main/w/wordpress/wordpress_2.5.1-6_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrea De Iacovo [EMAIL PROTECTED] (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 31 Aug 2008 09:02:22 +0200 Source: wordpress Binary: wordpress Architecture: source all Version: 2.5.1-6 Distribution: unstable Urgency: high Maintainer: Andrea De Iacovo [EMAIL PROTECTED] Changed-By: Andrea De Iacovo [EMAIL PROTECTED] Description: wordpress - weblog manager Closes: 497216 Changes: wordpress (2.5.1-6) unstable; urgency=high . * Added patch to fix remote attack vulnerability (Closes: #497216) Attackers could gain administrative powers by sniffing cookies. This patch force wordpress over a ssl connection to prevent this issue. (CVE-2008-3747) Checksums-Sha1: 0b399bf76f49d1d74a9a875917b94671c5b0679f 1311 wordpress_2.5.1-6.dsc c4bb5e008264d42733f662df57e1d4259def931f 694865 wordpress_2.5.1-6.diff.gz 6af28a8c4d10675140d46d26ec398d26067af3c7 1039514 wordpress_2.5.1-6_all.deb Checksums-Sha256: e6e21534c00cda5c8f8ee04db1c49ddd0624591c9c4c37db861a90be9d59c726 1311 wordpress_2.5.1-6.dsc 12eff0852f2a896f8c172802a41892f56cd7a1a98abd503c85933d5eb5f65eb7 694865 wordpress_2.5.1-6.diff.gz b2f01530ce50ad989856683e6b8d386e3c1cbb96d56db74f744d894ed96be991 1039514 wordpress_2.5.1-6_all.deb Files: 5ac323c14c0bfdfa1fa518a63c480777 1311 web optional wordpress_2.5.1-6.dsc 703c956a6105e42f3958e673e03c01a0 694865 web optional wordpress_2.5.1-6.diff.gz 6b23f20283b960f882a4b4dc66024d3c 1039514 web optional wordpress_2.5.1-6_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJIumH6AAoJEGz0hbPcukPfqE4H/jopMqOgdbQ7KS1YJyg6gJmv AJFop+rrCaKU0ciQBbz0hx4MHn6mA+P/IiS4JQJSDsHcbHdwAt8V+EjVY+yBVcwx PTLDTBsnX6i3ObqumpWZIznfxZvBHT4qQQpQR3aNFMUZsdQH34YX6EV9KpP+CFqO UlraLwuw123pkwbAPGPJ585T9Hno80MMMeOnaUYUsqNqr8CxKj86RuN45rrpIg7Q sQJ9SBNkSjKZuZkWa6bKMQYyhQBSTMbxo80jiUSzqwnxX77k/smlfI4HhjYEmQ8r qnImgb5/80Q9C3NljYbepbDwAj8u1OuOQCq0VOlA3aqHEUVYj0kWeab8HZcsdJQ= =l9hs -END PGP SIGNATURE- ---End Message---
Bug#497250: marked as done (flashplugin-nonfree: unable to make /usr/lib/mozilla/plugins/flash-mozilla.so.dpkg-tmp a symlink)
Your message dated Sun, 31 Aug 2008 10:02:04 + with message-id [EMAIL PROTECTED] and subject line Bug#497250: fixed in flashplugin-nonfree 1:1.7.1 has caused the Debian Bug report #497250, regarding flashplugin-nonfree: unable to make /usr/lib/mozilla/plugins/flash-mozilla.so.dpkg-tmp a symlink to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 497250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497250 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: flashplugin-nonfree Version: 1:1.7 Severity: grave Justification: renders package unusable Bart, I have issues installing 1.7 from scratch: Setting up flashplugin-nonfree (1:1.7) ... update-alternatives: unable to make /usr/lib/mozilla/plugins/flash-mozilla.so.dpkg-tmp a symlink to /etc/alternatives/flash-mozilla.so: No such file or directory dpkg: error processing flashplugin-nonfree (--configure): subprocess post-installation script returned error exit status 2 Errors were encountered while processing: flashplugin-nonfree E: Sub-process /usr/bin/dpkg returned an error code (1) Mark -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages flashplugin-nonfree depends on: ii debconf [debconf-2.0] 1.5.23Debian configuration management sy ii fontconfig 2.6.0-1 generic font configuration library ii gnupg 1.4.9-3 GNU privacy guard - a free PGP rep ii libatk1.0-01.22.0-1 The ATK accessibility toolkit ii libc6 2.7-13GNU C Library: Shared libraries ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra ii libexpat1 2.0.1-4 XML parsing C library - runtime li ii libfontconfig1 2.6.0-1 generic font configuration library ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libglib2.0-0 2.17.4-1 The GLib library of C routines ii libgtk2.0-02.12.11-3 The GTK+ graphical user interface ii libice62:1.0.4-1 X11 Inter-Client Exchange library ii libpango1.0-0 1.20.5-2 Layout and rendering of internatio ii libpng12-0 1.2.27-1 PNG library - runtime ii libsm6 2:1.1.0-1 X11 Session Management library ii libx11-6 2:1.1.4-2 X11 client-side library ii libxau61:1.0.3-3 X11 authorisation library ii libxcursor11:1.1.9-1 X cursor management library ii libxdmcp6 1:1.0.2-3 X11 Display Manager Control Protoc ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio ii libxi6 2:1.1.3-1 X11 Input extension library ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxrandr2 2:1.2.3-1 X11 RandR extension library ii libxrender11:0.9.4-2 X Rendering Extension client libra ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii wget 1.11.4-1 retrieves files from the web ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime flashplugin-nonfree recommends no packages. Versions of packages flashplugin-nonfree suggests: ii iceweasel 3.0.1-1lightweight web browser based on M ii konqueror-nsplugins 4:4.1.0-1 Netscape plugin support for Konque pn msttcorefonts none (no description available) ii ttf-dejavu2.25-3 Metapackage to pull in ttf-dejavu- pn ttf-xfree86-nonfree none (no description available) ii x-ttcidfont-conf 29 TrueType and CID fonts configurati pn xfs none (no description available) -- no debconf information ---End Message--- ---BeginMessage--- Source: flashplugin-nonfree Source-Version: 1:1.7.1 We believe that the bug you reported is fixed in the latest version of flashplugin-nonfree, which is due to be installed in the Debian FTP archive: flashplugin-nonfree_1.7.1.dsc to pool/contrib/f/flashplugin-nonfree/flashplugin-nonfree_1.7.1.dsc
Bug#494930: marked as done (gnash_0.8.3-5(sparc/unstable): FTBFS on sparc)
Your message dated Sun, 31 Aug 2008 12:30:28 +0200 with message-id [EMAIL PROTECTED] and subject line Re: Bug#494930: gnash_0.8.3-5(sparc/unstable): FTBFS on sparc has caused the Debian Bug report #494930, regarding gnash_0.8.3-5(sparc/unstable): FTBFS on sparc to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 494930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494930 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: gnash Version: 0.8.3-5 Severity: serious There was an error while trying to autobuild your package: Automatic build of gnash_0.8.3-5 on lebrun by sbuild/sparc 98 Build started at 20080813-0048 [...] ** Using build dependencies supplied by package: Build-Depends: dpkg-dev (= 1.13.19), debhelper (= 4.0.0), quilt, autoconf, dh-buildinfo, automake1.9 | automake, libtool, libltdl3-dev, help2man, libxmu-dev, dejagnu, autotools-dev, libboost-dev, libboost-thread-dev, libxml2-dev, libjpeg-dev, libboost-date-time-dev, libboost-filesystem-dev, libpng12-dev | libpng-dev, libagg-dev, libgstreamer0.10-dev, libkonq4-dev, libpango1.0-dev | pango-devel, libgtkglext1-dev, libmad0-dev, libcurl4-gnutls-dev | libcurl3-gnutls-dev | libcurl4-openssl-dev | libcurl3-openssl-dev, libcaca-dev, libavcodec-dev, libavformat-dev, libming-dev, libming-util, libgstreamer-plugins-base0.10-dev, libqt3-mt-dev (= 3:3.3.8), libboost-serialization-dev, python [...] /usr/include/boost/detail/sp_counted_impl.hpp: In member function 'void boost::detail::sp_counted_impl_pdP, D::dispose() [with P = boost::io::basic_altstringbufchar, std::char_traitschar, std::allocatorchar *, D = boost::io::basic_oaltstringstreamchar, std::char_traitschar, std::allocatorchar ::No_Op]': /usr/include/boost/detail/sp_counted_impl.hpp:146: internal compiler error: Segmentation fault Please submit a full bug report, with preprocessed source if appropriate. See file:///usr/share/doc/gcc-4.3/README.Bugs for instructions. make[4]: *** [string.lo] Error 1 make[4]: Leaving directory `/build/buildd/gnash-0.8.3/tmp.agg/server/asobj' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/build/buildd/gnash-0.8.3/tmp.agg/server' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/build/buildd/gnash-0.8.3/tmp.agg' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd/gnash-0.8.3/tmp.agg' make: *** [build-stamp] Error 2 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 A full build log can be found at: http://buildd.debian.org/build.php?arch=sparcpkg=gnashver=0.8.3-5 ---End Message--- ---BeginMessage--- Hi, On Sat Aug 30, 2008 at 21:15:12 +0200, Martin Zobel-Helas wrote: Hi, On Sat Aug 30, 2008 at 20:54:51 +0200, Petter Reinholdtsen wrote: This gnash build issue on sparc keep the latest gnash package out of Lenny. Is there work going on to fix it? One idea to work around the GCC bug is to use -O0 on sparc to disable optimization, hopefully avoiding the compiler bug. i am looking into it ATM as sparc buildd maintainer and porter. the latest hand-build of gnash on sparc worked out okay. thus closing the bug. Greetings Martin -- Martin Zobel-Helas [EMAIL PROTECTED] | Debian Release Team Member Debian GNU/Linux Developer | Debian Listmaster Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870 GPG Fingerprint: 5DB3 1301 375A A50F 07E7 302F 493E FB8E 5D64 F870 ---End Message---
Bug#497250: unable to make /usr/lib/mozilla/plugins/flash-mozilla.so.dpkg-tmp a symlink
Tags: patch Hi, I made a patch. Regars, -- Hiroyuki Yamamoto diff -urd flashplugin-nonfree-1.7~/debian/dirs flashplugin-nonfree-1.7/debian/dirs --- flashplugin-nonfree-1.7~/debian/dirs2008-08-30 19:44:38.0 +0900 +++ flashplugin-nonfree-1.7/debian/dirs 2008-08-31 19:28:30.0 +0900 @@ -1,2 +1,3 @@ var/cache/flashplugin-nonfree usr/lib/flashplugin-nonfree +usr/lib/mozilla/plugins
Processed: tagging 497175
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 tags 497175 + pending Bug#497175: apticron: please check whether /var/lib/aptitude/pkgstates exists before grepping in it or redirect stderr to /dev/null Tags were: patch Tags added: pending End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497130: Obsolete package: functionality has moved to perl-modules
block 497130 497170 497263 thanks While there's probably no need to have a newer File::Temp as a separate package, both svk and libpar-perl need to be changed first and I don't think this should be considered release critical. I think it would be desirable to fix this issue before lenny. Only two packages need to make a minor change to their dependencies. That change yields us the advantage of not having to support two copies of the same code, code that is security sensitive in nature. Especially because etch never had the package to begin with, introducing it into a supported stable release without a clear need is not something I think we should be doing. I'm willing to do the work on updating svk and libpar-perl*, if the maintainers are unavailable for that. Thijs * the fixed version in sid can't simply migrate due to an earlier uploaded new upstream pgpHD0AE26sTp.pgp Description: PGP signature
Processed: block 497130 with 497170 497263
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.29~bpo40+1 block 497130 with 497170 497263 Bug#497170: libpar-perl: File::Temp is in perl-modules Bug#497263: please remove version from libfile-temp-perl dependency Bug#497130: Obsolete package: functionality has moved to perl-modules Was not blocked by any bugs. Blocking bugs of 497130 added: 497170, 497263 End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495968: (no subject)
I had a look into the code and the fix for the /tmp file issue would be a simple mkstemp call. But i'd also suggest to remove gpicview from the release, as the quaility of the code is simply not good enough to be released anytime soon. There some possible buffer overflows, multiple hacks, TODO comments and the coding style overall is bad. Florian -- Florian Maier gpg fingerprint: 18D6 0A4D 5719 12E6 88DA 6DCC E624 7AF6 8E27 8B26 http://www.marsmenschen.com/ - - http://www.planetlimux.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497225: tagging 497225
# Automatically generated email from bts, devscripts version 2.10.35 # no security bug by itself tags 497225 - security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 497225
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 # no security bug by itself tags 497225 - security Bug#497225: gnome-alsamixer: Dead upstream package without maintainer bug fixes is security risk Tags were: security Tags removed: security End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497117: marked as done (tangogps: Contains glade-generated files without source)
Your message dated Sun, 31 Aug 2008 14:07:24 +0200 with message-id [EMAIL PROTECTED] and subject line Re: tangogps: Contains glade-generated files without source has caused the Debian Bug report #497117, regarding tangogps: Contains glade-generated files without source to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 497117: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497117 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: tangogps Version: 0.9.2-2 Severity: serious Justification: Policy 2.2.1 [Cc: debian-legal] Hi, The files src/interface.c src/interface.h src/support.h src/support.c appear to be generated using the Glade user interface builder. However the source code for them (i.e. the modifiable glade project) seems to be missing from the source tarball. Sorry if I'm mistaken, I just couldn't find it there. I believe the generated files are not source code as defined by GPL (i.e. in preferred form of modification). Hence without distributing the Glade projects along with the files they cannot be distributed under the GPL. Furthermore, I believe this fails DFSG #2. Sami -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.3 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- see http://lists.debian.org/debian-devel/2008/08/msg00865.html -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ ---End Message---
Bug#496188: usbserial doesn't work anymore
Hi Mert, the 2.6.26-4 openvz amd64 version was updated 30/08/08 and still the same. Juste have to send the pin code like echo 'at+cpin=' /dev/ttyUSB0 and get the mess :-( Here is the output [ 949.048786] Call Trace: [ 949.048786] IRQ [80234cb4] warn_on_slowpath+0x51/0x7a [ 949.048786] [802926b3] dma_pool_alloc+0x1c4/0x1d9 [ 949.048786] [a001e983] :uhci_hcd:uhci_submit_common+0x235/0x2d5 [ 949.048786] [a001e714] :uhci_hcd:uhci_alloc_td+0x17/0x51 [ 949.048786] [a06852f5] :usbserial:serial_write_room+0x4b/0x60 [ 949.048786] [8035ddaf] opost+0x12/0x1b7 [ 949.048786] [8035f150] n_tty_receive_buf+0x993/0xd88 [ 949.048786] [8022abc3] enqueue_entity+0x68/0x8a [ 949.048786] [802287c0] enqueue_task+0x56/0x61 [ 949.048786] [80229989] activate_task+0x82/0xc6 [ 949.048786] [8035a2a5] flush_to_ldisc+0xf1/0x190 [ 949.048786] [a068f2ed] :option:option_indat_callback+0x4c/0x8f [ 949.048786] [80382dc4] usb_hcd_giveback_urb+0x76/0xa4 [ 949.048786] [a001d98a] :uhci_hcd:uhci_giveback_urb+0xfc/0x17f [ 949.048786] [a001e033] :uhci_hcd:uhci_scan_schedule+0x51c/0x79a [ 949.048786] [a001fea8] :uhci_hcd:uhci_irq+0x123/0x136 [ 949.048786] [803830c2] usb_hcd_irq+0x3b/0x78 [ 949.048786] [8026faaf] handle_IRQ_event+0x2c/0x61 [ 949.048786] [80270f46] handle_fasteoi_irq+0x90/0xc8 [ 949.048786] [8020f724] do_IRQ+0x6d/0xd9 [ 949.048786] [8020c55d] ret_from_intr+0x0/0x19 [ 949.048786] EOI [a000c26d] :processor:acpi_idle_enter_bm+0x2b3/0x327 [ 949.048786] [8039e498] cpuidle_idle_call+0x7a/0xb2 [ 949.048786] [8039e41e] cpuidle_idle_call+0x0/0xb2 [ 949.048786] [8020ad2b] cpu_idle+0x89/0xb3 Thanks for your help -- Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Processed (with 1 errors): Re: Bug#482248: kwave: FTBFS: help_de.docbook:1743: element itemizedlist: validity error
Processing commands for [EMAIL PROTECTED]: clone 482248 -1 Bug#482248: kwave: FTBFS: help_de.docbook:1743: element itemizedlist: validity error Bug 482248 cloned as bug 497269. reassign -1 wnpp Bug#497269: kwave: FTBFS: help_de.docbook:1743: element itemizedlist: validity error Bug reassigned from package `kwave' to `wnpp'. retitle -1 O: kwave -- sound editor for KDE Bug#497269: kwave: FTBFS: help_de.docbook:1743: element itemizedlist: validity error Changed Bug title to `O: kwave -- sound editor for KDE' from `kwave: FTBFS: help_de.docbook:1743: element itemizedlist: validity error'. severity -1 normal Bug#497269: O: kwave -- sound editor for KDE Severity set to `normal' from `serious' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497270: debian-cd: includes embedded copies of bootloaders
Package: debian-cd Severity: serious Hi, debian-cd includes (at least) syslinux binaries without source. debian-cd should take the syslinux binaries out of the archive when building images. Regards, Daniel -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495968: remove gpicview from lenny?
On Sun, Aug 31, 2008 at 12:11:04AM +0200, Thomas Viehmann wrote: based on the maintainer's comments in the bug log, it seems dubious whether the bug #495968 (insecure /tmp file vulnerability) is fixed in time for lenny. Given that it has never been released with Debian before, it would be better to remove gpicview from lenny for now than to risk releasing the vulnerable package. Removal hint added. Neil -- A. Because it breaks the logical sequence of discussion Q. Why is top posting bad? gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497270: debian-cd: includes embedded copies of bootloaders
block 497270 by 496869 thanks On Sun, Aug 31, 2008 at 02:51:20PM +0200, Daniel Baumann wrote: Package: debian-cd Severity: serious Hi, debian-cd includes (at least) syslinux binaries without source. debian-cd should take the syslinux binaries out of the archive when building images. At least the embedded copy works on all machines. The version in the archive has problems with QEMU and Intel Macs (see bug#496869). -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#497270: debian-cd: includes embedded copies of bootloaders
Processing commands for [EMAIL PROTECTED]: block 497270 by 496869 Bug#496869: Syslinux pauses for a long time at press any key to Bug#497270: debian-cd: includes embedded copies of bootloaders Was not blocked by any bugs. Blocking bugs of 497270 added: 496869 thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496060: am-utils and 2.6.25: Can't reproduce this problem
Could you give me some details of in what sense am-utils 6.1.5-10 does not work with 2.6.25 kernels? It seems to work absolutely fine for me: 1) This is a Lenny machine: 16:09:24 [EMAIL PROTECTED]:~$ cat /etc/debian_version lenny/sid 2) It's running a 2.6.25 kernel: 16:16:24 [EMAIL PROTECTED]:~$ uname -r 2.6.25-2-686 3) And the current Debian am-utils package: 16:16:34 [EMAIL PROTECTED]:~$ dpkg -l am-utils Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/ Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii am-utils 6.1.5-10 automounter utilities from 4.4BSD (includes 4) It exports a filesystem to itself: 16:16:42 [EMAIL PROTECTED]:~$ grep nfsroot /etc/exports /nfsroot (ro) 5) And I can mount that with am-utils with no difficulty: 16:16:58 [EMAIL PROTECTED]:~$ cd /net/localhost/nfsroot 16:17:18 [EMAIL PROTECTED]:/net/localhost/nfsroot$ df -k . Filesystem 1K-blocks Used Available Use% Mounted on localhost:/nfsroot 7723008 6753024969984 88% /amd/localhost/ root/nfsroot What do I need to do to reproduce the problem? Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: your mail
Processing commands for [EMAIL PROTECTED]: tags 496422 patch Bug#496422: The possibility of attack with the help of symlinks in some Debian packages Tags were: security confirmed Tags added: patch -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496422: (no subject)
I attached a patch with a fix for this bug. -- Patryk Cisek diff --git debian/patches/02_tmp_creation.patch debian/patches/02_tmp_creation.patch new file mode 100644 index 000..2c9859b --- /dev/null +++ b/debian/patches/02_tmp_creation.patch @@ -0,0 +1,41 @@ +--- /usr/bin/asciiview 2006-04-24 14:02:42.0 +0200 asciiview 2008-08-31 15:45:22.0 +0200 +@@ -3,11 +3,11 @@ + clear() + { + kill $! 2/dev/null +- rm -f /tmp/aview$$.pgm 2/dev/null ++ rm -f /tmp/${0##*/}* 2/dev/null + } + myconvert() + { +- if anytopnm $1 /tmp/aview$$.pgm 2/dev/null ; then ++ if anytopnm $1 $2 2/dev/null ; then + exit +elif convert -colorspace gray $1 pgm:- 2/dev/null ; then + exit +@@ -53,8 +53,9 @@ + esac + done + trap clear 0 +-mkfifo /tmp/aview$$.pgm +-outfile=/tmp/aview$$.pgm ++tmpfilenam=`mktemp -u /tmp/${0##*/}.XX` ++mkfifo $tmpfilenam ++outfile=$tmpfilenam + while [ $counter -gt 0 ]; do + counter=$(($counter-1)) + name=${filenames[$counter]} +@@ -65,10 +66,10 @@ + aaflip $options $name + ;; + *) +- myconvert $name /tmp/aview$$.pgm ++ myconvert $name $tmpfilenam $tmpfilenam + pid=$! + PATH=$PATH:. +- aview $options /tmp/aview$$.pgm ++ aview $options $tmpfilenam + kill $pid 2/dev/null + esac + else signature.asc Description: This is a digitally signed message part.
Bug#497225: gnome-alsamixer: Dead upstream package without maintainer bug fixes is security risk
severity 497225 normal thanks On Sun, Aug 31, 2008, Osamu Aoki wrote: Severity: grave I lowered the severity to normal. Nothing prevents the package to be in a stable release. Tags: security Justification: user security hole Ahem. Where is the security hole? I am filing this bug to discuss removal of this package from leny. OK, let us discuss :-) 1. The upstream is dead. True. Last release 2006-08-06 (CVS) True. Current Gnome distribution does not include this software. Maybe. 2. gnome-alsamixer does not identify new hardwares correctly. I have HDA Intel but gnome-alsamixer show it as Sigmatel Is this your Modem? Are you hit by #495782. 3. The better alsa mixer support functionality is in GNOME-Applets. New gnome-volume-control does better job. Yep, there is no doubt there are alternatives. They may even be better alternatives. 4. No dependency requireis this package in lenny. Yes. 5. There are 2 bugs marked upstream. The maintainer did not look into these bugs. (I think one of it is just warning, so it may be OK ...) Do they prevent a releasable state? If you find someone willing to take over the package, I'll give it away without any problem. Meanwhile, I'll continue maintaining it. I know current maintainer took effort for lenny: http://packages.qa.debian.org/g/gnome-alsamixer.html I am trying, even if I have to recognise this has been a busy summer and a 6-weeks-with-no-laptop one (if you read debian-private@). I think having unmaintained package our archive with no added benefits is bad idea for security review. I agree with that. If my asessment is wrong, maintainer can close this bug. But I think it is time to request removal. I don't think it is: popcon says 2389 users. I intend to close the bug too. But there is nothing urgent with this :-) (Or maintainer to upload transition package and hint it to debian-release to include it to lenny) What do you mean by transition package? Do you think the release team would agree upstream fixes for normal bugs during the freeze? I don't think so :-) Thans for your work and best regards, Thanks for taking care and having a look. I take your remarks into account even if I don't agree with all of them. Once again, if you find a new maintainer for the package willing to fix upsteam's bug, he will be more than welcome. Best regards, -- Mohammed Adnène Trojette -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#497225: gnome-alsamixer: Dead upstream package without maintainer bug fixes is security risk
Processing commands for [EMAIL PROTECTED]: severity 497225 normal Bug#497225: gnome-alsamixer: Dead upstream package without maintainer bug fixes is security risk Severity set to `normal' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497270: debian-cd: includes embedded copies of bootloaders
unblock 497270 by 496869 thanks Aurelien Jarno wrote: At least the embedded copy works on all machines. The version in the archive has problems with QEMU and Intel Macs (see bug#496869). ...which is an entirely different problem and has nothing to do with the legal promplem to comply with the syslinux license (GPL-2+). -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#497270: debian-cd: includes embedded copies of bootloaders
Processing commands for [EMAIL PROTECTED]: unblock 497270 by 496869 Bug#496869: Syslinux pauses for a long time at press any key to Bug#497270: debian-cd: includes embedded copies of bootloaders Was blocked by: 496869 Blocking bugs of 497270 removed: 496869 thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497270: debian-cd: includes embedded copies of bootloaders
On Sun, Aug 31, 2008 at 05:01:30PM +0200, Daniel Baumann wrote: unblock 497270 by 496869 thanks Aurelien Jarno wrote: At least the embedded copy works on all machines. The version in the archive has problems with QEMU and Intel Macs (see bug#496869). ...which is an entirely different problem and has nothing to do with the legal promplem to comply with the syslinux license (GPL-2+). Bug#496869 is a release blocker. We don't want to produce d-i images that do not work on some machines. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `-people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497270: debian-cd: includes embedded copies of bootloaders
Aurelien Jarno wrote: Bug#496869 is a release blocker. We don't want to produce d-i images that do not work on some machines. agreed, but that's not the point. to fulfil the license /for that specific version/ of syslinux embedded in debian-cd, you need to include the sources of /that specific version/ of syslinux. all sources of debian packages are available in git://git.debian.net/git/syslinux.git and debian binary/source packages on http://daniel.debian.net/packages/syslinux/. -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496174: bacula-director-pgsql: duplicate bug report for #493092
Package: bacula-director-pgsql Version: 2.4.2-1 Followup-For: Bug #496174 This seems to be a duplicate of bug #493092. I cannot reproduce the removal of the bacula-dir.conf file, but I'm having perl 5.10 from lenny not 5.8.8 from etch. piti:~# apt-get install --reinstall bacula-director-pgsql Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded. Need to get 0B/496kB of archives. After this operation, 0B of additional disk space will be used. Do you want to continue [Y/n]? Reading package fields... Done Reading package status... Done Retrieving bug reports... Done Parsing Found/Fixed information... Done (Reading database ... 150482 files and directories currently installed.) Preparing to replace bacula-director-pgsql 2.4.2-1 (using .../bacula-director-pgsql_2.4.2-1_amd64.deb) ... Unpacking replacement bacula-director-pgsql ... Processing triggers for man-db ... Setting up bacula-director-pgsql (2.4.2-1) ... dbconfig-common: writing config to /etc/dbconfig-common/bacula-director-pgsql.conf dbconfig-common: flushing administrative password Processing configuration ...Ok. Stopping Bacula Director: bacula-dir. Starting Bacula Director: bacula-dir. piti:~# piti:~# piti:~# ls -l /etc/bacula/ total 24 -rw-r- 1 root bacula 8800 2008-08-31 18:27 bacula-dir.conf -rw-r- 1 root bacula 8800 2008-08-31 18:28 bacula-dir.conf.dist Again, the only difference in your setup is that you're running perl 5.8.8 and not the current version in lenny. The 'grave' severity doesn't seem justified, but that's the mantainer decision. Should the bugs be merged? Thanks -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages bacula-director-pgsql depends on: ii bacula-director-common2.4.2-1network backup, recovery and verif ii dbconfig-common 1.8.39 common framework for packaging dat ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii libc6 2.7-13 GNU C Library: Shared libraries ii libgcc1 1:4.3.1-9 GCC support library ii libpq58.3.3-1PostgreSQL C client library ii libstdc++64.3.1-9The GNU Standard C++ Library v3 ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra ii postgresql-client 8.3.3-1front-end programs for PostgreSQL ii postgresql-client-8.3 [postgr 8.3.3-1front-end programs for PostgreSQL ii python2.5 2.5.2-11 An interactive high-level object-o Versions of packages bacula-director-pgsql recommends: ii postgresql-8.38.3.3-1object-relational SQL database, ve Versions of packages bacula-director-pgsql suggests: pn postgresql-contribnone (no description available) pn postgresql-docnone (no description available) -- debconf information: bacula-director-pgsql/pgsql/authmethod-admin: ident bacula-director-pgsql/pgsql/no-empty-passwords: bacula-director-pgsql/upgrade-backup: true bacula-director-pgsql/install-error: abort bacula-director-pgsql/purge: false bacula-director-pgsql/pgsql/method: unix socket bacula-director-pgsql/db/app-user: bacula bacula-director-pgsql/dbconfig-reinstall: false bacula-director-pgsql/db/dbname: bacula bacula-director-pgsql/remote/host: bacula-director-pgsql/pgsql/admin-user: postgres bacula-director-pgsql/internal/skip-preseed: false bacula-director-pgsql/database-type: pgsql bacula-director-pgsql/remote/port: bacula-director-pgsql/remote/newhost: bacula-director-pgsql/remove-error: abort bacula-director-pgsql/passwords-do-not-match: bacula-director-pgsql/internal/reconfiguring: false bacula-director-pgsql/pgsql/authmethod-user: ident bacula-director-pgsql/pgsql/manualconf: * bacula-director-pgsql/dbconfig-install: true bacula-director-pgsql/dbconfig-upgrade: true bacula-director-pgsql/missing-db-package-error: abort bacula-director-pgsql/dbconfig-remove: bacula-director-pgsql/upgrade-error: abort bacula-director-pgsql/pgsql/changeconf: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: reopening 496383
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.35 reopen 496383 Bug#496383: The possibility of attack with the help of symlinks in some Debian packages 'reopen' may be inappropriate when a bug has been closed with a version; you may need to use 'found' to remove fixed versions. Bug reopened, originator not changed. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed (with 1 errors): am-utils bug maintenance
Processing commands for [EMAIL PROTECTED]: severity 496060 important Bug#496060: am-utils: fails to work with kernels 2.6.25+ Severity set to `important' from `grave' tag 496060 +confirmed Bug#496060: am-utils: fails to work with kernels 2.6.25+ There were no tags set. Tags added: confirmed tag 496062 +moreinfo +unreproducible Unknown tag/s: +unreproducible. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n etch etch-ignore lenny lenny-ignore. Bug#496062: am-utils: fails to use locking with kernel 2.6.19+ There were no tags set. Tags added: moreinfo thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497290: debian/copyright misses information
Package: kde-i18n Version: 4:3.5.9-2 Severity: serious Hi, debian/copyright seems to need a makeover. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496383: xastir - broken temp file patch (#496383)
* Joop Stakenborg [EMAIL PROTECTED] [2008-08-28 16:53:41 CEST]: Op donderdag 28-08-2008 om 16:06 uur [tijdzone +0200], schreef Tomas Hoger: You probably wanted to use: TMPFILE=`mktemp -t` instead of TMPFILE = 'mktemp -t' in your patch for #496383, right? Ouch, will fix ASAP, thanks! You didn't, the required fix required to use backticks instead of quotes ... I'm currently building an NMU to fix this problem (find attached the interdiff for it). Furthermore, the TMPFILE never gets removed, is there a particular reason to not do so? So long, Rhonda xastir_1.9.2-2_1.9.2-2.1.interdiff.gz Description: Binary data
Bug#496383: xastir - broken temp file patch (#496383)
* Gerfried Fuchs [EMAIL PROTECTED] [2008-08-31 18:06:54 CEST]: I'm currently building an NMU to fix this problem (find attached the interdiff for it). Furthermore, the TMPFILE never gets removed, is there a particular reason to not do so? Uploaded, one further question, did you actually at any point take a look at the lintian output of the package? It's a fair bit, even including an Error and not only Warnings, and some of the Warnings do indeed look a bit fishy, especially the debian-rules-calls-debhelper-in-odd-order one. So long, Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496061: marked as done (unifont: Hangul glyphs use fonts with ambiguous licensing)
Your message dated Sun, 31 Aug 2008 17:02:06 + with message-id [EMAIL PROTECTED] and subject line Bug#496061: fixed in grub2 1.96+20080831-1 has caused the Debian Bug report #496061, regarding unifont: Hangul glyphs use fonts with ambiguous licensing to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496061 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: unifont Version: 19990430-1 Severity: important The unifont package has always used Hangul Syllables glyphs generated from Hanterm fonts. Versions of unifont up to 1:1.0-4 also used glyphs from Hanterm fonts in the U+1100..U+11FF range. According to Debian Developer Changwoo Ryu, maintainer of bf-utf-source, xfonts-baekmuk, and other Debian packages, the Hanterm fonts were incorrectly listed in FreeBSD and elsewhere as being covered by the GNU Public License. Changwoo has told me that parts of Hanterm are covered under the GPL, but not the fonts. Concern over ambiguity in the terms of Hanterm font licensing resulted in their not being included in the hanterm Debian package. Changwoo Ryu removed the existing Hangul glyphs from the file unifont.bdf in his bf-utf-source package, replacing them with Hangul Syllables glyphs in the public domain. The most expedient workaround to the Hanterm fonts license ambiguity for the unifont package is to incorporate Changwoo's Hangul Syllables block from the bf-utf-source Debian package. Paul Hardy ---End Message--- ---BeginMessage--- Source: grub2 Source-Version: 1.96+20080831-1 We believe that the bug you reported is fixed in the latest version of grub2, which is due to be installed in the Debian FTP archive: grub-common_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-common_1.96+20080831-1_amd64.deb grub-coreboot_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-coreboot_1.96+20080831-1_amd64.deb grub-efi_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-efi_1.96+20080831-1_amd64.deb grub-ieee1275_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-ieee1275_1.96+20080831-1_amd64.deb grub-linuxbios_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-linuxbios_1.96+20080831-1_amd64.deb grub-pc_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-pc_1.96+20080831-1_amd64.deb grub-rescue-pc_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub-rescue-pc_1.96+20080831-1_amd64.deb grub2_1.96+20080831-1.diff.gz to pool/main/g/grub2/grub2_1.96+20080831-1.diff.gz grub2_1.96+20080831-1.dsc to pool/main/g/grub2/grub2_1.96+20080831-1.dsc grub2_1.96+20080831-1_amd64.deb to pool/main/g/grub2/grub2_1.96+20080831-1_amd64.deb grub2_1.96+20080831.orig.tar.gz to pool/main/g/grub2/grub2_1.96+20080831.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Robert Millan [EMAIL PROTECTED] (supplier of updated grub2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 31 Aug 2008 18:40:09 +0200 Source: grub2 Binary: grub2 grub-of grub-linuxbios grub-common grub-pc grub-rescue-pc grub-coreboot grub-efi grub-ieee1275 Architecture: source amd64 Version: 1.96+20080831-1 Distribution: experimental Urgency: low Maintainer: GRUB Maintainers [EMAIL PROTECTED] Changed-By: Robert Millan [EMAIL PROTECTED] Description: grub-common - GRand Unified Bootloader, version 2 (common files) grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version) grub-efi - GRand Unified Bootloader, version 2 (EFI version) grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version) grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package) grub-of- GRand Unified Bootloader, version 2 (dummy package) grub-pc- GRand Unified Bootloader, version 2 (PC/BIOS version) grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version) grub2 - GRand Unified Bootloader, version 2 (dummy package) Closes: 486624 487565 489287 490584 493106 493289 493347 493744 494158 494501 494589 495049 496040 496061 496573 496610 496820 Changes: grub2 (1.96+20080831-1) experimental; urgency=low . * New SVN snapshot. - patches
Bug#496383: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Sun, 31 Aug 2008 16:32:05 + with message-id [EMAIL PROTECTED] and subject line Bug#496383: fixed in xastir 1.9.2-2.1 has caused the Debian Bug report #496383, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496383: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496383 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: xastir Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Bug#497296: btrfs-source - error: version.h: No such file or directory
Package: btrfs-source Version: 0.16-1 Severity: serious btrfs fails to build against 2.6.26: | make: Entering directory `/usr/src/linux-headers-2.6.26-1-powerpc64' | LD /tmp/source/btrfs-0.16/built-in.o | CC [M] /tmp/source/btrfs-0.16/super.o | /tmp/source/btrfs-0.16/super.c:48:21: error: version.h: No such file or directory | /tmp/source/btrfs-0.16/super.c: In function ‘btrfs_parse_options’: | /tmp/source/btrfs-0.16/super.c:191: warning: format ‘%llu’ expects type ‘long long unsigned int’, but argument 2 has type ‘u64’ | /tmp/source/btrfs-0.16/super.c:206: warning: format ‘%llu’ expects type ‘long long unsigned int’, but argument 2 has type ‘u64’ | /tmp/source/btrfs-0.16/super.c:216: warning: format ‘%llu’ expects type ‘long long unsigned int’, but argument 2 has type ‘u64’ | /tmp/source/btrfs-0.16/super.c: In function ‘init_btrfs_fs’: | /tmp/source/btrfs-0.16/super.c:617: error: ‘BTRFS_BUILD_VERSION’ undeclared (first use in this function) | /tmp/source/btrfs-0.16/super.c:617: error: (Each undeclared identifier is reported only once | /tmp/source/btrfs-0.16/super.c:617: error: for each function it appears in.) | make[1]: *** [/tmp/source/btrfs-0.16/super.o] Error 1 | make: *** [_module_/tmp/source/btrfs-0.16] Error 2 | make: Leaving directory `/usr/src/linux-headers-2.6.26-1-powerpc64' Bastian -- Men will always be men -- no matter where they are. -- Harry Mudd, Mudd's Women, stardate 1329.8 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#457279: remove gnarwl from lenny?
Hi, gnarwl has an RC bug (#457279) about non-DFSG files (open for 8 months, set to serious for =1 month). gnarwl seems to seriously lack maintainer attention: #334873 is a segfault bug almost three years old without maintainer response. The last maintainer upload was more than three years ago, i.e. before sarge. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497297: gdm starts gnome-settings-manager which block mcs and xfce4 won't start
Package: xfce4 Version: 4.4.2.1 Severity: grave Justification: renders package unusable If you install the xfce task, you can't start xfce4 because gdm depends on gnome-session which pulls in gnome-settings-manager, which block mcs and therefore xfce4 can't start. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages xfce4 depends on: ii gtk2-engines-xfce 2.4.2-2A GTK+-2.0 theme engine for Xfce ii thunar0.9.0-10 File Manager for Xfce ii xfce4-icon-theme 4.4.2-1Xfce Standard icon theme ii xfce4-mcs-plugins 4.4.2-4Special modules for the xfce4-mcs- ii xfce4-panel 4.4.2-6The Xfce4 desktop environment pane ii xfce4-session 4.4.2-6Xfce4 Session Manager ii xfce4-utils 4.4.2-8Various tools for Xfce ii xfdesktop44.4.2-7Provides desktop background and ro ii xfwm4 4.4.2-5window manager of the Xfce project Versions of packages xfce4 recommends: ii desktop-base 4.0.7 common files for the Debian Deskto ii orage 4.5.14.0-1 Calendar for Xfce Desktop Environm ii xfce4-mixer 4.4.2-3Xfce4 Mixer frontend ii xfce4-terminal0.2.8-5Xfce terminal emulator ii xfprint4 4.4.2-5Printer GUI for Xfce4 ii xorg 1:7.3+15 X.Org X Window System xfce4 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495320: rubygems1.8: Package name change causes data loss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 severity 495320 wishlist tag 495320 wontfix thanks Hi Matijs, Matijs van Zuijlen wrote: You may chalk it up to user error, but I like to purge packages that have completely vanished from debian: No need to keep configuration around that I'm never going to use again. Perging the package results in removing installed gems. This behavior matches Debian's way (for example, log files are removed). If you prefer purging, user intervention is required: record the list of the gems you have installed before the purge, then reinstall them. Regards, Daigo - -- Daigo Moriwaki daigo at debian dot org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAki601cACgkQNcPj+ukc0lCgkwCgmAZ280kPdHEp2/m1V4yn23C5 zswAnAlK/SZEGtv6QLoMGdXJLQnrtNPV =VExu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495484: marked as done (blobwars: Contains non-free sound and music)
Your message dated Sun, 31 Aug 2008 17:18:43 + with message-id [EMAIL PROTECTED] and subject line Bug#495484: fixed in blobwars 1.08-dfsg-1 has caused the Debian Bug report #495484, regarding blobwars: Contains non-free sound and music to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 495484: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495484 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: blobwars Version: 1.08-1 Severity: serious The music and sounds in Blobwars are taken from various free online repositories, which allow distribution and non-commercial use at the minimum, but not necessarily DFSG-free. Some sounds and music files may be in the public domain, but this is not clear yet. The sounds and music should be split into a blobwars-data-nonfree package. (I'm reporting this bug to prevent blobwars from getting released with lenny before this is fixed.) ---End Message--- ---BeginMessage--- Source: blobwars Source-Version: 1.08-dfsg-1 We believe that the bug you reported is fixed in the latest version of blobwars, which is due to be installed in the Debian FTP archive: blobwars-data_1.08-dfsg-1_all.deb to pool/main/b/blobwars/blobwars-data_1.08-dfsg-1_all.deb blobwars_1.08-dfsg-1.diff.gz to pool/main/b/blobwars/blobwars_1.08-dfsg-1.diff.gz blobwars_1.08-dfsg-1.dsc to pool/main/b/blobwars/blobwars_1.08-dfsg-1.dsc blobwars_1.08-dfsg-1_amd64.deb to pool/main/b/blobwars/blobwars_1.08-dfsg-1_amd64.deb blobwars_1.08-dfsg.orig.tar.gz to pool/main/b/blobwars/blobwars_1.08-dfsg.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guus Sliepen [EMAIL PROTECTED] (supplier of updated blobwars package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 30 Aug 2008 22:58:49 +0200 Source: blobwars Binary: blobwars blobwars-data Architecture: source amd64 all Version: 1.08-dfsg-1 Distribution: unstable Urgency: low Maintainer: Guus Sliepen [EMAIL PROTECTED] Changed-By: Guus Sliepen [EMAIL PROTECTED] Description: blobwars - A platform shooting game blobwars-data - A platform shooting game Closes: 288173 495484 Changes: blobwars (1.08-dfsg-1) unstable; urgency=low . * Remove all music and sound files from the upstream tarball, as they are not DFSG compliant. Closes: #495484 * Do not put all data files in one PAK file anymore. * Put the other data files into a blobwars-data package. Closes: #288173 * Ignore missing sound and music files. Checksums-Sha1: 191f04fb7ab691c94e63e8c88b2ba28bdca13ba7 1133 blobwars_1.08-dfsg-1.dsc 8804db79fe90e2f4c608294159cd4c061a50f99b 4176265 blobwars_1.08-dfsg.orig.tar.gz 17c1506a1a73208c83fa4e967c13e49e08b30817 24437 blobwars_1.08-dfsg-1.diff.gz 9dea5302dbed8dcaea7b60741ae3435f09036d60 130666 blobwars_1.08-dfsg-1_amd64.deb dde73faf39d0d3f485f9b49472515e86f313a4aa 4020188 blobwars-data_1.08-dfsg-1_all.deb Checksums-Sha256: 24819e0e61db5966ca4d871ab3e3dc6ce09babd4868b6f53865f5109872600df 1133 blobwars_1.08-dfsg-1.dsc 06843b21155eb6f0c3cd0c4ff296544e116690a563edef9403a775cbe56ab615 4176265 blobwars_1.08-dfsg.orig.tar.gz ea840e0b8b46d4eb8aecce6e20a3f6dea6ad490de3fc996e98a5a69fba900090 24437 blobwars_1.08-dfsg-1.diff.gz 6e5217bceb02110dabdf92b761589e4713d69d3c36bc56f31e5ebbeb99eb449e 130666 blobwars_1.08-dfsg-1_amd64.deb 6e4b6a689debfa426699ba4a1f33933ae0aa9f80ae3770807bfb86694fb4074d 4020188 blobwars-data_1.08-dfsg-1_all.deb Files: cb1568f3d2cecf95ac4142216699f5fb 1133 games optional blobwars_1.08-dfsg-1.dsc 73976efafb3ebeb84b3c28358dd3ac25 4176265 games optional blobwars_1.08-dfsg.orig.tar.gz 9128299eef4445c0c173e899ac9659b7 24437 games optional blobwars_1.08-dfsg-1.diff.gz 231471c5d084387c2d9114c61a96e4fc 130666 games optional blobwars_1.08-dfsg-1_amd64.deb c3c4a628e9159378417d2c94c64f4c9f 4020188 games optional blobwars-data_1.08-dfsg-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAki5t98ACgkQAxLow12M2nsvWACgmWzVZFny9HWtlweV3B6G+QRr JZgAniaoPA1/jUN21USYQOV87OQ+Rp7S =5QiS -END PGP SIGNATURE- ---End Message---
Processed: re: [jcc] Please add ${python:Depends} to Depends field
Processing commands for [EMAIL PROTECTED]: found 497131 1.9-1 Bug#497131: [jcc] Please add ${python:Depends} to Depends field Bug marked as found in version 1.9-1. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497131: [jcc] Please add ${python:Depends} to Depends field
found 497131 1.9-1 thanks this bug also affects the version currently in testing. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#497296: btrfs-source - error: version.h: No such file or directory
Processing commands for [EMAIL PROTECTED]: severity 497296 important Bug#497296: btrfs-source - error: version.h: No such file or directory Severity set to `important' from `serious' tags 497296 +pending Bug#497296: btrfs-source - error: version.h: No such file or directory There were no tags set. Tags added: pending retitle 497296 btrfs-source: FTBFS with lme Bug#497296: btrfs-source - error: version.h: No such file or directory Changed Bug title to `btrfs-source: FTBFS with lme' from `btrfs-source - error: version.h: No such file or directory'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497302: dvr-qtgui hangs after video device selection dialog
Package: dvr Version: 3.2-9.1 Severity: grave Justification: renders package unusable -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dvr depends on: ii libavifile-0.7c2 1:0.7.47.20070718-1.2 shared libraries for AVI read/writ ii libc6 2.7-13GNU C Library: Shared libraries ii libgcc11:4.3.1-9 GCC support library ii libqt3-mt 3:3.3.8b-5Qt GUI Library (Threaded runtime v ii libstdc++6 4.3.1-9 The GNU Standard C++ Library v3 ii libx11-6 2:1.1.4-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxv1 2:1.0.4-1 X11 Video extension library ii libxxf86vm11:1.0.2-1 X11 XFree86 video mode extension l ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime dvr recommends no packages. dvr suggests no packages. -- no debconf information Notes: When dvt-qtgui is started from the gnome-terminal the device selection dialog is shown, after I selectand confirm the video device I want to use the dialog disappairs and ther are no new windows shown even if the program is still running. At this point these are the messages shown in the in the gnome-terminal window: # Start of gnome-terminal window messages ~$ dvr-qtgui init : Avifile RELEASE-0.7.47-070929-17:56-4.2.1 init : Available CPU flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow up ts init : 2004.67 MHz AMD K7 processo processor detected *** WARNING *** : the driver doesn't provide a correct size for memory mapping. DVR tries to correct this error, but some strange things may happend, you are warned. Can't map memory for capture : Invalid argument # End of gnome-terminal window messages Then nothing happens, dvr-qtgui is still running but there is no window for it. The dvr-qtgui complains about driver but other programs (xawtv, tvtime) have no problem with it. The video device is named by the maifacturer Pinnacle PCTV Stereo and is reported by lspci as: 01:08.0 Multimedia controller: Philips Semiconductors SAA7134/SAA7135HL Video Broadcast Decoder (rev 01) This is the module list reported by lsmod: Module Size Used by radeon112096 2 drm74132 3 radeon ipv6 240836 14 ppdev 8804 0 lp 11076 0 video 18672 0 output 3744 1 video ac 6116 0 battery13572 0 cpufreq_conservative 7560 0 cpufreq_powersave 1856 0 cpufreq_stats 5184 0 cpufreq_ondemand8492 0 freq_table 4512 2 cpufreq_stats,cpufreq_ondemand cpufreq_userspace 4260 0 w83627hf 20756 0 hwmon_vid 3040 1 w83627hf loop 16804 0 firewire_sbp2 14252 0 tuner 39008 0 tea5767 5764 1 tuner tda829011172 1 tuner tuner_simple8040 1 tuner mt20xx 11624 1 tuner tea5761 4932 1 tuner snd_mpu401 8008 0 snd_mpu401_uart 8000 1 snd_mpu401 snd_seq_dummy 3780 0 snd_seq_oss29472 0 snd_seq_midi8160 0 snd_seq_midi_event 6976 2 snd_seq_oss,snd_seq_midi snd_seq46544 6 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event saa7134 124272 1 snd_intel8x0 32028 1 snd_rawmidi22624 2 snd_mpu401_uart,snd_seq_midi compat_ioctl32 1408 1 saa7134 videobuf_dma_sg13380 1 saa7134 videobuf_core 16740 2 saa7134,videobuf_dma_sg snd_ac97_codec 92932 1 snd_intel8x0 snd_seq_device 7820 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq,snd_rawmidi ns558 4672 0 ir_kbd_i2c 9552 1 saa7134 ir_common 35012 2 saa7134,ir_kbd_i2c ac97_bus2176 1 snd_ac97_codec gameport 14472 2 ns558 parport_pc 33668 1 parport34280 3 ppdev,lp,parport_pc videodev 26304 2 saa7134 snd_pcm_oss38272 0 snd_mixer_oss 15296 1 snd_pcm_oss v4l2_common16608 3 tuner,saa7134,videodev v4l1_compat13220 2 saa7134,videodev rtc_cmos8352 0 rtc_core 17992 1 rtc_cmos rtc_lib 3040 1 rtc_core snd_pcm71780 3 snd_intel8x0,snd_ac97_codec,snd_pcm_oss snd_timer 21092 2 snd_seq,snd_pcm serio_raw
Bug#495214: ipsec-tools in unstable fixes RC bug
Thomas Viehmann wrote: Hi, apparently, #495214: CVE-2008-3651: memory leak is fixed in unstable by virtue of the new upstream release without the maintainer knowing / noting it in the changelog. The new upstream release has a largish diff to the version in testing, does the release team want the version from unstable or a backported fix? unblocked Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497110: boot loader installation failed when dmraid=true
On Saturday 30 August 2008, Giuseppe Iuculano wrote: - First test Partition disk: http://sd6.iuculano.it/dmraid-testing/partman1-1.png Choose free space and create a new partition: http://sd6.iuculano.it/dmraid-testing/partman1-2.png http://sd6.iuculano.it/dmraid-testing/partman1-3.png Unfortunately I got an out of memory. OK. This is very bad. You can find partman and sylog log here: http://sd6.iuculano.it/dmraid-testing/log1.tar.gz Unfortunately these don't help very much. What I think we need here is a full debug log for partman to see what was running at the time of the OOM. I suspect you somehow get into a loop. Please make sure you have started your ssh sessions _before_ starting partman (so we know that they do not cause the OOM). Add a line 'set -x' in /lib/partman/lib/base.sh before you start partman and send the syslog after you get the OOM. Please follow the wiki page. Starting with a new pseudo-RAID device is fine. - Second test Partition disk: This time I choose Automatically partition the free space, all files in one partition and I got: Automatic/guided partitioning is not supported for dmraid. - Third test (as wiki procedure but with Automatically partition the free space) As I say, not supported. As the second, but this time I selected Write changes in SATA RAID partitioning to disk, and I got: http://sd6.iuculano.it/dmraid-testing/partman3-1.png This is already so fucked up (combination of devicepart and deviceppart devices) that it's really not any use to continue. Now I got: http://sd6.iuculano.it/dmraid-testing/partman3-5.png I selected Free space and create a new partition, set it as swap area: Selecting FREE SPACE on a partition is not conform the documented procedure. Basically you should never get in that situation. In conclusion, If I try to follow wiki procedure I can't create new partition, but only Automatically partition the free space, otherwise I got an out of memory Right, so we need to concentrate on that first OOM. All the rest is effectively useless I'm afraid. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495954: slapd: Upgrade to Lenny failed: libldap_r-2.3.so.0 missing
On Fri, Aug 22, 2008 at 06:28:05PM +0200, Ferenc Wagner [EMAIL PROTECTED] was heard to say: severity 495954 critical thanks This bug makes unrelated software on the system break. Well, aptitude is a package manager, so most of its bugs do... Are you interested in a dpkg.log or some aptitude status files? I can recover them from backup for a couple of days. I've been thinking about this while I was away, and I think that the apt and aptitude status files, if you still have them, *would* be useful to me. I can at least try to reproduce the situation you encountered and see what's going on. Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#483918: marked as done (alsa-driver - binary only code)
Your message dated Sun, 31 Aug 2008 19:17:03 + with message-id [EMAIL PROTECTED] and subject line Bug#483918: fixed in alsa-driver 1.0.17.dfsg-1 has caused the Debian Bug report #483918, regarding alsa-driver - binary only code to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 483918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483918 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: alsa-driver Version: 1.0.16-1.1 Severity: serious alsa-driver still ships files which have beed removed from the Debian Linux packages because of DFSG violations. This are at least: * alsa-kernel/pci/cs46xx/cs46xx_image.h * alsa-kernel/pci/cs46xx/imgs * alsa-kernel/pci/korg1212/korg1212-firmware.h * alsa-kernel/pci/maestro3.c * alsa-kernel/pci/ymfpci/ymfpci_image.h Bastian -- Killing is stupid; useless! -- McCoy, A Private Little War, stardate 4211.8 ---End Message--- ---BeginMessage--- Source: alsa-driver Source-Version: 1.0.17.dfsg-1 We believe that the bug you reported is fixed in the latest version of alsa-driver, which is due to be installed in the Debian FTP archive: alsa-base_1.0.17.dfsg-1_all.deb to pool/main/a/alsa-driver/alsa-base_1.0.17.dfsg-1_all.deb alsa-driver_1.0.17.dfsg-1.diff.gz to pool/main/a/alsa-driver/alsa-driver_1.0.17.dfsg-1.diff.gz alsa-driver_1.0.17.dfsg-1.dsc to pool/main/a/alsa-driver/alsa-driver_1.0.17.dfsg-1.dsc alsa-driver_1.0.17.dfsg.orig.tar.gz to pool/main/a/alsa-driver/alsa-driver_1.0.17.dfsg.orig.tar.gz alsa-source_1.0.17.dfsg-1_all.deb to pool/main/a/alsa-driver/alsa-source_1.0.17.dfsg-1_all.deb linux-sound-base_1.0.17.dfsg-1_all.deb to pool/main/a/alsa-driver/linux-sound-base_1.0.17.dfsg-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jordi Mallach [EMAIL PROTECTED] (supplier of updated alsa-driver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 31 Aug 2008 20:42:15 +0200 Source: alsa-driver Binary: linux-sound-base alsa-base alsa-source Architecture: source all Version: 1.0.17.dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian ALSA Maintainers [EMAIL PROTECTED] Changed-By: Jordi Mallach [EMAIL PROTECTED] Description: alsa-base - ALSA driver configuration files alsa-source - ALSA driver sources linux-sound-base - base package for ALSA and OSS sound systems Closes: 366342 401780 405678 467421 483918 484441 490710 491551 491576 491755 493543 493552 496635 496637 Changes: alsa-driver (1.0.17.dfsg-1) unstable; urgency=medium . * New upstream release. - closes: #401780, no sound with VIA 8235 - closes: #467421, FTBFS timer.c - closes: #490710, fails to compile with kernel-source-2.6.25-2 - closes: #493543, please update to version 1.0.17 - closes: #484441, Headphone jacks on nVidia MCP67 laptops do not work - closes: #491576, Please package 1.0.17 . [ Elimar Riesebieter ] * Removed because of DFSG violations: - alsa-kernel/pci/cs46xx/cs46xx_image.h - alsa-kernel/pci/cs46xx/imgs - alsa-kernel/pci/korg1212/korg1212-firmware.h - alsa-kernel/pci/maestro3.c - alsa-kernel/pci/ymfpci/ymfpci_image.h (closes: #483918) * Update of swedish debconf translation. Thanks brother. (closes: #491755) * Fixed typo in ALSA-module-list. Thanks Dan Chen. (closes: #491551) * /dev/snd/seq for AC97 alsa driver. Thanks Dan Chen. (closes: #366342) * Reworked alsa-base.README:Debian. Thanks Luca Capello. (closes: #496635, #496637) * Corrected debhelper version mismatch in alsa-source. Thanks Joe Nahmias. (closes: 493552) * Switched to debhelper 7. * Bumped Standards-Version to 3.8.0. No changes. * Bumped watchfile version to 3. * Added dversionmangle to watchfile. * Added remove_maestro3.patch to cleanup pci/Makefile * module-assistant and linux-header are recommended since 1.0.16. Forgot to (closes: #405678) . [ Jordi Mallach ] * Update long descriptions for all packages. Checksums-Sha1: 28e727f459f4e85a043083423ba959351b6a75a0 1394 alsa-driver_1.0.17.dfsg-1.dsc 173f9236905730124b366e213b707d183b0a2b13 3505810
Bug#486400: splashy: hibernation broken in stock 2.6.26-686 or custom kernel with crypt mapper drives
Package: splashy Version: 0.3.10-2 Followup-For: Bug #486400 I also encounter the same problem using either the stock kernel for 2.6.26 or my own custom kernel when resuming from hibernation. The normal boot-up splash screen works fine and prompts me for the passwords to the encrypted partitions. (Wow that's cool.) But then it hangs. The progress bar is not filled out and does not do anything. The system does not respond. I did not try magic sysrq but all key combinations to restart or switch terminals or get verbose splashy output (f2) do not work. I end up having to power-cycle the machine to restart. This results in data corruption and fsck always has to clear one orphaned inode. Thanks. --mark-- -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages splashy depends on: ii initramfs-tools0.92f tools for generating an initramfs ii libc6 2.7-13GNU C Library: Shared libraries ii libdirectfb-1.0-0 1.0.1-9 direct frame buffer graphics - sha ii libgcc11:4.3.1-9 GCC support library ii libglib2.0-0 2.16.4-2 The GLib library of C routines ii libmagic1 4.25-1File type determination library us ii libsplashy10.3.10-2 Library to draw splash screen on b ii lsb-base 3.2-19Linux Standard Base 3.2 init scrip ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime splashy recommends no packages. Versions of packages splashy suggests: ii console-common0.7.79 basic infrastructure for text cons pn splashy-themesnone (no description available) pn upstart none (no description available) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#486400: followup re slighly working condition
Also see 497313. When splashy was installed running under my custom kernel, initramfs for the stock kernel was not rebuilt due to that bug. So when I booted under the stock kernel, splashy never loaded until after I unlocked the encrypted drives and normal boot began. Resume from hibernation worked under this scenario. VESA console prompted for the drive passwords, then resume began, then the splashy resume screen loaded and the progress bar worked, then my gnome screensaver password prompt came up. So it seems like the boot splash needs to turn itself off and restore to the text console immediately before resume from hibernation begins. Then the hibernation screen will load correctly. Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#457279: remove gnarwl from lenny?
I'm not able to provide tested gnarwl packages anymore. Sorry. I'm fine with getting it removed from lenny. Cheers, Cajus Am 31.08.2008 um 19:07 schrieb Thomas Viehmann: Hi, gnarwl has an RC bug (#457279) about non-DFSG files (open for 8 months, set to serious for =1 month). gnarwl seems to seriously lack maintainer attention: #334873 is a segfault bug almost three years old without maintainer response. The last maintainer upload was more than three years ago, i.e. before sarge. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495380: detailed bug description
Hmm, I see my previous description was a bit terse, so here in detail: read-only branch: some_path/sub_path read-write branch: empty or some_path, but NOT sub_path == union: some_path/sub_path Creating a new file in the union directory some_path/subpath will now fail without the bugfix, since it will fail to create rw_branch/some_path/sub_path. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495703: ghostscript: diff for NMU version 8.62.dfsg.1-3.1
tags 495703 + patch pending thanks Hi, The following is the diff for my ghostscript 8.62.dfsg.1-3.1 NMU. Kind regards T. diff -u ghostscript-8.62.dfsg.1/debian/changelog ghostscript-8.62.dfsg.1/debian/changelog --- ghostscript-8.62.dfsg.1/debian/changelog +++ ghostscript-8.62.dfsg.1/debian/changelog @@ -1,3 +1,13 @@ +ghostscript (8.62.dfsg.1-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add (empty) gs-common.prerm to enable upgrades +etch-lenny to succeed when the old gs-common.prerm +fails. Closes: #495703. +Thanks to Niko Tyni for the bug report and analysis. + + -- Thomas Viehmann [EMAIL PROTECTED] Sun, 31 Aug 2008 22:26:34 +0200 + ghostscript (8.62.dfsg.1-3) unstable; urgency=low * Acknowledged NMU, thanks madcoder - closes: #453903 only in patch2: unchanged: --- ghostscript-8.62.dfsg.1.orig/debian/gs-common.prerm +++ ghostscript-8.62.dfsg.1/debian/gs-common.prerm @@ -0,0 +1,43 @@ +#! /bin/sh +# prerm script for ghostscript +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +#* prerm `remove' +#* old-prerm `upgrade' new-version +#* new-prerm `failed-upgrade' old-version +#* conflictor's-prerm `remove' `in-favour' package new-version +#* deconfigured's-prerm `deconfigure' `in-favour' +# package-being-installed version `removing' +# conflicting-package version +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case $1 in +remove) + ;; +upgrade) +;; +deconfigure) +;; +failed-upgrade) +### This script does nothing, but it's presence + ### is needed for etch-lenny upgrades + ### see bug #495703 +;; +*) +echo prerm called with unknown argument \`$1' 2 +exit 1 +;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#490963: iceweasel is not saving my bookmark changes
On Sat, Aug 30, 2008 at 11:33:43PM -0400, Eric Dorland wrote: What are the permissions on the files under ~/.mozilla/firefox? The permissions are all fine - owned by me, user-readable, user-writable, etc. .mozilla is 700, .mozilla/iceweasel is a symlink to .mozilla/firefox, and .mozilla/firefox is mode 755, and .mozilla/firefox/profile.default is 700. By coincidence: Just yesterday, on MozillaZine, I found a workaround that works for me: http://kb.mozillazine.org/Bookmarks_not_saved#Places_preferences_-_Firefox_3 This is not a fix, however, only a workaround. There is still a bug that during FF 2-3 upgrade, or perhaps passing through one of the prereleases, some of the places preferences got set wrongly, and/or perhaps there is a bug in how they are interpreted. But in any case, once I reset those preferences, the bug _seemed_ to go into remission. -- Chip Salzenberg [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#457279: remove gnarwl from lenny?
Cajus Pollmeier wrote: I'm not able to provide tested gnarwl packages anymore. Sorry. I'm fine with getting it removed from lenny. removal hint added. Cheers Luk Am 31.08.2008 um 19:07 schrieb Thomas Viehmann: Hi, gnarwl has an RC bug (#457279) about non-DFSG files (open for 8 months, set to serious for =1 month). gnarwl seems to seriously lack maintainer attention: #334873 is a segfault bug almost three years old without maintainer response. The last maintainer upload was more than three years ago, i.e. before sarge. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496032: marked as done (exiftags_1.01-2(sparc/unstable): make: Nothing to be done for `binary-arch'!)
Your message dated Sun, 31 Aug 2008 21:02:08 + with message-id [EMAIL PROTECTED] and subject line Bug#496032: fixed in exiftags 1.01-3 has caused the Debian Bug report #496032, regarding exiftags_1.01-2(sparc/unstable): make: Nothing to be done for `binary-arch'! to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496032: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496032 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: exiftags Version: 1.01-2 Severity: serious There was an error while trying to autobuild your package and the log confused me quite a little bit. You are compiling stuff, but then there is nothing to be done for binary-arch? :) Automatic build of exiftags_1.01-2 on spontini by sbuild/sparc 99.99 Build started at 20080817-1003 [...] ** Using build dependencies supplied by package: Build-Depends: debhelper (= 7), quilt [...] cc -g -O2 -o exifcom.o -c exifcom.c cc -g -O2 -o makers_stub.o -c makers_stub.c cc -g -O2 -o exifcom exifcom.o exif.o tagdefs.o exifutil.o exifgps.o jpeg.o makers_stub.o -lm cc -g -O2 -o exiftime.o -c exiftime.c cc -g -O2 -o timevary.o -c timevary.c cc -g -O2 -o exiftime exiftime.o timevary.o exif.o tagdefs.o exifutil.o exifgps.o jpeg.o makers_stub.o -lm make[1]: Leaving directory `/build/buildd/exiftags-1.01' dh_auto_test dh build /usr/bin/fakeroot debian/rules binary-arch make: Nothing to be done for `binary-arch'. dpkg-genchanges -B -mDebian Build Daemon buildd_sparc-spontini ../exiftags_1.01-2_sparc.changes dpkg-genchanges: arch-specific upload - not including arch-independent packages dpkg-genchanges: failure: cannot read files list file: No such file or directory dpkg-buildpackage: failure: dpkg-genchanges gave error exit status 2 A full build log can be found at: http://buildd.debian.org/build.php?arch=sparcpkg=exiftagsver=1.01-2 ---End Message--- ---BeginMessage--- Source: exiftags Source-Version: 1.01-3 We believe that the bug you reported is fixed in the latest version of exiftags, which is due to be installed in the Debian FTP archive: exiftags_1.01-3.diff.gz to pool/main/e/exiftags/exiftags_1.01-3.diff.gz exiftags_1.01-3.dsc to pool/main/e/exiftags/exiftags_1.01-3.dsc exiftags_1.01-3_i386.deb to pool/main/e/exiftags/exiftags_1.01-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Eugene V. Lyubimkin [EMAIL PROTECTED] (supplier of updated exiftags package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 23 Aug 2008 12:04:23 +0300 Source: exiftags Binary: exiftags Architecture: source i386 Version: 1.01-3 Distribution: unstable Urgency: low Maintainer: Eugene V. Lyubimkin [EMAIL PROTECTED] Changed-By: Eugene V. Lyubimkin [EMAIL PROTECTED] Description: exiftags - Utility to read Exif tags from a digital camera JPEG file Closes: 496032 Changes: exiftags (1.01-3) unstable; urgency=low . * debian/rules: - Removed '.PHONY' entry for binary-arch and binary-indep. (Closes: #496032) - Added explicit 'build-arch' rule depending on 'build' rule. Thanks to George Danchev for pointing this issue. Checksums-Sha1: c5aab9e48451aca60e1a86ca564931fac34e249a 1636 exiftags_1.01-3.dsc aed0836f34e23a4afba71e83eeb0e18efa6c1b00 3707 exiftags_1.01-3.diff.gz f5b6915baca5f1ac6a16d0dcc556c1a4290df09a 84344 exiftags_1.01-3_i386.deb Checksums-Sha256: d93f9b10d6ff028976c868124a6e578d75b2b9c7e488029e1610baf182c6a32a 1636 exiftags_1.01-3.dsc 424c4dc94843d7fa4244c4834cc0e608dfaed0b98cc713c754924764f426b9a1 3707 exiftags_1.01-3.diff.gz 3825dc776f9d7f9d9e728552e4c61476e04e420f47795f1dc03a9c539ee9f88d 84344 exiftags_1.01-3_i386.deb Files: 305bbc5e88f79768238e8b1de312973f 1636 graphics optional exiftags_1.01-3.dsc f474160b8fed0bb3fd8ceb42204c877f 3707 graphics optional exiftags_1.01-3.diff.gz 5f44da717d394cadf55e2547cd9fda35 84344 graphics optional exiftags_1.01-3_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBAgAGBQJIuwhkAAoJEBxXDIkOS9CryPMQAIn9u8CMT5NcmQYmQTIv8WZ1 aH98ea+sVgBlUL8ICLxiClsBB7btXONiRXhXYYAhtlcvf0yfHUqJuRPYbcKeMqYf
Bug#495703: marked as done (gs-common: upgrade from Etch fails)
Your message dated Sun, 31 Aug 2008 21:17:12 + with message-id [EMAIL PROTECTED] and subject line Bug#495703: fixed in ghostscript 8.62.dfsg.1-3.1 has caused the Debian Bug report #495703, regarding gs-common: upgrade from Etch fails to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 495703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495703 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: gs-common Version: 8.62.dfsg.1-3 Severity: serious Upgrading gs-common from Etch fails when perl-modules is unconfigured and out of sync with perl-base: Preparing to replace gs-common 0.3.11 (using gs-common_8.62.dfsg.1-3_all.deb) ... Can't locate File/Copy.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at /usr/bin/defoma-app line 7. BEGIN failed--compilation aborted at /usr/bin/defoma-app line 7. dpkg: warning - old pre-removal script returned error exit status 2 dpkg - trying script from the new package instead ... dpkg: error processing gs-common_8.62.dfsg.1-3_all.deb (--unpack): there is no script in the new version of the package - giving up Errors were encountered while processing: gs-common_8.62.dfsg.1-3_all.deb As discussed in #495359, the 'old-prerm upgrade' invocation is done in the dpkg unpacking stage, and non-Essential packages (that aren't in Pre-Depends) aren't guaranteed to be functional at that time. See policy 6.6: http://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-unpackphase File::Copy is in perl-modules, which is not Essential:yes. There's no way to fix the Etch prerm or defoma-app anymore of course, but adding a prerm script in the Lenny gs-common package that survives 'failed-upgrade' is enough to fix the upgrades. There are several Etch packages calling defoma-app from 'prerm upgrade', but gs-common seems to be the only one that hasn't a prerm script in Lenny for recovering. Steps to reproduce, starting from a clean Etch install: apt-get install gs-common perl -pi -e s/etch/lenny/ /etc/apt/sources.list apt-get update apt-get install tzdata lib6 apt-get -d install perl-base gs-common dpkg --unpack /var/cache/apt/archives/perl-base_5.10.0-13_amd64.deb /var/cache/apt/archives/gs-common_8.62.dfsg.1-3_all.deb or alternatively apt-get install gs-common perl -pi -e s/etch/lenny/ /etc/apt/sources.list apt-get update apt-get -d install perl-modules gs-common dpkg --unpack /var/cache/apt/archives/perl-modules_5.10.0-11.1_all.deb /var/cache/apt/archives/gs-common_8.62.dfsg.1-3_all.deb This is happening in real dist-upgrades too, see the original report in #495359. -- Niko Tyni [EMAIL PROTECTED] ---End Message--- ---BeginMessage--- Source: ghostscript Source-Version: 8.62.dfsg.1-3.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive: ghostscript-doc_8.62.dfsg.1-3.1_all.deb to pool/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.1_all.deb ghostscript-x_8.62.dfsg.1-3.1_amd64.deb to pool/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.1_amd64.deb ghostscript_8.62.dfsg.1-3.1.diff.gz to pool/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.1.diff.gz ghostscript_8.62.dfsg.1-3.1.dsc to pool/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.1.dsc ghostscript_8.62.dfsg.1-3.1_amd64.deb to pool/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.1_amd64.deb gs-aladdin_8.62.dfsg.1-3.1_all.deb to pool/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.1_all.deb gs-common_8.62.dfsg.1-3.1_all.deb to pool/main/g/ghostscript/gs-common_8.62.dfsg.1-3.1_all.deb gs-esp_8.62.dfsg.1-3.1_all.deb to pool/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.1_all.deb gs-gpl_8.62.dfsg.1-3.1_all.deb to pool/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.1_all.deb gs_8.62.dfsg.1-3.1_all.deb to pool/main/g/ghostscript/gs_8.62.dfsg.1-3.1_all.deb libgs-dev_8.62.dfsg.1-3.1_amd64.deb to pool/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.1_amd64.deb libgs8_8.62.dfsg.1-3.1_amd64.deb to pool/main/g/ghostscript/libgs8_8.62.dfsg.1-3.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Viehmann [EMAIL PROTECTED] (supplier of updated ghostscript package) (This message was
Bug#491270: pulseaudio: diff for NMU version 0.9.10-2.1
tags 491270 + patch pending thanks Hi, The following is the diff for my pulseaudio 0.9.10-2.1 NMU. Kind regards T. reverted: --- pulseaudio-0.9.10/debian/libpulse-mainloop-glib0-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse-mainloop-glib0-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-gconf-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-gconf-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-zeroconf.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-zeroconf.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-hal.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-hal.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-utils.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-utils.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulsecore5.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulsecore5.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-x11.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-x11.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-zeroconf-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-zeroconf-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulse0-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse0-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulsecore5-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulsecore5-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulse-dev.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse-dev.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-utils-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-utils-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulse-browse0.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse-browse0.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-esound-compat-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-esound-compat-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages diff -u pulseaudio-0.9.10/debian/changelog pulseaudio-0.9.10/debian/changelog --- pulseaudio-0.9.10/debian/changelog +++ pulseaudio-0.9.10/debian/changelog @@ -1,3 +1,13 @@ +pulseaudio (0.9.10-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Add 0006-dont-hang-on-start-opening-random.patch: +- add increment to loop trying to open random devices + Closes: #491270 +Patch by Matt Kraai, thanks! + + -- Thomas Viehmann [EMAIL PROTECTED] Sun, 31 Aug 2008 22:35:52 +0200 + pulseaudio (0.9.10-2) unstable; urgency=low * debian/patches/0003-Define-PULSE_INTERNAL.patch reverted: --- pulseaudio-0.9.10/debian/libpulse-browse0-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse-browse0-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-esound-compat.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-esound-compat.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-lirc.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-lirc.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-jack.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-jack.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-jack-dbg.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-jack-dbg.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulse0.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse0.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-gconf.debhelper.log +++ pulseaudio-0.9.10.orig/debian/pulseaudio-module-gconf.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/libpulse-mainloop-glib0.debhelper.log +++ pulseaudio-0.9.10.orig/debian/libpulse-mainloop-glib0.debhelper.log @@ -1 +0,0 @@ -dh_listpackages reverted: --- pulseaudio-0.9.10/debian/pulseaudio-module-hal-dbg.debhelper.log +++
Processed: pulseaudio: diff for NMU version 0.9.10-2.1
Processing commands for [EMAIL PROTECTED]: tags 491270 + patch pending Bug#491270: pulseaudio: PulseAudio freezes the boot process in some situations Tags were: fixed-upstream pending patch Tags added: patch, pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#492488: iceweasel: crashes on startup (x64)
I am also getting this bug on my x86-64 system but not on my similar x86 system. Is anyone having success running iceweasel on x86-64 or the next release of Debian is going to ship with an iceweasel that does not run on x86-64 systems? Ahora también puedes acceder a tu correo Terra desde el móvil. Infórmate pinchando aquí. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#497324: python-lxml: lxml.etree unusable when python-stats is installed
Package: python-lxml Severity: serious Version: 2.1.1-1 When the python-stats package is installed, attempting to use lxml.etree results in an AttributeError being thrown: ng:~# python -c 'import lxml.etree' ng:~# apt-get install -qq python-stats Selecting previously deselected package python-stats. (Reading database ... 341464 files and directories currently installed.) Unpacking python-stats (from .../python-stats_0.6-7_all.deb) ... Setting up python-stats (0.6-7) ... ng:~# python -c 'import lxml.etree' Traceback (most recent call last): File string, line 1, in module File lxml.etree.pyx, line 40, in lxml.etree (src/lxml/lxml.etree.c:119415) AttributeError: 'module' object has no attribute 'BytesIO' ng:~# apt-get remove -qq python-stats (Reading database ... 341473 files and directories currently installed.) Removing python-stats ... ng:~# python -c 'import lxml.etree' ng:~# Lines 39-42 in lxml.etree.pyx look like this: try: from io import BytesIO, StringIO except ImportError: from StringIO import StringIO, StringIO as BytesIO When python-stats is not installed, the 'io' module does not exist, so line 40 throws an ImportError which is caught, and all is good. When python-stats is installed, it installs `io.py', which seems unrelated to this, and doesn't define BytesIO. Normally this would generate an ImportError as well, but the C code generated from the .pyx tries to get BytesIO as an attribute of io, which throws an AttributeError, which goes uncaught and propagates up to the caller. I'm not sure if this is a bug in python-lxml, python-stats, or whatever generates the C from the pyx, but I'm filing this for python-lxml since I know how to fix it there. Attached is a patch to the pyx which would fix this issue when the C code is regenerated. I don't know how to regenerate it (pyrex doesn't seem to like the pyx files, and I don't know what else to try...), so the C is unpatched. Not sure if this is the correct way to fix it, but it should work when the C is regenerated. Wasn't sure of the severity on this... an unrelated package installed causes a rather large portion of this package to be unusable, and anything that depends on it is thus unusable (I discovered this because bcfg2 stopped working). Seems like it might be RC, though I'm unsure (it seems like not Conflict'ing with python-stats could be a policy violation when the package largely doesn't work when python-stats is installed), but marking as serious just in case. -- Andrew Deason [EMAIL PROTECTED] --- lxml-2.1.1/src/lxml/lxml.etree.pyx 2008-08-31 16:15:03.0 -0500 +++ lxml-2.1.1/src/lxml/lxml.etree.pyx 2008-08-31 16:16:30.0 -0500 @@ -38,7 +38,7 @@ cdef object BytesIO, StringIO try: from io import BytesIO, StringIO -except ImportError: +except (ImportError, AttributeError): from StringIO import StringIO, StringIO as BytesIO cdef object _elementpath
Bug#491270: marked as done (pulseaudio: PulseAudio freezes the boot process in some situations)
Your message dated Sun, 31 Aug 2008 21:47:07 + with message-id [EMAIL PROTECTED] and subject line Bug#491270: fixed in pulseaudio 0.9.10-2.1 has caused the Debian Bug report #491270, regarding pulseaudio: PulseAudio freezes the boot process in some situations to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 491270: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491270 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: pulseaudio Version: 0.9.10-2 Severity: critical Justification: breaks the whole system Hi, in the following situation, pulseaudio freezes the boot process: - pulseaudio system start enabled (in /etc/default/pulseaudio) - some bad permissions in the /dev directory (due to bug #491114 in my case). In my case, the error message was: Jul 18 07:22:56 tatanka pulseaudio[2715]: main.c: setrlimit(RLIMIT_NICE, (31, 31)) failed: Operation not permitted Jul 18 07:22:56 tatanka pulseaudio[2715]: main.c: setrlimit(RLIMIT_RTPRIO, (9, 9)) failed: Operation not permitted In understand that the origin of the bug doesn't lie in pulseaudio, and that is has been fixed already (see #491114). But, whatever causes pulseaudio to fail its startup, I think it shouldn't freeze the whole boot process, but rather die gracefully. Kind regards, Gabriel Kerneis -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-rc5-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pulseaudio depends on: ii adduser 3.108 add and remove users and groups ii libasound21.0.16-2 ALSA library ii libasyncns0 0.3-1 Asyncronous name service query lib ii libc6 2.7-12 GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libdbus-1-3 1.2.1-2simple interprocess messaging syst ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libltdl3 1.5.26-4 A system independent dlopen wrappe ii libogg0 1.1.3-4Ogg Bitstream Library ii liboil0.3 0.3.15-1 Library of Optimized Inner Loops ii libpulsecore5 0.9.10-2 PulseAudio sound server core ii libsamplerate00.1.4-1audio rate conversion library ii libsndfile1 1.0.17-4 Library for reading/writing audio ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-15 Linux Standard Base 3.2 init scrip Versions of packages pulseaudio recommends: ii gstreamer0.10-pulseaudio 0.9.7-2 GStreamer plugin for PulseAudio ii libasound2-plugins 1.0.16-1+b1 ALSA library additional plugins ii padevchooser 0.9.3-2 PulseAudio Device Chooser ii paprefs 0.9.6-2 PulseAudio Preferences ii pulseaudio-esound-compat 0.9.10-2PulseAudio ESD compatibility layer ii pulseaudio-module-hal0.9.10-2HAL device detection module for Pu ii pulseaudio-module-x110.9.10-2X11 module for PulseAudio sound se Versions of packages pulseaudio suggests: ii paman0.9.4-1 PulseAudio Manager ii pavucontrol 0.9.6+svn20080426-1 PulseAudio Volume Control ii pavumeter0.9.3-1 PulseAudio Volume Meter ii pulseaudio-utils 0.9.10-2Command line tools for the PulseAu -- no debconf information ---End Message--- ---BeginMessage--- Source: pulseaudio Source-Version: 0.9.10-2.1 We believe that the bug you reported is fixed in the latest version of pulseaudio, which is due to be installed in the Debian FTP archive: libpulse-browse0-dbg_0.9.10-2.1_amd64.deb to pool/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-2.1_amd64.deb libpulse-browse0_0.9.10-2.1_amd64.deb to pool/main/p/pulseaudio/libpulse-browse0_0.9.10-2.1_amd64.deb libpulse-dev_0.9.10-2.1_amd64.deb to pool/main/p/pulseaudio/libpulse-dev_0.9.10-2.1_amd64.deb libpulse-mainloop-glib0-dbg_0.9.10-2.1_amd64.deb to pool/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-2.1_amd64.deb libpulse-mainloop-glib0_0.9.10-2.1_amd64.deb to pool/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-2.1_amd64.deb libpulse0-dbg_0.9.10-2.1_amd64.deb to
Bug#474547: marked as done (ion3-scripts: io3-scripts is in main but depends on non-free ion3)
Your message dated Sun, 31 Aug 2008 22:05:57 + with message-id [EMAIL PROTECTED] and subject line Bug#474547: fixed in ion3-scripts 20070515.debian-1 has caused the Debian Bug report #474547, regarding ion3-scripts: io3-scripts is in main but depends on non-free ion3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 474547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474547 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: ion3-scripts Version: 20070515-1 Severity: serious Justification: Policy 2.2.1 Hi! ion3-scripts is in main. However, it depends on ion3, which is in non-free. MfG, Jö. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- Ich habe eine Maschine erfunden, die den Kommerz aus Weihnachten entfernt. -- Lass uns ganz viele davon bauen und für viel Geld verkaufen. -- http://www.nichtlustig.de/toondb/021220.html signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: ion3-scripts Source-Version: 20070515.debian-1 We believe that the bug you reported is fixed in the latest version of ion3-scripts, which is due to be installed in the Debian FTP archive: ion3-scripts_20070515.debian-1.diff.gz to pool/contrib/i/ion3-scripts/ion3-scripts_20070515.debian-1.diff.gz ion3-scripts_20070515.debian-1.dsc to pool/contrib/i/ion3-scripts/ion3-scripts_20070515.debian-1.dsc ion3-scripts_20070515.debian-1_all.deb to pool/contrib/i/ion3-scripts/ion3-scripts_20070515.debian-1_all.deb ion3-scripts_20070515.debian.orig.tar.gz to pool/contrib/i/ion3-scripts/ion3-scripts_20070515.debian.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ralf Treinen [EMAIL PROTECTED] (supplier of updated ion3-scripts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 23 Aug 2008 11:14:33 +0200 Source: ion3-scripts Binary: ion3-scripts Architecture: source all Version: 20070515.debian-1 Distribution: unstable Urgency: low Maintainer: Debian QA Group [EMAIL PROTECTED] Changed-By: Ralf Treinen [EMAIL PROTECTED] Description: ion3-scripts - user-contributed add-ons to the Ion 3 window manager Closes: 474547 Changes: ion3-scripts (20070515.debian-1) unstable; urgency=low . * QA upload. * Fake new upstream version to circumvent a bug in dak, this is still the same as upstream 2007051. * Moved package to contrib (closes: Bug#474547). * Specify Homepage field in debian/control. * Fix spelling in debian/copyright. * Removed bogus build-indep-depends. * Removed unversionend Suggests: coreutils. Checksums-Sha1: e2a35f5fee7f6acd3e32c22dab74e4d21c3619d5 1118 ion3-scripts_20070515.debian-1.dsc d5c8d5c5aec93ad5bb97805fa4978b0ca4d6c4d2 120761 ion3-scripts_20070515.debian.orig.tar.gz fabed5cae057d3aac9ad343f067d70f0c46bc648 5199 ion3-scripts_20070515.debian-1.diff.gz 3290b4ab6f753454fbc70e6cdb78b7b8e78ec7af 133230 ion3-scripts_20070515.debian-1_all.deb Checksums-Sha256: 7bc0c92674c5ebe4194c1db29f9815fb108cdbec66920aedd793704fdfecc350 1118 ion3-scripts_20070515.debian-1.dsc f54399aabb3f8a7d75a9ba1fdc392ab1d185ddc5346e8b4b66e4efeba97539df 120761 ion3-scripts_20070515.debian.orig.tar.gz 9c262ef281e213bb5305b76d6e9ea0c3f0b370791e684b2e085ea4ca96d66b81 5199 ion3-scripts_20070515.debian-1.diff.gz 743934234b50037585b850d9dfd262782ae8a2491658001c62886b97b77fd674 133230 ion3-scripts_20070515.debian-1_all.deb Files: 01e6ad62643db18498eb1285cc57b4bc 1118 contrib/x11 extra ion3-scripts_20070515.debian-1.dsc 5f8897ab90f51a6595c72e30ee1999cd 120761 contrib/x11 extra ion3-scripts_20070515.debian.orig.tar.gz af967fc3303658bbed04cc8a3230bb36 5199 contrib/x11 extra ion3-scripts_20070515.debian-1.diff.gz 3ef70ace8f2b6db90d29deb8d9da72ee 133230 contrib/x11 extra ion3-scripts_20070515.debian-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIsFuYtzWmSeC6BMERAsLiAJ0Vh3SxcFc2Lvw8PEQ3kAQrixdD7wCgoSdF
Bug#496394: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Sun, 31 Aug 2008 22:26:25 + with message-id [EMAIL PROTECTED] and subject line Bug#496394: fixed in qemu 0.9.1+svn20080826-1 has caused the Debian Bug report #496394, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: qemu Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file:
Bug#496394: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Sun, 31 Aug 2008 22:26:27 + with message-id [EMAIL PROTECTED] and subject line Bug#496394: fixed in qemu 0.9.1+svn20080825-1 has caused the Debian Bug report #496394, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: qemu Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file:
Processed: found 496436 in 2.09-2sarge1
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.10.30 found 496436 2.09-2sarge1 Bug#496436: The possibility of attack with the help of symlinks in some Debian packages Bug marked as found in version 2.09-2sarge1. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496407: fixed in sng 1.0.2-6
On Tuesday 26 August 2008 03:21:46 Nico Golde wrote: why did you remove it instead of just fixing it? Now people who already installed this stay vulnerable which I don't really consider to be good. I'm not sure what you mean: removing and fixing an unused script have precisely the same the same effect. Just in case there is confusion, the sng package was not removed. What was remove was an unused, obsolete, buggy development script that erroneously installed. As stated in the changelog: removing sng_regress because it's useless for users, and now has a security bug filed against it. It was a mistake to ever include it in the package in the first place, so removing it is the right course of action here. If you (or anyone else) would like to submit a patch to fix sng_regress, I will be happy to apply the patch in the source package, but I don't plan to including sng_regress as a binary in the sng package. -- Wesley J. Landaker [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 signature.asc Description: This is a digitally signed message part.
Bug#497115: marked as done (gpsdrive: possibly non-free file scripts/gpsfetchmap.pl)
Your message dated Sun, 31 Aug 2008 22:47:04 + with message-id [EMAIL PROTECTED] and subject line Bug#497115: fixed in gpsdrive 2.10~pre4-6.dfsg-1 has caused the Debian Bug report #497115, regarding gpsdrive: possibly non-free file scripts/gpsfetchmap.pl to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 497115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497115 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: gpsdrive Version: 2.10~pre4-6 Severity: normal [Cc: to debian-legal] Hi, The source package contains the file scripts/gpsfetchmap.pl, which has this copyright notice: #!/usr/bin/perl # gpsfetchmap # # You are allowed to modify the source code in any way you want # except you cannot modify this copyright details # or remove the polite feature. # # NO WARRANTY. and: my $VERSION =gpsfetchmap (c) 2002 Kevin Stephens [EMAIL PROTECTED] modified (Sep 2002) by Sven Fichtner [EMAIL PROTECTED] modified (Nov 2002) by Magnus Månsson [EMAIL PROTECTED] modified (Nov 2003) by camel [EMAIL PROTECTED] modified (Feb 2004) by Robin Cornelius [EMAIL PROTECTED] modified (Jan 2005) by Joerg Ostertag [EMAIL PROTECTED] modified (May 2005) by Olli Salonen [EMAIL PROTECTED] modified (Jul 2005) by Jaroslaw Zachwieja [EMAIL PROTECTED] modified (Dec 2005) by David Pollard david dot [EMAIL PROTECTED] modified (Jul 2007) by Maciek Kaliszewski [EMAIL PROTECTED] Version svn-$Version ; The polite feature apparently refers to an option that sleeps between web server accesses. While arguably a minor restriction, I wonder if debian-legal considers this sufficient to render the file non-free, and whether the terse license clearly enough grants all the permissions required for it to be free. Of course if you feel I'm just nitpicking, feel free to close the bug. Sami ---End Message--- ---BeginMessage--- Source: gpsdrive Source-Version: 2.10~pre4-6.dfsg-1 We believe that the bug you reported is fixed in the latest version of gpsdrive, which is due to be installed in the Debian FTP archive: gpsdrive-data_2.10~pre4-6.dfsg-1_all.deb to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-1_all.deb gpsdrive-scripts_2.10~pre4-6.dfsg-1_all.deb to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-1_all.deb gpsdrive_2.10~pre4-6.dfsg-1.diff.gz to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1.diff.gz gpsdrive_2.10~pre4-6.dfsg-1.dsc to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1.dsc gpsdrive_2.10~pre4-6.dfsg-1_i386.deb to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1_i386.deb gpsdrive_2.10~pre4-6.dfsg.orig.tar.gz to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Putzo [EMAIL PROTECTED] (supplier of updated gpsdrive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 31 Aug 2008 17:40:05 + Source: gpsdrive Binary: gpsdrive gpsdrive-data gpsdrive-scripts Architecture: source i386 all Version: 2.10~pre4-6.dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian GIS Project [EMAIL PROTECTED] Changed-By: Andreas Putzo [EMAIL PROTECTED] Description: gpsdrive - Car navigation system gpsdrive-data - Car navigation system gpsdrive-scripts - Various scripts for gpsdrive Closes: 494657 496436 497115 Changes: gpsdrive (2.10~pre4-6.dfsg-1) unstable; urgency=low . * Added .dfsg to version to allow a sourceful upload that really removes files with unknown or incompatible licenses (gpsfetchmap.pl, map-icons/japan, map-icons/nickw) from the upstream tarball, generated using the get-orig-source target in debian/rules. (Closes: #497115) * Fixed spelling error in short description of the gpsdrive-data package. (Closes: #494657) * Added patch 100-fix-insecure-tempfiles.dpatch that uses mktemp in geo-code to avoid symlink attacks. Thanks Moritz Muehlenhoff for
Bug#496436: marked as done (The possibility of attack with the help of symlinks in some Debian packages)
Your message dated Sun, 31 Aug 2008 22:47:04 + with message-id [EMAIL PROTECTED] and subject line Bug#496436: fixed in gpsdrive 2.10~pre4-6.dfsg-1 has caused the Debian Bug report #496436, regarding The possibility of attack with the help of symlinks in some Debian packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496436: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496436 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: gpsdrive-scripts Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file:
Bug#497339: gdm: Login disappears when switching user
Package: gdm Version: 2.20.7-1 Severity: grave Justification: causes non-serious data loss I'm unsure that this is actually a gdm problem, but it does seem relevant. The situation I have found is that I have two users who switch between VT7 and VT8. Since changing to Lenny, I have found that VT7 appears to be stable, but the user who logs into VT8 can run the session for a period of time, however if the users xscreensaver comes on and locks the screen and the switch user button is clicked the VT8 session will disappear. This has the potential to lose data for the second user and, of course, potential marital disharmony (which I would like to avoid as much as possible...) A similar situation I have also seen when using vnc4server, however it occurred with VT7. VT7 became unusable, however switching users and using VT10 was possible. If this bug should be pointed elsewhere, please let me know. Regards, Russell. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (650, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages gdm depends on: ii adduser3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.22Debian configuration management sy ii gksu 2.0.0-5 graphical frontend to su ii gnome-session [x-sessi 2.22.3-1 The GNOME 2 Session Manager ii gnome-terminal [x-term 2.22.3-2 The GNOME 2 terminal emulator appl ii icewm [x-window-manage 1.2.35-1 wonderful Win95-OS/2-Motif-like wi ii konsole [x-terminal-em 4:3.5.9.dfsg.1-5 X terminal emulator for KDE ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi ii libatk1.0-01.22.0-1 The ATK accessibility toolkit ii libattr1 1:2.4.43-1Extended attribute shared library ii libc6 2.7-13GNU C Library: Shared libraries ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra ii libdbus-1-31.2.1-3 simple interprocess messaging syst ii libdbus-glib-1-2 0.76-1simple interprocess messaging syst ii libdmx11:1.0.2-3 X11 Distributed Multihead extensio ii libfontconfig1 2.6.0-1 generic font configuration library ii libfreetype6 2.3.7-1 FreeType 2 font engine, shared lib ii libglade2-01:2.6.2-1 library to load .glade files at ru ii libglib2.0-0 2.16.4-2 The GLib library of C routines ii libgnomecanvas2-0 2.20.1.1-1A powerful object-oriented display ii libgtk2.0-02.12.11-3 The GTK+ graphical user interface ii libpam-modules 1.0.1-3 Pluggable Authentication Modules f ii libpam-runtime 1.0.1-3 Runtime support for the PAM librar ii libpam0g 1.0.1-3 Pluggable Authentication Modules l ii libpango1.0-0 1.20.5-1 Layout and rendering of internatio ii librsvg2-2 2.22.2-2 SAX-based renderer library for SVG ii librsvg2-common2.22.2-2 SAX-based renderer library for SVG ii libselinux12.0.65-2 SELinux shared libraries ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra ii libx11-6 2:1.1.4-2 X11 client-side library ii libxau61:1.0.3-3 X11 authorisation library ii libxdmcp6 1:1.0.2-3 X11 Display Manager Control Protoc ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxi6 2:1.1.3-1 X11 Input extension library ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxml22.6.32.dfsg-2 GNOME XML library ii lsb-base 3.2-19Linux Standard Base 3.2 init scrip ii metacity [x-window-man 1:2.22.0-1A lightweight GTK2 based Window Ma ii xfce4-session [x-sessi 4.4.2-6 Xfce4 Session Manager ii xfce4-terminal [x-term 0.2.8-5 Xfce terminal emulator ii xfwm4 [x-window-manage 4.4.2-5 window manager of the Xfce project ii xterm [x-terminal-emul 235-1 X terminal emulator ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages gdm recommends: ii dialog1.1-20080316-1 Displays user-friendly dialog boxe ii gdm-themes0.6Themes for the GNOME Display Manag ii whiptail 0.52.2-11.3Displays user-friendly dialog boxe ii xserver-xephyr2:1.4.2-3 nested X server ii xserver-xorg 1:7.3+15 the X.Org X server ii zenity2.22.1-1 Display
Bug#335916: Removing netmon-applet
On Sat, 2008-08-30 at 00:43 +0200, Josselin Mouette wrote: Le vendredi 08 août 2008 à 15:43 -0300, Frank Lichtenheld a écrit : Are you interested in adopting this package? Do you know potential adopters? If so, please could you forward them this mail, Ccing the BTS and me? If there is no action from anyone, I'll request the removal of this package from Debian after a month. I’d recommend to drop this package. We already have netspeed which is decently maintained upstream and in Debian, plus netstatus. I don’t think we need three applets doing almost exactly the same thing. Looking at popcon netmon-applet is still being used by some people. Also, both netspeed and netstatus are a bit 'heavier' on the UI code, as netmon-applet uses text-only displaying. It is true however that upstream seems to have dropped this package, so on the other hand orphaning it might be a good idea. Maybe there should be an alternative for this package though, providing the same clean, text-only display method. Having had a deeper look into the upstream activity dropping this package seems like a good idea though. I am going to put this package in orphaned status again. Regards, Stephan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#484842: Re: Bug#484842: rc bug tagged pending - upload?
Dear Sirs, is there any progress regarding the unionfs upload for 2.6.26 kernels. We have missed unionfs for very long time. Best Regards Mike Kranidis email: [EMAIL PROTECTED] = QUOTE = on Date: Sun, 27 Jul 2008 14:53:53 +0200 Daniel Baumann [EMAIL PROTECTED] wrote: there will not be a unionfs upload for .25, but for .26 soon. UNQUOTE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: orphaning netmon-applet again
Processing commands for [EMAIL PROTECTED]: retitle 335916 O: netmon-applet -- GNOME2 Network Load Applet Bug#335916: ITA: netmon-applet -- GNOME2 Network Load Applet Changed Bug title to `O: netmon-applet -- GNOME2 Network Load Applet' from `ITA: netmon-applet -- GNOME2 Network Load Applet'. noowner 335916 Bug 335916 [wnpp] O: netmon-applet -- GNOME2 Network Load Applet Removed annotation that Bug was owned by Stephan Peijnik [EMAIL PROTECTED]. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: Re: [Pkg-openldap-devel] Bug#487211: Bug#487211: slapd: upgrade from 2.3.35 fails looking for ldif
Processing commands for [EMAIL PROTECTED]: severity 495954 normal Bug#495954: slapd: Upgrade to Lenny failed: libldap_r-2.3.so.0 missing Severity set to `normal' from `critical' tags 487211 -moreinfo Bug#487211: slapd: upgrade from 2.3.35 fails looking for ldif Tags were: pending moreinfo Tags removed: moreinfo thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#495954: [Pkg-openldap-devel] Bug#487211: Bug#487211: slapd: upgrade from 2.3.35 fails looking for ldif
severity 495954 normal tags 487211 -moreinfo thanks On Sun, Aug 31, 2008 at 10:56:16PM +0200, Giuseppe Sacco wrote: Il giorno dom, 31/08/2008 alle 11.08 -0700, Steve Langasek ha scritto: On Sun, Aug 31, 2008 at 04:09:19PM +0200, Giuseppe Sacco wrote: [...] I found the very same bug today on updating a machine from etch to lenny. The upgrade procedure didn't worked correctly, so aptitude stopped and I had to use apt-get -f install and dpkg --configure --pending a few times. Ok, can *you* show us the log output from the initial upgrade, which is the information I'm missing to try to understand what happened here? Unfortunately I didn't keep any information about the initial problem. Hmm, /var/log/apt/term.log, by any chance? Currently I am stuck at this point: old slapd has been removed, ldif was not created, I cannot reinstall the old slapd since I cannot downgrade libldap to libldap-2.3-0. The new version won't find any ldif and will not correctly get configured. I cannot downgrade libldap since removing the new version will remove a lot of packages I need: sgi:~# LC_ALL=C apt-get remove libldap-2.4-2 Why did you not simply run apt-get install libldap-2.3-0? These are different library SONAMEs, the packages don't conflict. libldap-2.3-0 depends on libldap2 that conflict with libldap-2.4-2. Ok, thanks for pointing this out. This is a change that was introduced in an NMU that I had intended to revert because it's not the standard way of handling SONAME changes in Debian, even when one of the libraries involved does not use symbol versioning and symbol conflicts result. I never got around to reverting it because it seemed to be a lower priority issue in practice; this, together with bug #495954, makes it clear that it needs to be a high priority. I'm not sure that bug #495954 is entirely the fault of this conflict; I think there's still an issue with how apt or aptitude is ordering packages during upgrade which is detectably wrong and should be addressed. But that bug can probably be downgraded as long as this one gets fixed. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]