Processed: Re: FTBFS on mips: non-dynamic relocations refer to dynamic symbol freeaddrinfo@@GLIBC_2.0

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 585476 patch
Bug #585476 [psqlodbc] FTBFS on mips: non-dynamic relocations refer to dynamic 
symbol freeaddrinfo@@GLIBC_2.0
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
585476: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585476
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585476: FTBFS on mips: non-dynamic relocations refer to dynamic symbol freeaddrinfo@@GLIBC_2.0

2010-06-10 Thread Steve Langasek 
tags 585476 patch
thanks

Attached is a debdiff for an NMU fixing this bug, uploaded to
delayed/7-days.

Thanks!
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -u psqlodbc-08.03.0200/debian/changelog 
psqlodbc-08.03.0200/debian/changelog
--- psqlodbc-08.03.0200/debian/changelog
+++ psqlodbc-08.03.0200/debian/changelog
@@ -1,3 +1,12 @@
+psqlodbc (1:08.03.0200-1.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/patches/psqlodbc-585476.diff: use freeaddrinfo, getaddrinfo,
+getnameinfo directly instead of via function pointers, to work around
+a toolchain bug on mips and mipsel.  Closes: #585476.
+
+ -- Steve Langasek   Fri, 11 Jun 2010 05:54:04 +
+
 psqlodbc (1:08.03.0200-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
only in patch2:
unchanged:
--- psqlodbc-08.03.0200.orig/debian/patches/psqlodbc-585476.diff
+++ psqlodbc-08.03.0200/debian/patches/psqlodbc-585476.diff
@@ -0,0 +1,73 @@
+diff -Nur -x '*.orig' -x '*~' psqlodbc-08.03.0200/socket.c 
psqlodbc-08.03.0200.new/socket.c
+--- psqlodbc-08.03.0200/socket.c   2008-05-02 23:47:35.0 -0700
 psqlodbc-08.03.0200.new/socket.c   2010-06-10 13:17:27.298211482 -0700
+@@ -176,14 +176,10 @@
+ }
+ 
+ #if defined(_MSC_VER) && (_MSC_VER < 1300)
+-static freeaddrinfo_func freeaddrinfo_ptr = NULL;
+-static getaddrinfo_func getaddrinfo_ptr = NULL;
+-static getnameinfo_func getnameinfo_ptr = NULL;
++static freeaddrinfo_func freeaddrinfo = NULL;
++static getaddrinfo_func getaddrinfo = NULL;
++static getnameinfo_func getnameinfo = NULL;
+ staticHMODULE ws2_hnd = NULL;
+-#else
+-static freeaddrinfo_func freeaddrinfo_ptr = freeaddrinfo;
+-static getaddrinfo_func getaddrinfo_ptr = getaddrinfo;
+-static getnameinfo_func getnameinfo_ptr = getnameinfo;
+ #endif /* _MSC_VER */
+ 
+ static BOOL format_sockerr(char *errmsg, size_t buflen, int errnum, const 
char *cmd, const char *host, int portno)
+@@ -245,12 +241,12 @@
+ #if defined(_MSC_VER) && (_MSC_VER < 1300)
+   if (ws2_hnd == NULL)
+   ws2_hnd = GetModuleHandle("ws2_32.dll");
+-  if (freeaddrinfo_ptr == NULL)
+-  freeaddrinfo_ptr = (freeaddrinfo_func)GetProcAddress(ws2_hnd, 
"freeaddrinfo"); 
+-  if (getaddrinfo_ptr == NULL)
+-  getaddrinfo_ptr = (getaddrinfo_func)GetProcAddress(ws2_hnd, 
"getaddrinfo"); 
+-  if (getnameinfo_ptr == NULL)
+-  getnameinfo_ptr = (getnameinfo_func)GetProcAddress(ws2_hnd, 
"getnameinfo"); 
++  if (freeaddrinfo == NULL)
++  freeaddrinfo = (freeaddrinfo_func)GetProcAddress(ws2_hnd, 
"freeaddrinfo"); 
++  if (getaddrinfo == NULL)
++  getaddrinfo = (getaddrinfo_func)GetProcAddress(ws2_hnd, 
"getaddrinfo"); 
++  if (getnameinfo == NULL)
++  getnameinfo = (getnameinfo_func)GetProcAddress(ws2_hnd, 
"getnameinfo"); 
+ #endif
+   /*
+* Hostname lookup.
+@@ -270,12 +266,12 @@
+   snprintf(portstr, sizeof(portstr), "%d", port);
+   if (inet_addr(hostname) != INADDR_NONE)
+   rest.ai_flags |= AI_NUMERICHOST;
+-  ret = getaddrinfo_ptr(hostname, portstr, &rest, &addrs);
++  ret = getaddrinfo(hostname, portstr, &rest, &addrs);
+   if (ret || !addrs)
+   {
+   SOCK_set_error(self, SOCKET_HOST_NOT_FOUND, "Could not 
resolve hostname.");
+   if (addrs)
+-  freeaddrinfo_ptr(addrs);
++  freeaddrinfo(addrs);
+   return 0;
+   }
+   curadr = addrs;
+@@ -418,7 +414,7 @@
+   charerrmsg[256], host[64];
+ 
+   host[0] = '\0';
+-  getnameinfo_ptr((struct sockaddr *) &(self->sadr_area),
++  getnameinfo((struct sockaddr *) &(self->sadr_area),
+   self->sadr_len, host, sizeof(host),
+   NULL, 0, NI_NUMERICHOST);
+   /* snprintf(errmsg, sizeof(errmsg), "connect getsockopt 
val %d addr=%s\n", optval, host); */
+@@ -450,7 +446,7 @@
+   SOCK_set_error(self, 0, NULL);
+   
+   if (addrs)
+-  freeaddrinfo_ptr(addrs);
++  freeaddrinfo(addrs);
+   return retval;
+ }
+

Processed: Re: initscripts: There is a loop between service bootlogs and mountnfs

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 585489 serious
Bug #585489 [initscripts] initscripts: There is a loop between service bootlogs 
and mountnfs
Severity set to 'serious' from 'important'

> forcemerge 585489 585493
Bug#585489: initscripts: There is a loop between service bootlogs and mountnfs
Bug#585493: Fails to upgrade, insserv bails due to loop
Forcibly Merged 585489 585493.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
585493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585493
585489: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585489
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#582618: closing 582618

2010-06-10 Thread tony mancill 
close 582618 0.13-1
thanks




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: closing 582618

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> close 582618 0.13-1
Bug#582618: removing files from another package
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 0.13-1, send any further explanations to Holger 
Levsen 

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
582618: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582618
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 581180, severity of 581180 is important, notfound 581180 in gracie/0.2.11-1 ...

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 581180 + confirmed
Bug #581180 [gracie] gracie: Package aborts compilation with syntax errors
Added tag(s) confirmed.
> severity 581180 important
Bug #581180 [gracie] gracie: Package aborts compilation with syntax errors
Severity set to 'important' from 'grave'

> notfound 581180 gracie/0.2.11-1
Bug #581180 [gracie] gracie: Package aborts compilation with syntax errors
Bug No longer marked as found in versions gracie/0.2.11-1.
> reassign 581180 python-daemon
Bug #581180 [gracie] gracie: Package aborts compilation with syntax errors
Bug reassigned from package 'gracie' to 'python-daemon'.
> found 581180 python-daemon/1.5.5-1
Bug #581180 [python-daemon] gracie: Package aborts compilation with syntax 
errors
Bug Marked as found in versions python-daemon/1.5.5-1.
> retitle 581180 python-daemon: should Depends: python >= 2.5
Bug #581180 [python-daemon] gracie: Package aborts compilation with syntax 
errors
Changed Bug title to 'python-daemon: should Depends: python >= 2.5' from 
'gracie: Package aborts compilation with syntax errors'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
581180: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581180
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#581180: python-daemon: should Depends: python >= 2.5 (was: Bug#581180: gracie: Package aborts compilation with syntax errors)

2010-06-10 Thread Ben Finney 
package gracie,python-daemon
tags 581180 + confirmed
severity 581180 important
notfound 581180 gracie/0.2.11-1
reassign 581180 python-daemon
found 581180 python-daemon/1.6-1
retitle 581180 python-daemon: should Depends: python >= 2.5
thanks

On 11-May-2010, w.goesgens wrote:
> while installation:
> 
> Richte gracie ein (0.2.11-1) ...
> Starting Gracie OpenID provider:Traceback (most recent call last):
>   File "/usr/bin/gracied", line 20, in 
> from daemon import pidlockfile
>   File "/usr/lib/pymodules/python2.5/daemon/pidlockfile.py", line 33, in 
> 
> class PIDLockFile(LinkFileLock, object):
> TypeError: Error when calling the metaclass bases
> function() argument 1 must be code, not str
> invoke-rc.d: initscript gracie, action "start" failed.
> dpkg: Fehler beim Bearbeiten von gracie (--configure):
>  Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 
> zurück
> Verarbeite Trigger für python-support ...
> Compiling /usr/lib/pymodules/python2.4/lockfile/linklockfile.py ...
>   File "/usr/lib/pymodules/python2.4/lockfile/linklockfile.py", line 6
> from . import (LockBase, LockFailed, NotLocked, NotMyLock, LockTimeout,
>  ^
> SyntaxError: invalid syntax

This is because the ‘python-daemon’ package needs Python 2.5 or later,
but does not correctly declare that in its control file.

Python 2.4 is no longer in Debian Squeeze, so this is not a problem
for new installs of Debian. I am reducing the severity to “important”
accordingly.

Thank you for the bug report.

-- 
 \   “Faith, n. Belief without evidence in what is told by one who |
  `\   speaks without knowledge, of things without parallel.” —Ambrose |
_o__)   Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney 


signature.asc
Description: Digital signature

Bug#585394: marked as done (CVE-2010-1646: Sudo's secure path option can be circumvented)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 22:47:10 +
with message-id 
and subject line Bug#585394: fixed in sudo 1.7.2p7-1
has caused the Debian Bug report #585394,
regarding CVE-2010-1646: Sudo's secure path option can be circumvented
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
585394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585394
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sudo
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.gratisoft.us/sudo/alerts/secure_path.html

Patch for Lenny is attached, for Squeeze it's likely best to
update to 1.7.2p7.

Cheers,
Moritz
diff -urNa sudo-1.6.9p22/env.c sudo-1.6.9p23/env.c
--- sudo-1.6.9p22/env.c	Wed Apr  7 06:32:26 2010
+++ sudo-1.6.9p17/env.c	Fri May 28 09:54:46 2010
@@ -270,6 +270,7 @@
 {
 char **nep;
 size_t varlen;
+int found = FALSE;
 
 /* Make sure there is room for the new entry plus a NULL. */
 if (e->env_len + 2 > e->env_size) {
@@ -278,20 +279,34 @@
 }
 
 if (dupcheck) {
-	varlen = (strchr(str, '=') - str) + 1;
+	varlen = (strchr(str, '=') - str) + 1;
 
-	for (nep = e->envp; *nep; nep++) {
+	for (nep = e->envp; !found && *nep != NULL; nep++) {
+	if (strncmp(str, *nep, varlen) == 0) {
+		*nep = str;
+		found = TRUE;
+	}
+	}
+	/* Prune out duplicate variables. */
+	if (found) {
+	while (*nep != NULL) {
 		if (strncmp(str, *nep, varlen) == 0) {
-		*nep = str;
-		return;
+		memmove(nep, nep + 1,
+			(e->env_len - (nep - e->envp)) * sizeof(char *));
+		e->env_len--;
+		} else {
+		nep++;
 		}
 	}
-} else
-	nep = e->envp + e->env_len;
+	}
+}
 
-e->env_len++;
-*nep++ = str;
-*nep = NULL;
+if (!found) {
+	nep = e->envp + e->env_len;
+	e->env_len++;
+	*nep++ = str;
+	*nep = NULL;
+}
 }
 
 /*
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.7.2p7-1

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.7.2p7-1_i386.deb
  to main/s/sudo/sudo-ldap_1.7.2p7-1_i386.deb
sudo_1.7.2p7-1.debian.tar.gz
  to main/s/sudo/sudo_1.7.2p7-1.debian.tar.gz
sudo_1.7.2p7-1.dsc
  to main/s/sudo/sudo_1.7.2p7-1.dsc
sudo_1.7.2p7-1_i386.deb
  to main/s/sudo/sudo_1.7.2p7-1_i386.deb
sudo_1.7.2p7.orig.tar.gz
  to main/s/sudo/sudo_1.7.2p7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 585...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee  (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 10 Jun 2010 15:42:14 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source i386
Version: 1.7.2p7-1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee 
Changed-By: Bdale Garbee 
Description: 
 sudo   - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 522065 581393 585394
Changes: 
 sudo (1.7.2p7-1) unstable; urgency=high
 .
   * new upstream release with security fix for secure path (CVE-2010-1646),
 closes: #585394
   * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
 about whether to give the lecture is preserved across reboots even when
 RAMRUN is set, closes: #581393
   * add a note to README.Debian about LDAP needing an entry in
 /etc/nsswitch.conf, closes: #522065
   * add a note to README.Debian about how to turn off lectures if using
 RAMRUN in /etc/default/rcS, closes: #581393
Checksums-Sha1: 
 5cc913fa4a9e01251117187b356fee590836940f 1669 sudo_1.7.2p7-1.dsc
 0504e0d7b1d3c987e48325ec4caa6ebfe5237ff5 772356 sudo_1.7.2p7.orig.tar.gz
 c932fac6cd1d1bf4b07e239b9b2001bf83352433 21411 sudo_1.7.2p7-1.debian.tar.gz
 1c2d8e773d6258456edf1b6de9b4c1e6e6eb0c67 310522 sudo_1.7.2p7-1_i386.deb
 64b555bb670ca0277d8f8b97992614362b94ee30 334782 sudo-ldap_1.7.2p7-1_i386.deb
Checksums-Sha256: 
 fa0468ecc2cb9067f058731103a01d0fc5cfddb82111fc9ea920a27231e6d437 1669 
sudo_1.7.2p7-1.dsc
 07a9c83e628a088314523e558236ac3c4cb0d54d7d7093e5b3e4c8101b1a2bea 772356 
sudo_1.7.2p7.orig.tar.gz
 2caf9

Bug#582691: patch for sql injection

2010-06-10 Thread sean finney 
just for the record, i haven't yet uploaded a new unstable version yet,
mostly because i was waiting for upstream to roll out a fix for the 0.8.7f
release, which apparently contained a number of regressions.  If I don't
see any movement on that by the end of the weekend i'll go ahead and
look at applying the patch against unstable/0.8.7e.


sean

On Thu, Jun 10, 2010 at 05:42:52PM +0200, Nico Golde wrote:
> Hi,
> attached is a patch for CVE-2010-2092.
> Cheers
> Nico

> --- graph.php 2009-06-28 18:07:11.0 +0200
> +++ graph.php.new 2010-06-10 17:41:07.0 +0200
> @@ -33,7 +33,7 @@
>  include_once("./include/top_graph_header.php");
>  
>  /* = input validation = */
> -input_validate_input_regex(get_request_var_request("rra_id"), 
> "^([0-9]+|all)$");
> +input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
>  input_validate_input_number(get_request_var("local_graph_id"));
>  input_validate_input_regex(get_request_var_request("view_type"), 
> "^([a-zA-Z0-9]+)$");
>  /*  */


-- 


signature.asc
Description: Digital signature

Bug#582691: [/debian-lenny] Patch for CVE-2010-2092/MOPS-2010-023: SQL Injection Vulnerability

2010-06-10 Thread Sean Finney 
tag 582691 pending
thanks

Date: Fri Jun 11 00:51:24 2010 +0200
Author: Sean Finney 
Commit ID: 91e3ecdf2484c3b078c5abcf795cfbc4fb117cae
Commit URL: 
http://git.debian.org/?p=users/seanius/cacti.git;a=commitdiff;h=91e3ecdf2484c3b078c5abcf795cfbc4fb117cae
Patch URL: 
http://git.debian.org/?p=users/seanius/cacti.git;a=commitdiff_plain;h=91e3ecdf2484c3b078c5abcf795cfbc4fb117cae

Patch for CVE-2010-2092/MOPS-2010-023: SQL Injection Vulnerability

Note: there are two other vulnerabilities mentioned in this report, but
they are both believed to already be fixed by previous security uploads.

"SQL injection and shell escaping issues reported by Bonsai Information
Security (http://www.bonsai-sec.com)" is believed to be fixed by
official_sql_injection_template_export.patch, and "Cross-site scripting
issues reported by VUPEN Security (http://www.vupen.com)" is fixed
with 08_CVE-2009-4032.patch.

Closes: #582691
  



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#524275: p of a window up th

2010-06-10 Thread Alan Santander 


harmless.rtf
Description: Binary data

Bug#585476: FTBFS on mips: non-dynamic relocations refer to dynamic symbol freeaddrinfo@@GLIBC_2.0

2010-06-10 Thread Steve Langasek 
Package: psqlodbc
Version: 1:08.03.0200-1.1
Severity: serious

Hi Peter,

The psqlodbc package is failing to build on mips and mipsel with the
following error:

gcc -shared  .libs/info.o .libs/bind.o .libs/columninfo.o .libs/connection.o 
.libs/convert.o .libs/drvconn.o .libs/environ.o .libs/execute.o .libs/lobj.o 
.libs/win_md5.o .libs/misc.o .libs/options.o .libs/pgtypes.o .libs/psqlodbc.o 
.libs/qresult.o .libs/results.o .libs/socket.o .libs/parse.o .libs/statement.o 
.libs/tuple.o .libs/dlg_specific.o .libs/loadlib.o .libs/multibyte.o 
.libs/odbcapi.o .libs/descriptor.o .libs/odbcapi30.o .libs/pgapi30.o 
.libs/info30.o .libs/mylog.o  -L/usr/lib -lpq -lpthread /usr/lib/libodbcinst.so 
 -Wl,-soname -Wl,psqlodbca.so -o .libs/psqlodbca.so
/usr/bin/ld: non-dynamic relocations refer to dynamic symbol 
freeaddrinfo@@GLIBC_2.0
/usr/bin/ld: failed to set dynamic section sizes: Bad value
collect2: ld returned 1 exit status

See 

for a full log.

This is ultimately caused by bug #519006, a bug in the toolchain; but that
bug is open for more than a year and it's possible to work around this
failure with a small change in how the freeaddrinfo symbol and friends are
handled on Linux, so we ought to just do that so that this bug doesn't block
the package from releasing.

Patch to follow shortly.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#581393: marked as done (sudo stores information about lecture in /var/run)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 22:47:10 +
with message-id 
and subject line Bug#581393: fixed in sudo 1.7.2p7-1
has caused the Debian Bug report #581393,
regarding sudo stores information about lecture in /var/run
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
581393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581393
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sudo
Version: 1.7.2p6-1
Severity: serious
Justification: Policy 9.3.2

Sudo saves information about if lecture is readed in /var/run.
I have RAMRUN option in /etc/default/rcS, so every time after reboot, sudo
shows me lecture.

>From FHS:
"Files under this directory must be cleared (removed or truncated as
appropriate) at the beginning of the boot process."
http://www.pathname.com/fhs/2.2/fhs-5.13.html
http://www.pathname.com/fhs/pub/fhs-2.3.html#VARRUNRUNTIMEVARIABLEDATA
>From debian-policy:
/var/run and /var/lock may be mounted as temporary filesystems[59], so the
init.d scripts must handle this correctly.



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.33-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sudo depends on:
ii  libc6 2.10.2-8   Embedded GNU C Library: Shared lib
ii  libpam-modules1.1.1-3Pluggable Authentication Modules f
ii  libpam0g  1.1.1-3Pluggable Authentication Modules l

sudo recommends no packages.

sudo suggests no packages.

-- Configuration Files:
/etc/sudoers.d/README [Errno 13] Permission denied: u'/etc/sudoers.d/README'

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.7.2p7-1

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.7.2p7-1_i386.deb
  to main/s/sudo/sudo-ldap_1.7.2p7-1_i386.deb
sudo_1.7.2p7-1.debian.tar.gz
  to main/s/sudo/sudo_1.7.2p7-1.debian.tar.gz
sudo_1.7.2p7-1.dsc
  to main/s/sudo/sudo_1.7.2p7-1.dsc
sudo_1.7.2p7-1_i386.deb
  to main/s/sudo/sudo_1.7.2p7-1_i386.deb
sudo_1.7.2p7.orig.tar.gz
  to main/s/sudo/sudo_1.7.2p7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 581...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee  (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 10 Jun 2010 15:42:14 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source i386
Version: 1.7.2p7-1
Distribution: unstable
Urgency: high
Maintainer: Bdale Garbee 
Changed-By: Bdale Garbee 
Description: 
 sudo   - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 522065 581393 585394
Changes: 
 sudo (1.7.2p7-1) unstable; urgency=high
 .
   * new upstream release with security fix for secure path (CVE-2010-1646),
 closes: #585394
   * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state
 about whether to give the lecture is preserved across reboots even when
 RAMRUN is set, closes: #581393
   * add a note to README.Debian about LDAP needing an entry in
 /etc/nsswitch.conf, closes: #522065
   * add a note to README.Debian about how to turn off lectures if using
 RAMRUN in /etc/default/rcS, closes: #581393
Checksums-Sha1: 
 5cc913fa4a9e01251117187b356fee590836940f 1669 sudo_1.7.2p7-1.dsc
 0504e0d7b1d3c987e48325ec4caa6ebfe5237ff5 772356 sudo_1.7.2p7.orig.tar.gz
 c932fac6cd1d1bf4b07e239b9b2001bf83352433 21411 sudo_1.7.2p7-1.debian.tar.gz
 1c2d8e773d6258456edf1b6de9b4c1e6e6eb0c67 310522 sudo_1.7.2p7-1_i386.deb
 64b555bb670ca0277d8f8b97992614362b94ee30 334782 sudo-ldap_1.7.2p7-1_i386.deb
Checksums-Sha256: 
 fa0468ecc2cb9067f058731103a01d0fc5cfddb82111fc9ea920a27231e6d437 1669 
sudo_1.7.2p7-1.dsc
 07a9c83e628a088314523e558236ac3c4cb0d54d7d7093e5b3e4c8101b1a2bea 772356 
sudo_1.7.2p7.orig.tar.gz
 2caf90754a55531eddc162981cdfdf9236f9fa1f

Bug#514498: Almost regularly oval in outline, and mea

2010-06-10 Thread Como Carchi 


cymoid.rtf
Description: Binary data

Bug#585493: Fails to upgrade, insserv bails due to loop

2010-06-10 Thread Michael Biebl 
Package: initscripts
Version: 2.88dsf-8
Severity: serious

The package fails to upgrade. Note, that I use gdm3:

Reading package lists... Done
Building dependency tree   
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up initscripts (2.88dsf-8) ...
insserv: There is a loop at service bootlogs if started
insserv: There is a loop between service gdm3 and mountnfs if started
insserv:  loop involving service mountnfs at depth 6
insserv:  loop involving service networking at depth 5
insserv: There is a loop between service gdm3 and mountall-bootclean if
started
insserv:  loop involving service mountall-bootclean at depth 5
insserv:  loop involving service mountall at depth 4
insserv: There is a loop between service bootlogs and cryptdisks if
started
insserv:  loop involving service cryptdisks at depth 2
insserv:  loop involving service udev at depth 1
insserv:  loop involving service urandom at depth 10
insserv:  loop involving service mountoverflowtmp at depth 7
insserv:  loop involving service checkfs at depth 4
insserv:  loop involving service checkroot at depth 2
insserv:  loop involving service cryptdisks-early at depth 3
insserv: There is a loop between service bootlogs and checkroot if
started
insserv: There is a loop at service gdm3 if started
insserv: There is a loop between service gdm3 and mountoverflowtmp if
started
insserv:  loop involving service bootlogs at depth 4
insserv:  loop involving service gdm3 at depth 3
insserv:  loop involving service network-manager at depth 2
insserv: There is a loop between service gdm3 and ifupdown-clean if
started
insserv:  loop involving service ifupdown-clean at depth 1
insserv:  loop involving service keyboard-setup at depth 2
insserv: There is a loop between service gdm3 and mountall if started
insserv:  loop involving service hdparm at depth 4
insserv:  loop involving service hostname at depth 5
insserv: There is a loop between service bootlogs and mountdevsubfs if
started
insserv:  loop involving service mountdevsubfs at depth 3
insserv:  loop involving service mountnfs-bootclean at depth 11
insserv: exiting now without changing boot order!
update-rc.d: error: insserv rejected the script header
dpkg: error processing initscripts (--configure):
 subprocess installed post-installation script returned error exit
 status 1
 Errors were encountered while processing:
  initscripts
  E: Sub-process /usr/bin/dpkg returned an error code (1)




-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages initscripts depends on:
ii  coreutils 8.5-1  GNU core utilities
ii  debianutils   3.2.3  Miscellaneous utilities specific t
ii  libc6 2.11.1-3   Embedded GNU C Library: Shared lib
ii  lsb-base  3.2-23.1   Linux Standard Base 3.2 init scrip
ii  mount 2.17.2-3   Tools for mounting and manipulatin
ii  sysv-rc   2.88dsf-8  System-V-like runlevel change mech
ii  sysvinit-utils2.88dsf-8  System-V-like utilities

Versions of packages initscripts recommends:
ii  e2fsprogs 1.41.12-2  ext2/ext3/ext4 file system utiliti
ii  psmisc22.11-1utilities that use the proc file s

initscripts suggests no packages.

-- Configuration Files:
/etc/init.d/halt changed [not included]
/etc/init.d/reboot changed [not included]

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#549039: ITA: xtrkcad

2010-06-10 Thread Daniel E. Markle 
retitle 383968 ITA: xtrkcad -- Model Train Track CAD Program
owner 383968 !
thanks

I intend to adopt this package, and am currently working on patches to migrate
the help system to webkit to remove the libgtkhtml2 dependency.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585394: CVE-2010-1646: Sudo's secure path option can be circumvented

2010-06-10 Thread Bdale Garbee 
On Thu, 10 Jun 2010 11:18:26 +0200, Moritz Muehlenhoff 
 wrote:
> Package: sudo
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Please see http://www.gratisoft.us/sudo/alerts/secure_path.html
> 
> Patch for Lenny is attached, for Squeeze it's likely best to
> update to 1.7.2p7.

Thanks for the forward, working on an update for unstable now.

Bdale


pgp3r9uUrs41x.pgp
Description: PGP signature

Bug#585477: mysql-server-5.1: mysqld can't start [initgroups()] with libnss-mysql enabled

2010-06-10 Thread Hugo Hromic M. 
Package: mysql-server-5.1
Version: 5.1.47-1~bpo50+1
Severity: grave
Justification: renders package unusable


After upgrade from 5.1.45-1~bpo50+1, the mysqld server can't start when 
libnss-mysql (currently 1.5-1 
installed) is enabled on /etc/nsswitch.conf. Before the upgrade, the server 
started just fine. The 5.1.47 
can be started by disabling mysql in /etc/nsswitch.conf.

Failing nsswitch.conf:
passwd: compat mysql
group:  compat mysql
shadow: compat mysql

Starting OK nsswitch.conf:
passwd: compat
group:  compat
shadow: compat

mysql log :
Jun 10 15:46:14 herodes mysqld_safe: Starting mysqld daemon with databases from 
/var/lib/mysql
Jun 10 15:46:14 herodes mysqld: 100610 15:46:14 - mysqld got signal 11 ;
Jun 10 15:46:14 herodes mysqld: This could be because you hit a bug. It is also 
possible that this binary
Jun 10 15:46:14 herodes mysqld: or one of the libraries it was linked against 
is corrupt, improperly built,
Jun 10 15:46:14 herodes mysqld: or misconfigured. This error can also be caused 
by malfunctioning hardware.
Jun 10 15:46:14 herodes mysqld: We will try our best to scrape up some info 
that will hopefully help 
diagnose
Jun 10 15:46:14 herodes mysqld: the problem, but since we have already crashed, 
something is definitely 
wrong
Jun 10 15:46:14 herodes mysqld: and this may fail.
Jun 10 15:46:14 herodes mysqld:
Jun 10 15:46:14 herodes mysqld: key_buffer_size=0
Jun 10 15:46:14 herodes mysqld: read_buffer_size=131072
Jun 10 15:46:14 herodes mysqld: max_used_connections=0
Jun 10 15:46:14 herodes mysqld: max_threads=2000
Jun 10 15:46:14 herodes mysqld: threads_connected=0
Jun 10 15:46:14 herodes mysqld: It is possible that mysqld could use up to
Jun 10 15:46:14 herodes mysqld: key_buffer_size + (read_buffer_size + 
sort_buffer_size)*max_threads = 
4372593 K
Jun 10 15:46:14 herodes mysqld: bytes of memory
Jun 10 15:46:14 herodes mysqld: Hope that's ok; if not, decrease some variables 
in the equation.
Jun 10 15:46:14 herodes mysqld:
Jun 10 15:46:14 herodes mysqld: thd: 0x0
Jun 10 15:46:14 herodes mysqld: Attempting backtrace. You can use the following 
information to find out
Jun 10 15:46:14 herodes mysqld: where mysqld died. If you see no messages after 
this, something went
Jun 10 15:46:14 herodes mysqld: terribly wrong...
Jun 10 15:46:14 herodes mysqld: stack_bottom = (nil) thread_stack 0x3
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld(my_print_stacktrace+0x29) 
[0x7fe93adee0b9]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld(handle_segfault+0x36a) 
[0x7fe93ab0294a]
Jun 10 15:46:14 herodes mysqld: /lib/libpthread.so.0 [0x7fe93a365a80]
Jun 10 15:46:14 herodes mysqld: 
/usr/sbin/mysqld(thd_increment_bytes_received+0x12) [0x7fe93aaebd72]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld [0x7fe93aaf5d7f]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld(my_net_read+0x195) 
[0x7fe93aaf6395]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld(cli_safe_read+0x2a) 
[0x7fe93ac9246a]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld(mysql_real_connect+0x1c2) 
[0x7fe93ac930b2]
Jun 10 15:46:14 herodes mysqld: /lib/libnss_mysql.so.2 [0x7fe93a64eb05]
Jun 10 15:46:14 herodes mysqld: /lib/libnss_mysql.so.2 [0x7fe93a64eefc]
Jun 10 15:46:14 herodes mysqld: /lib/libnss_mysql.so.2 [0x7fe93a64f1e4]
Jun 10 15:46:14 herodes mysqld: 
/lib/libnss_mysql.so.2(_nss_mysql_initgroups_dyn+0xa2) [0x7fe93a64fa52]
Jun 10 15:46:14 herodes mysqld: /lib/libc.so.6 [0x7fe938e85c3c]
Jun 10 15:46:14 herodes mysqld: /lib/libc.so.6(initgroups+0x6c) [0x7fe938e85e1c]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld [0x7fe93ab044d3]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld(main+0x1d5) [0x7fe93ab07ba5]
Jun 10 15:46:14 herodes mysqld: /lib/libc.so.6(__libc_start_main+0xe6) 
[0x7fe938e091a6]
Jun 10 15:46:14 herodes mysqld: /usr/sbin/mysqld [0x7fe93aa2c469]
Jun 10 15:46:14 herodes mysqld: The manual page at 
http://dev.mysql.com/doc/mysql/en/crashing.html contains
Jun 10 15:46:14 herodes mysqld: information that should help you find out what 
is causing the crash.
Jun 10 15:46:14 herodes mysqld:
Jun 10 15:46:14 herodes mysqld: This crash occured while the server was calling 
initgroups(). This is
Jun 10 15:46:14 herodes mysqld: often due to the use of a mysqld that is 
statically linked against glibc
Jun 10 15:46:14 herodes mysqld: and configured to use LDAP in 
/etc/nsswitch.conf. You will need to either
Jun 10 15:46:14 herodes mysqld: upgrade to a version of glibc that does not 
have this problem (2.3.4 or
Jun 10 15:46:14 herodes mysqld: later when used with nscd), disable LDAP in 
your nsswitch.conf, or use a
Jun 10 15:46:14 herodes mysqld: mysqld that is not statically linked.
Jun 10 15:46:14 herodes mysqld_safe: mysqld from pid file 
/var/run/mysqld/mysqld.pid ended



-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-bpo.3-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_CL, LC_CTYPE=es

Processed: [/debian-lenny] Patch for CVE-2010-2092/MOPS-2010-023: SQL Injection Vulnerability

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 582691 pending
Bug #582691 [cacti] Multiple security vulnerabilities in upstream package
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
582691: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582691
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#502751: For sinners.] [Footnote 181: _i.e._ may not have to labour for their living.] [Fo

2010-06-10 Thread Husak Gottron 


shogunate.rtf
Description: Binary data

Bug#580184: marked as done (Can drop drbd8-source package)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 19:03:07 +
with message-id 
and subject line Bug#580184: fixed in drbd8 2:8.3.7-2
has caused the Debian Bug report #580184,
regarding Can drop drbd8-source package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
580184: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580184
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: drbd8
Version: 2:8.3.7-1
Severity: serious

linux-2.6_2.6.32-12 provides prebuilt drbd modules, so there is no
longer a need for drbd8-source. See discussion here for more details:
  
http://lists.alioth.debian.org/pipermail/debian-ha-maintainers/2010-April/000880.html

-- 
dann frazier



--- End Message ---
--- Begin Message ---
Source: drbd8
Source-Version: 2:8.3.7-2

We believe that the bug you reported is fixed in the latest version of
drbd8, which is due to be installed in the Debian FTP archive:

drbd8-utils_8.3.7-2_amd64.deb
  to main/d/drbd8/drbd8-utils_8.3.7-2_amd64.deb
drbd8_8.3.7-2.diff.gz
  to main/d/drbd8/drbd8_8.3.7-2.diff.gz
drbd8_8.3.7-2.dsc
  to main/d/drbd8/drbd8_8.3.7-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 580...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Tretkowski  (supplier of updated drbd8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 20:29:40 +0200
Source: drbd8
Binary: drbd8-utils
Architecture: source amd64
Version: 2:8.3.7-2
Distribution: unstable
Urgency: low
Maintainer: Debian DRBD Maintainers 

Changed-By: Norbert Tretkowski 
Description: 
 drbd8-utils - RAID 1 over tcp/ip for Linux utilities
Closes: 573514 580184
Changes: 
 drbd8 (2:8.3.7-2) unstable; urgency=low
 .
   * Drop -source package, now that DRBD is part of the Linux mainline kernel.
 (closes: #573514, #580184)
Checksums-Sha1: 
 6e40a982379c60d929a83c3105ebb1cb59fafd65 1293 drbd8_8.3.7-2.dsc
 21b20cc69a001e88248dfd4cd53927190b8364af 15534 drbd8_8.3.7-2.diff.gz
 ad4e95c43c85cf82ec8b9ed09c9afd0b2d74478e 206844 drbd8-utils_8.3.7-2_amd64.deb
Checksums-Sha256: 
 79412d1aeb7167ffb7d21364dd9be97b8d7bf93fc4d2b35f772f3db5b724b1f2 1293 
drbd8_8.3.7-2.dsc
 e7eb73ebb8c6b7077077b319993a635d8379873307a6a7f6c752acf00638d7df 15534 
drbd8_8.3.7-2.diff.gz
 ed0d95a511883fc6f1b8fd045bd99b2009829b895c826f68669b93e91db63759 206844 
drbd8-utils_8.3.7-2_amd64.deb
Files: 
 765bfa440b6bbb3509c53a8891a2e92b 1293 admin extra drbd8_8.3.7-2.dsc
 e60b47fe38253f3723f8f1166855d2d3 15534 admin extra drbd8_8.3.7-2.diff.gz
 f01b9798daa35e327045d349ff7b37b6 206844 admin extra 
drbd8-utils_8.3.7-2_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwRMx0ACgkQr/RnCw96jQEH9QCgm+S7RtIpA51qstk5TjA76c/v
Za0AnAwskKxpp0RA7IWO2lsPNLdjxzrf
=7dLo
-END PGP SIGNATURE-


--- End Message ---

Bug#584078: marked as done (python-setproctitle: missing dependency on python)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 19:32:08 +
with message-id 
and subject line Bug#584078: fixed in python-setproctitle 1.0.1-1
has caused the Debian Bug report #584078,
regarding python-setproctitle: missing dependency on python
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584078: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584078
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-setproctitle
Version: 1.0-1
Severity: serious
Tags: patch

One would expect that a python-something package actually depends on
python.  This patch adds this dependency:


--8<---cut here---start->8---
diff -Nru python-setproctitle-1.0/debian/control 
python-setproctitle-1.0/debian/control
--- python-setproctitle-1.0/debian/control  2010-05-30 20:44:11.0 
+0200
+++ python-setproctitle-1.0/debian/control  2010-06-01 06:33:17.0 
+0200
@@ -9,7 +9,7 @@
 
 Package: python-setproctitle
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}
 Description: A setproctitle implementation for Python
  The library allows a process to change its title (as displayed by system tools
  such as ps and top).
--8<---cut here---end--->8---


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.34-nouveau (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-setproctitle depends on:
ii  libc6 2.11.1-1   Embedded GNU C Library: Shared lib

python-setproctitle recommends no packages.

python-setproctitle suggests no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: python-setproctitle
Source-Version: 1.0.1-1

We believe that the bug you reported is fixed in the latest version of
python-setproctitle, which is due to be installed in the Debian FTP archive:

python-setproctitle-dbg_1.0.1-1_amd64.deb
  to main/p/python-setproctitle/python-setproctitle-dbg_1.0.1-1_amd64.deb
python-setproctitle_1.0.1-1.debian.tar.gz
  to main/p/python-setproctitle/python-setproctitle_1.0.1-1.debian.tar.gz
python-setproctitle_1.0.1-1.dsc
  to main/p/python-setproctitle/python-setproctitle_1.0.1-1.dsc
python-setproctitle_1.0.1-1_amd64.deb
  to main/p/python-setproctitle/python-setproctitle_1.0.1-1_amd64.deb
python-setproctitle_1.0.1.orig.tar.gz
  to main/p/python-setproctitle/python-setproctitle_1.0.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Örjan Persson  (supplier of updated python-setproctitle 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Format: 1.8
Date: Mon, 31 May 2010 20:58:30 +0200
Source: python-setproctitle
Binary: python-setproctitle python-setproctitle-dbg
Architecture: source amd64
Version: 1.0.1-1
Distribution: unstable
Urgency: low
Maintainer: Örjan Persson 
Changed-By: Örjan Persson 
Description: 
 python-setproctitle - A setproctitle implementation for Python
 python-setproctitle-dbg - A setproctitle implementation for Python
Closes: 583887 584078
Changes: 
 python-setproctitle (1.0.1-1) unstable; urgency=low
 .
   * New upstream version.
   * Added missing dependency for python, thanks to Sven Joachim for reporting
 this (Closes: #584078).
   * Fixed problem when building package more than once, thanks to Jakub Wilk
 for reporting this (Closes: #583887).
   * Disabled tests for kfreebsd until setproctitle is fixed in libbsd.
Checksums-Sha1: 
 9382084a57248f7a9b7e34d1a245f0e605caac2e 1261 python-setproctitle_1.0.1-1.dsc
 72c53b7c6142d45df43f7f49a55e3e7bf9133bab 12911 
python-setproctitle_1.0.1.orig.tar.gz
 2492b83051371925a5edd085d07da3f9748e165b 2992 
python-setproctitle_1.0.1-1.debian.tar.gz
 bbf32ab89a3894b5212cd3469fdc129c9bf7a061 10330 
python-setproctitle_1.0.1-1_amd64.deb
 8a2f158bb8ee115df786c218e31ef028f7fc26e4 15598 
python-setproctitle-dbg_1.0.1-1_amd64.deb
Checksum

Bug#575076: msdos fstab mode

2010-06-10 Thread Marc Leeman 
I can't find my bugreport from yesterday; but since my return e-mail
was not correct; it could have been lost there.

My grub boot got corrupted because the dos compatibility mode was
selected in fstab during install of lenny.

I disabled this (c) and enabled another mode with u

It started to dawn to me that my /boot partition was listed with

(hd0,msdos1) and not the expected (hd0,1).

(hd0,msdos1) was show in the grub rescue shell.

-- 
  greetz, marc
You can't cheat the phone company.
crichton 2.6.26 #1 PREEMPT Tue Jul 29 21:17:59 CDT 2008 GNU/Linux


signature.asc
Description: Digital signature

Bug#575076: msdos fstab mode

2010-06-10 Thread Colin Watson 
On Thu, Jun 10, 2010 at 09:16:55PM +0200, Marc Leeman wrote:
> I can't find my bugreport from yesterday; but since my return e-mail
> was not correct; it could have been lost there.

I don't see any previous mail from you in this bug report.  Are you sure
that it is appropriate for you to follow up to this bug, rather than
filing a fresh one?  It's not obvious from what you've said here that
it's related.

> My grub boot got corrupted because the dos compatibility mode was
> selected in fstab during install of lenny.
> 
> I disabled this (c) and enabled another mode with u
> 
> It started to dawn to me that my /boot partition was listed with
> 
> (hd0,msdos1) and not the expected (hd0,1).

This is nothing to worry about - it's part of GRUB gaining more correct
support for strange corner cases that involve nested partition tables.
I don't think it relates to whatever your problem is.

-- 
Colin Watson   [cjwat...@debian.org]



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#516801: marked as done (CVE-2008-6123: Access restriction bypass)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 19:32:37 +
with message-id 
and subject line Bug#516801: fixed in net-snmp 5.4.3~dfsg-1
has caused the Debian Bug report #516801,
regarding CVE-2008-6123: Access restriction bypass
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
516801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516801
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: net-snmp
Severity: grave
Tags: security

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123

Upstream patch at 
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367

Cheers,
Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash


--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.4.3~dfsg-1

We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:

libsnmp-base_5.4.3~dfsg-1_all.deb
  to main/n/net-snmp/libsnmp-base_5.4.3~dfsg-1_all.deb
libsnmp-dev_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-dev_5.4.3~dfsg-1_sparc.deb
libsnmp-perl_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-perl_5.4.3~dfsg-1_sparc.deb
libsnmp-python_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp-python_5.4.3~dfsg-1_sparc.deb
libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp15-dbg_5.4.3~dfsg-1_sparc.deb
libsnmp15_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/libsnmp15_5.4.3~dfsg-1_sparc.deb
net-snmp_5.4.3~dfsg-1.debian.tar.gz
  to main/n/net-snmp/net-snmp_5.4.3~dfsg-1.debian.tar.gz
net-snmp_5.4.3~dfsg-1.dsc
  to main/n/net-snmp/net-snmp_5.4.3~dfsg-1.dsc
net-snmp_5.4.3~dfsg.orig.tar.gz
  to main/n/net-snmp/net-snmp_5.4.3~dfsg.orig.tar.gz
snmp_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/snmp_5.4.3~dfsg-1_sparc.deb
snmpd_5.4.3~dfsg-1_sparc.deb
  to main/n/net-snmp/snmpd_5.4.3~dfsg-1_sparc.deb
tkmib_5.4.3~dfsg-1_all.deb
  to main/n/net-snmp/tkmib_5.4.3~dfsg-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Friedrich  (supplier of updated net-snmp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 18:02:54 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp15-dbg libsnmp-dev 
libsnmp-perl libsnmp-python tkmib
Architecture: source sparc all
Version: 5.4.3~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Net-SNMP Packaging Team 
Changed-By: Jochen Friedrich 
Description: 
 libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
 libsnmp-dev - SNMP (Simple Network Management Protocol) development files
 libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
 libsnmp-python - SNMP (Simple Network Management Protocol) Python support
 libsnmp15  - SNMP (Simple Network Management Protocol) library
 libsnmp15-dbg - SNMP (Simple Network Management Protocol) library debug
 snmp   - SNMP (Simple Network Management Protocol) applications
 snmpd  - SNMP (Simple Network Management Protocol) agents
 tkmib  - SNMP (Simple Network Management Protocol) MIB browser
Closes: 516801 559109 575810 582400
Changes: 
 net-snmp (5.4.3~dfsg-1) unstable; urgency=low
 .
   * New upstream version (Closes: #559109)
 - includes fix for CVE-2008-4309
 - includes fix for CVE-2008-6123 (Closes: #516801)
 - AgentX support listens on localhost (only) by default
 - support for monitoring large disks (>2Tb)
 - improved handling of multiple matching access control entries
   * Remove patches included upstream:
 - 31_silence_subcontainer.patch
 - 57_fix_ipv6_memleak.patch
 - 59_fix_python.patch
   * Update patches:
 - 03_makefiles.patch
 - 07_docfiles.patch
 - 08_defaultconfig.patch
 - 32_mnttab_path.patch
 - 56_manpage.patch (Closes: #582400)
 - 60_libsensors_api.patch (Closes: #575810)
   * Switch to dpkg-source 3.0 (quilt) format
   * B

Bug#585493: Fails to upgrade, insserv bails due to loop

2010-06-10 Thread Alexander Hofbauer 
Same problem here.

---
insserv: There is a loop at service bootlogs if started
insserv: There is a loop between service bootlogs and mountnfs if
started
insserv:  loop involving service mountnfs at depth 8
insserv:  loop involving service networking at depth 7
insserv:  loop involving service fuse at depth 11
insserv: There is a loop between service bootlogs and mountnfs-bootclean
if started
insserv:  loop involving service mountnfs-bootclean at depth 9
insserv:  loop involving service mountoverflowtmp at depth 8
insserv: There is a loop between service bootlogs and mountoverflowtmp
if started
insserv:  loop involving service mountall-bootclean at depth 9
insserv:  loop involving service mountall at depth 10
insserv: There is a loop between service gdm3 and bootlogd if started
insserv:  loop involving service bootlogd at depth 3
insserv:  loop involving service mountdevsubfs at depth 2
insserv: There is a loop between service gdm3 and bootlogs if started
insserv:  loop involving service bootlogs at depth 4
insserv:  loop involving service gdm3 at depth 3
insserv:  loop involving service network-manager at depth 2
insserv: There is a loop between service bootlogs and mountall if
started
insserv:  loop involving service checkfs at depth 10
insserv:  loop involving service hostname at depth 5
insserv:  loop involving service pcmcia at depth 14
insserv: exiting now without changing boot order!
update-rc.d: error: insserv rejected the script header



signature.asc
Description: This is a digitally signed message part

Bug#519006: breaks dump builds, too

2010-06-10 Thread Rtp 
Matthias Klose  writes:

> On 09.06.2010 12:02, Arnaud Patard (Rtp) wrote:
>> Matthias Klose  writes:
>>
>> Hi,
>>
>>> On 08.06.2010 20:02, Bdale Garbee wrote:
 This prevents dump from building on mips/mipsel, which means the version
 of dump in testing is now months out of date.

 Is there an estimate for when this bug will be fixed?
>>>
>>> this is up to the debian-mips maintainers to answer.
>>>
>>> is there different behaviour when all objects involved in the link are
>>> rebuilt with binutils from experimental?
>>
>> hmm... Why are you talking about binutils ? From what I remember, the
>> patch fixing the issue is in gcc 4.5
>
> reference?

http://sourceware.org/bugzilla/show_bug.cgi?id=10144#c6
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519006#97
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519006#111


>
>> and someone said it won't be easy to backport it.
>
> so what do you propose?
>
>  - drop mips as a release architecture?
>  - do you volunteer to make gcc-4.5 ready for inclusion
>in mips and fix any resulting RC-critical issue?

I'm no gcc or binutils hacker. I've reported what I understood on the
issue in order to help seeing it fixed. My mail was not intended to
offense you at all. Unfortunately, it looks like it was not well
perceived so I will stop replying to this bug. I'm not using Debian on
my mips boxes after all...

Arnaud



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#518473: Us, what unsightly, miserable, de

2010-06-10 Thread Amaya Moleski 


vialled.rtf
Description: Binary data

Bug#581620: again not a bug

2010-06-10 Thread Soeren Sonnenburg 
looks like it need a newer hppa machine to build.
the package compiled perfectly fine on peri.debian.org but failed on the
presumably oder lafayette.debian.org

So I guess a rebuild on peri would fix this issue...

Since atlas 3.8 is sooo much faster than the obsoleted 3.6, I tend to
say that lapack/blas should be used on these old archs instead.

Soeren
-- 
For the one fact about the future of which we can be certain is that it
will be utterly fantastic. -- Arthur C. Clarke, 1962



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#581621: is this a bug?

2010-06-10 Thread Soeren Sonnenburg 
could it be that this buildd was just busy/swapping and simply requires
>300minutes to compile that file?

Soeren
-- 
For the one fact about the future of which we can be certain is that it
will be utterly fantastic. -- Arthur C. Clarke, 1962



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#584366: not a bug...

2010-06-10 Thread Soeren Sonnenburg 
There is really no bug in atlas here. If it is trying to build packages
with all the fancy optimizations enabled - it will simply need a machine
that has all of these.

Soeren
-- 
For the one fact about the future of which we can be certain is that it
will be utterly fantastic. -- Arthur C. Clarke, 1962



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585469: marked as done (libjettison-java: Files in org/codehaus/jettison/json are licensed under the non-free json license)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 18:32:22 +
with message-id 
and subject line Bug#585469: fixed in libjettison-java 1.2-2
has caused the Debian Bug report #585469,
regarding libjettison-java: Files in org/codehaus/jettison/json are licensed 
under the non-free json license
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
585469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libjettison-java
Version: 1.0-1, 1.2-1
Severity: serious
Justification: contains non-free files


Hi!

The json license used for the files in org/codehaus/jettison/json is
considered non-free ("The Software shall be used for Good, not Evil.")
Please see the recent discussions on debian-legal.


Best regards,
  Alexander

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-xen-686 (SMP w/1 CPU core)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15) (ignored: 
LC_ALL set to de...@euro)
Shell: /bin/sh linked to /bin/bash


--- End Message ---
--- Begin Message ---
Source: libjettison-java
Source-Version: 1.2-2

We believe that the bug you reported is fixed in the latest version of
libjettison-java, which is due to be installed in the Debian FTP archive:

libjettison-java_1.2-2.debian.tar.gz
  to main/libj/libjettison-java/libjettison-java_1.2-2.debian.tar.gz
libjettison-java_1.2-2.dsc
  to main/libj/libjettison-java/libjettison-java_1.2-2.dsc
libjettison-java_1.2-2_all.deb
  to main/libj/libjettison-java/libjettison-java_1.2-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 585...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Torsten Werner  (supplier of updated libjettison-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 20:17:19 +0200
Source: libjettison-java
Binary: libjettison-java
Architecture: source all
Version: 1.2-2
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 

Changed-By: Torsten Werner 
Description: 
 libjettison-java - collection of StAX parsers and writers for JSON
Closes: 585469
Changes: 
 libjettison-java (1.2-2) unstable; urgency=low
 .
   * Update copyright file because the json code uses the Apache license now. It
 is based on an older public domain implementation of the JSON.org library.
 (Closes: #585469)
Checksums-Sha1: 
 6142a2dc390c8a4c2994a2e783e2d79f6a9bb654 1330 libjettison-java_1.2-2.dsc
 b1e7a0715d652fc3b2f72eb0d5c245aaf7e7c29e 2948 
libjettison-java_1.2-2.debian.tar.gz
 cbaddf2cf3bf26fce40da4400b22a5f8bca9b4c1 61726 libjettison-java_1.2-2_all.deb
Checksums-Sha256: 
 792833ce25c205d9730e5a3fc1bb17e3442272019278122aea439f8a799358ef 1330 
libjettison-java_1.2-2.dsc
 670e8773f25abbd332ea0874cea45ee4546f94d96e058af3cc50aeb7a312cb63 2948 
libjettison-java_1.2-2.debian.tar.gz
 79dc3c85a54c406a46e0e8a8b1f75ce94922d22b3634003d8e2512b59a7fd088 61726 
libjettison-java_1.2-2_all.deb
Files: 
 7990ba497db02340d24156b2453b6ff4 1330 java optional libjettison-java_1.2-2.dsc
 f76fcc9f579a2c4d886c50441c11342a 2948 java optional 
libjettison-java_1.2-2.debian.tar.gz
 a9f60f2fd669673b820552d53c17a17a 61726 java optional 
libjettison-java_1.2-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwRLTIACgkQfY3dicTPjsMoPACgjJf9k/rF5VTbiaRM/9xxD1pD
YkoAnjMQCtFhZ93JT14ly/NDqWLN12Th
=X5If
-END PGP SIGNATURE-


--- End Message ---

Processed: forcibly merging 576683 576728

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forcemerge 576683 576728
Bug#576683: xpdf-utils: upgrade error trying to overwrite '/usr/bin/pdftoppm'
Bug#576728: fails to install; provides pdftoppm like xpdf-reader 
0:3.02-1.4+lenny1 does
Forcibly Merged 576683 576728.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
576728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576728
576683: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585471: webgui: License of www/extras/yui/examples/treeview/assets/js/json.js is considered non-free

2010-06-10 Thread Alexander Reichle-Schmehl 
Package: webgui
Version: 7.8.19-1, 7.8.20-1, 7.8.21-1
Severity: serious
Justification: contains non-free files


Hi!

The json license of www/extras/yui/examples/treeview/assets/js/json.js is
considered non-free ("The Software shall be used for Good, not Evil.") See
the recent discussions on debian-legal.

Best regards,
  Alexander

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-xen-686 (SMP w/1 CPU core)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15) (ignored: 
LC_ALL set to de...@euro)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#530653: Are past. I should die of such a life. C

2010-06-10 Thread Orellana Straugh 


bumps.rtf
Description: Binary data

Bug#585470: python-django-squeeze: license of squeeze/jsmin.js is considered non-free

2010-06-10 Thread Alexander Reichle-Schmehl 
Package: python-django-squeeze
Version: 0+git20090142-2
Severity: serious
Justification: contains non-free files


Hi!

The json like license of squeeze/jsmin.js is considered non-free ("The
Software shall be used for Good, not Evil.")  See the recent discussions on
debian-legal.


Best regards,
  Alexander

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-xen-686 (SMP w/1 CPU core)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15) (ignored: 
LC_ALL set to de...@euro)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585469: libjettison-java: Files in org/codehaus/jettison/json are licensed under the non-free json license

2010-06-10 Thread Alexander Reichle-Schmehl 
Package: libjettison-java
Version: 1.0-1, 1.2-1
Severity: serious
Justification: contains non-free files


Hi!

The json license used for the files in org/codehaus/jettison/json is
considered non-free ("The Software shall be used for Good, not Evil.")
Please see the recent discussions on debian-legal.


Best regards,
  Alexander

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-xen-686 (SMP w/1 CPU core)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15) (ignored: 
LC_ALL set to de...@euro)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585468: jifty: license of */share/web/static/js/json.js is considered non-free

2010-06-10 Thread Alexander Reichle-Schmehl 
Package: jifty
Version: 0.91117-2
Severity: serious
Justification: contains non DFSG free files


Hi!

The JSON license is consideres non-free ("The Software shall be used for
Good, not Evil."), see the recent discussions on debian-legal.


Best regards,
  Alexander


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-xen-686 (SMP w/1 CPU core)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15) (ignored: 
LC_ALL set to de...@euro)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#584327: patch

2010-06-10 Thread Willi Mann 
Hi!

The maintainer of mozilla-devscripts today uploaded a new revision that
uses python-librdf instead of python-rdflib (I wrote the patches). So
uploading a new upstream version of python-rdflib no longer conflicts
with mozilla-devscripts requirements.

WM



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#584386: marked as done (cdk: FTBFS: Java errors)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 17:47:41 +
with message-id 
and subject line Bug#584386: fixed in cdk 1:1.0.2-5
has caused the Debian Bug report #584386,
regarding cdk: FTBFS: Java errors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584386: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584386
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cdk
Version: 1:1.0.2-4
Severity: serious
Tags: squeeze sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20100602 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> make[1]: Entering directory `/build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2'
> make[1]: Nothing to be done for `update-config'.
> make[1]: Leaving directory `/build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2'
> cd . && /usr/lib/jvm/default-java/bin/java -classpath 
> /usr/share/ant/lib/ant.jar:/usr/share/ant/lib/ant-launcher.jar:/usr/share/java/ant-nodeps.jar:/usr/share/java/javacc.jar:/usr/share/java/vecmath.jar:/usr/share/java/log4j-1.2.jar:/usr/share/java/commons-cli.jar:/usr/lib/jvm/default-java/lib/tools.jar
>   -Dant.home=/usr/share/ant org.apache.tools.ant.Main -Dcompile.debug=true 
> -Dcompile.optimize=true-propertyfile 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/debian/ant.properties info 
> dist-all
> Buildfile: /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/build.xml
> 
> checkPlatforms:
> 
> check:
> 
> info:
>  [echo] Platform:
>  [echo]  OS: Linux
>  [echo]Architecture: amd64
>  [echo] Version: 2.6.26-2-amd64
>  [echo]  Mac OS/X found: ${isMacOsX}
>  [echo] 
>  [echo] Java/Ant Environment:
>  [echo]Java version: 1.6.0_18
>  [echo] Java vendor: Sun Microsystems Inc.
>  [echo]Java dir: /usr/lib/jvm/java-6-openjdk/jre
>  [echo]Java ext dir: 
> /usr/lib/jvm/java-6-openjdk/jre/lib/ext:/usr/java/packages/lib/ext
>  [echo]   Java3: ${isJava13}
>  [echo]   Java4: ${isJava14}
>  [echo]   Java5: ${isJava15}
>  [echo]   Java6: true
>  [echo]  Java4+: true
>  [echo]  Java5+: true
>  [echo]  not Java5+: ${isNotJava15+}
>  [echo]   Java6: true
>  [echo] Ant version: Apache Ant version 1.8.0 compiled on March 11 
> 2010
>  [echo] ${ANT_HOME}: /usr/share/ant
>  [echo]hasAnt16: ${hasAnt16}
>  [echo] 
>  [echo] CDK Environment:
>  [echo] CDK version: 1.0.2
>  [echo]   build.xml: $Id: build.xml 10282 2008-03-02 15:25:03Z egonw $
>  [echo] Junit found: ${junit.present}
>  [echo]  --- required libraries ---
>  [echo]   Vecmath found: true
>  [echo] Log4j found: true
>  [echo]   JGraphT found: ${jgrapht.present}
>  [echo]  --- distributed (but optional) libraries ---
>  [echo] Batik found: ${batik.present}
>  [echo]CMLDOM found: ${cmllibs.present}
>  [echo] DADML found: ${dadml.present}
>  [echo]   JAI found: ${jai.present}
>  [echo]   XIndice found: ${xindice.present}
>  [echo] SJava found: ${sjava.present}
>  [echo] JNI-InChI found: ${jniinchi.present}
>  [echo]  --- optional libraries ---
>  [echo] 
>  [echo] Compiling:
>  [echo] for: modern
>  [echo]   debug: on
>  [echo]  nowarn: on
>  [echo] deprecation: on
>  [echo]optimization: off
> 
> dist-all:
> 
> checkPlatforms:
> 
> check:
> 
> setupBuildDir:
> [mkdir] Created dir: /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/build
> [mkdir] Created dir: 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/sourcedist
> [mkdir] Created dir: /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/dist
> [mkdir] Created dir: 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/reports
> 
> init:
> 
> javacc:
> 
> customize:
> 
> runDoclet:
>  [echo] Not skipping doclet run...
> [javac] Compiling 1 source file to 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/build
> [javac] Note: 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/src/net/sf/cdk/tools/MakeJavafilesFiles.java
>  uses unchecked or unsafe operations.
> [javac] Note: Recompile with -Xlint:unchecked for details.
> [javac] Compiling 1 source file to 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/build
> [javac] Note: 
> /build/user-cdk_1.0.2-4-amd64-g6ftO_/cdk-1.0.2/src/net/sf/cdk/tools/MakeRequiresfilesFiles.java
>  uses unchecked or unsafe operations.
> [jav

Bug#561203: threads and fork on machine with VIPT-WB cache

2010-06-10 Thread dann frazier 
On Thu, Jun 10, 2010 at 07:30:45PM +0300, Modestas Vainius wrote:
> Hello,
> 
> On sekmadienis 06 Bir??elis 2010 04:01:23 Modestas Vainius wrote:
> > On penktadienis 04 Bir??elis 2010 08:21:06 dann frazier wrote:
> > > > My case and my analysis talked about UP kernel, and John David Anglin
> > > > 
> > > > made a patch:
> > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561203#144
> > > > 
> > > > After that, the discussion went to SMP cases.
> > > > 
> > > > It would be better to evaluate the patch again, and make sure it works
> > > > for UP case and fix failures of buildd, then apply for Linux in Debian
> > > > (only) for HPPA.
> > > > 
> > > > I know that the patch is not that ideal because it touches
> > > > architecture independent part of Linux, but it is worth for Linux in
> > > > Debian (or Linux for the HPPA machine of buildd, at least).
> > > 
> > > I'm happy to test the patch if necessary to help push this change
> > > upstream. However, we do need the change to go upstream before we can
> > > include it in the Debian kernel.
> > 
> > I made a hackish patch for QProcess in Qt (usleep(1000) before fork())
> > which seems to reduce likelihood of the failure to very rare again. Once a
> > new revision of qt4-x11 is uploaded to sid (soon I believe), KDE
> > applications should be able to build again (hopefully).
> 
> qt4-x11/hppa 4:4.6.3-1 has recently been uploaded to incoming. It has my hppa 
> hack applied. Therefore please give back the following KDE packages on hppa:
> 
> kde4libs basket kdesvn webkitkde kraft konq-plugins

done.




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#569097: Uses obsolete V4L1 API

2010-06-10 Thread Moritz Muehlenhoff 
On Wed, Feb 10, 2010 at 01:02:49AM +, Ben Hutchings wrote:
> Package: camserv
> Version: 1:0.5.1-10
> Severity: serious
> 
> The V4L1 API is obsolete and does not work with most new V4L drivers.
> You can use libv4l as an emulation layer; see
> .

Barak, shouldn't we simply remove camserv from the archive?
It's dead upstream and appears obsolete these days.

Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585451: html-xml-utils: FTBFS on powerpc, armel and s390

2010-06-10 Thread Sebastian Andrzej Siewior 
Package: html-xml-utils
Version: 5.7-1
Severity: serious
Tags: patch sid
User: debian-powerpc...@breakpoint.cc
Usertags: powerpcspe

Your package FTBFS on powerpc [0], s390 [1] and armel. A patch is
attached to fix this issue.

[0] 
https://buildd.debian.org/fetch.cgi?pkg=html-xml-utils;ver=5.7-1;arch=powerpc;stamp=1273702736
[1] 
https://buildd.debian.org/fetch.cgi?pkg=html-xml-utils;ver=5.7-1;arch=s390;stamp=1273702569
[2] 
https://buildd.debian.org/fetch.cgi?pkg=html-xml-utils;ver=5.7-1;arch=armel;stamp=1273863348

Sebastian
>From 1070038659a2bc8cdef8b3c847287e5281060ef5 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior 
Date: Thu, 10 Jun 2010 18:37:49 +0200
Subject: [PATCH] hxindex: option is int not char

the return value of getopt is int not char. The difference here is that
char is signed char on x86 but unsigned char on powerpc for instance.
This leads to the following compile error if compiled with -Wextra:

| hxindex.c:777: warning: comparison is always true due to limited range  of 
data type

because c can never get -1, it can however grow to 255 and the options
will never be parsed properly.

Signed-off-by: Sebastian Andrzej Siewior 
---
 hxindex.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hxindex.c b/hxindex.c
index 47273be..b75c583 100644
--- a/hxindex.c
+++ b/hxindex.c
@@ -758,7 +758,7 @@ int main(int argc, char *argv[])
   Boolean write = True;
   Indexterm termtree = NULL;   /* Sorted tree of terms */
   string secno;
-  char c;
+  int c;
 
   /* Bind the parser callback routines to our handlers */
   set_error_handler(handle_error);
-- 
1.5.6.5

Bug#561203: threads and fork on machine with VIPT-WB cache

2010-06-10 Thread Modestas Vainius 
Hello,

On sekmadienis 06 Birželis 2010 04:01:23 Modestas Vainius wrote:
> On penktadienis 04 Birželis 2010 08:21:06 dann frazier wrote:
> > > My case and my analysis talked about UP kernel, and John David Anglin
> > > 
> > > made a patch:
> > >   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561203#144
> > > 
> > > After that, the discussion went to SMP cases.
> > > 
> > > It would be better to evaluate the patch again, and make sure it works
> > > for UP case and fix failures of buildd, then apply for Linux in Debian
> > > (only) for HPPA.
> > > 
> > > I know that the patch is not that ideal because it touches
> > > architecture independent part of Linux, but it is worth for Linux in
> > > Debian (or Linux for the HPPA machine of buildd, at least).
> > 
> > I'm happy to test the patch if necessary to help push this change
> > upstream. However, we do need the change to go upstream before we can
> > include it in the Debian kernel.
> 
> I made a hackish patch for QProcess in Qt (usleep(1000) before fork())
> which seems to reduce likelihood of the failure to very rare again. Once a
> new revision of qt4-x11 is uploaded to sid (soon I believe), KDE
> applications should be able to build again (hopefully).

qt4-x11/hppa 4:4.6.3-1 has recently been uploaded to incoming. It has my hppa 
hack applied. Therefore please give back the following KDE packages on hppa:

kde4libs basket kdesvn webkitkde kraft konq-plugins


-- 
Modestas Vainius 


signature.asc
Description: This is a digitally signed message part.

Bug#584102: marked as done (OpenVZ vzctl enter dying with: Unable to open pty: No such file or directory; problem with tcgetattr() and startpar)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 15:52:47 +
with message-id 
and subject line Bug#584102: fixed in sysvinit 2.88dsf-8
has caused the Debian Bug report #584102,
regarding OpenVZ vzctl enter dying with: Unable to open pty: No such file or  
directory; problem with tcgetattr() and startpar
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584102
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sysvinit
Version: 2.88dsf-5

After debootstraping testing/squeeze there's a problem when trying to
start it under OpenVZ. init starts but the rc scripts fail to properly
setup environment (run scripts from runlevel S and runlevel 2).
OpenVZ's vzctl enter VEID dies with the following error message:

# vzctl enter 1050
enter into VE 1050 failed
Unable to open pty: No such file or directory

(the above if caused by /dev/pts not being mounted)

I've narrowed the problem to startpar program which is used by init
scripts to run scripts for given runlevel in parallel. It seems that
startpar dies giving an error :

17rt_sigaction(SIGWINCH, {0x401f40, [],
SA_RESTORER|SA_RESTART|SA_NODEFER, 0x7fcad974cf80}, NULL, 8) = 0
17ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffc230) = -1
ENOTTY (Inappropriate ioctl for device)
17dup(2)= 3
17fcntl(3, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
17fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
17ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffbfe0) = -1
ENOTTY (Inappropriate ioctl for device)
17mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcad9c87000
17lseek(3, 0, SEEK_CUR) = 0
17write(3, "tcgetattr: Inappropriate ioctl for device\n", 42) = 42
17close(3)  = 0
17munmap(0x7fcad9c87000, 4096)  = 0
17exit_group(1) = ?



I'm attaching full strace output of startpar.

I've browsed Debian's sysvinit source and found out this call to
tcgetattr():

///
 if (tcgetattr(0, &tio))
   {
 perror("tcgetattr");
 exit(1);
   }
///

tio variable is later used to disable basic terminal output translation:
///
  tio.c_oflag &= ~OPOST;
  if (tcsetattr(1, TCSANOW, &tio))
perror("tcsetattr");
///

When I comment this code and rebuild the package then the virtual
environment boots
successfully. I suppose that OpenVZ's "stdin"/"stdout" for init
program isn't a regular terminal
and that's the cause of tcgetattr() failing.

Should it be a fatal error if a call to tcgetattr() fails? Maybe we
could just detect the case when tcgetattr() returns 0 and if such
thing occurs - omit using tcsetattr()?



There's also one note that adding:
CONCURRENCY=none
to /etc/default/rcS
makes the system boot properly.



Host node runs Lenny and it works well. Below is the information about
the container:

-- System Information:
Debian Release: squeeze/sid
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-openvz-amd64
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/dash

Versions of packages sysvinit depends on:
ii  initscripts   2.88dsf-5  scripts for initializing and shutt
ii  libc6 2.10.2-9   Embedded GNU C Library: Shared lib
ii  libselinux1   2.0.94-1   SELinux runtime shared libraries
ii  libsepol1 2.0.40-2   SELinux library for manipulating b
ii  sysv-rc   2.88dsf-5  System-V-like runlevel change mech
ii  sysvinit-utils2.88dsf-5  System-V-like utilities

sysvinit recommends no packages.

sysvinit suggests no packages.

-- no debconf information
17execve("/sbin/startpar", ["startpar", "-p", "4", "-t", "20", "-T", "3", 
"-M", "start", "-P", "N", "-R", "2"], [/* 12 vars */]) = 0
17brk(0)= 0x607000
17mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 
= 0x7fcad9c8a000
17access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
17mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 
= 0x7fcad9c88000
17access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
17open("/etc/ld.so.cache", O_RDONLY) = 3
17fstat(3, {st_mode=S_IFREG|0644, st_size=6427, ...}) = 0
17mmap(NULL, 6427, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fcad9c86000
17close(3)  = 0
17access("/et

Bug#583562: marked as done (Updating debianutils to 3.2.3 kills OpenVZ VE)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 15:52:47 +
with message-id 
and subject line Bug#584102: fixed in sysvinit 2.88dsf-8
has caused the Debian Bug report #584102,
regarding Updating debianutils to 3.2.3 kills OpenVZ VE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584102
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debianutils
Version: 2.30
Severity: critical
Justification: breaks the whole system

After updating debianutils, the container doesn't start properly (shows only 1 
process running, all services are down), and trying to enter produces the 
message
"Unable to open pty: No such file or directory"

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-openvz-686 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages debianutils depends on:
ii  libc6   2.7-18lenny2 GNU C Library: Shared libraries

debianutils recommends no packages.

debianutils suggests no packages.

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: sysvinit
Source-Version: 2.88dsf-8

We believe that the bug you reported is fixed in the latest version of
sysvinit, which is due to be installed in the Debian FTP archive:

initscripts_2.88dsf-8_i386.deb
  to main/s/sysvinit/initscripts_2.88dsf-8_i386.deb
sysv-rc_2.88dsf-8_all.deb
  to main/s/sysvinit/sysv-rc_2.88dsf-8_all.deb
sysvinit-utils_2.88dsf-8_i386.deb
  to main/s/sysvinit/sysvinit-utils_2.88dsf-8_i386.deb
sysvinit_2.88dsf-8.diff.gz
  to main/s/sysvinit/sysvinit_2.88dsf-8.diff.gz
sysvinit_2.88dsf-8.dsc
  to main/s/sysvinit/sysvinit_2.88dsf-8.dsc
sysvinit_2.88dsf-8_i386.deb
  to main/s/sysvinit/sysvinit_2.88dsf-8_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen  (supplier of updated sysvinit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 15:41:18 +0200
Source: sysvinit
Binary: sysvinit sysvinit-utils sysv-rc initscripts
Architecture: source i386 all
Version: 2.88dsf-8
Distribution: unstable
Urgency: low
Maintainer: Debian sysvinit maintainers 

Changed-By: Petter Reinholdtsen 
Description: 
 initscripts - scripts for initializing and shutting down the system
 sysv-rc- System-V-like runlevel change mechanism
 sysvinit   - System-V-like init utilities
 sysvinit-utils - System-V-like utilities
Closes: 584102 584742
Changes: 
 sysvinit (2.88dsf-8) unstable; urgency=low
 .
   * New startpar patch 06_stdin_notty.patch to make sure startpar run
 programs also when stdin is a pipe, to get it working on OpenVZ
 (Closes: #584102)
   * New startpar patch 07_nocrash_missing_arg.patch to make sure
 missing argument (-a) do not cause startpar to segfault.
   * Change startpar patch 05_pri_kdm_gdm.patch to also give priority
 to udev to get kernel module loading started as early as possible
 during boot.  Based on idea from live-net-startpar.
   * Make init.d/bootlogs soft depend on gdm3 while we wait for gdm3 to
 provide $x-display-manager.
   * Make sure to create /dev/pts/ and /dev/shm/ in mountdevsub.sh
 before mounting them to allow udev to stop creating them at boot
 (Closes: #584742).  Thanks to Marco d'Itri for the patch.
   * Drop support for the now obsolete devfs file system in the init.d
 scripts bootmisc.sh, checkroot.sh, mountdevsubfs.sh, umountfs and
 umountnfs.sh.
   * Loosen up the migration check to dependency based boot sequencing,
 to only report removed but not purged packages if insserv detected
 problems with the init.d script dependencies.
   * Add Norwegian Bokmål (nb) debconf translation.
Checksums-Sha1: 
 46f09a9d93526a43bf9ab2dae5f85299f11fe4b0 1506 sysvinit_2.88dsf-8.dsc
 36e38341ed807d694b3fa765b9d5c0a0223459ab 162406 sysvinit_2.88dsf-8.diff.gz
 50061807ff7d8a6799ce4147ff36ae5eb5362fd1 114144 sysvinit_2.88dsf-8_i386.deb
 018432c8aafec8a3bed5b197bbae52c2

Bug#584469: marked as done (prewikka: Permission security vulnerability)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 15:50:49 +
with message-id 
and subject line Bug#584469: fixed in prewikka 1.0.0-1.1
has caused the Debian Bug report #584469,
regarding prewikka: Permission security vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584469
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: prewikka
Version: 0.9.14-2
Severity: critical
Justification: causes serious data loss

*** Please type your report below this line ***

The permissions of the prewikka.conf file are world readable and
contain the SQL-database password used by prewikka. This update makes
it readable just by the apache group.

References:

https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00771.html
https://bugs.gentoo.org/show_bug.cgi?id=270056

This has CVE-2010-2058 assigned.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash


--- End Message ---
--- Begin Message ---
Source: prewikka
Source-Version: 1.0.0-1.1

We believe that the bug you reported is fixed in the latest version of
prewikka, which is due to be installed in the Debian FTP archive:

prewikka_1.0.0-1.1.diff.gz
  to main/p/prewikka/prewikka_1.0.0-1.1.diff.gz
prewikka_1.0.0-1.1.dsc
  to main/p/prewikka/prewikka_1.0.0-1.1.dsc
prewikka_1.0.0-1.1_all.deb
  to main/p/prewikka/prewikka_1.0.0-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde  (supplier of updated prewikka package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 15:50:02 +0200
Source: prewikka
Binary: prewikka
Architecture: source all
Version: 1.0.0-1.1
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier 
Changed-By: Nico Golde 
Description: 
 prewikka   - Security Information Management System [ Web Interface ]
Closes: 584469
Changes: 
 prewikka (1.0.0-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Install prewikka.conf file with mode 0640 to prevent disclosure
 of db credentials (CVE-2010-2058; Closes: #584469).
 NOTE to maintainer: I've seen there is a chmod 640 at the end
 of the postinst script but this is on the one hand prone to a
 race condition and on the other hand not always effective.
Checksums-Sha1: 
 5b8a48508f2ef161db79634640baa71473dd6333 1040 prewikka_1.0.0-1.1.dsc
 1857b8fd3a1ae8d2fd8746acf775c4a050dc9daf 10860 prewikka_1.0.0-1.1.diff.gz
 7c59fe5eb7fc83a3b7812b152e764681d29fdefe 339668 prewikka_1.0.0-1.1_all.deb
Checksums-Sha256: 
 c44edc5f2e23f64e4eddd4ec0a3e499fb7b9fdf36cd46403274dd276a72e81fd 1040 
prewikka_1.0.0-1.1.dsc
 b5d49e9461dd1ee70447a04a3182ecb0fb90916069eba3ce7f1b12dda5f7c46d 10860 
prewikka_1.0.0-1.1.diff.gz
 7b17c3f8ed01843e6d6005f505d6f0bf3b3d4fe1670147584279e48196382994 339668 
prewikka_1.0.0-1.1_all.deb
Files: 
 bab136b84f8bacfa30a5e6f01cbb8354 1040 web extra prewikka_1.0.0-1.1.dsc
 332f1209d678483b41a0e55a0b88fc13 10860 web extra prewikka_1.0.0-1.1.diff.gz
 6e0e0ccd0c89bb1156673fe0577f0160 339668 web extra prewikka_1.0.0-1.1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwQ8agACgkQHYflSXNkfP98PQCeM12yscKs+7n/kh+9sKovBACF
t/IAoJU4jR84tdJ8fHcWDBCThEQkncTo
=Z0Ok
-END PGP SIGNATURE-


--- End Message ---

Processed: Re: Bug#572465: e16: Please build-depend on autopoint

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 572465 + patch
Bug #572465 [e16] e16: Please build-depend on autopoint
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
572465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572465
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#572465: e16: Please build-depend on autopoint

2010-06-10 Thread Judit Foglszinger 
tags 572465 + patch
thanks

Added build-depency on autopoint and removed the one on cvs,
makes package build with pbuilder.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#572465: e16: Please build-depend on autopoint

2010-06-10 Thread Judit Foglszinger 
actually added the patch :)
diff -Naur debian/control debian-new/control
--- debian/control	2010-06-10 15:38:31.0 +
+++ debian-new/control	2010-06-10 15:30:49.0 +
@@ -2,7 +2,7 @@
 Section: x11
 Priority: optional
 Maintainer: Laurence J. Lane 
-Build-Depends: libxft-dev, libesd0-dev, libimlib2-dev, gettext, libdbus-1-dev, libsm-dev, libx11-dev, libxext-dev, libxrandr-dev, libxinerama-dev, libxxf86vm-dev, libxt-dev, xbitmaps, libxcomposite-dev, libxdamage-dev, libxrender-dev, libpango1.0-dev, pkg-config, debhelper (>=7.0.1), automake, autoconf, libtool, gettext, quilt, cvs
+Build-Depends: libxft-dev, libesd0-dev, libimlib2-dev, gettext, libdbus-1-dev, libsm-dev, libx11-dev, libxext-dev, libxrandr-dev, libxinerama-dev, libxxf86vm-dev, libxt-dev, xbitmaps, libxcomposite-dev, libxdamage-dev, libxrender-dev, libpango1.0-dev, pkg-config, debhelper (>=7.0.1), automake, autoconf, libtool, gettext, quilt, autopoint
 Standards-Version: 3.8.2
 Homepage: http://www.enlightenment.org/

Bug#582691: patch for sql injection

2010-06-10 Thread Nico Golde 
Hi,
attached is a patch for CVE-2010-2092.
Cheers
Nico
--- graph.php	2009-06-28 18:07:11.0 +0200
+++ graph.php.new	2010-06-10 17:41:07.0 +0200
@@ -33,7 +33,7 @@
 include_once("./include/top_graph_header.php");
 
 /* = input validation = */
-input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
+input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
 input_validate_input_number(get_request_var("local_graph_id"));
 input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
 /*  */

Bug#584565: [Yaird-devel] Bug#584565: [PATCH] enable yaird for kernel.org 2.6.33.4

2010-06-10 Thread Jonas Smedegaard 

On Thu, Jun 10, 2010 at 03:57:17PM +0200, Nils Radtke wrote:

On Tue 2010-06-08 @ 02-01-54PM +0200, Jonas Smedegaard wrote:
# >A simple
# > touch /lib/modules/2.6.33.4/modules.{pci,usb}map
# >did work for me..
#
# Hmm, interesting.  Perhaps then simply loosening up the code to skip
# parsing that file if unavailable is the way to go.  Need to
# investigate closer to ensure not loosing stabiliy or features by
# such approach.
I'd say, it should work because it has to parse the /sys fs anyway (or
does it shortcut when there's info available from the maps?
If so, then loosening up is the way I'd go, as the non-existence isn't
a crucial precondition but a way to get a hint.


Sounds like guessing.  I don't have the time right now, but want to 
actually dive in and try understand the intend of the maps usage before 
messing with it or ripping it out.



# ># But I am a bit suspicious about the devices that you ignore - 
# ># could you perhaps elaborate more on that, to help ensure that they 
# ># are universally sane to ignore?
# >Hm, I'd say, I just ignore path endings that aren't (at least for 
# >me) any devices.. As I said, no warranty that my patches will work 
# >w/o flaws for anyone else..

#
# Fair enough.  I will then investigate closer before applying to 
# official yaird, to ensure not risking stability.

My approach was: look out for devices I have, what is present in
sysfs and which matches yaird depends on. Then I used the match
loop and combined those matches w/ what is available in sysfs.
That way it seemed quite clear which devices and paths are the ones
yaird is depending on (locally, on my setup). There were symlinks
and location changes in the sysfs, but - obviously - the devices
are there and yaird had to be made to find them w/ the latest kernel.
The rest was adaptation of matches and ignores within the loop.


Yes, I suspected that approach.  While it might be fine for your 
personal use of yaird (and for my laptop too), more cautious approach is 
needed for official yaird releases:


What I found in yaird (compared to other ramdisk generators) was not 
only very compact output, but also a design principle of high 
reliability: Skipping items too aggressively might be harmless for your 
and my hardware configurations, but fatal for someone elses.





# I have made little progress since then, but do not consider it dead.
# YMMV.
Hm, my impression is it'd be interesting to re-implement yaird using an 
abstraction layer of some sort to alleviate the tedious and returning 
burden of kernel adaption.. some unit-testing to ensure backward compat 
might ease the change..


I have not yet succeeded wrapping my mind around the logic of coding 
unit tests.  Would be lovely if you could help with that!


I notice you subscribed to the mailinglist.  Let's discuss that idea 
further there, as it is off-topic for this bugreport.



Regards,

 - Jonas

--
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: Digital signature

Processed: Re: Bug#572464: ceferino: Please build-depend on autopoint

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 572464 + patch
Bug #572464 [ceferino] ceferino: Please build-depend on autopoint
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
572464: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572464
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#572464: ceferino: Please build-depend on autopoint

2010-06-10 Thread Judit Foglszinger 
tags 572464 + patch
thanks

Added build-depency on autopoint and removed the one on cvs,
makes package build with pbuilder.

diff -Naur debian/control debian-new/control
--- debian/control	2010-06-10 14:55:31.0 +
+++ debian-new/control	2010-06-10 14:40:51.0 +
@@ -5,7 +5,7 @@
 Uploaders: Miriam Ruiz , Barry deFreese ,
  Bas Wijnen 
 Build-Depends: debhelper (>= 5.0.37.2), automake, autoconf (>= 2.53),
- gettext, quilt, libsdl1.2-dev, libsdl-image1.2-dev, libsdl-mixer1.2-dev, cvs
+ gettext, quilt, libsdl1.2-dev, libsdl-image1.2-dev, libsdl-mixer1.2-dev, autopoint
 Standards-Version: 3.8.3
 Homepage: http://www.losersjuegos.com.ar/juegos/ceferino/ceferino.php
 Vcs-Svn: svn://svn.debian.org/svn/pkg-games/packages/trunk/ceferino/

Processed: Re: Bug#585396: nvidia-kernel-legacy-173xx-source: nvidia-kernel-legacy-173xx-source fails to build with 2.6.34-1 (amd64)

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 585396 important
Bug #585396 [nvidia-kernel-legacy-173xx-source] 
nvidia-kernel-legacy-173xx-source: nvidia-kernel-legacy-173xx-source fails to 
build with 2.6.34-1 (amd64)
Severity set to 'important' from 'grave'

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
585396: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585396
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585396: nvidia-kernel-legacy-173xx-source: nvidia-kernel-legacy-173xx-source fails to build with 2.6.34-1 (amd64)

2010-06-10 Thread Andreas Beckmann 
severity 585396 important
thanks

Eloi COUTANT wrote:
> Package: nvidia-kernel-legacy-173xx-source
> Version: 173.14.25-1
> Severity: grave

Failing to build with a kernel from experimental is not grave.

The nvidia packages are currently being overhauled, there will be a new
upload of 173xx, soon.


Andreas



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585440: mono: CVE-2010-1459 insecure default configuration of EnableViewStateMac property might lead to XSS

2010-06-10 Thread Nico Golde 
Package: mono
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mono.

CVE-2010-1459[0]:
| The default configuration of ASP.NET in Mono before 2.6.4 has a value
| of FALSE for the EnableViewStateMac property, which allows remote
| attackers to conduct cross-site scripting (XSS) attacks, as
| demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in
| the XSP sample project.

Upstream patch:
http://anonsvn.mono-project.com/viewvc?view=revision&revision=154493

Code didn't seem to have changed much, those patches can be used without real 
modifications.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
http://security-tracker.debian.org/tracker/CVE-2010-1459

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.


pgp6nEppTbejT.pgp
Description: PGP signature

Bug#584469: intent to NMU

2010-06-10 Thread Nico Golde 
Hi,
I intent do upload a 0-day NMU to fix this vulnerability.
debdiff is at:
http://people.debian.org/~nion/nmu-diff/prewikka-1.0.0-1_1.0.0-1.1.patch

Cheers
Nico



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#584565: [Yaird-devel] Bug#584565: Bug#584565: Bug#584565: [PATCH] enable yaird for kernel.org 2.6.33.4

2010-06-10 Thread Nils Radtke 
  Hi Jonas,

On Tue 2010-06-08 @ 02-01-54PM +0200, Jonas Smedegaard wrote: 
# >A simple
# > touch /lib/modules/2.6.33.4/modules.{pci,usb}map
# >did work for me..
# 
# Hmm, interesting.  Perhaps then simply loosening up the code to skip
# parsing that file if unavailable is the way to go.  Need to
# investigate closer to ensure not loosing stabiliy or features by
# such approach.
I'd say, it should work because it has to parse the /sys fs anyway (or
does it shortcut when there's info available from the maps?
If so, then loosening up is the way I'd go, as the non-existence isn't
a crucial precondition but a way to get a hint.

# ># But I am a bit suspicious about the devices that you ignore - could
# ># you perhaps elaborate more on that, to help ensure that they are
# ># universally sane to ignore?
# >Hm, I'd say, I just ignore path endings that aren't (at least for me)
# >any devices.. As I said, no warranty that my patches will work w/o
# >flaws for anyone else..
# 
# Fair enough.  I will then investigate closer before applying to
# official yaird, to ensure not risking stability.
My approach was: look out for devices I have, what is present in 
sysfs and which matches yaird depends on. Then I used the match
loop and combined those matches w/ what is available in sysfs. 
That way it seemed quite clear which devices and paths are the ones
yaird is depending on (locally, on my setup). There were symlinks
and location changes in the sysfs, but - obviously - the devices
are there and yaird had to be made to find them w/ the latest kernel. 
The rest was adaptation of matches and ignores within the loop.

# I sure appreciate your sharing your hacks, even if that's all you want.
I'm happy if someone else may make use of them. 
 
# Trying to enroll you in the greater task of maintaining yaird in
# general is clearly abuse of your friendly and limited filing a
# bugreport - hope you dont mind that :-)
Never mind, thanks for the idea, Jonas. :)
 
# I would be happy to guide you with both git and Alioth.  If
# interested, please subscribe to the mailinglist at
# http://lists.alioth.debian.org/mailman/listinfo/yaird-devel and
# let's discuss further there.
 
# I am patient.  Even with years between your contributions, I would
# still prefer that you work in the main VCS than passing the results
# as diffs to the BTS.
*g okidoki

# I have made little progress since then, but do not consider it dead.
# YMMV.
Hm, my impression is it'd be interesting to re-implement yaird using
an abstraction layer of some sort to alleviate the tedious and returning
burden of kernel adaption.. some unit-testing to ensure backward compat
might ease the change..

Cheers,

Nils




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#574757: [moodle-packaging] Bug#574757: phpCAS XSS vulnerablity PHPCAS-52

2010-06-10 Thread Nico Golde 
Hi,
any news on this bug?

Cheers
Nico



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585425: moodle: CVE-2010-1619 cross-site scripting in KSES HTML text cleaning library

2010-06-10 Thread Nico Golde 
Package: moodle
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for moodle.

CVE-2010-1619[0]:
| Cross-site scripting (XSS) vulnerability in the
| fix_non_standard_entities function in the KSES HTML text cleaning
| library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x
| before 1.9.8, allows remote attackers to inject arbitrary web script
| or HTML via crafted HTML entities.

The function patched in the official upstream patch is not included in our 
version of the source code, a ported (untested) version of the patch is 
attached.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1619
http://security-tracker.debian.org/tracker/CVE-2010-1619

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0
For security reasons, all text in this mail is double-rot13 encrypted.
--- weblib.php	2010-06-10 15:03:59.0 +0200
+++ weblib.php.new	2010-06-10 15:12:30.0 +0200
@@ -1676,8 +1676,8 @@
 default:
 
 /// Fix non standard entity notations
-$text = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $text);
-$text = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $text);
+$text = preg_replace('/�*([0-9]+);?/', "&#\\1;", $text);
+$text = preg_replace('/�*([0-9a-fA-F]+);?/', "&#\\1;", $text);
 
 /// Remove tags that are not allowed
 $text = strip_tags($text, $ALLOWED_TAGS);



pgp95ZyEqCVK4.pgp
Description: PGP signature

Bug#583634: marked as done (evince: Insecure ghostscript invocation)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 12:47:32 +
with message-id 
and subject line Bug#583634: fixed in libspectre 0.2.6-1
has caused the Debian Bug report #583634,
regarding evince: Insecure ghostscript invocation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
583634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: evince
Version: 2.22.2-4~lenny1
Severity: grave
Tags: security
Justification: user security hole


Please see
  http://bugs.debian.org/583183
for details: evince seems to use ghostscript in an insecure way
when viewing PS files.

Cheers,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of SydneyAustralia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages evince depends on:
ii  gconf2  2.22.0-1 GNOME configuration database syste
ii  gnome-icon-theme2.22.0-1 GNOME Desktop icon theme
ii  libart-2.0-22.3.20-2 Library of functions for 2D graphi
ii  libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii  libbonobo2-02.22.0-1 Bonobo CORBA interfaces library
ii  libbonoboui2-0  2.22.0-1 The Bonobo UI library
ii  libc6   2.7-18lenny2 GNU C Library: Shared libraries
ii  libcairo2   1.6.4-7  The Cairo 2D vector graphics libra
ii  libdbus-1-3 1.2.1-5+lenny1   simple interprocess messaging syst
ii  libdbus-glib-1-20.76-1   simple interprocess messaging syst
ii  libdjvulibre21  3.5.20-8+lenny1  Runtime support for the DjVu image
ii  libgcc1 1:4.3.2-1.1  GCC support library
ii  libgconf2-4 2.22.0-1 GNOME configuration database syste
ii  libglade2-0 1:2.6.2-1library to load .glade files at ru
ii  libglib2.0-02.16.6-3 The GLib library of C routines
ii  libgnome-keyring0   2.22.3-2 GNOME keyring services library
ii  libgnome2-0 2.20.1.1-1   The GNOME 2 library - runtime file
ii  libgnomecanvas2-0   2.20.1.1-1   A powerful object-oriented display
ii  libgnomeui-02.20.1.1-2   The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0  1:2.22.0-5   GNOME Virtual File System (runtime
ii  libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface 
ii  libice6 2:1.0.4-1X11 Inter-Client Exchange library
ii  libjpeg62   6b-14The Independent JPEG Group's JPEG 
ii  libkpathsea42007.dfsg.2-4+lenny2 TeX Live: path search library for 
ii  libnautilus-extensi 2.20.0-7 libraries for nautilus components 
ii  liborbit2   1:2.14.13-0.1libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0   1.20.5-5+lenny1  Layout and rendering of internatio
ii  libpoppler-glib30.8.7-3  PDF rendering library (GLib-based 
ii  libpopt01.14-4   lib for parsing cmdline parameters
ii  libsm6  2:1.0.3-2X11 Session Management library
ii  libspectre1 0.2.0.ds-1   Library for rendering Postscript d
ii  libstdc++6  4.3.2-1.1The GNU Standard C++ Library v3
ii  libtiff43.8.2-11.2   Tag Image File Format (TIFF) libra
ii  libx11-62:1.1.5-2X11 client-side library
ii  libxml2 2.6.32.dfsg-5+lenny1 GNOME XML library
ii  shared-mime-info0.30-2   FreeDesktop.org shared MIME databa
ii  zlib1g  1:1.2.3.3.dfsg-12compression library - runtime

Versions of packages evince recommends:
ii  dbus-x11  1.2.1-5+lenny1 simple interprocess messaging syst

Versions of packages evince suggests:
pn  poppler-data   (no description available)
ii  unrar 1:3.8.2-1  Unarchiver for .rar files (non-fre

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: libspectre
Source-Version: 0.2.6-1

We believe that the bug you reported is fixed in the latest version of
libspectre, which is due to be installed in the Debian FTP archive:

libspectre-dev_0.2.6-1_amd64.deb
  to main/libs/libspectre/libspectre

Processed: Correct severity of sysv-rc dialog request

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 585415 wishlist
Bug #585415 [sysv-rc] sysv-rc: 'unable to use insserv' shown at every upgrade
Bug #585398 [sysv-rc] sysv-rc: sysv-rc fails to convert at each upgrade
Severity set to 'wishlist' from 'serious'

Severity set to 'wishlist' from 'serious'

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
585415: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585164: marked as done (CVE-2010-1916: Security issue in Xinha)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 14:28:41 +0200
with message-id <1276172921.6343.63.ca...@bulma>
and subject line Re: Bug#585164: CVE-2010-1916: Security issue in Xinha
has caused the Debian Bug report #585164,
regarding CVE-2010-1916: Security issue in Xinha
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
585164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585164
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dotlrn
Severity: grave
Tags: security

Hi,
dotlrn includes a copy of xinha, for which the following security
issue was reported:

http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml
http://xinha.webfactional.com/ticket/1518

Please check if dotlrn's code copy is affected and update the internal
copy.

There's already an ITP for xinha (Bug 479708) and since four packages
currently in the archive use xinha (openacs, Horde, serendipity and
dotlrn) it would be nice if we could migrate to a single package
for Squeeze.

Cheers,
Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash


--- End Message ---
--- Begin Message ---
Hi,

Thanks for the bug report, Moritz.

It looks like the problem is on the php function
xinha_read_passed_data(), which is used by some plugins (ImageManager,
ExtendedFileManager, etc...). The files fixed are php-xinha.php and the
config.inc.php of the affected plugins.

The xinha PHP interface is not used by OpenACS/dotLRN (they don't use
PHP at all), I think we can safely close the bug.

Regards, Héctor



--- End Message ---

Bug#585163: marked as done (CVE-2010-1916: security issue in Xinha)

2010-06-10 Thread Debian Bug Tracking System 
Your message dated Thu, 10 Jun 2010 14:28:43 +0200
with message-id <1276172923.6343.64.ca...@bulma>
and subject line Re: Bug#585163: CVE-2010-1916: security issue in Xinha
has caused the Debian Bug report #585163,
regarding CVE-2010-1916: security issue in Xinha
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
585163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openacs
Severity: grave
Tags: security

Hi,
openacs includes a copy of xinha, for which the following security
issue was reported:

http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml
http://xinha.webfactional.com/ticket/1518

Please check if openacs's code copy is affected and update the internal
copy in necessary.

There's already an ITP for xinha (Bug 479708) and since four packages
currently in the archive use xinha (openacs, Horde, serendipity and
dotlrn) it would be nice if we could migrate to a single package
for Squeeze.

Cheers,
Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash


--- End Message ---
--- Begin Message ---
Hi,

Thanks for the bug report, Moritz.

It looks like the problem is on the php function
xinha_read_passed_data(), which is used by some plugins (ImageManager,
ExtendedFileManager, etc...). The files fixed are php-xinha.php and the
config.inc.php of the affected plugins.

The xinha PHP interface is not used by OpenACS/dotLRN (they don't use
PHP at all), I think we can safely close the bug.

Regards, Héctor



--- End Message ---

Processed: forcibly merging 585415 585398

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forcemerge 585415 585398
Bug#585415: sysv-rc: 'unable to use insserv' shown at every upgrade
Bug#585398: sysv-rc: sysv-rc fails to convert at each upgrade
Forcibly Merged 585398 585415.

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
585398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585398
585415: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585415: sysv-rc: 'unable to use insserv' shown at every upgrade

2010-06-10 Thread Julien Cristau 
Package: sysv-rc
Version: 2.88dsf-7
Severity: serious

Every time sysv-rc gets upgraded it annoys me with a debconf screen
about how it couldn't use insserv.  This message should only be showed
once, I don't need it in my face at each upgrade.

The reason it can't use insserv is it can't seem to deal with
removed-but-not-purged packages.  I'm not going to purge them just to
make it happy.

So please make this debconf screen a one-time thing.

Cheers,
Julien

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sysv-rc depends on:
ii  debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii  insserv   1.14.0-2   Tool to organize boot sequence usi
ii  sysvinit-utils2.88dsf-7  System-V-like utilities

Versions of packages sysv-rc recommends:
ii  lsb-base  3.2-23.1   Linux Standard Base 3.2 init scrip

Versions of packages sysv-rc suggests:
pn  bum(no description available)
pn  sysv-rc-conf   (no description available)

-- debconf information:
* sysv-rc/unable-to-convert:
  sysv-rc/convert-legacy: true


signature.asc
Description: Digital signature

Processed: Re: Bug#571571: a2ps still build-depends on emacs22

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> notfound 571571 1:4.14-1.1
Bug #571571 [a2ps] a2ps: Please update Build-Depends emacs22 to emacs23
Bug No longer marked as found in versions a2ps/1:4.14-1.1.
> close 571571 1:4.14-1.1
Bug#571571: a2ps: Please update Build-Depends emacs22 to emacs23
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug marked as fixed in version 1:4.14-1.1, send any further explanations to 
Nobuhiro Iwamatsu 

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
571571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571571
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#571571: a2ps still build-depends on emacs22

2010-06-10 Thread Sven Joachim 
notfound 571571 1:4.14-1.1
close 571571 1:4.14-1.1
thanks

On 2010-06-10 14:05 +0200, Sven Joachim wrote:

> found 571571 1:4.14-1.1
> severity 571571 serious
> thanks
>
> Hi,
>
> the latest NMU did unfortunately not fix this bug, as a2ps still
> build-depends on emacs22 | emacsen.

Argh, please scrap that.  For some reason, "apt-cache showsrc a2ps"
still put out an  entry for version 1:4.14-1, and I mixed things up.
Sorry for the noise.

Sven



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: severity of 575745 is important

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 575745 important
Bug #575745 [lxr-cvs] CVE-2009-4497: Cross-site scripting (XSS) vulnerability
Severity set to 'important' from 'serious'

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
575745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575745
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: a2ps still build-depends on emacs22

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 571571 1:4.14-1.1
Bug #571571 {Done: Nobuhiro Iwamatsu } [a2ps] a2ps: Please 
update Build-Depends emacs22 to emacs23
Bug Marked as found in versions a2ps/1:4.14-1.1; no longer marked as fixed in 
versions a2ps/1:4.14-1.1 and reopened.
> severity 571571 serious
Bug #571571 [a2ps] a2ps: Please update Build-Depends emacs22 to emacs23
Severity set to 'serious' from 'important'

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
571571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571571
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#585403: emacs22 22.3+1-1.2 fails to install on mipsel

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 585403 grave
Bug #585403 [emacs22] emacs22 22.3+1-1.2 fails to install on mipsel
Severity set to 'grave' from 'critical'

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
585403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585403
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585403: emacs22 22.3+1-1.2 fails to install on mipsel

2010-06-10 Thread Sven Joachim 
severity 585403 grave
thanks

On 2010-06-10 13:01 +0200, Andreas Barth wrote:

> Package: emacs22
> Version: 22.3+1-1.2
> Severity: critical
>
> Hi,
>
> this package cannot be installed on mipsel:
>
> | Setting up emacs22 (22.3+1-1.2) ...
> | update-alternatives: using /usr/bin/emacs22-x to provide /usr/bin/emacs 
> (emacs) in auto mode.
> | update-alternatives: using /usr/bin/emacs22 to provide /usr/bin/editor 
> (editor) in auto mode.
> | emacs-install emacs22
> | emacsen-common: Handling install of emacsen flavor emacs22
> | emacsen-common: byte-compiling for emacs22
> | emacs22: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) 
> (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct 
> malloc_chunk, fd && old_size == 0) || 
> | ((unsigned long) (old_size) >= (unsigned long)__builtin_offsetof 
> (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * 
> (sizeof(size_t))) - 1))) && ((old_top)
> | ->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
> | Aborted
> | emacs-install: /usr/lib/emacsen-common/packages/install/emacsen-common 
> emacs22 failed at /usr/lib/emacsen-common/emacs-install line 28,  line 
> 2.

I suspect that a binNMU with newer binutils would help.  See #566947.

> This makes other packages FTBFS, e.g. acl2.

Since emacs22 is not and will not be in squeeze, any package
build-depending on it is already RC-buggy.

Sven



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585410: nagios3-cgi: Missing conflict with nagios3 v3.0.6-4~lenny2 (/usr/lib/cgi-bin/nagios3/extinfo.cgi_

2010-06-10 Thread Petter Reinholdtsen 

Package:  nagios3-cgi
Version:  3.2.1-1
Severity: serious
User: debian-...@lists.debian.org
UserTags: debian-edu

When trying a upgrade of a Debian Edu main-server+workstation, the
upgrade of nagios3-cgi fail because it include a file also in the
nagios3 package in lenny.

The error happened when calling aptitude dist-upgrade and upgrading
723 packages, adding 395 packages and removing 125 packages.

This is the error (sorry about the Norwegian text):


[...]
Pakker ut nagios3-cgi (fra .../nagios3-cgi_3.2.1-1_i386.deb) ...
Bytter ut filer i den gamle pakken nagios3-doc ...
Bytter ut filer i den gamle pakken nagios3-common ...
dpkg: Feil ved behandling av 
/var/cache/apt/archives/nagios3-cgi_3.2.1-1_i386.deb (--unpac
k):
 försöker skriva över "/usr/lib/cgi-bin/nagios3/extinfo.cgi" som också finns i 
paketet
 nagios3 3.0.6-4~lenny2
dpkg-deb: underprosessen klistra in drept med signal (Røret ble brutt)
Gjør klar til å bytte ut nagios3 3.0.6-4~lenny2 (ved bruk av 
.../nagios3_3.2.1-1_i386.de
b) ...
 * Stopping nagios3 monitoring daemon nagios3   ESC[90G Waiting for nagios3 
daemon to
die...
^MESC[84G[ ok ]
Pakker ut erstatningen nagios3 ...
[...]


The problem is that the file /usr/lib/cgi-bin/nagios3/extinfo.cgi
exist in the old nagios3 package and seem to have moved to the new
nagios3-cgi package without the appropriate conflict/replaces entries
in the control file, causing dpkg to refuse to install the new
nagios3-cgi package.

Setting severity to serious as this is not according to policy and
break upgrades.

Happy hacking,
-- 
Petter Reinholdtsen



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585408: flashplugin-nonfree: Execution of arbitrary code [CVE-2010-1297]

2010-06-10 Thread Sam Morris 
Package: flashplugin-nonfree
Version: 1:2.8
Severity: grave
Tags: security
Justification: user security hole

As described at
,

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and
earlier versions for Windows, Macintosh, Linux and Solaris operating
systems, and the authplay.dll component that ships with Adobe Reader and
Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This
vulnerability (CVE-2010-1297) could cause a crash and potentially allow
an attacker to take control of the affected system. There are reports
that this vulnerability is being actively exploited in the wild against
both Adobe Flash Player, and Adobe Reader and Acrobat.

This is CVE-2010-1297 and APSA10-01.

-- Package-specific info:
Debian version: squeeze/sid
Architecture: amd64
Package version: 1:2.8
Adobe Flash Player version: LNX 10,0,45,2
MD5 checksums:
4a4561e456612a6751653b58342d53df  
/var/cache/flashplugin-nonfree/libflashplayer-10.0.45.2.linux-x86_64.so.tar.gz
57fb976761aac898897e96101ee1a4e0  
/usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
flash-mozilla.so - auto mode
  link currently points to 
/usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
/usr/lib/gnash/libgnashplugin.so - priority 10
Current 'best' version is 
'/usr/lib/flashplugin-nonfree/libflashplayer.so'.
lrwxrwxrwx 1 root root 34 Mar  2 15:42 
/usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so
/usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to 
`/etc/alternatives/flash-mozilla.so'
Libraries used by libflashplayer.so:
linux-vdso.so.1 =>  (0x7fff619ff000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x7f079e0d6000)
libpthread.so.0 => /lib/libpthread.so.0 (0x7f079deba000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x7f079db7d000)
libXext.so.6 => /usr/lib/libXext.so.6 (0x7f079d96b000)
libXt.so.6 => /usr/lib/libXt.so.6 (0x7f079d707000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x7f079d47f000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x7f079d24a000)
libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0x7f079cc2a000)
libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0x7f079c97c000)
libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x7f079c75b000)
libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0 
(0x7f079c53f000)
libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0 
(0x7f079c332000)
libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x7f079c0e6000)
libcairo.so.2 => /usr/lib/libcairo.so.2 (0x7f079be69000)
libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x7f079bc21000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x7f079ba1e000)
libdl.so.2 => /lib/libdl.so.2 (0x7f079b81a000)
libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x7f079b53d000)
libnss3.so => /usr/lib/libnss3.so (0x7f079b23a000)
libsmime3.so => /usr/lib/libsmime3.so (0x7f079b014000)
libssl3.so => /usr/lib/libssl3.so (0x7f079ade3000)
libplds4.so => /usr/lib/libplds4.so (0x7f079abe)
libplc4.so => /usr/lib/libplc4.so (0x7f079a9dc000)
libnspr4.so => /usr/lib/libnspr4.so (0x7f079a79e000)
libm.so.6 => /lib/libm.so.6 (0x7f079a51c000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7f079a306000)
libc.so.6 => /lib/libc.so.6 (0x7f0799fb1000)
/lib64/ld-linux-x86-64.so.2 (0x7f07a300f000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x7f0799d95000)
libSM.so.6 => /usr/lib/libSM.so.6 (0x7f0799b8d000)
libICE.so.6 => /usr/lib/libICE.so.6 (0x7f0799971000)
libz.so.1 => /usr/lib/libz.so.1 (0x7f079975a000)
libexpat.so.1 => /usr/lib/libexpat.so.1 (0x7f0799532000)
libXcomposite.so.1 => /usr/lib/libXcomposite.so.1 (0x7f079932f000)
libXdamage.so.1 => /usr/lib/libXdamage.so.1 (0x7f079912d000)
libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x7f0798f28000)
libgio-2.0.so.0 => /usr/lib/libgio-2.0.so.0 (0x7f0798c75000)
libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 
(0x7f0798a4c000)
libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0x7f0798848000)
librt.so.1 => /lib/librt.so.1 (0x7f079863f000)
libXrender.so.1 => /usr/lib/libXrender.so.1 (0x7f0798435000)
libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x7f0798233000)
libXi.so.6 => /usr/lib/libXi.so.6 (0x7f0798023000)
libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x7f0797e1b000)
libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x7f0797c11000)
libpixman-1.so.0 => /usr

Bug#585405: acl2 depends on old / broken emacs22 package

2010-06-10 Thread Andreas Barth 
Package: acl2
Version: 3.6.1-1
Severity: serious

Hi,

the emacs22 package refuses to get installed on mipsel, so your
package is failing to build.


Andi



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585403: emacs22 22.3+1-1.2 fails to install on mipsel

2010-06-10 Thread Andreas Barth 
Package: emacs22
Version: 22.3+1-1.2
Severity: critical

Hi,

this package cannot be installed on mipsel:

| Setting up emacs22 (22.3+1-1.2) ...
| update-alternatives: using /usr/bin/emacs22-x to provide /usr/bin/emacs 
(emacs) in auto mode.
| update-alternatives: using /usr/bin/emacs22 to provide /usr/bin/editor 
(editor) in auto mode.
| emacs-install emacs22
| emacsen-common: Handling install of emacsen flavor emacs22
| emacsen-common: byte-compiling for emacs22
| emacs22: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char 
*) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, 
fd && old_size == 0) || 
| ((unsigned long) (old_size) >= (unsigned long)__builtin_offsetof (struct 
malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * 
(sizeof(size_t))) - 1))) && ((old_top)
| ->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
| Aborted
| emacs-install: /usr/lib/emacsen-common/packages/install/emacsen-common 
emacs22 failed at /usr/lib/emacsen-common/emacs-install line 28,  line 2.


This makes other packages FTBFS, e.g. acl2.


Andi



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585378: cryptsetup: segfaults on boot (on powerpc)

2010-06-10 Thread Milan Broz 
On 06/10/2010 12:43 AM, Mourad De Clerck wrote:
> cryptsetup asks the password for the root (luks) partition and proceeds to
> segfault. After which it asks the password again. Critical because it made
> this laptop unbootable. I repaired it with another powerpc laptop, "target
> mode" and chroot. It's a bit tricky to figure out what's going on this early
> in the boot, and I'm a bit loath to upgrade to the current version of
> cryptsetup again. However, if I can help in any way, let me know.

Please can you try to run cryptsetup manually with --debug and post output?

(BTW There is patch for topology ioctl upstream which affects ppc arch,
but this code should not be called during luksOpen...)

Milan



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585396: nvidia-kernel-legacy-173xx-source: nvidia-kernel-legacy-173xx-source fails to build with 2.6.34-1 (amd64)

2010-06-10 Thread Eloi COUTANT 
Package: nvidia-kernel-legacy-173xx-source
Version: 173.14.25-1
Severity: grave

I can'nt build this package (with module assistant). The error out is here :
http://debian.pastebin.com/JFC2bGQv

Kind regards

-- System Information:
Debian Release: squeeze/sid
  APT prefers experimental
  APT policy: (600, 'experimental'), (430, 'unstable'), (410, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nvidia-kernel-legacy-173xx-source depends on:
ii  debhelper 7.4.20 helper programs for debian/rules
ii  dpatch2.0.31 patch maintenance system for Debia
ii  make  3.81-8 An utility for Directing compilati
ii  sed   4.2.1-7The GNU sed stream editor

Versions of packages nvidia-kernel-legacy-173xx-source recommends:
pn  devscripts (no description available)
pn  kernel-package (no description available)
ii  module-assistant 0.11.3  tool to make module package creati
ii  nvidia-glx-legacy-173xx  173.14.22-1 NVIDIA binary Xorg driver

nvidia-kernel-legacy-173xx-source suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 585132, tagging 585132, tagging 585132, tagging 584272 ...

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # Automatically generated email from bts, devscripts version 2.10.35lenny7
> tags 585132 - help
Bug #585132 [myspell-hu] dictionary broken, makes hunspell crash (and e.g. 
enchant/pidgin)
Removed tag(s) help.
> tags 585132 - moreinfo
Bug #585132 [myspell-hu] dictionary broken, makes hunspell crash (and e.g. 
enchant/pidgin)
Removed tag(s) moreinfo.
> tags 585132 - squeeze
Bug #585132 [myspell-hu] dictionary broken, makes hunspell crash (and e.g. 
enchant/pidgin)
Removed tag(s) squeeze.
> tags 584272 - squeeze
Bug #584272 [libhunspell-1.2-0] crashes with malformed dictionaries
Removed tag(s) squeeze.
> forwarded 584272 c...@openoffice.org
Bug #584272 [libhunspell-1.2-0] crashes with malformed dictionaries
Set Bug forwarded-to-address to 'c...@openoffice.org'.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
584272: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584272
585132: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585132
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585395: sysklogd: "messages" and "debug" catchall files do not get any messages

2010-06-10 Thread Amit Aronovitch 

Package: sysklogd
Version: 1.5-5
Justification: causes serious data loss
Severity: critical
Tags: security patch

*** Please type your report below this line ***

Messages are not being sent to /var/log/messages and /var/log/debug.
I believe this is due to syntax problems in the config file (patch 
attached), and that messages are not getting to /dev/xconsole as well.
From experimenting with the config file, it seems that the problem is 
with the continuation lines.
Apparently the escaped EOL does not skip the whitespace at the beginning 
of the next line, which might cause it to recognize the tab there as a 
field separator. Removing these tabs makes the daemon work properly (see 
patch).


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sysklogd depends on:
ii  klogd [linux-kernel-log-daemo 1.5-5  Kernel Logging Daemon
ii  libc6 2.11.1-3   Embedded GNU C Library: 
Shared lib


sysklogd recommends no packages.

sysklogd suggests no packages.

-- Configuration Files:
/etc/syslog.conf changed [not included]
-- no debconf information

--- /etc/syslog.conf.old2010-06-10 11:10:56.112206467 +0300
+++ /etc/syslog.conf2010-06-10 12:06:57.955082453 +0300
@@ -34,12 +34,12 @@
 # Some `catch-all' logfiles.
 #
 *.=debug;\
-   auth,authpriv.none;\
-   news.none;mail.none -/var/log/debug
+auth,authpriv.none;\
+news.none;mail.none-/var/log/debug
 *.=info;*.=notice;*.=warn;\
-   auth,authpriv.none;\
-   cron,daemon.none;\
-   mail,news.none  -/var/log/messages
+auth,authpriv.none;\
+cron,daemon.none;\
+mail,news.none -/var/log/messages
 
 #
 # Emergencies are sent to everybody logged in.
@@ -64,7 +64,7 @@
 #  busy site..
 #
 daemon.*;mail.*;\
-   news.err;\
-   *.=debug;*.=info;\
-   *.=notice;*.=warn   |/dev/xconsole
+news.err;\
+*.=debug;*.=info;\
+*.=notice;*.=warn  |/dev/xconsole

Bug#585394: CVE-2010-1646: Sudo's secure path option can be circumvented

2010-06-10 Thread Moritz Muehlenhoff 
Package: sudo
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.gratisoft.us/sudo/alerts/secure_path.html

Patch for Lenny is attached, for Squeeze it's likely best to
update to 1.7.2p7.

Cheers,
Moritz
diff -urNa sudo-1.6.9p22/env.c sudo-1.6.9p23/env.c
--- sudo-1.6.9p22/env.c	Wed Apr  7 06:32:26 2010
+++ sudo-1.6.9p17/env.c	Fri May 28 09:54:46 2010
@@ -270,6 +270,7 @@
 {
 char **nep;
 size_t varlen;
+int found = FALSE;
 
 /* Make sure there is room for the new entry plus a NULL. */
 if (e->env_len + 2 > e->env_size) {
@@ -278,20 +279,34 @@
 }
 
 if (dupcheck) {
-	varlen = (strchr(str, '=') - str) + 1;
+	varlen = (strchr(str, '=') - str) + 1;
 
-	for (nep = e->envp; *nep; nep++) {
+	for (nep = e->envp; !found && *nep != NULL; nep++) {
+	if (strncmp(str, *nep, varlen) == 0) {
+		*nep = str;
+		found = TRUE;
+	}
+	}
+	/* Prune out duplicate variables. */
+	if (found) {
+	while (*nep != NULL) {
 		if (strncmp(str, *nep, varlen) == 0) {
-		*nep = str;
-		return;
+		memmove(nep, nep + 1,
+			(e->env_len - (nep - e->envp)) * sizeof(char *));
+		e->env_len--;
+		} else {
+		nep++;
 		}
 	}
-} else
-	nep = e->envp + e->env_len;
+	}
+}
 
-e->env_len++;
-*nep++ = str;
-*nep = NULL;
+if (!found) {
+	nep = e->envp + e->env_len;
+	e->env_len++;
+	*nep++ = str;
+	*nep = NULL;
+}
 }
 
 /*

Processed: your mail

2010-06-10 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 585180 serious
Bug #585180 [fluxbox] fluxbox: licenses for themes are not documented in 
debian/copyright
Severity set to 'serious' from 'normal'

> tag 585180 pending
Bug #585180 [fluxbox] fluxbox: licenses for themes are not documented in 
debian/copyright
Added tag(s) pending.
> stop
Stopping processing here.

Please contact me if you need assistance.
-- 
585180: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585180
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585392: mysql-server: MySQL Server segfaults after upgrade

2010-06-10 Thread Andreas Gohr 
Package: mysql-server
Version: 5.0.51a-24+lenny4
Severity: grave
Justification: renders package unusable


After upgrading from 5.0.51a-24+lenny3 to 5.0.51a-24+lenny4 the server
started to segfault. Downgrading to lenny3 solved the problem for me.

>From the syslog:

Jun 10 09:46:06 gir mysqld[25223]: 100610  9:46:06  InnoDB: Started; log
sequence number 0 43655
Jun 10 09:46:06 gir mysqld[25223]: 100610  9:46:06 [Note]
/usr/sbin/mysqld: ready for connections.
Jun 10 09:46:06 gir mysqld[25223]: Version: '5.0.51a-24+lenny4'  socket:
'/var/run/mysqld/mysqld.sock'  port: 3306  (Debian
)
Jun 10 09:46:06 gir mysqld[25223]: 100610  9:46:06 - mysqld got signal
11;
Jun 10 09:46:06 gir mysqld[25223]: This could be because you hit a bug.
It is also possible that this binary
Jun 10 09:46:06 gir mysqld[25223]: or one of the libraries it was linked
against is corrupt, improperly built,
Jun 10 09:46:06 gir mysqld[25223]: or misconfigured. This error can also
be caused by malfunctioning hardware.
Jun 10 09:46:06 gir mysqld[25223]: We will try our best to scrape up
some info that will hopefully help diagnose
Jun 10 09:46:06 gir mysqld[25223]: the problem, but since we have
already crashed, something is definitely wrong
Jun 10 09:46:06 gir mysqld[25223]: and this may fail.
Jun 10 09:46:06 gir mysqld[25223]: 
Jun 10 09:46:06 gir mysqld[25223]: key_buffer_size=16777216
Jun 10 09:46:06 gir mysqld[25223]: read_buffer_size=131072
Jun 10 09:46:06 gir mysqld[25223]: max_used_connections=1
Jun 10 09:46:06 gir mysqld[25223]: max_connections=100
Jun 10 09:46:06 gir mysqld[25223]: threads_connected=1
Jun 10 09:46:06 gir mysqld[25223]: It is possible that mysqld could use
up to 
Jun 10 09:46:06 gir mysqld[25223]: key_buffer_size + (read_buffer_size +
sort_buffer_size)*max_connections = 233983 K
Jun 10 09:46:06 gir mysqld[25223]: bytes of memory
Jun 10 09:46:06 gir mysqld[25223]: Hope that's ok; if not, decrease some
variables in the equation.
Jun 10 09:46:06 gir mysqld[25223]: 
Jun 10 09:46:06 gir mysqld[25223]: thd=0x2344020
Jun 10 09:46:06 gir mysqld[25223]: Attempting backtrace. You can use the
following information to find out
Jun 10 09:46:06 gir mysqld[25223]: where mysqld died. If you see no
messages after this, something went
Jun 10 09:46:06 gir mysqld[25223]: terribly wrong...
Jun 10 09:46:06 gir mysqld[25223]: Cannot determine thread,
fp=0x2344020, backtrace may not be correct.
Jun 10 09:46:06 gir mysqld[25223]: Bogus stack limit or frame pointer,
fp=0x2344020, stack_bottom=0x4405, thread_stack=
131072, aborting backtrace.
Jun 10 09:46:06 gir mysqld[25223]: Trying to get some variables.
Jun 10 09:46:06 gir mysqld[25223]: Some pointers may be invalid and
cause the dump to abort...
Jun 10 09:46:06 gir mysqld[25223]: thd->query at (nil)  is invalid
pointer
Jun 10 09:46:06 gir mysqld[25223]: thd->thread_id=1
Jun 10 09:46:06 gir mysqld[25223]: The manual page at
http://www.mysql.com/doc/en/Crashing.html contains
Jun 10 09:46:06 gir mysqld[25223]: information that should help you find
out what is causing the crash.


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages mysql-server depends on:
ii  mysql-server-5.0   5.0.51a-24+lenny3 MySQL database server binaries

mysql-server recommends no packages.

mysql-server suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#585380: [audacity] hangs suddenly, can't find a pattern. Here is one bug trace.

2010-06-10 Thread Adrian Knoth 
On Thu, Jun 10, 2010 at 01:27:26AM +0200, Arnfinn Ringvold wrote:

> Package: audacity
> Version: 1.3.5-2+lenny1

Audacity appears to be differently broken in every new version. We have
1.3.12-3 now, so I don't see any use in even looking at this bug.

Though I'm not the maintainer and therefore cannot speak how the
"official" approach to your report will be, the best advice I could give
at the moment is to try a newer version, preferably the one from sid.


HTH

-- 
mail: a...@thur.de  http://adi.thur.de  PGP/GPG: key via keyserver



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org