Processed: Re: gitolite: /usr/share/gitolite/sshkeys-lint line 142: Unsuccessful stat (ERROR)

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 653994 + pending fixed-upstream
Bug #653994 [gitolite] gitolite: /usr/share/gitolite/sshkeys-lint line 142: 
Unsuccessful stat (ERROR)
Added tag(s) fixed-upstream and pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
653994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653994
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653994: gitolite: /usr/share/gitolite/sshkeys-lint line 142: Unsuccessful stat (ERROR)

[Jari Aalto]

tags 653994 + pending fixed-upstream
thanks

2012-01-04 02:44 Sitaram Chamarty :
| This was fixed by this commit:
>
|   ab9d0d2 7 weeks ago  a couple of very minor oopsies
>
| (It's caused by not parsing a blank line in the authkeys file properly)
>
| Jari: I do not know what debian's standards are for "severity" but
| bugs in ancillary programs that are only meant for debugging and do
| not come into play in normal use, cannot be "serious".  Again, that's
| just my opinion; I'm sure you probably disagree :-)



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#649702: marked as done (ifeffit: Please Build-Depend on ghostscript, not gs-common.)

[Debian Bug Tracking System]

Your message dated Tue, 3 Jan 2012 22:35:00 -0600 (CST)
with message-id 
and subject line RE: ifeffit: Please Build-Depend on ghostscript, not gs-common.
has caused the Debian Bug report #649702,
regarding ifeffit: Please Build-Depend on ghostscript, not gs-common.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
649702: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649702
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ifeffit
Version: 2:1.2.11d-7
Severity: important

Hi, 

ifeffit currently Build-Depends on gs-common, which is a transitional package.
The next upload of ghostscript (currently) plans to drop both gs-common and
the ghostscript "Provides: gs-common". As soon as that upload happens, it
will make ifeffit FTBFS.

Please replace the Build-Depends on gs-common to a Build-Depends on ghostscript.

(The severity of this bug will be raised after the ghostscript upload.)

Cheers,

OdyX


--- End Message ---
--- Begin Message ---


Version: 2:1.2.11d-8

This bug was closed by the latest upload (see version above) but was 
inadvertently not flagges in teh changelog.


--
Carlo U. Segre -- Duchossois Leadership Professor of Physics
Associate Dean for Graduate Admissions, Graduate College
Illinois Institute of Technology
Voice: 312.567.3498Fax: 312.567.3494
se...@iit.edu   http://phys.iit.edu/~segre   se...@debian.org

--- End Message ---

Bug#634826: marked as done (Please package the last version)

[Debian Bug Tracking System]

Your message dated Wed, 04 Jan 2012 02:49:42 +
with message-id 
and subject line Bug#634826: fixed in trac-git 0.12.0.5+722342e-1
has caused the Debian Bug report #634826,
regarding Please package the last version
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
634826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634826
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: trac-git
Severity: critical
Justification: unusable with sid version of trac

Hi, Jonny!

Debian has already contained trac 0.12. This version supports
multirepo feature. But current plugin doesn't work with the latest
trac. It showes the error:

TypeError: 'NoneType' object is unsubscriptable

example trac.ini:

[repositories]
portal.dir = /srv/repo-git/portal.git
portal.description = Portal project.
portal.type = git
portal.url = http://domain.com
.alias = portal


Python traceback:

2011-07-20 12:40:31,432 Trac[main] ERROR: Internal Server Error: 
Traceback (most recent call last):
  File "/usr/lib/python2.6/dist-packages/trac/web/main.py", line 511, in 
_dispatch_request
dispatcher.dispatch(req)
  File "/usr/lib/python2.6/dist-packages/trac/web/main.py", line 202, in 
dispatch
chosen_handler)
  File "/usr/lib/python2.6/dist-packages/trac/web/main.py", line 344, in 
_pre_process_request
chosen_handler = filter_.pre_process_request(req, chosen_handler)
  File "/usr/lib/python2.6/dist-packages/trac/versioncontrol/api.py", line 330, 
in pre_process_request
repo = self.get_repository(reponame)
  File "/usr/lib/python2.6/dist-packages/trac/versioncontrol/api.py", line 526, 
in get_repository
repos = connector.get_repository(rtype, rdir, repoinfo.copy())
  File "/usr/lib/python2.6/dist-packages/tracext/git/git_fs.py", line 162, in 
get_repository
shortrev_len=self._shortrev_len)
  File "/usr/lib/python2.6/dist-packages/tracext/git/git_fs.py", line 180, in 
__init__
Repository.__init__(self, "git:"+path, None, log)
  File "/usr/lib/python2.6/dist-packages/trac/versioncontrol/api.py", line 732, 
in __init__
self.reponame = params['name']


-- 

. ''`.   Dmitry E. Oboukhov
: :’  :   email: un...@debian.org jabber://un...@uvw.ru
`. `~’  GPGKey: 1024D / F8E26537 2006-11-21
  `- 1B23 D4F8 8EC0 D902 0555  E438 AB8C 00CF F8E2 6537


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: trac-git
Source-Version: 0.12.0.5+722342e-1

We believe that the bug you reported is fixed in the latest version of
trac-git, which is due to be installed in the Debian FTP archive:

trac-git_0.12.0.5+722342e-1.debian.tar.gz
  to main/t/trac-git/trac-git_0.12.0.5+722342e-1.debian.tar.gz
trac-git_0.12.0.5+722342e-1.dsc
  to main/t/trac-git/trac-git_0.12.0.5+722342e-1.dsc
trac-git_0.12.0.5+722342e-1_all.deb
  to main/t/trac-git/trac-git_0.12.0.5+722342e-1_all.deb
trac-git_0.12.0.5+722342e.orig.tar.gz
  to main/t/trac-git/trac-git_0.12.0.5+722342e.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 634...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
W. Martin Borgert  (supplier of updated trac-git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 04 Jan 2012 01:23:55 +
Source: trac-git
Binary: trac-git
Architecture: source all
Version: 0.12.0.5+722342e-1
Distribution: unstable
Urgency: low
Maintainer: Python Applications Packaging Team 

Changed-By: W. Martin Borgert 
Description: 
 trac-git   - Git version control backend for Trac
Closes: 589703 617128 634826 654525
Changes: 
 trac-git (0.12.0.5+722342e-1) unstable; urgency=low
 .
   * New upstream version (Closes: #634826). Works with Trac 0.12.
   * Upstream has less weird code layout now (Closes: #589703).
   * Now maintained by Python apps team (Closes: #654525).
   * Pycentral not used anymore (Closes: #617128).
   * Fixed some lintians.
Checksums-Sha1: 
 6d9cb5a9c79459d3ab93507b2c19b8c5aa308087 1438 trac-git_0.12.0.5+722342e-1.dsc
 09fcc7670213568e322980991fa500310259ad07 18469 
trac-git_0.12.0.5+722342e.orig.tar.gz
 add6e5bccf74ee89882e8e6f6a4f7d6e8e1508f5 4128 
trac-git_0.12.0.5+722342e-1.debian.tar.gz
 c9358f8a9b5e3ea

Processed: tagging 653520

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # builds on squeeze
> tags 653520 + wheezy sid
Bug #653520 {Done: Miguel Landaeta } [src:oscache] oscache: 
FTBFS: package org.jgroups does not exist
Added tag(s) sid and wheezy.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
653520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 654482

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 654482 + upstream
Bug #654482 [ldb] Doesn't contain source for waf binary code
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654482
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 654500

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 654500 + upstream
Bug #654500 [samba4] Doesn't contain source for waf binary code
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654500
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 654508

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 654508 + upstream
Bug #654508 [talloc] Doesn't contain source for waf binary code
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654508: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654508
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 654509

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 654509 + upstream
Bug #654509 [tdb] Doesn't contain source for waf binary code
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654509: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654509
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: [alsa-base] after feb 22, 2011 Squeeze "upgrade," alsa will not load my sound module (echo mia). NO sound.

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 614610 https://bugtrack.alsa-project.org/alsa-bug/view.php?id=5282
Bug #614610 [alsa-base] [alsa-base] after feb 22, 2011 Squeeze "upgrade," alsa 
will not load my sound module (echo mia). NO sound.
Set Bug forwarded-to-address to 
'https://bugtrack.alsa-project.org/alsa-bug/view.php?id=5282'.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
614610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614610
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652649: jasper: Fix for CVE-2011-4516 and CVE-2011-4517

[Michael Gilbert]

Attached is a patch for a planned NMU for this bug.  It is essentially
the same as the original patch Mark sent along.

I see you've marked this bug as pending, so I'll wait a couple days
before pushing the NMU if you'd like to push your particular changes
instead.

Best wishes,
Mike
diff -Nru jasper-1.900.1/debian/changelog jasper-1.900.1/debian/changelog
--- jasper-1.900.1/debian/changelog	2011-11-27 13:56:59.0 -0500
+++ jasper-1.900.1/debian/changelog	2012-01-03 15:10:02.0 -0500
@@ -1,3 +1,11 @@
+jasper (1.900.1-12.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2011-4516 and CVE-2011-4517: two buffer overflow issues possibly
+exploitable via specially crafted input files (closes: #652649).
+
+ -- Michael Gilbert   Tue, 03 Jan 2012 14:58:11 -0500
+
 jasper (1.900.1-12) unstable; urgency=low
 
   * Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
diff -Nru jasper-1.900.1/debian/patches/CVE-2011-4516-and-CVE-2011-4517.patch jasper-1.900.1/debian/patches/CVE-2011-4516-and-CVE-2011-4517.patch
--- jasper-1.900.1/debian/patches/CVE-2011-4516-and-CVE-2011-4517.patch	1969-12-31 19:00:00.0 -0500
+++ jasper-1.900.1/debian/patches/CVE-2011-4516-and-CVE-2011-4517.patch	2012-01-03 15:10:05.0 -0500
@@ -0,0 +1,28 @@
+Description: fix denial of service and possible code execution via
+ heap-based buffer overflows.
+Origin: Patch thanks to Red Hat
+
+Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+===
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:34.186909298 -0500
 jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:51.198909832 -0500
+@@ -744,6 +744,10 @@
+ 		return -1;
+ 	}
+ 	compparms->numrlvls = compparms->numdlvls + 1;
++	if (compparms->numrlvls > JPC_MAXRLVLS) {
++		jpc_cox_destroycompparms(compparms);
++		return -1;
++	}
+ 	if (prtflag) {
+ 		for (i = 0; i < compparms->numrlvls; ++i) {
+ 			if (jpc_getuint8(in, &tmp)) {
+@@ -1331,7 +1335,7 @@
+ 	jpc_crgcomp_t *comp;
+ 	uint_fast16_t compno;
+ 	crg->numcomps = cstate->numcomps;
+-	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t {
++	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t {
+ 		return -1;
+ 	}
+ 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
diff -Nru jasper-1.900.1/debian/patches/series jasper-1.900.1/debian/patches/series
--- jasper-1.900.1/debian/patches/series	2011-11-27 13:55:33.0 -0500
+++ jasper-1.900.1/debian/patches/series	2012-01-03 15:10:19.0 -0500
@@ -1,2 +1,3 @@
 01-misc-fixes.patch
 02-fix-filename-buffer-overflow.patch
+CVE-2011-4516-and-CVE-2011-4517.patch

Bug#654538: gtk-gnutella FTBFS on armel and armhf. undefined reference to __fpclassify

[peter green]

package: gtk-gnutella
version: 0.98.2-1
severity: serious
tags: patch

gtk-gnutella fails to build on armel and armhf with the following error.

libshared.a(str.o): In function `str_fcat_safe':
/build/buildd-gtk-gnutella_0.98.2-1-armhf-NS4sjD/gtk-gnutella-0.98.2/src/lib/str.c:1229:
 undefined reference to `__fpclassify'
collect2: ld returned 1 exit status
make[5]: *** [float-test] Error 1
make[5]: Leaving directory 
`/build/buildd-gtk-gnutella_0.98.2-1-armhf-NS4sjD/gtk-gnutella-0.98.2/src/lib'
make[4]: *** [subdirs] Error 1
make[3]: *** [all] Error 2
make[2]: *** [subdirs] Error 1
make[1]: *** [all] Error 2
dh_auto_build: make -j1 returned exit code 2
make: *** [build-stamp] Error 2

The problem seems to be that the configure script doesn't look in 
multiarch directories and therefore doesn't find libm. When
the configure script doesn't find libm it doesn't include it in the list 
of libs to link against which causes link failures on arm
architectures (I suspect it works on other architectures because of gcc 
using inline code instead of the calls to libm but I dunno

for sure).

The attatched patch does the following
1: fixes the build failure by specifying an explicit list of directories 
to search for libraries including multiarch dirs
2: adds a versioned build-dependency on dpkg-dev for dpkg-architecture 
-qDEB_HOST_MULTIARCH

3: fixes debian/rules clean.

diff -ur gtk-gnutella-0.98.1/debian/control gtk-gnutella-0.98.1.new/debian/control
--- gtk-gnutella-0.98.1/debian/control	2011-12-25 16:24:51.0 +
+++ gtk-gnutella-0.98.1.new/debian/control	2012-01-03 21:36:27.0 +
@@ -1,5 +1,5 @@
 Source: gtk-gnutella
-Build-Depends: debhelper (>= 7.0.50~), libglib2.0-dev, libgtk2.0-dev, zlib1g-dev (>= 1:1.1.4), libxml2-dev (>= 2.6.0), gettext, libgnutls-dev, libdbus-1-dev, quilt
+Build-Depends: debhelper (>= 7.0.50~), libglib2.0-dev, libgtk2.0-dev, zlib1g-dev (>= 1:1.1.4), libxml2-dev (>= 2.6.0), gettext, libgnutls-dev, libdbus-1-dev, quilt, dpkg-dev (>= 1.16.0)
 Section: net
 Vcs-Git: https://git.unstable.it/packages.git/
 Vcs-Browser: https://git.unstable.it/?p=packages.git;a=shortlog;h=fbgrab
diff -ur gtk-gnutella-0.98.1/debian/rules gtk-gnutella-0.98.1.new/debian/rules
--- gtk-gnutella-0.98.1/debian/rules	2011-12-25 16:24:51.0 +
+++ gtk-gnutella-0.98.1.new/debian/rules	2012-01-04 00:17:06.0 +
@@ -2,6 +2,8 @@
 
 include /usr/share/quilt/quilt.make
 
+DEB_HOST_MULTIARCH ?=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+
 override_dh_auto_configure:
 	./Configure \
 		-ders \
@@ -10,7 +12,8 @@
 		-Dyacc=bison \
 		-Dipv6=true \
 		-Dgtkversion=2 \
-		-Dofficial=true 
+		-Dofficial=true \
+		"-Dlibpth=/usr/lib/$(DEB_HOST_MULTIARCH) /lib /usr/lib/$(DEB_HOST_MULTIARCH) /usr/lib"
 
 override_dh_auto_install:
 	$(MAKE) install INSTALL_PREFIX=$(CURDIR)/debian/gtk-gnutella/
@@ -20,7 +23,59 @@
 	dh build
 	touch build-stamp
 
-clean: unpatch
+clean-patched:
+	-$(MAKE) clean
+	rm -rf .config
+	rm -f Makefile
+	rm -f config.*
+	rm -f extra_files/Makefile
+	rm -f extra_files/el/Makefile
+	rm -f extra_files/en/Makefile
+	rm -f extra_files/ja/Makefile
+	rm -f gtk-gnutella.spec
+	rm -f install
+	rm -f mkdep
+	rm -f pixmaps/Makefile
+	rm -f po/Makefile
+	rm -f src/Makefile
+	rm -f src/core/Makefile
+	rm -f src/dht/Makefile
+	rm -f src/if/Makefile
+	rm -f src/if/bridge/Makefile
+	rm -f src/lib/Makefile
+	rm -f src/revision.h
+	rm -f src/sdbm/Makefile
+	rm -f src/shell/Makefile
+	rm -f src/ui/Makefile
+	rm -f src/ui/gtk/Makefile
+	rm -f src/ui/gtk/gtk1/Makefile
+	rm -f src/ui/gtk/gtk2/Makefile
+	rm -f src/upnp/Makefile
+	rm -f src/xml/Makefile
+	rm -f src/xml/*.a
+	rm -f src/lib/*.a
+	rm -f src/core/*.a
+	rm -f src/sdbm/*.a
+	rm -f src/dht/*.a
+	rm -f src/ui/gtk/*.a
+	rm -f src/ui/gtk/gtk2/*.a
+	rm -f src/shell/*.a
+	rm -f src/upnp/*.a
+	rm -f src/gtk-gnutella
+	rm -rf UU
+	rm -f src/gtk-gnutella.nm
+	rm -f src/lib/bit_array.h
+	rm -f src/lib/bit_field.h
+	rm -f src/ui/gtk/gtk1/callbacks.c
+	rm -f src/ui/gtk/gtk1/callbacks.h
+	rm -f src/ui/gtk/gtk2/callbacks.c
+	rm -f src/ui/gtk/gtk2/callbacks.h
+	rm -f src/core/Makefile.new
+	rm -f src/lib/float-test
+	rm -f src/sdbm/db?
+	rm -f build
+
+clean: clean-patched unpatch
 	dh clean
 
 install: build
Only in gtk-gnutella-0.98.1: .pc

Processed: Fwd: libav: multiple security issues

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 654534 patch
Bug #654534 [libav] libav: multiple security issues
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654534
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654534: libav: multiple security issues

[Michael Gilbert]

tag 654534 patch
thanks

Note patches are available on the CVE pages for these issues:
http://security-tracker.debian.org/tracker/source-package/libav



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654534: libav: multiple security issues

[Michael Gilbert]

Package: libav
Version: 4:0.7.3-2
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for libav.

CVE-2011-3892[0]:
| Double free vulnerability in the Theora decoder in Google Chrome
| before 15.0.874.120 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact via a crafted
| stream.

CVE-2011-3893[1]:
| Google Chrome before 15.0.874.120 does not properly implement the MKV
| and Vorbis media handlers, which allows remote attackers to cause a
| denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-3895[2]:
| Heap-based buffer overflow in the Vorbis decoder in Google Chrome
| before 15.0.874.120 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact via a crafted
| stream.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

This issues also very likely affect ffmpeg in squeeze and before,
but I haven't checked that.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892
http://security-tracker.debian.org/tracker/CVE-2011-3892
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
http://security-tracker.debian.org/tracker/CVE-2011-3893
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
http://security-tracker.debian.org/tracker/CVE-2011-3895



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653962: libv8 predictable hash collisions

[Jérémy Lal]

On 01/01/2012 23:50, Thijs Kinkhorst wrote:
> Package: libv8
> Severity: serious
> Tags: security
> 
> Hi,
> 
> It was reported that V8 is affected by the predictable hash collisions attack 
> that made its rounds around the net this week. This is tracked at
> http://security-tracker.debian.org/tracker/CVE-2011-5037
> Can you ensure that fixed packages are uploaded to sid as soon as possible, 
> and assert whether a fix for squeeze would be necessary?

Thank you for your concern,
a fixed version for sid will be uploaded very soon.

 
> Also please note that the security tracker has a number of other open issues 
> for libv8. Do you have any more information on the status of those?
> http://security-tracker.debian.org/tracker/source-package/libv8

Status : in squeeze,
chromium-browser is using its bundled copy of libv8, so there are currently
no packages depending on it.
I have currently no motivation to fix it (as i don't see the point),
but help is welcome.

Jérémy.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652287: marked as done (python-webcolors: missing dependency on python)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 23:35:59 +
with message-id 
and subject line Bug#652287: fixed in webcolors 1.3.1+hg~2c8ac6e0a03d-2
has caused the Debian Bug report #652287,
regarding python-webcolors: missing dependency on python
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
652287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652287
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: python-webcolors
Version: 1.3.1+hg~2c8ac6e0a03d-1
Severity: serious
Justification: Policy 3.5

python-webcolors doesn't depend on python.

There is "Depends: ..., ${python:Depends}" in debian/control, but you 
didn't actually call anything in debian/rules that'd substitute this 
variable. From the build log:

|dh_gencontrol
| dpkg-gencontrol: warning: Depends field of package python-webcolors: unknown 
substitution variable ${python:Depends}

--
Jakub Wilk


--- End Message ---
--- Begin Message ---
Source: webcolors
Source-Version: 1.3.1+hg~2c8ac6e0a03d-2

We believe that the bug you reported is fixed in the latest version of
webcolors, which is due to be installed in the Debian FTP archive:

python-webcolors_1.3.1+hg~2c8ac6e0a03d-2_all.deb
  to main/w/webcolors/python-webcolors_1.3.1+hg~2c8ac6e0a03d-2_all.deb
webcolors_1.3.1+hg~2c8ac6e0a03d-2.debian.tar.gz
  to main/w/webcolors/webcolors_1.3.1+hg~2c8ac6e0a03d-2.debian.tar.gz
webcolors_1.3.1+hg~2c8ac6e0a03d-2.dsc
  to main/w/webcolors/webcolors_1.3.1+hg~2c8ac6e0a03d-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kouhei Maeda  (supplier of updated webcolors package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Thu, 29 Dec 2011 22:47:55 +0900
Source: webcolors
Binary: python-webcolors
Architecture: source all
Version: 1.3.1+hg~2c8ac6e0a03d-2
Distribution: unstable
Urgency: low
Maintainer: Kouhei Maeda 
Changed-By: Kouhei Maeda 
Description: 
 python-webcolors - library of color names and value formats defined by HTML 
and CSS
Closes: 652287
Changes: 
 webcolors (1.3.1+hg~2c8ac6e0a03d-2) unstable; urgency=low
 .
   * fix missing dependency on python (Closes: #652287)
   * add option --with python2
Checksums-Sha1: 
 795f6dd8b97fce8c68c0d7b0aced5c8ecd819219 1876 
webcolors_1.3.1+hg~2c8ac6e0a03d-2.dsc
 6faeb0247e723678ea08017bf9bb1d8762b4f13e 2196 
webcolors_1.3.1+hg~2c8ac6e0a03d-2.debian.tar.gz
 d18c1faa1449dbe4666a9e49b86cd3e8dbdeefbf 9110 
python-webcolors_1.3.1+hg~2c8ac6e0a03d-2_all.deb
Checksums-Sha256: 
 4cc572431d0cfbeeabe06c1b0c41c667b1400b267de3f0b7d1980eebc65e1335 1876 
webcolors_1.3.1+hg~2c8ac6e0a03d-2.dsc
 120744d36f20dbb1e69e3671a4ee44fdfa9ee9ba2d33c003f15a4e2f1a269ede 2196 
webcolors_1.3.1+hg~2c8ac6e0a03d-2.debian.tar.gz
 da1ac6f234c8b7b61fb0e12c4f516d37b96fe83c318ad698c993a5b0afc9f06e 9110 
python-webcolors_1.3.1+hg~2c8ac6e0a03d-2_all.deb
Files: 
 af012b1d67af3094555dc92daf50369e 1876 python optional 
webcolors_1.3.1+hg~2c8ac6e0a03d-2.dsc
 dfa55edf0b129659708c4c8e086e7b53 2196 python optional 
webcolors_1.3.1+hg~2c8ac6e0a03d-2.debian.tar.gz
 46d01b31301f048f970e863ff8cd0602 9110 python optional 
python-webcolors_1.3.1+hg~2c8ac6e0a03d-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPA40mAAoJEDIkf7tArR+mUAAP/1V3b+67UcCS8hTx9Wb9JF0Z
8EyZ3lu8lgAwGw6TSr69AgguZULJq32JxNHSM254k1/9iv42Y2jMI3kyFq2bTrxs
UcgHRP7o8lAW8/31Jn3ygyseigEtD0OP1EJPvSofCKJD4/2TBCcfYgMMkqGWJS2H
phdDh5gXVsGSDftnfnqkKNxjexSo8b7MShdGDURnFVMmWtuopTiOxyn6te0XVwwk
Yt//hTXZJghe+HClbdMSGr/+vemgiJiH99HVxaLCaUyLx9kSgHj70jsc7Bxd6aAn
9TBzclrfdhY1p7SerGSZ0fYGVhm28ePadGK2sZ28orEa2UjhaKA7i+ShcZqOfzGC
KYcfuqeQD8Y1Zvin2DXtpg6LnJMLt/hVP77ecory/+20yo8Im5CLSKIw5fJpkLUV
XSyX+9HGdmWRxa3URXbqrWN3AquboLdPLlxwDCrL28mVAjyKHfqK3/4UjelXkM7a
Ff/9VVV/alJQ8I+fwY0LNUZf+kwjpgnMZE/S55fJ/eAshwo/mxQJI79/Fk6yH5WR
GK9k9vOQ7Xgc898NJAxH5oqRwCa8lo4ZNrFZCgqPDLcBUJbKNcSwzuRaSDiprms5
QfQRCL5vCMHLsEvYZ7Li79E1TMb6wfWSjQcED4tCkxEuSYbj3Y1RhTnr2KVeA/+C
eYG5VZcAaOft67Iiu8uO
=6Fm/
-END PGP SIGNATURE-


--- End Message ---

Bug#651203: procps: SONAME breakage

[Craig Small]

procps-ng upstream have been busy getting the library into some initial
state plus a whole lot of other additions and fixes. I expect it will be
released soon which will solve the libprocps library issue.

The other thing to point out is the API of the library will change in
the next from this release (ie the second release, some time away).
I'll try to supply patches before we get to that point. The
shlibs/depends etc should take care of the change from a installers
point of view.

 - Craig
-- 
Craig Small VK2XLZ   http://enc.com.au/  csmall at : enc.com.au
Debian GNU/Linux http://www.debian.org/  csmall at : debian.org
GPG fingerprint: 5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654491: waf & wscript unused

[Barak A. Pearlmutter]

The problematic file waf in the minidjvu sources is not used during
the debian build process: waf and wscript can be deleted, or replaced
by files containing something random, and the package will build fine.

Any recommended course of action?  I don't understand the point of
mechanically transforming an unused file from one format to another;
is that really a sensible freedom-enhancing act?

--Barak.
--
Barak A. Pearlmutter
 Hamilton Institute & Dept Comp Sci, NUI Maynooth, Co. Kildare, Ireland
 http://www.bcl.hamilton.ie/~barak/



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654524: wmaker FTBFS on all architectures when building only arch packages

[Scott Howard]

Source: wmaker
Severity: serious
Version: 0.95.0+20111028-1
thanks

FTBFS on this line in debian/rules:
# Fix perms for /usr/share/WindowMaker/*sh
chmod +x debian/wmaker-common/usr/share/WindowMaker/autostart.sh
chmod: cannot access
`debian/wmaker-common/usr/share/WindowMaker/autostart.sh': No such
file or directory


wmaker-common is an architecture-independent package, so autostart.sh
is never installed to debian/wmaker-common/usr/share/WindowMaker since
the buildd don't rebuild indep packages (dh_install was only called
with the -a flag, not the -i flag that would be needed to install
autostart.sh)

Possible fix:
have debian/rules check if the debian/wmaker-common directory exists
before trying to change the permissions of those two scripts.

Rodolfo, you can put a fixed package up on mentors. I'll check it out
and sponsor it for you when you're ready.


~Scott



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653963: marked as done (ruby-rack predictable hash collisions)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 22:09:10 +
with message-id 
and subject line Bug#653963: fixed in ruby-rack 1.4.0-1
has caused the Debian Bug report #653963,
regarding ruby-rack predictable hash collisions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
653963: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby-rack
Severity: serious
Tags: security

Hi,

It was reported that Rack is affected by the predictable hash collisions 
attack that made its rounds around the net this week. This is tracked at
http://security-tracker.debian.org/tracker/CVE-2011-5036

Can you ensure that fixed packages are uploaded to sid as soon as possible?


Cheers,
Thijs


signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: ruby-rack
Source-Version: 1.4.0-1

We believe that the bug you reported is fixed in the latest version of
ruby-rack, which is due to be installed in the Debian FTP archive:

librack-ruby1.8_1.4.0-1_all.deb
  to main/r/ruby-rack/librack-ruby1.8_1.4.0-1_all.deb
librack-ruby1.9.1_1.4.0-1_all.deb
  to main/r/ruby-rack/librack-ruby1.9.1_1.4.0-1_all.deb
librack-ruby_1.4.0-1_all.deb
  to main/r/ruby-rack/librack-ruby_1.4.0-1_all.deb
ruby-rack_1.4.0-1.debian.tar.gz
  to main/r/ruby-rack/ruby-rack_1.4.0-1.debian.tar.gz
ruby-rack_1.4.0-1.dsc
  to main/r/ruby-rack/ruby-rack_1.4.0-1.dsc
ruby-rack_1.4.0-1_all.deb
  to main/r/ruby-rack/ruby-rack_1.4.0-1_all.deb
ruby-rack_1.4.0.orig.tar.gz
  to main/r/ruby-rack/ruby-rack_1.4.0.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 653...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul van Tilburg  (supplier of updated ruby-rack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 03 Jan 2012 22:39:13 +0100
Source: ruby-rack
Binary: ruby-rack librack-ruby1.9.1 librack-ruby1.8 librack-ruby
Architecture: source all
Version: 1.4.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Paul van Tilburg 
Description: 
 librack-ruby - Transitional package for ruby-rack
 librack-ruby1.8 - Transitional package for ruby-rack
 librack-ruby1.9.1 - Transitional package for ruby-rack
 ruby-rack  - Modular Ruby webserver interface
Closes: 653963
Changes: 
 ruby-rack (1.4.0-1) unstable; urgency=low
 .
   * New upstream release (closes: #653963).
Checksums-Sha1: 
 bcd3dd59d61818b391ecef310ad3a7b4679437fd 1598 ruby-rack_1.4.0-1.dsc
 2825921318a8b4609cb3421a49afb460cf70b7cf 167513 ruby-rack_1.4.0.orig.tar.gz
 a9a55fe75f27bd35ddb1dfe90ad350403183dbfc 4944 ruby-rack_1.4.0-1.debian.tar.gz
 48f91127350bee9f203d13d6ed1c56ff737719a8 79832 ruby-rack_1.4.0-1_all.deb
 cb022c1ce17f61f104a54ad9be89e1d8f3ff97c2 3580 librack-ruby1.9.1_1.4.0-1_all.deb
 77531182b9eca8c17d78dfce6630a4da515e35d9 3574 librack-ruby1.8_1.4.0-1_all.deb
 73a12be78bf527f61007587299c6d47c6234ea12 3568 librack-ruby_1.4.0-1_all.deb
Checksums-Sha256: 
 fa78cb86ae36562bd1fa9b98fc6570bf654d0b8de20384af3fa91fdbfc355fc6 1598 
ruby-rack_1.4.0-1.dsc
 36dac4972d3ada61d6194955a33e60928c37ad3e29c1a0325ee821e229564b74 167513 
ruby-rack_1.4.0.orig.tar.gz
 69e1c16730031491862743f8881f3b34dd20656dbf06df51d6e5111f96dc7b39 4944 
ruby-rack_1.4.0-1.debian.tar.gz
 31c79b5cbf7f00804599e954e783996211a8f9195201d2cc18bca4661c071de8 79832 
ruby-rack_1.4.0-1_all.deb
 d7795822d70c5b07dae0e5957c46b0782606a22501fcb3e25b67808d02fbbfc3 3580 
librack-ruby1.9.1_1.4.0-1_all.deb
 3b107b65464f592041aa9f73e1fcf473fd9b2999c7ccba80c2dbca4e29d769ff 3574 
librack-ruby1.8_1.4.0-1_all.deb
 479fdffa854fddf4e2e727b5a1afc918b717388bc2e62e4a9235f59bfe3ce7e1 3568 
librack-ruby_1.4.0-1_all.deb
Files: 
 aba47141b8066dc1ef0c933fceea54c3 1598 ruby optional ruby-rack_1.4.0-1.dsc
 6dd2c1ce9008972001abe8d18456881a 167513 ruby optional 
ruby-rack_1.4.0.orig.tar.gz
 781c47bb03e15615b85aab662ea03713 4944 ruby optional 
ruby-rack_1.4.0-1.debian.tar.gz
 198c85d38461b45dbeb0ab407b90f71f 79832 ruby optional ruby-rack_1.4.0-1_all.deb
 2c0812903bad56273e1c9aacfc3ce294 3580 oldlibs extra 
librack-ruby1.9.1_1.4.0-1_all.deb
 b713016611fca252002901ca287a564b 3574 oldl

Processed: retitle 654462 to Doesn't contain source for waf binary code ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 654462 Doesn't contain source for waf binary code
Bug #654462 [a2jmidid] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654463 Doesn't contain source for waf binary code
Bug #654463 [composite] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654464 Doesn't contain source for waf binary code
Bug #654464 [ctpl] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654465 Doesn't contain source for waf binary code
Bug #654465 [flowcanvas] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654466 Doesn't contain source for waf binary code
Bug #654466 [geany] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654467 Doesn't contain source for waf binary code
Bug #654467 [geany-plugins] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654468 Doesn't contain source for waf binary code
Bug #654468 [gigolo] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654469 Doesn't contain source for waf binary code
Bug #654469 [gmidimonitor] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654470 Doesn't contain source for waf binary code
Bug #654470 [gnome-python] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654471 Doesn't contain source for waf binary code
Bug #654471 [gnome-python-desktop] postler: doesn't contain source for waf 
binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654472 Doesn't contain source for waf binary code
Bug #654472 [gtkimageview] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654473 Doesn't contain source for waf binary code
Bug #654473 [guitarix] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654474 Doesn't contain source for waf binary code
Bug #654474 [hamster-applet] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654475 Doesn't contain source for waf binary code
Bug #654475 [hotssh] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654476 Doesn't contain source for waf binary code
Bug #654476 [isoquery] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654477 Doesn't contain source for waf binary code
Bug #654477 [jackd2] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654478 Doesn't contain source for waf binary code
Bug #654478 [jalv] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654479 Doesn't contain source for waf binary code
Bug #654479 [jcgui] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain source for waf binary code'
> retitle 654480 Doesn't contain source for waf binary code
Bug #654480 [kupfer] postler: doesn't contain source for waf binary code
Changed Bug title to 'Doesn't contain source for waf binary code' from 
'postler: doesn't contain s

Bug#622919: Raise severity?

[gregor herrmann]

On Tue, 03 Jan 2012 21:35:07 +0100, gregor herrmann wrote:

> > Looking at the diff again (attached for reference), it's quite long
> > and also includes documentation fixes.
> > I guess we have to look a bit to trim it down to the relevant parts.
> Quick attempt (I looked at the diff in upstream 0.67 -> 0.68 and
> ripped out the parts from the original patch that had no equivalent
> in the upstream diff).

Hm, so I also forgot the second attachment? Oh my.

Cheers,
gregor
 
-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: Steppenwolf: It's Never Too Late
diff -u libjifty-dbi-perl-0.60/debian/changelog 
libjifty-dbi-perl-0.60/debian/changelog
--- libjifty-dbi-perl-0.60/debian/changelog
+++ libjifty-dbi-perl-0.60/debian/changelog
@@ -1,3 +1,11 @@
+libjifty-dbi-perl (0.60-1+squeeze1) UNRELEASED; urgency=high
+
+  * Team upload.
+  * [SECURITY] Apply patch prepared by upstream that backports fixes for SQL
+injection weaknesses (closes: #622919).
+
+ -- gregor herrmann   Tue, 19 Apr 2011 23:53:52 +0200
+
 libjifty-dbi-perl (0.60-1) unstable; urgency=low
 
   [ Jonathan Yu ]
only in patch2:
unchanged:
--- libjifty-dbi-perl-0.60.orig/lib/Jifty/DBI/Collection.pm
+++ libjifty-dbi-perl-0.60/lib/Jifty/DBI/Collection.pm
@@ -1201,16 +1254,9 @@
 
 # }}}
 
-# Set this to the name of the column and the alias, unless we've been
-# handed a subclause name
-
-my $qualified_column
-= $args{'alias'}
-? $args{'alias'} . "." . $args{'column'}
-: $args{'column'};
-my $clause_id = $args{'subclause'} || $qualified_column;
-
-# XXX: when is column_obj undefined?
+# $column_obj is undefined when the table2 argument to the join is a table
+# name and not a collection model class.  In that case, the class key
+# doesn't exist for the join.
 my $class
 = $self->{joins}{ $args{alias} }
 && $self->{joins}{ $args{alias} }{class}
@@ -1222,7 +1268,44 @@
 $self->new_item->_apply_input_filters(
 column=> $column_obj,
 value_ref => \$args{'value'},
-) if $column_obj && $column_obj->encode_on_select;
+) if $column_obj && $column_obj->encode_on_select && $args{operator} !~ 
/IS/;
+
+# Ensure that the column has nothing fishy going on.  We can't
+# simply check $column_obj's truth because joins mostly join by
+# table name, not class, and we don't track table_name -> class.
+if ($args{column} =~ /\W/) {
+warn "Possible SQL injection on column '$args{column}' in limit at 
@{[join(',',(caller)[1,2])]}\n";
+%args = (
+%args,
+column   => 'id',
+operator => '<',
+value=> 0,
+);
+}
+if ($args{operator} !~ /^(=|<|>|!=|<>|<=|>=
+ |(NOT\s*)?LIKE
+ |(NOT\s*)?(STARTS|ENDS)_?WITH
+ |(NOT\s*)?MATCHES
+ |IS(\s*NOT)?
+ |IN)$/ix) {
+warn "Unknown operator '$args{operator}' in limit at  
@{[join(',',(caller)[1,2])]}\n";
+%args = (
+%args,
+column   => 'id',
+operator => '<',
+value=> 0,
+);
+}
+
+
+# Set this to the name of the column and the alias, unless we've been
+# handed a subclause name
+my $qualified_column
+= $args{'alias'}
+? $args{'alias'} . "." . $args{'column'}
+: $args{'column'};
+my $clause_id = $args{'subclause'} || $qualified_column;
+
 
 # make passing in an object DTRT
 my $value_ref = ref( $args{value} );
@@ -1248,27 +1337,28 @@
 #since we're changing the search criteria, we need to redo the search
 $self->redo_search();
 
-if ( $args{'column'} ) {
-
-#If it's a like, we supply the %s around the search term
-if ( $args{'operator'} =~ /MATCHES/i ) {
-$args{'value'} = "%" . $args{'value'} . "%";
-} elsif ( $args{'operator'} =~ /STARTS_?WITH/i ) {
-$args{'value'} = $args{'value'} . "%";
-} elsif ( $args{'operator'} =~ /ENDS_?WITH/i ) {
-$args{'value'} = "%" . $args{'value'};
-}
-$args{'operator'} =~ s/(?:MATCHES|ENDS_?WITH|STARTS_?WITH)/LIKE/i;
-
-#if we're explicitly told not to to quote the value or
-# we're doing an IS or IS NOT (null), don't quote the operator.
-
-if ( $args{'quote_value'} && $args{'operator'} !~ /IS/i ) {
-if ( $value_ref eq 'ARRAY' ) {
-map { $_ = $self->_handle->quote_value($_) } @{ $args{'value'} 
};
-} else {
-$args{'value'} = $self->_handle->quote_value( $args{'value'} );
-}
+#If it's a like, we supply the %s around the search term
+if ( $args{'operator'} =~ /

Bug#654520: Should this package be removed?

[Moritz Muehlenhoff]

Source: collectd
Severity: serious

collectd hasn't had a maintainer upload since 15 months, has low
popcon and accumulated 5 RC bugs so far.

I propose to remove it.

Cheers,
Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653771: [pkg-ntp-maintainers] Bug#653771: FTBFS on kfreebsd-* due to -Wformat-security

[Peter Eisentraut]

I think the below is a more correct fix.  Could you check whether it
works for you?

--- a/ntpd/refclock_oncore.c
+++ b/ntpd/refclock_oncore.c
@@ -4058,7 +4058,7 @@ oncore_log (
 
snprintf(Msg, sizeof(Msg), "ONCORE[%d]: %s", instance->unit,
 msg);
-   syslog(log_level, Msg);
+   syslog(log_level, "%s", Msg);
 
i = strlen(msg);
 
--- a/lib/isc/include/isc/msgcat.h
+++ b/lib/isc/include/isc/msgcat.h
@@ -110,7 +110,7 @@ isc_msgcat_close(isc_msgcat_t **msgcatp)
 
 const char *
 isc_msgcat_get(isc_msgcat_t *msgcat, int set, int message,
-  const char *default_text);
+  const char *default_text) __attribute__((format_arg(4)));
 /*%<
  * Get message 'message' from message set 'set' in 'msgcat'.  If it
  * is not available, use 'default_text'.





-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#645190: Bug#645191: waf binary code not DFSG compliant

[Yves-Alexis Perez]

On mar., 2012-01-03 at 22:12 +0100, Alexander Reichle-Schmehl wrote:
> user ftpmas...@debian.org
> reopen 645191
> 
> usertags 645190 + waf-unpack
> clone 645190 -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 -14 -15 -16 -17 -18 
> -19 -20 -21 -22 -23 -24 -25 -26 -27 -28 -29 -30 -31 -32 -33 -34 -35 -36 -37 
> -38 -39 -40 -41 -42 -43 -44 -45 -46 -47 -48 -49 -50 -51 -52 
> reassign -1 a2jmidid
> reassign -2 composite
> reassign -3 ctpl
> reassign -4 flowcanvas
> reassign -5 geany
> reassign -6 geany-plugins
> reassign -7 gigolo
> reassign -8 gmidimonitor
> reassign -9 gnome-python
> reassign -10 gnome-python-desktop
> reassign -11 gtkimageview
> reassign -12 guitarix
> reassign -13 hamster-applet
> reassign -14 hotssh
> reassign -15 isoquery
> reassign -16 jackd2
> reassign -17 jalv
> reassign -18 jcgui
> reassign -19 kupfer
> reassign -20 ladish
> reassign -21 ldb
> reassign -22 libdesktop-agnostic
> reassign -23 lifeograph
> reassign -24 lilv
> reassign -25 lv2-extensions-good
> reassign -26 lv2core
> reassign -27 lv2fil
> reassign -28 mda-lv2
> reassign -29 mgen
> reassign -30 minidjvu
> reassign -31 nodejs
> reassign -32 ns3
> reassign -33 openchange
> reassign -34 patchage
> reassign -35 pino
> reassign -36 radare
> reassign -37 raul
> reassign -38 samba
> reassign -39 samba4
> reassign -40 serd
> reassign -41 showq
> reassign -42 slv2
> reassign -43 sord
> reassign -44 suil
> reassign -45 supercollider
> reassign -46 sushi
> reassign -47 talloc
> reassign -48 tdb
> reassign -49 tevent
> reassign -50 xiphos
> reassign -51 xmms2
> reassign -52 zyn
> thanks
> 
> Hi!
> 
> > IMHO this is not acceptable because there are no tools included or
> > commandline switches offered with waf (in postler and midori) to
> > conveniently unpack and repack these part for a.) inspection or b.)
> > modification, which are required for packages in Debian main.
> 
> A package in NEW brought this matter to our attention, and after
> discussing the issue within the FTP Team, we came to the conclusion that
> the submitter of this bug report is correct: packages using waf in this
> form do not ship all sources in their prefered form of modification¹.
> 
> While the letters of DFSG#2 and the Debian Policy could be fullfilled by
> shipping waf in extracted form in the source packages, we would really
> love to see the packages moving to a saner build system.
> 
> A quick tutorial on how to unpack waf to fulfil our requirements can be
> found here: http://wiki.debian.org/UnpackWaf
> 
> Best regards,
>   Alexander
>   for the FTP Team
> 
> 1: Yes, that phrase originates from the GPL, nevertheless Debian uses it as 
> definiton of "source".
> 
That still looks to me like a waste of time. waf is a pain to work with,
and the bzip2 part is not really the worse part (technically speaking).

Diverting from upstream (waf as well as the package using it) already
proved painful, so I think the easiest solution would be to just stop
shipping those packages, sadly
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part

Bug#652072: marked as done (Scala installs lib/jline.jar blob from upstream)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 21:37:31 +
with message-id 
and subject line Bug#652072: fixed in scala 2.9.1.dfsg-2
has caused the Debian Bug report #652072,
regarding Scala installs lib/jline.jar blob from upstream
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
652072: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652072
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: scala
Version: 2.9.1.dfsg-1
Severity: serious

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

scala installs upstream's lib/jline.jar instead of relying on Debian's jline
package. lib/jline.jar even contains a shared library
(META-INF/native/linux32/libjansi.so).

Regards,

Thomas Koch

- -- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages scala depends on:
ii  default-jre [java6-runtime]1:1.6-45
ii  openjdk-6-jre [java6-runtime]  6b24~pre1-1
ii  scala-library  2.9.1.dfsg-1

scala recommends no packages.

Versions of packages scala suggests:
ii  scala-doc  2.9.1.dfsg-1

- -- no debconf information

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJO6MJ4AAoJEAf8SJEEK6ZaROUQAKXXdFgNYdYhFkRVn0apcFez
dGUilrJHSH2/FD1o5/0eKR1VB78orLgkxd0Xw0JsVVHGriqdm7SJITsEbrIuuNvw
m44V/DG+hSvhgAkeVzSlLY6mxJBdcMeU2k4xUGQRfP83K6mqGaFcyaJawzewwtOC
QHgFA5edeYssqcgiORSqd2oLZ0yY+zZOqpSXLLqUfmgXVxKvOKMiYlGq5M4y79M6
nQ8U/y3KyoOnTAiGABD3IDKM5f10mpnzZJde5P81inFKUbGaTUuxnbbGLEXvjxVg
aT83Hacj6HaSjRDJnlJzSIrtCoRC3riGL6SKszLaWkfF8q9I4vKGVWcVA7iJnbg5
Ex+8f4C9/DhGhG40/D2ErgO9HNa51ZQDVtlGUoXHduiwZmqcPo1iALYQmwhV/Dbf
9c1Sy1EQ6+/ZqorAjs9B3v19IwX6SMpnQG0jKQE7qzeOrJdC0Q5owSScf5ur3PVX
obDK8Yo+v59YWS+TsQFFnSOu2rsrWQQMUJT4fX0w7cuUqdlo/nlTaW9ex8YF6MUW
15LVAECiVatotkxpwNKVCa88KQN2qf/3gE4ufqmTkwfbi7ihRhRHFhB3SwlKhJ0Q
D6qbvB0aDDwoSyiYb410/DZ0lnN7OmBmRQ92Gd3B9fNC99siz/kbfH94DuqgYuVK
xCU4kc8FG7WAJ7/ZMG4X
=AFZK
-END PGP SIGNATURE-


--- End Message ---
--- Begin Message ---
Source: scala
Source-Version: 2.9.1.dfsg-2

We believe that the bug you reported is fixed in the latest version of
scala, which is due to be installed in the Debian FTP archive:

scala-doc_2.9.1.dfsg-2_all.deb
  to main/s/scala/scala-doc_2.9.1.dfsg-2_all.deb
scala-library_2.9.1.dfsg-2_all.deb
  to main/s/scala/scala-library_2.9.1.dfsg-2_all.deb
scala_2.9.1.dfsg-2.debian.tar.gz
  to main/s/scala/scala_2.9.1.dfsg-2.debian.tar.gz
scala_2.9.1.dfsg-2.dsc
  to main/s/scala/scala_2.9.1.dfsg-2.dsc
scala_2.9.1.dfsg-2_all.deb
  to main/s/scala/scala_2.9.1.dfsg-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mehdi Dogguy  (supplier of updated scala package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 28 Dec 2011 12:53:49 +0100
Source: scala
Binary: scala scala-library scala-doc
Architecture: source all
Version: 2.9.1.dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian Scala Maintainers 
Changed-By: Mehdi Dogguy 
Description: 
 scala  - Scala programming language
 scala-doc  - Scala API documentation
 scala-library - Scala standard library
Closes: 652024 652072
Changes: 
 scala (2.9.1.dfsg-2) unstable; urgency=low
 .
   [ Frank S. Thomas ]
   * debian/copyright: Added missing Copyright fields and a License
 paragraph.
 .
   [ Mehdi Dogguy ]
   * Build and install jline.jar, instead of relying on upstream's
 provided jline.jar (Closes: #652072).
 - Add junit4 and libjansi-java to Build-Depends.
 - Add libjansi-java to Scala's Depends field.
   * Provide Maven artifacts for scala-{library,compiler}, Thanks to
 Thomas Koch for the patch. (Closes: #652024).
   * Install scalacheck.jar and scala-partest.jar.
 - Mention it in scala-library's long description.
   * Add 0001-Use-system-ant-contrib.jar.patch
Checksums-Sha1: 
 da5214de51fcf82764b3797a99b75198677fd853 1913 scala_2.9.1.dfsg-2.dsc
 d2acd5eb7dba1e5e97a09e0a35ab585b2e081548 12996 scala_2.9.1.dfsg-2.debi

Processed: waf binary code not DFSG compliant

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> user ftpmas...@debian.org
Setting user to ftpmas...@debian.org (was toli...@debian.org).
> reopen 645191
Bug #645191 {Done: Yves-Alexis Perez } [midori] midori: 
doesn't contain source for waf binary code
> usertags 645190 + waf-unpack
Bug#645190: postler: doesn't contain source for waf binary code
There were no usertags set.
Usertags are now: waf-unpack.
> clone 645190 -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 -14 -15 -16 -17 -18 
> -19 -20 -21 -22 -23 -24 -25 -26 -27 -28 -29 -30 -31 -32 -33 -34 -35 -36 -37 
> -38 -39 -40 -41 -42 -43 -44 -45 -46 -47 -48 -49 -50 -51 -52
Bug#645190: postler: doesn't contain source for waf binary code
Bug 645190 cloned as bugs 654462-654513.

> reassign -1 a2jmidid
Bug #654462 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'a2jmidid'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -2 composite
Bug #654463 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'composite'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -3 ctpl
Bug #654464 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'ctpl'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -4 flowcanvas
Bug #654465 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'flowcanvas'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -5 geany
Bug #654466 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'geany'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -6 geany-plugins
Bug #654467 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'geany-plugins'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -7 gigolo
Bug #654468 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'gigolo'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -8 gmidimonitor
Bug #654469 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'gmidimonitor'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -9 gnome-python
Bug #654470 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'gnome-python'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -10 gnome-python-desktop
Bug #654471 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'gnome-python-desktop'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -11 gtkimageview
Bug #654472 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'gtkimageview'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -12 guitarix
Bug #654473 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'guitarix'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -13 hamster-applet
Bug #654474 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'hamster-applet'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -14 hotssh
Bug #654475 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'hotssh'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -15 isoquery
Bug #654476 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'isoquery'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -16 jackd2
Bug #654477 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'jackd2'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -17 jalv
Bug #654478 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'jalv'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -18 jcgui
Bug #654479 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'jcgui'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -19 kupfer
Bug #654480 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'kupfer'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -20 ladish
Bug #654481 [postler] postler: doesn't contain source for waf binary code
Bug reassigned from package 'postler' to 'ladish'.
Bug No longer marked as found in versions postler/0.1.1-1.
> reassign -21 ldb
Bug #654482 [postler] pos

Bug#645190: waf binary code not DFSG compliant

[Alexander Reichle-Schmehl]

user ftpmas...@debian.org
reopen 645191

usertags 645190 + waf-unpack
clone 645190 -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 -14 -15 -16 -17 -18 -19 
-20 -21 -22 -23 -24 -25 -26 -27 -28 -29 -30 -31 -32 -33 -34 -35 -36 -37 -38 -39 
-40 -41 -42 -43 -44 -45 -46 -47 -48 -49 -50 -51 -52 
reassign -1 a2jmidid
reassign -2 composite
reassign -3 ctpl
reassign -4 flowcanvas
reassign -5 geany
reassign -6 geany-plugins
reassign -7 gigolo
reassign -8 gmidimonitor
reassign -9 gnome-python
reassign -10 gnome-python-desktop
reassign -11 gtkimageview
reassign -12 guitarix
reassign -13 hamster-applet
reassign -14 hotssh
reassign -15 isoquery
reassign -16 jackd2
reassign -17 jalv
reassign -18 jcgui
reassign -19 kupfer
reassign -20 ladish
reassign -21 ldb
reassign -22 libdesktop-agnostic
reassign -23 lifeograph
reassign -24 lilv
reassign -25 lv2-extensions-good
reassign -26 lv2core
reassign -27 lv2fil
reassign -28 mda-lv2
reassign -29 mgen
reassign -30 minidjvu
reassign -31 nodejs
reassign -32 ns3
reassign -33 openchange
reassign -34 patchage
reassign -35 pino
reassign -36 radare
reassign -37 raul
reassign -38 samba
reassign -39 samba4
reassign -40 serd
reassign -41 showq
reassign -42 slv2
reassign -43 sord
reassign -44 suil
reassign -45 supercollider
reassign -46 sushi
reassign -47 talloc
reassign -48 tdb
reassign -49 tevent
reassign -50 xiphos
reassign -51 xmms2
reassign -52 zyn
thanks

Hi!

> IMHO this is not acceptable because there are no tools included or
> commandline switches offered with waf (in postler and midori) to
> conveniently unpack and repack these part for a.) inspection or b.)
> modification, which are required for packages in Debian main.

A package in NEW brought this matter to our attention, and after
discussing the issue within the FTP Team, we came to the conclusion that
the submitter of this bug report is correct: packages using waf in this
form do not ship all sources in their prefered form of modification¹.

While the letters of DFSG#2 and the Debian Policy could be fullfilled by
shipping waf in extracted form in the source packages, we would really
love to see the packages moving to a saner build system.

A quick tutorial on how to unpack waf to fulfil our requirements can be
found here: http://wiki.debian.org/UnpackWaf

Best regards,
  Alexander
  for the FTP Team

1: Yes, that phrase originates from the GPL, nevertheless Debian uses it as 
definiton of "source".




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654459: Doesn't compile with 3.x kernels

[Moritz Muehlenhoff]

Source: drbd8
Severity: serious

drbd8 fails to compile, since apparently the check doesn't cope with
Linux version numbers now starting with 3.:

config.status: creating user/config.h
config.status: user/config.h is unchanged
dh_testdir
make
make[1]: Entering directory `/home/jmm/scratch/drbd8-8.3.9'
make -C drbd drbd_buildtag.c
make[2]: Entering directory `/home/jmm/scratch/drbd8-8.3.9/drbd'
Makefile:95: *** "won't compile with this kernel version".  Schluss.
make[2]: Leaving directory `/home/jmm/scratch/drbd8-8.3.9/drbd'
make[1]: *** [drbd/drbd_buildtag.c] Fehler 2
make[1]: Leaving directory `/home/jmm/scratch/drbd8-8.3.9'
make: *** [build-arch-stamp] Fehler 2
dpkg-buildpackage: Fehler: Fehler-Exitstatus von debian/rules build war 2


ifneq ($(PATCHLEVEL),)
  ifneq ($(VERSION),2)
$(error "won't compile with this kernel version")
  endif
  ifneq ($(PATCHLEVEL),6)
$(error "won't compile with this kernel version")
  endif



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#641488: marked as done (bup: FTBFS on sparc (bus error in bloom test))

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 21:20:41 +
with message-id 
and subject line Bug#641488: fixed in bup 0.25~git2011.11.04-2
has caused the Debian Bug report #641488,
regarding bup: FTBFS on sparc (bus error in bloom test)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
641488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641488
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bup
Version: 0.24b-1.1
Severity: serious

Hi,

bup FTBFS on sparc:
https://buildd.debian.org/status/fetch.php?pkg=bup&arch=sparc&ver=0.24b-1.1&stamp=1313905299

The failure is reproducible on smetana.d.o.  From what I can tell, it
crashes in lib/bup/t/tbloom.py:test_bloom, line 18 (b.add_idx(ix)),
specifically in the call to bloom_add().

Here's a disassembly of that function, the crash is at 0x111c

1020 :
1020:   9d e3 bf 80 save  %sp, -128, %sp
1024:   13 00 00 41 sethi  %hi(0x10400), %o1
1028:   82 07 bf f8 add  %fp, -8, %g1
102c:   c2 23 a0 5c st  %g1, [ %sp + 0x5c ]
1030:   2f 00 00 48 sethi  %hi(0x12000), %l7
1034:   7f ff ff d3 call  f80 <__sparc_get_pc_thunk.l7>
1038:   ae 05 e2 9c add  %l7, 0x29c, %l7! 1229c 
<__FRAME_END__+0xf0ac>
103c:   92 1a 7c d0 xor  %o1, -816, %o1
1040:   82 07 bf fc add  %fp, -4, %g1
1044:   c0 27 bf e8 clr  [ %fp + -24 ]
1048:   92 05 c0 09 add  %l7, %o1, %o1
104c:   90 10 00 19 mov  %i1, %o0
1050:   94 07 bf ec add  %fp, -20, %o2
1054:   96 07 bf f4 add  %fp, -12, %o3
1058:   98 07 bf e8 add  %fp, -24, %o4
105c:   c0 27 bf ec clr  [ %fp + -20 ]
1060:   9a 07 bf f0 add  %fp, -16, %o5
1064:   c0 77 bf f0 clrx  [ %fp + -16 ]
1068:   b0 10 20 00 clr  %i0
106c:   c0 77 bf f8 clrx  [ %fp + -8 ]
1070:   40 00 48 ed call  13424 
1074:   c2 23 a0 60 st  %g1, [ %sp + 0x60 ]
1078:   80 a2 20 00 cmp  %o0, 0
107c:   02 40 00 5d be,pn   %icc, 11f0 
1080:   c2 07 bf f8 ld  [ %fp + -8 ], %g1
1084:   86 10 20 01 mov  1, %g3
1088:   c4 07 bf f4 ld  [ %fp + -12 ], %g2
108c:   87 28 c0 01 sll  %g3, %g1, %g3
1090:   86 00 e0 10 add  %g3, 0x10, %g3
1094:   80 a0 c0 02 cmp  %g3, %g2
1098:   14 40 00 56 bg,pn   %icc, 11f0 
109c:   d6 07 bf f0 ld  [ %fp + -16 ], %o3
10a0:   13 19 99 99 sethi  %hi(0x6400), %o1
10a4:   92 12 62 67 or  %o1, 0x267, %o1 ! 6667 
<_end+0x6665309f>
10a8:   80 5a c0 09 smul  %o3, %o1, %g0
10ac:   93 40 00 00 rd  %y, %o1
10b0:   85 3a e0 1f sra  %o3, 0x1f, %g2
10b4:   93 3a 60 03 sra  %o1, 3, %o1
10b8:   92 22 40 02 sub  %o1, %g2, %o1
10bc:   87 2a 60 02 sll  %o1, 2, %g3
10c0:   85 2a 60 04 sll  %o1, 4, %g2
10c4:   84 00 c0 02 add  %g3, %g2, %g2
10c8:   84 a2 c0 02 subcc  %o3, %g2, %g2
10cc:   12 40 00 49 bne,pn   %icc, 11f0 
10d0:   c6 07 bf fc ld  [ %fp + -4 ], %g3
10d4:   80 a0 e0 05 cmp  %g3, 5
10d8:   02 40 00 48 be,pn   %icc, 11f8 
10dc:   b0 10 00 02 mov  %g2, %i0
10e0:   80 a0 e0 04 cmp  %g3, 4
10e4:   12 40 00 43 bne,pn   %icc, 11f0 
10e8:   80 a0 60 25 cmp  %g1, 0x25
10ec:   14 40 00 41 bg,pn   %icc, 11f0 
10f0:   c4 07 bf e8 ld  [ %fp + -24 ], %g2
10f4:   96 00 80 0b add  %g2, %o3, %o3
10f8:   80 a0 80 0b cmp  %g2, %o3
10fc:   1a 40 00 38 bcc,pn   %icc, 11dc 
1100:   9e 10 20 01 mov  1, %o7
1104:   b0 10 20 28 mov  0x28, %i0
1108:   a0 10 20 25 mov  0x25, %l0
110c:   a2 10 20 14 mov  0x14, %l1
1110:   10 68 00 03 b  %xcc, 111c 
1114:   a4 10 00 0b mov  %o3, %l2
1118:   c2 07 bf f8 ld  [ %fp + -8 ], %g1
111c:   c6 00 80 00 ld  [ %g2 ], %g3
1120:   b8 26 00 01 sub  %i0, %g1, %i4
1124:   b2 24 00 01 sub  %l0, %g1, %i1
1128:   c4 08 a0 04 ldub  [ %g2 + 4 ], %g2
112c:   9a 38 00 1c xnor  %g0, %i4, %o5
1130:   98 8f 20 20 andcc  %i4, 0x20, %o4
1134:   91 30 e0 18 srl  %g3, 0x18, %o0
1138:   94 38 00 19 xnor  %g0, %i1, %o2
113c:   c8 07 bf ec ld  [ %fp + -20 ], %g4
1140:   93 28 e0

Bug#652252: marked as done (ust: FTBFS: tracepoint_benchmark.h:27: undefined reference to `unlikely')

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 21:07:53 +
with message-id 
and subject line Bug#652252: fixed in ust 0.16-1
has caused the Debian Bug report #652252,
regarding ust: FTBFS: tracepoint_benchmark.h:27: undefined reference to 
`unlikely'
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
652252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652252
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ust
Version: 0.15-3
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20111210 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../include/ust  -I../../../include 
>   -Wall -g -O2 -c tracepoint_benchmark.c
> In file included from tracepoint_benchmark.h:25:0,
>  from tracepoint_benchmark.c:30:
> ../../../include/ust/tracepoint.h: In function '__trace_ust_event':
> ../../../include/ust/tracepoint.h:109:16: warning: implicit declaration of 
> function 'unlikely' [-Wimplicit-function-declaration]
> In file included from tracepoint_benchmark.c:30:0:
> tracepoint_benchmark.h: In function 'trace_ust_event':
> tracepoint_benchmark.h:27:1: warning: variable '__tp_cb_data' set but not 
> used [-Wunused-but-set-variable]
>   CCLD   tracepoint_benchmark
> tracepoint_benchmark.o: In function `__trace_ust_event':
> /build/ust-FW0gh0/ust-0.15/tests/tracepoint/benchmark/tracepoint_benchmark.h:27:
>  undefined reference to `unlikely'
> collect2: ld returned 1 exit status

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/12/10/ust_0.15-3_lsid64.buildlog

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.


--- End Message ---
--- Begin Message ---
Source: ust
Source-Version: 0.16-1

We believe that the bug you reported is fixed in the latest version of
ust, which is due to be installed in the Debian FTP archive:

libust-dev_0.16-1_amd64.deb
  to main/u/ust/libust-dev_0.16-1_amd64.deb
libust0_0.16-1_amd64.deb
  to main/u/ust/libust0_0.16-1_amd64.deb
ust-bin_0.16-1_amd64.deb
  to main/u/ust/ust-bin_0.16-1_amd64.deb
ust_0.16-1.debian.tar.gz
  to main/u/ust/ust_0.16-1.debian.tar.gz
ust_0.16-1.dsc
  to main/u/ust/ust_0.16-1.dsc
ust_0.16.orig.tar.gz
  to main/u/ust/ust_0.16.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jon Bernard  (supplier of updated ust package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 03 Jan 2012 14:44:19 -0500
Source: ust
Binary: libust0 libust-dev ust-bin
Architecture: source amd64
Version: 0.16-1
Distribution: unstable
Urgency: low
Maintainer: Jon Bernard 
Changed-By: Jon Bernard 
Description: 
 libust-dev - LTTng Userspace Tracer (development)
 libust0- LTTng Userspace Tracer (runtime)
 ust-bin- LTTng Userspace Tracer (utilities)
Closes: 652252
Changes: 
 ust (0.16-1) unstable; urgency=low
 .
   * [b2e8277] New upstream version 0.16 (Closes: #652252)
   * [17ca597] Depend on version 0.6.6 of liburcu-dev
   * [cdc6f54] Include pkgconfig in libust-dev
Checksums-Sha1: 
 09c63180e54a77a698e71dbff0aca65de1769fbe 1276 ust_0.16-1.dsc
 60fe9d29b6a2daf32ed212ccf842fe11d7311981 602946 ust_0.16.orig.tar.gz
 298f071fa643f38010d82fb824d30a2126c6f5e4 5848 ust_0.16-1.debian.tar.gz
 24cddf57c9953639a8385dbf176481cec3d5f65c 127506 libust0_0.16-1_amd64.deb
 3445dc4d4e5e403e4d0647859fa1e430061b24e2 133398 libust-dev_0.16-1_amd64.deb
 f24fba9140744de3b324bad1a48f6e52f0a29bf9 28188 ust-bin_0.16-1_amd64.deb
Checksums-Sha256: 
 d9cd0d6bd86ae47cc1cf05a9103e089ebebbd119e188c43f750631b46fbc505a 1276 
ust_0.16-1.dsc
 88167741b1fbf335e006f0208d8c41784705e28adac84df71d3d9f6c58191dab 602946 
ust_0.16.orig.tar.gz
 c15883aca7653ac62326a572fa8cd8dc62404b52b7c824cbf291dd48ba6570f8 5848 
ust_0.16-1.debian.tar.gz
 b30a9266

Bug#650961: marked as done (libsqlite3-tcl: pkgIndex.tcl is empty and can not be generated)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 21:07:38 +
with message-id 
and subject line Bug#650961: fixed in sqlite3 3.7.9-3
has caused the Debian Bug report #650961,
regarding libsqlite3-tcl: pkgIndex.tcl is empty and can not be generated
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
650961: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650961
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libsqlite3-tcl
Version: 3.7.9-2
Severity: grave
Justification: renders package unusable

File /usr/lib/tcltk/sqlite3/pkgIndex.tcl is empty, so package sqlite3
can not be loaded in Tcl programs.

I am unable to generate this file by hands because command 

# echo 'pkg_mkIndex -verbose' | sudo tclsh8.5

gives the following error:

warning: error while loading libtclsqlite3.so: couldn't load file 
"libtclsqlite3.so": libtclsqlite3.so: cannot open shared object file: No such 
file or directory

But file is present and ldd-able:

# ldd libtclsqlite3.so
linux-vdso.so.1 =>  (0x7fff40dff000)
libsqlite3.so.0 => /usr/lib/libsqlite3.so.0 (0x7f24a8f82000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f24a8bfe000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x7f24a89e1000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f24a87dd000)
/lib64/ld-linux-x86-64.so.2 (0x7f24a944f000)


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsqlite3-tcl depends on:
ii  libc6 2.13-21
ii  libsqlite3-0  3.7.9-2

libsqlite3-tcl recommends no packages.

Versions of packages libsqlite3-tcl suggests:
ii  sqlite3-doc  3.7.9-2

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: sqlite3
Source-Version: 3.7.9-3

We believe that the bug you reported is fixed in the latest version of
sqlite3, which is due to be installed in the Debian FTP archive:

lemon_3.7.9-3_amd64.deb
  to main/s/sqlite3/lemon_3.7.9-3_amd64.deb
libsqlite3-0-dbg_3.7.9-3_amd64.deb
  to main/s/sqlite3/libsqlite3-0-dbg_3.7.9-3_amd64.deb
libsqlite3-0_3.7.9-3_amd64.deb
  to main/s/sqlite3/libsqlite3-0_3.7.9-3_amd64.deb
libsqlite3-dev_3.7.9-3_amd64.deb
  to main/s/sqlite3/libsqlite3-dev_3.7.9-3_amd64.deb
libsqlite3-tcl_3.7.9-3_amd64.deb
  to main/s/sqlite3/libsqlite3-tcl_3.7.9-3_amd64.deb
sqlite3-doc_3.7.9-3_all.deb
  to main/s/sqlite3/sqlite3-doc_3.7.9-3_all.deb
sqlite3_3.7.9-3.debian.tar.gz
  to main/s/sqlite3/sqlite3_3.7.9-3.debian.tar.gz
sqlite3_3.7.9-3.dsc
  to main/s/sqlite3/sqlite3_3.7.9-3.dsc
sqlite3_3.7.9-3_amd64.deb
  to main/s/sqlite3/sqlite3_3.7.9-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 650...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS)  (supplier of updated sqlite3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 03 Jan 2012 19:00:51 +0100
Source: sqlite3
Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev 
libsqlite3-tcl
Architecture: source all amd64
Version: 3.7.9-3
Distribution: unstable
Urgency: low
Maintainer: Laszlo Boszormenyi (GCS) 
Changed-By: Laszlo Boszormenyi (GCS) 
Description: 
 lemon  - LALR(1) Parser Generator for C or C++
 libsqlite3-0 - SQLite 3 shared library
 libsqlite3-0-dbg - SQLite 3 debugging symbols
 libsqlite3-dev - SQLite 3 development files
 libsqlite3-tcl - SQLite 3 Tcl bindings
 sqlite3- Command line interface for SQLite 3
 sqlite3-doc - SQLite 3 documentation
Closes: 649169 650961 653937
Changes: 
 sqlite3 (3.7.9-3) unstable; urgency=low
 .
   * Correct flock locking on Hurd (closes: #653937), thanks to Pino Toscano
  .
   * Add self test if pkgIndex.tcl is correctly generated (closes: #650961).
   * Enable LIMIT support for UPDATE and DELETE commands (closes: #649169).
   * Update packaging bits.
Checksums-Sha1: 
 b1b480914b26fdd68a50faa74eede61610339988 1712 sqlite3_3.7.9-3.dsc
 862

Bug#654433: marked as done (libhtp1: new symbols but unversioned .shlibs)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 21:05:59 +
with message-id 
and subject line Bug#654433: fixed in libhtp 0.2.6-2
has caused the Debian Bug report #654433,
regarding libhtp1: new symbols but unversioned .shlibs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
654433: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654433
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libhtp1
Version: 0.2.6-1
Severity: serious
Justification: Policy 8.6.3

   libhtp1 versions add new symbols but do not provide a minimal
version in .shlibs. For instance, I can build a binary with 0.2.6-1
that uses htp_config_register_request_uri_normalize, but that binary
will not run with libhtp1 0.2.3-1.

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (999, 'stable'), (70, 'testing'), (30, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.5-grsec (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libhtp1 depends on:
ii  libc6   2.13-21  Embedded GNU C Library: Shared lib
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

libhtp1 recommends no packages.

libhtp1 suggests no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: libhtp
Source-Version: 0.2.6-2

We believe that the bug you reported is fixed in the latest version of
libhtp, which is due to be installed in the Debian FTP archive:

libhtp-dev_0.2.6-2_amd64.deb
  to main/libh/libhtp/libhtp-dev_0.2.6-2_amd64.deb
libhtp1_0.2.6-2_amd64.deb
  to main/libh/libhtp/libhtp1_0.2.6-2_amd64.deb
libhtp_0.2.6-2.diff.gz
  to main/libh/libhtp/libhtp_0.2.6-2.diff.gz
libhtp_0.2.6-2.dsc
  to main/libh/libhtp/libhtp_0.2.6-2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 654...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Chifflier  (supplier of updated libhtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 03 Jan 2012 21:11:32 +0100
Source: libhtp
Binary: libhtp-dev libhtp1
Architecture: source amd64
Version: 0.2.6-2
Distribution: unstable
Urgency: low
Maintainer: Pierre Chifflier 
Changed-By: Pierre Chifflier 
Description: 
 libhtp-dev - HTTP normalizer and parser library (devel)
 libhtp1- HTTP normalizer and parser library
Closes: 654433
Changes: 
 libhtp (0.2.6-2) unstable; urgency=low
 .
   * Add symbols file for libhtp1 (Closes: #654433)
   * Change text so lintian does not report copyright file as template
Checksums-Sha1: 
 284926bcaae5ee3014fa81544484a139d8102f4c 1729 libhtp_0.2.6-2.dsc
 c40d8589f216b7655fcb218c808308c03f7a535b 3432 libhtp_0.2.6-2.diff.gz
 5e53d67f9e4b3b00f8866fdcc4940b5da27ff471 52640 libhtp-dev_0.2.6-2_amd64.deb
 f5fd689759ff490356aafddd49e1c3fe5ba1e9e3 36704 libhtp1_0.2.6-2_amd64.deb
Checksums-Sha256: 
 08c1334b8f86a0d8a3e839e184b40bc858df0c42c4ad189a7c8cf8184a239a52 1729 
libhtp_0.2.6-2.dsc
 f5113056322a4857d3617ebd352492bbb24ba29026a93bc47844b065e3368288 3432 
libhtp_0.2.6-2.diff.gz
 33573146b884a86e02cba9e7bb2ed3ea1e4e1f098ebac93d0f3fc6d55bef5e70 52640 
libhtp-dev_0.2.6-2_amd64.deb
 63646db2da81541b980167399852da9223d3a9430cde14357d8367b3a9f74629 36704 
libhtp1_0.2.6-2_amd64.deb
Files: 
 1eed67b63f649da72a22d64af9cbd3f9 1729 libs extra libhtp_0.2.6-2.dsc
 a7ccd7b16404c305a3ddf1a447c4ef89 3432 libs extra libhtp_0.2.6-2.diff.gz
 9b1bba63d7ca47f4ede703f69576217b 52640 libdevel extra 
libhtp-dev_0.2.6-2_amd64.deb
 5a3f75d58c6e59a5c8a9d97da5bd66d7 36704 libs extra libhtp1_0.2.6-2_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPA2GDAAoJEMYaZNzxOTmYZdoQAKw02NLczJ+hPW1RbZ8k6mbd
lJyIFCufx1XJlrHODJp6ILnkx3sO3mesS76QDg/PUX3PvxIfxKUo6QZ9NeF2PiRv
B8XGRaYhbUrF/ZUC9TqKyqVrM2dkMKXEfggM0hINlqZTDk3W8an1m7cdCBgiC3h1
4A3F/jg3zQQNrDxyQJSNPL3FPa18KxZBLCGCxg8mDxCp0CmXtfoD/5stKpMt73Dy
3MKV5jouy0JUFT/gH9P/asRyD/hFAezKu8WKBmdqahwHPmuFjm6TMGtkHiryzHWn
gMc/wekvX0ChMAwq3eLvzpJxTnEF75D7DZd/Y0YloDjBAqmyQJ758KbOTZYiLf5c
Vgi6JJvWtpF25qSqL5WaGjb1B/BqzA8oU0DteSDPc4chplFEkGLOcexNe02yAmfJ
Lz8S7CblCQYMoCVHVFKM9iw1Ld+mNoERh/mt4DAkAtqWnNQm7LUhDLPDRQAkS/r7
w6r1+7yOw

Processed: unarchiving 645191

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unarchive 645191
Bug #645191 {Done: Yves-Alexis Perez } [midori] midori: 
doesn't contain source for waf binary code
Unarchived Bug 645191
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
645191: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645191
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654456: gdebi-kde isn't working (possibly passing a wrong command).

[Sergio Cipolla]

Package: gdebi-kde
Version: 0.8.3
Severity: grave
Justification: renders package unusable

Dear Maintainer,
gdebi-kde simply can't install anything probably because it passes a wrong 
command.
For example the picture at http://en.zimagez.com/zimage/snapshot517.php shows 
the command
[kdesu] '/usr/bin/gdebi-kde -n ' /home/pessoa/Downloads/meta-backup-2.1-cli.deb
and that doesn't work. It pops the error window
http://en.zimagez.com/zimage/snapshot614.php

If I run the command from the run window (Alt+F2)
/usr/bin/gdebi-kde -n /home/pessoa/Downloads/meta-backup-2.1-cli.deb
then it works.
So those single quotes <'> are probably out of place.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.1.0-1-486
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gdebi-kde depends on:
ii  gdebi-core   0.8.3
ii  kde-runtime  4:4.7.4-1
ii  kdesudo  3.4.2.4-1
ii  python   2.7.2-9
ii  python-kde4  4:4.7.4-1

Versions of packages gdebi-kde recommends:
ii  shared-mime-info  0.90-1

gdebi-kde suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#622919: Raise severity?

[gregor herrmann]

On Tue, 03 Jan 2012 21:14:23 +0100, gregor herrmann wrote:

> Looking at the diff again (attached for reference), it's quite long
> and also includes documentation fixes.
> I guess we have to look a bit to trim it down to the relevant parts.

Quick attempt (I looked at the diff in upstream 0.67 -> 0.68 and
ripped out the parts from the original patch that had no equivalent
in the upstream diff).

Reviews still appreciated.

Cheers,
gregor
 
-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: Astrud Gilberto: The Puppy Song


signature.asc
Description: Digital signature

Bug#622919: Raise severity?

[gregor herrmann]

On Tue, 03 Jan 2012 21:14:23 +0100, gregor herrmann wrote:

> Looking at the diff again (attached for reference), it's quite long
> and also includes documentation fixes.

2nd attempt

gr 
-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: Leonard Cohen: You Know Who I Am
diff -u libjifty-dbi-perl-0.60/debian/changelog 
libjifty-dbi-perl-0.60/debian/changelog
--- libjifty-dbi-perl-0.60/debian/changelog
+++ libjifty-dbi-perl-0.60/debian/changelog
@@ -1,3 +1,11 @@
+libjifty-dbi-perl (0.60-1+squeeze1) UNRELEASED; urgency=high
+
+  * Team upload.
+  * [SECURITY] Apply patch prepared by upstream that backports fixes for SQL
+injection weaknesses (closes: #622919).
+
+ -- gregor herrmann   Tue, 19 Apr 2011 23:53:52 +0200
+
 libjifty-dbi-perl (0.60-1) unstable; urgency=low
 
   [ Jonathan Yu ]
only in patch2:
unchanged:
--- libjifty-dbi-perl-0.60.orig/lib/Jifty/DBI/Collection.pm
+++ libjifty-dbi-perl-0.60/lib/Jifty/DBI/Collection.pm
@@ -536,6 +536,7 @@
 my $alias = shift;
 my $item  = shift;
 return map $alias ."." . $_ ." as ". $alias ."_". $_,
+#map $_->name, grep { !$_->virtual && !$_->computed } $item->columns;
 map $_->name, grep !$_->virtual, $item->columns;
 }
 
@@ -932,6 +933,58 @@
 return ( $self->next );
 }
 
+=head2 distinct_column_values
+
+Takes a column name and returns distinct values of the column.
+Only values in the current collection are returned.
+
+Optional arguments are C and C to limit number of
+values returned and it makes sense to sort results.
+
+$col->distinct_column_values('column');
+
+$col->distinct_column_values(column => 'column');
+
+$col->distinct_column_values('column', max => 10, sort => 'asc');
+
+=cut
+
+sub distinct_column_values {
+my $self = shift;
+my %args = (
+column => undef,
+sort   => undef,
+max=> undef,
+@_%2 ? (column => @_) : (@_)
+);
+
+return () if $self->derived;
+
+my $query_string = $self->_build_joins;
+if ( $self->_is_limited ) {
+$query_string .= ' '. $self->_where_clause . " ";
+}
+
+my $column = 'main.'. $args{'column'};
+$query_string = 'SELECT DISTINCT '. $column .' FROM '. $query_string;
+
+if ( $args{'sort'} ) {
+$query_string .= ' ORDER BY '. $column
+.' '. ($args{'sort'} =~ /^des/i ? 'DESC' : 'ASC');
+}
+
+my $sth  = $self->_handle->simple_query( $query_string ) or return;
+my $value;
+$sth->bind_col(1, \$value) or return;
+my @col;
+if ($args{max}) {
+push @col, $value while 0 < $args{max}-- && $sth->fetch;
+} else {
+push @col, $value while $sth->fetch;
+}
+return @col;
+}
+
 =head2 items_array_ref
 
 Return a reference to an array containing all objects found by this
@@ -966,7 +1019,7 @@
 L method is used to determine class of the object.
 
 Each record class at least once is loaded using require. This method is
-called each time a record fetched so load atemts are cached to avoid
+called each time a record fetched so load attempts are cached to avoid
 penalties. If you're sure that all record classes are loaded before
 first use then you can override this method.
 
@@ -1023,7 +1076,7 @@
 =head2 redo_search
 
 Takes no arguments.  Tells Jifty::DBI::Collection that the next time
-it's asked for a record, it should requery the database
+it is asked for a record, it should re-execute the query.
 
 =cut
 
@@ -1076,9 +1129,9 @@
 
 =item alias
 
-Unless alias is set, the join criterias will be taken from EXT_LINKcolumn
-and INT_LINKcolumn and added to the criterias.  If alias is set, new
-criterias about the foreign table will be added.
+Unless alias is set, the join criteria will be taken from EXT_LINKcolumn
+and INT_LINKcolumn and added to the criteria.  If alias is set, new
+criteria about the foreign table will be added.
 
 =item column
 
@@ -1100,7 +1153,7 @@
 
 =item "!="
 
-Any other standard SQL comparision operators that your underlying
+Any other standard SQL comparison operators that your underlying
 database supports are also valid.
 
 =item "LIKE"
@@ -1117,7 +1170,7 @@
 
 =item "ends_with"
 
-ENDSWITH is like LIKE, except it prepends a % to the beginning of the string
+ends_with is like LIKE, except it prepends a % to the beginning of the string
 
 =item "IN"
 
@@ -1201,16 +1254,9 @@
 
 # }}}
 
-# Set this to the name of the column and the alias, unless we've been
-# handed a subclause name
-
-my $qualified_column
-= $args{'alias'}
-? $args{'alias'} . "." . $args{'column'}
-: $args{'column'};
-my $clause_id = $args{'subclause'} || $qualified_column;
-
-# XXX: when is column_obj undefined?
+# $column_obj is undefined when the table2 argument to the join is a table
+# name and not a collection

Bug#622919: Raise severity?

[gregor herrmann]

On Tue, 03 Jan 2012 20:54:12 +0100, Moritz Muehlenhoff wrote:

> > On Tue, 19 Apr 2011 19:48:35 +0200, Salvatore Bonaccorso wrote:
> > 
> > > As this about SQL injection weaknesses, should the severity be raised
> > > to grave, as security bug?
> > 
> > Hm, probably yes.
> > 
> > Upstream Changes has more infos:
> > http://cpansearch.perl.org/src/SARTAK/Jifty-DBI-0.68/Changes
> 
> This is still open in stable. Can you fix this for the upcoming
> 6.0.4 Squeeze point update?

Oops!

Yes, sure, if the release team agrees.

(Funnily, there was already a squeeze-branch in svn which didn't make
it into our shiny new git repo, and I still have the files built in
April lying around.)

Looking at the diff again (attached for reference), it's quite long
and also includes documentation fixes.

I guess we have to look a bit to trim it down to the relevant parts.

(CC'ing Yves who might be quicker to provide a minimal patch :))

Cheers,
gregor

-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: Kurt Ostbahn & die Chefpartie


signature.asc
Description: Digital signature

Bug#635541: ark: Directory traversal

[Moritz Muehlenhoff]

On Wed, Dec 21, 2011 at 06:01:08PM +, Jonathan Wiltshire wrote:
> Dear maintainer,
> 
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:
> 
> squeeze (6.0.4)   - use target "stable"
> lenny (5.0.10)- use target "oldstable"
> 
> Please prepare a minimal-changes upload targetting each of these suites,
> and submit a debdiff to the Release Team [0] for consideration. They will
> offer additional guidance or instruct you to upload your package.
> 
> I will happily assist you at any stage if the patch is straightforward and
> you need help. Please keep me in CC at all times so I can
> track the progress of this request.
> 
> For details of this process and the rationale, please see the original
> announcement [1] and my blog post [2].

Dear KDE maintainers,
patch for Squeeze is attached.

Cheers,
Moritz
diff -aur kdeutils-4.4.5.orig/ark/part/part.cpp kdeutils-4.4.5/ark/part/part.cpp
--- kdeutils-4.4.5.orig/ark/part/part.cpp	2010-06-25 20:40:06.0 +0200
+++ kdeutils-4.4.5/ark/part/part.cpp	2012-01-03 17:29:07.253075169 +0100
@@ -500,8 +500,15 @@
 if (!job->error()) {
 const ArchiveEntry& entry =
 m_model->entryForIndex(m_view->selectionModel()->currentIndex());
-const QString fullName =
-m_previewDir->name() + '/' + entry[ FileName ].toString();
+
+QString fullName =
+m_previewDir->name() + QLatin1Char('/') + entry[ FileName ].toString();
+
+// Make sure a maliciously crafted archive with parent folders named ".." do
+// not cause the previewed file path to be located outside the temporary
+// directory, resulting in a directory traversal issue.
+fullName.remove(QLatin1String("../"));
+
 ArkViewer::view(fullName, widget());
 } else {
 KMessageBox::error(widget(), job->errorString());
Nur in kdeutils-4.4.5.orig/: git-6f6c0b18b3569ae2b5b6f65dc7ea626a8b7c03c0.patch.

Bug#622919: Raise severity?

[Moritz Muehlenhoff]

On Tue, Apr 19, 2011 at 11:34:35PM +0200, gregor herrmann wrote:
> severity 622919 serious
> thanks
> 
> On Tue, 19 Apr 2011 19:48:35 +0200, Salvatore Bonaccorso wrote:
> 
> > As this about SQL injection weaknesses, should the severity be raised
> > to grave, as security bug?
> 
> Hm, probably yes.
> 
> Upstream Changes has more infos:
> http://cpansearch.perl.org/src/SARTAK/Jifty-DBI-0.68/Changes

This is still open in stable. Can you fix this for the upcoming
6.0.4 Squeeze point update?

Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652252: ust: diff for NMU version 0.15-3.1

[Jon Bernard]

* gregor herrmann  wrote:
> On Tue, 03 Jan 2012 14:11:34 -0500, Jon Bernard wrote:
> 
> > > I've prepared an NMU for ust (versioned as 0.15-3.1) and
> > > uploaded it to DELAYED/2. Please feel free to tell me if I
> > > should delay it longer.
> > Would you mind delaying this one day longer? I'm right now working on the 
> > new
> > upstream release of 0.16 that will fix this issue. I should have this 
> > tested and
> > uploaded by the end of the day.
> 
> Sure, I've rescheduled it back to 2-day again.

Thank you.

> (I'm also happy to cancel the NMU if you're working on it anyway.)

No no, having a delayed NMU provides great motivation :)

-- 
Jon



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652252: ust: diff for NMU version 0.15-3.1

[gregor herrmann]

On Tue, 03 Jan 2012 14:11:34 -0500, Jon Bernard wrote:

> > I've prepared an NMU for ust (versioned as 0.15-3.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> Would you mind delaying this one day longer? I'm right now working on the new
> upstream release of 0.16 that will fix this issue. I should have this tested 
> and
> uploaded by the end of the day.

Sure, I've rescheduled it back to 2-day again.
(I'm also happy to cancel the NMU if you're working on it anyway.)

Cheers,
gregor
 
-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: Bruce Springsteen: Badlands


signature.asc
Description: Digital signature

Bug#652252: ust: diff for NMU version 0.15-3.1

[Jon Bernard]

* gregor herrmann  wrote:
> tags 652252 + pending
> thanks
> 
> Dear maintainer,
> 
> I've prepared an NMU for ust (versioned as 0.15-3.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Would you mind delaying this one day longer? I'm right now working on the new
upstream release of 0.16 that will fix this issue. I should have this tested and
uploaded by the end of the day.

Cheers

-- 
Jon



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652700: haildb ftbfs if libcloog-ppl0 is not installed

[gregor herrmann]

On Tue, 03 Jan 2012 16:43:32 +, peter green wrote:

> >Hm, builds fine here as-is (i386 sid cowbuilder chroot).
> The issue was initially seen on the armhf and s390x buildds. I
> then reproduced it locally on amd64. I have now reproduced it
> locally on i386 as well.
> I wonder why it works for you.

Mysterious ... I've built it 4 times now, each time in a cowbuilder
chroot:
- on my desktop, i386 chroot
- on my laptop, i386 chroot
- on a server, amd64 chroot plus i386 chroot
and no failure :/

AH!

*cough*

For some unknown reason, libcloog-ppl0 is installed in all 4 chroots.

*sigh*

Sorry for causing you extra efforts to check this ...


Cheers,
gregor

-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: STS: so frei wia ma sein kann


signature.asc
Description: Digital signature

Bug#388141: Handling the copyright mess of the website

[David Prévot]

Hi,

Since this year began with the website being free of the old charset
mess, I wonder if we could continue, and try to address as much as we
can of the copyright/license mess, starting with the copyright.

Talking on IRC with Rhonda and others, we came to the conclusion that
even if we'll have trouble to handle the previous mess, nothing should
stop us to address the future one.

I don't know what would be the best approach for future contributors
(i.e. I don't know if we'll need to ask them explicitly for their
consent, or if a page on our website would be enough), but for current
and past contributors, we need their consent.

We could contact every current contributor, and ask them if they are OK to:
- grant copyright of their future contributions to SPI;
- grant copyright of their past contributions to SPI.

If they refuse to grant copyright of their future contributions to SPI,
or if they don't respond, the first action would be to remove their
commit access, so starting at  2012, all the new content of the
website will be copyright SPI.


We'll then have to contact previous contributors (that don't have commit
access anymore) and ask them to grant copyright of their previous
contributions to SPI.

Once the cleanup is done for future contribution, starting at , we
can tag all previous pages that are not fully copyright SPI, using a tag
that can be handled later with some WML magic, e.g.:

#use wml::debian::copyright years="1997, 1999" holder="John Doe"
#use wml::debian::copyright years="2007-2011" holder="Jane Doe"

if John Doe edited the page in 1997 and 1999 and Jane Doe between 2007
and 2011, and those are the only editors of this page who didn't grant
their copyright to SPI.

We'll of course add this footer in translations too, and maybe some more
lines will be needed there (if translators didn't grant their copyright
to SPI). Translation coordinators will of course be of great help if
they can handle their translated part of the website.


Unless someone objects on the principle, we'll start bugging
coordinators with this request. The DPN could give input about the
better approach to handle and draft these request, I don't know if we
need something as formal as the FSF does for translation [0], asking to
reply on the webmaster@d.o address might be enough (it will be archived
on master.d.o), the same way we ask new developers to agree with DMUP.

0: http://translationproject.org/html/whydisclaim.html

Once the copyright granted to SPI, it will be a lot easier to address
the licensing issue, but I would prefer not to take care of everything
at once (given past experience, trying to do everything at once is
doomed to fail): this is a long standing issue that has seen no update
in years, and as stated, I'd be in favor to
- first: handle copyright for future contributions;
- second: handle copyright for past contributions;
- third: handle copyright exceptions that will allow us to relicense the
website content.

Regards

David



signature.asc
Description: OpenPGP digital signature

Bug#651996: (no subject)

[Barry Warsaw]

We already fixed this in Ubuntu, using an upstream unreleased patch.  I just
tested this out with the Debian version of the package and it fixes the
failure there too.  Here's the diff.

-Barry

=== modified file 'debian/changelog'
--- debian/changelog2011-09-20 10:35:03 +
+++ debian/changelog2012-01-03 18:08:38 +
@@ -1,3 +1,11 @@
+cython (0.15.1-2) UNRELEASED; urgency=low
+
+  * debian/patches/python27-testsuite-fix.patch:
+Fix test suite for Python 2.7 change.  Patch comes from Cython
+upstream, post 0.15.1 release.  (Closes: #651996)
+
+ -- Barry Warsaw   Tue, 03 Jan 2012 13:07:26 -0500
+
 cython (0.15.1-1) unstable; urgency=low
 
   [ Nikolaus Rath ]

=== added file 'debian/patches/python27-testsuite-fix.patch'
--- debian/patches/python27-testsuite-fix.patch 1970-01-01 00:00:00 +
+++ debian/patches/python27-testsuite-fix.patch 2012-01-03 18:06:57 +
@@ -0,0 +1,43 @@
+Description: Upstream fix (post 0.15.1 release) to work around changes
+ in Python 2.7's indexing error message.
+Origin: 
https://github.com/cython/cython/commit/b623fb856a82d2ece1e2f04fb32309384ab0cb7e.diff
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/cython/+bug/901840/+index
+Forwarded: not-needed
+
+diff --git a/tests/run/dict_getitem.pyx b/tests/run/dict_getitem.pyx
+index 845ac7f..40e05e8 100644
+--- a/tests/run/dict_getitem.pyx
 b/tests/run/dict_getitem.pyx
+@@ -21,7 +21,7 @@ def test(dict d, index):
+ 
+ >>> test(None, 1) # doctest: +ELLIPSIS
+ Traceback (most recent call last):
+-TypeError: ...subscriptable...
++TypeError: ...object...
+ """
+ return d[index]
+ 
+diff --git a/tests/run/index.pyx b/tests/run/index.pyx
+index 22cec2b..74eec6e 100644
+--- a/tests/run/index.pyx
 b/tests/run/index.pyx
+@@ -1,15 +1,13 @@
+ __doc__ = u"""
+->>> index_object(100, 100)
++>>> index_object(100, 100)   # doctest: +ELLIPSIS
+ Traceback (most recent call last):
+ ...
+-TypeError: 'int' object is unsubscriptable
++TypeError: 'int' object ...
+ """
+ 
+ import sys
+-if sys.version_info >= (2,7):
+-__doc__ = __doc__.replace(u'is unsubscriptable', u'is not subscriptable')
+-elif sys.version_info < (2,5):
+-__doc__ = __doc__.replace(u"'int' object is unsubscriptable", 
u'unsubscriptable object')
++if sys.version_info < (2,5):
++__doc__ = __doc__.replace(u"'int' object ...", u'unsubscriptable object')
+ 
+ import cython
+ 

=== modified file 'debian/patches/series'
--- debian/patches/series   2011-09-20 10:35:03 +
+++ debian/patches/series   2012-01-03 18:06:57 +
@@ -1,1 +1,2 @@
 deb_tempdisable_numpy_doctests
+python27-testsuite-fix.patch




signature.asc
Description: PGP signature

Bug#634401: extundelete: FTBFS: extundelete.cc:963:47: error: invalid use of incomplete type 'struct opaque_ext2_group_desc'

[Ted Ts'o]

On Tue, Jan 03, 2012 at 11:54:46AM -0600, Eric Sandeen wrote:
> > 
> > I just investigated on this FTBFS issue.
> > 
> > The problem is that extundelete doesn't compile against e2fslibs-dev
> > versions >=1.42. Therefore extundelete was just removed from
> > Debian/testing, so if this bug can't be resolved then extundelete
> > sadly can't be shipped with the upcoming Debian stable release.

The extundelete program also needs to be changed to support 64-bit
file systems.

> > The responsible change in e2fslibs-dev is this one ("libext2fs: make
> > fs->group_desc opaque"):
> > 
> >   
> > http://git.kernel.org/?p=fs/ext2/e2fsprogs.git;a=commit;h=efe0b401465a3ee836180614b5b435acbb84fc27
> > 
> > The commit message talks about EXT2FS_OLD_32_COMPAT which should
> > provide compiling of "Old-style applications who don't want to
> > change their source code". Sadly EXT2FS_OLD_32_COMPAT wasn't
> > implemented in this commit nor in a following one.
> 
> Hm, none of that was in my original commit or message, I think
> Ted added that text on commit, but didn't modify the patch at all.

Yeah, somehow that change got lost.  I'm not sure what happened.

> There are other problems though, I think, in parse_inode_block() for example,
> things in there have changed as well... this tool seems to be getting a little
> to grubby in the ext internals.  I think maybe it should be making
> use of ext2fs_swap_inode() instead.
> 
> > The issue was brought up on the mailinglist of extundelete a few
> > weeks ago, but there wasn't a reaction from upstream since then.
> > 
> > Eric and Theodore - any ideas what's the best way to resolve this
> > issue in the meanwhile?

I'll look at trying to add the backwards compatibility support back
into a future version of e2fsprogs, but really, extundelete should be
updated to use the accessor functions and updated to support 64-bit
file systems.

- Ted



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654380: #654380 (was: nsis: The zmemcpy patch breaks NSISdl::download (at least).)

[Thomas Gaugler]

Hi Odyx,

>> This seems to correspond to RedHat's [RH#734905] and to NSIS's
>> [NSIS#3406350].
>>
> It works indeed. And the patch is shipped since multiple releases in Fedora,
> so I pushed it to nsis' packaging repository:
>
> http://anonscm.debian.org/gitweb/?p=collab-maint/nsis.git;a=commit;h=f89eb1af
>
> Thomas: do you have other things you want in before I can upload nsis with
> that change ?

For completeness the reference to the upstream bug report
Forwarded: http://sf.net/support/tracker.php?aid=3406350
could be added to the debian/patches/static-libgcc-libstdc++.patch file.

Thanks a lot for doing the research and taking care of the issue.

Best regards,
Thomas



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654440: Source package contains non-free IETF RFC/I-D

[Simon Josefsson]

Severity: serious
Package: udt
Version: 4.10-1
User: debian-rele...@lists.debian.org
Usertags: nonfree-doc rfc

Hi!

This source package contains the following files from the
IETF under non-free license terms:

draft-gg-udt-xx.txt

The file contains the follow copyright notice:

   Copyright (c) 2010 IETF Trust and the persons identified as the 
   document authors.  All rights reserved. 

I don't see this reflected in debian/copyright.

The license on RFC/I-Ds is not DFSG-free, see:

 * http://wiki.debian.org/NonFreeIETFDocuments
 * http://bugs.debian.org/199810

According to the squeeze/wheezy release policy, source packages must be
DFSG-free, see:

 * http://release.debian.org/squeeze/rc_policy.txt
 * http://release.debian.org/wheezy/rc_policy.txt

The severity is serious, because this violates the Debian policy:

 * http://www.debian.org/doc/debian-policy/ch-archive.html#s-dfsg

There are (at least) three ways to fix this problem.  In order of
preference:

1. Ask the author of the RFC to re-license the RFC under a free
   license.  A template for this e-mail request can be found at
   http://wiki.debian.org/NonFreeIETFDocuments

2. Remove the non-free material from the source, e.g., by re-packaging
   the upstream archive and adding 'dfsg' to the Debian package
   version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal
or debian-devel in the thread with Subject: "Non-free IETF RFC/I-Ds in
source packages".

Thanks,
Simon



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654438: manual fix

[Frank]

After running
 apt-get install linux-image-2.6.39-bpo.2-ixp4xx

the reported problem occurs (missing initramfs). Manually creating it fixes the 
problem:
 update-initramfs -c -k 2.6.39-bpo.2-ixp4xx
 flash-kernel




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: severity of 649151 is serious

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 649151 serious
Bug #649151 [cdbs] cdbs: documentation missing
Severity set to 'serious' from 'important'

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
649151: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649151
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: git test failures.

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 654422 git/1:1.7.7-1
Bug #654422 {Done: Jonathan Nieder } [src:git] git test 
failures.
Bug Marked as found in versions git/1:1.7.7-1.
> tags 654422 = upstream fixed-upstream
Bug #654422 {Done: Jonathan Nieder } [src:git] git test 
failures.
Added tag(s) upstream and fixed-upstream; removed tag(s) moreinfo.
> # ftbfs
> severity 654422 serious
Bug #654422 {Done: Jonathan Nieder } [src:git] git test 
failures.
Severity set to 'serious' from 'important'

>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
654422: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654422
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#634401: extundelete: FTBFS: extundelete.cc:963:47: error: invalid use of incomplete type 'struct opaque_ext2_group_desc'

[Eric Sandeen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/31/11 6:23 AM, Michael Prokop wrote:
> Hi,
> 
> (original bugreport at the end of the mail, fullquote by intention)
> 
> I just investigated on this FTBFS issue.
> 
> The problem is that extundelete doesn't compile against e2fslibs-dev
> versions >=1.42. Therefore extundelete was just removed from
> Debian/testing, so if this bug can't be resolved then extundelete
> sadly can't be shipped with the upcoming Debian stable release.
> 
> The responsible change in e2fslibs-dev is this one ("libext2fs: make
> fs->group_desc opaque"):
> 
>   
> http://git.kernel.org/?p=fs/ext2/e2fsprogs.git;a=commit;h=efe0b401465a3ee836180614b5b435acbb84fc27
> 
> The commit message talks about EXT2FS_OLD_32_COMPAT which should
> provide compiling of "Old-style applications who don't want to
> change their source code". Sadly EXT2FS_OLD_32_COMPAT wasn't
> implemented in this commit nor in a following one.

Hm, none of that was in my original commit or message, I think
Ted added that text on commit, but didn't modify the patch at all.

> The code of extundelete that's failing to compile is:
> 
>   
> http://anonscm.debian.org/gitweb/?p=forensics/extundelete.git;a=blob;f=src/extundelete.cc;h=d51d45e15081b01e32e781334ba6d431e7adf88f;hb=HEAD#l944

//FIXME: may need to change to be compatible with newer file systems

:)


The point of the change was to prevent this kind of use of ->group_desc:

group_descriptor_table[n] = fs->group_desc[n];

because the size of group_desc may change.  Instead, we need something like:

group_descriptor_table[n] = *ext2fs_group_desc(fs, fs->group_desc, n);

I think my pointer-fu is ok ;)  Maybe a memcpy would be clearer.

There are other problems though, I think, in parse_inode_block() for example,
things in there have changed as well... this tool seems to be getting a little
to grubby in the ext internals.  I think maybe it should be making
use of ext2fs_swap_inode() instead.

- -Eric

> The issue was brought up on the mailinglist of extundelete a few
> weeks ago, but there wasn't a reaction from upstream since then.
> 
> Eric and Theodore - any ideas what's the best way to resolve this
> issue in the meanwhile?
> 
> thanks && regards,
> -mika-
> 
> * Lucas Nussbaum [Die Jul 19, 2011 at 12:01:33 +0200]:
>> Source: extundelete
>> Version: 0.2.0-1
>> Severity: serious
>> Tags: wheezy sid
>> User: debian...@lists.debian.org
>> Usertags: qa-ftbfs-20110718 qa-ftbfs
>> Justification: FTBFS on amd64
> 
>> Hi,
> 
>> During a rebuild of all packages in sid, your package failed to build on
>> amd64.
> 
>> Relevant part:
>>> make[3]: Entering directory 
>>> `/build/extundelete-m9SM_D/extundelete-0.2.0/src'
>>> extundelete.cc: In function 'int load_super_block(ext2_filsys)':
>>> extundelete.cc:963:47: error: invalid use of incomplete type 'struct 
>>> opaque_ext2_group_desc'
>>> /usr/include/ext2fs/ext2fs.h:211:8: error: forward declaration of 'struct 
>>> opaque_ext2_group_desc'
>>> extundelete.cc:963:47: error: no match for 'operator=' in 
>>> '*(group_descriptor_table + ((long unsigned int)(((long unsigned int)n) * 
>>> 32ul))) = * fs->struct_ext2_filsys::group_desc'
>>> extundelete.cc:963:47: note: candidate is:
>>> /usr/include/ext2fs/ext2_fs.h:136:8: note: ext2_group_desc& 
>>> ext2_group_desc::operator=(const ext2_group_desc&)
>>> /usr/include/ext2fs/ext2_fs.h:136:8: note:   no known conversion for 
>>> argument 1 from 'opaque_ext2_group_desc' to 'const ext2_group_desc&'
>>> make[3]: *** [extundelete-extundelete.o] Error 1
> 
>> The full build log is available from:
>>
>> http://people.debian.org/~lucas/logs/2011/07/18/extundelete_0.2.0-1_lsid64.buildlog
> 
>> A list of current common problems and possible solutions is available at 
>> http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
> 
>> About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
>> of the Grid'5000 platform, using a clean chroot.  Internet was not
>> accessible from the build systems.
> 
>> -- 
>> | Lucas Nussbaum
>> | lu...@lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
>> | jabber: lu...@nussbaum.fr GPG: 1024D/023B3F4F |
> 
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPA0DlAAoJECCuFpLhPd7gcrkQAIgVTRLoZyXZO4MO2oNy5GIo
K9bz4N3aX3HdWJ69in3/v40CVD7l9/gZBpBWcwuW8+c85j225vaEfBkD0FoeaZY8
tXNO2zq6Hazi5p1EjIbCyaHpfyl6KKQnskUEANtQ9OEeFj5IVdQ8B1sOzp8Z1lhm
JGDyaCe4XXrGbu70ZzmXqyRS9rQUUU+IGMf2bnq4GQcwbFRJAF9GoSxIQ53TmX2i
/b2pMeASemw5ytt7VsPki/KlTciW8ras5rdKhaO4p5D3UGBjn8DIOUIpBrp6rH16
zKbD67Qrcv4Kv/Tf6uWlw/78E1H3RlrjV/MfEfp3O6lHxXfznuEtvcwItJAhqfDj
imkcX/0XZOoxUe0eVyt0GQ0nbh8o24G8/OcJzlfma9qoTNFVaY+RQOuCz2vxmFUP
XfBrOHgNK/ZmBmXOmZ1SU+Mg2if6DYU9Cnd9hac4ZgJd/XYLbh+qIitGwprXC7Va
OErdheMTQ6Kp/OkKfzh1++4gmAbCcpVnZkwOZ837bLmO3ilQct4YINMvTz9ocQeO
4q3juOqz1xNLj+eb/CvwjEGz0GkvfDPQ6zuP/seC9dIb

Bug#556678: wmaloader: diff for NMU version 0.1-5.1

[Steve McIntyre]

On Fri, Dec 30, 2011 at 07:29:21PM +0100, Julien Cristau wrote:
>tags 556678 + patch
>tags 556678 + pending
>thanks
>
>Hi Steve,
>
>I've prepared an NMU for wmaloader (versioned as 0.1-5.1) and
>uploaded it to DELAYED/2.
>
>Cheers,
>Julien

Awesome, thanks. :-)

I'd forgotten all about this despite uploading loads of NMUs
elsewhere.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"...In the UNIX world, people tend to interpret `non-technical user'
 as meaning someone who's only ever written one device driver." -- Daniel Pead




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654438: [Possible SPAM]-linux-image-2.6.39-bpo.2-ixp4xx: /boot/initrd.img-2.6.39-bpo.2-ixp4xx is missing

[Frank L]

Package: linux-image-2.6.39-bpo.2-ixp4xx
Version: 2.6.39-3~bpo60+1
Severity: grave
Tags: squeeze
Justification: renders package unusable

Note: this is the kernel image for ixp4xx in the squeeze-backports repository

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: armel (armv5tel)

Kernel: Linux 2.6.32-5-kirkwood
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: updating bug 654162

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 654162 normal
Bug #654162 [arduino-core] arduino-core: Unable to compile or upload
Severity set to 'normal' from 'grave'

> tags 654162 upstream patch
Bug #654162 [arduino-core] arduino-core: Unable to compile or upload
Added tag(s) upstream and patch.
> forwarded 654162 m...@mjo.tc
Bug #654162 [arduino-core] arduino-core: Unable to compile or upload
Set Bug forwarded-to-address to 'm...@mjo.tc'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654162
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654162: Arduino 1.0 and MJO Makefile

[Scott Howard]

Hi Martin,

I got a bug on Debian about using the files from 1.0 with your
makefile. He included a breakdown of what doesn't work with 1.0 and a
patch for the makefile.

If you reply, could you keep the debian bug in the CC: please (this
way we log it there so others can see it).

@Andrea: The Makefile comes from:
http://mjo.tc/atelier/2009/02/arduino-cli.html
Now that MJO is releasing the Makefile, I think I'll separate out the
makefile from the arduino-core package and have it depend on
arduino-core. I'll downgrade the bug too since the package isn't
unusable, it works fine with the java bits and if users want the core
libraries. The Makefile, however, is unusable and will be moved to a
separate package once we figure out a working version.

Cheers,
Scott



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654408: marked as done (whiptail crashes)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 17:18:44 +
with message-id 
and subject line Bug#654408: fixed in newt 0.52.14-4
has caused the Debian Bug report #654408,
regarding whiptail crashes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
654408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654408
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: whiptail
Version: 0.52.14-3
Severity: grave
Justification: renders package unusable

This version of whiptail crashes very often:

$ whiptail --yesno  10 40
=== Backtrace: =
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6aa81)[0xf7574a81]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6d864)[0xf7577864]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_malloc+0x5c)[0xf757946c]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(+0x4c8d)[0xf779dc8d]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(+0x4d9a)[0xf779dd9a]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(+0xf42f)[0xf77a842f]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(newtDrawForm+0xcb)[0xf77a1e3f]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(newtFormRun+0x6c)[0xf77a2951]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(newtRunForm+0x24)[0xf77a25b4]
whiptail[0x804c93b]
whiptail[0x804ac13]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xf7520e46]
whiptail[0x80497b1]
=== Memory map: 
08048000-0804e000 r-xp  fd:00 5114293
/usr/bin/whiptail
0804e000-0804f000 r--p 5000 fd:00 5114293
/usr/bin/whiptail
0804f000-0805 rw-p 6000 fd:00 5114293
/usr/bin/whiptail
092b-09355000 rw-p  00:00 0  [heap]
f700-f7021000 rw-p  00:00 0
f7021000-f710 ---p  00:00 0
f718a000-f71a6000 r-xp  fd:00 6553793
/lib/i386-linux-gnu/libgcc_s.so.1
f71a6000-f71a7000 rw-p 0001b000 fd:00 6553793
/lib/i386-linux-gnu/libgcc_s.so.1
f71ba000-f71c1000 r--s  fd:00 4592608
/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
f71c1000-f71c2000 rw-p  00:00 0
f71c2000-f72e2000 r--p 0043a000 fd:00 4721094
/usr/lib/locale/locale-archive
f72e2000-f74e2000 r--p  fd:00 4721094
/usr/lib/locale/locale-archive
f74e2000-f74e4000 rw-p  00:00 0
f74e4000-f7508000 r-xp  fd:00 6553803
/lib/i386-linux-gnu/i686/cmov/libm-2.13.so
f7508000-f7509000 r--p 00023000 fd:00 6553803
/lib/i386-linux-gnu/i686/cmov/libm-2.13.so
f7509000-f750a000 rw-p 00024000 fd:00 6553803
/lib/i386-linux-gnu/i686/cmov/libm-2.13.so
f750a000-f765d000 r-xp  fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f765d000-f765e000 ---p 00153000 fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f765e000-f766 r--p 00153000 fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f766-f7661000 rw-p 00155000 fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f7661000-f7664000 rw-p  00:00 0
f7664000-f766f000 r-xp  fd:00 6553821
/lib/i386-linux-gnu/libpopt.so.0.0.0
f766f000-f767 rw-p a000 fd:00 6553821
/lib/i386-linux-gnu/libpopt.so.0.0.0
f767-f7672000 r-xp  fd:00 6553693
/lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
f7672000-f7673000 r--p 1000 fd:00 6553693
/lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
f7673000-f7674000 rw-p 2000 fd:00 6553693
/lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
f7674000-f7675000 rw-p  00:00 0
f7675000-f774e000 r-xp  fd:00 6553882
/lib/i386-linux-gnu/libslang.so.2.2.4
f774e000-f775f000 rw-p 000d8000 fd:00 6553882
/lib/i386-linux-gnu/libslang.so.2.2.4
f775f000-f7799000 rw-p  00:00 0
f7799000-f77b r-xp  fd:00 4587794
/usr/lib/i386-linux-gnu/libnewt.so.0.52.14
f77b-f77b1000 r--p 00017000 fd:00 4587794
/usr/lib/i386-linux-gnu/libnewt.so.0.52.14
f77b1000-f77b2000 rw-p 00018000 fd:00 4587794
/usr/lib/i386-linux-gnu/libnewt.so.0.52.14
f77c5000-f77c7000 rw-p  00:00 0
f77c7000-f77c8000 r-xp  00:00 0  

Bug#654436: tcc: [amd64] wrong size of size_t

[Thorsten Glaser]

Package: tcc
Version: 0.9.25-11
Severity: serious
Justification: makes the package violate the amd64 psABI

tg@zigo:~/m/mksh $ cat t.c; tcc -run t.c; uname -a; dpkg-query -W tcc
#include 
#include 
int main(void) { printf("%zu, %zu\n", sizeof(size_t), sizeof(ssize_t)); }
4, 8
Linux zigo.mirbsd.org 2.6.32-5-xen-amd64 #1 SMP Wed Jan 12 05:46:49 UTC 2011 
x86_64 GNU/Linux
tcc 0.9.25-11

On an LP64 platform such as Linux/amd64 I’d expect both to
have the size of 8*sizeof(char).

bye,
//mirabilos
-- 
FWIW, I'm quite impressed with mksh interactively. I thought it was much
*much* more bare bones. But it turns out it beats the living hell out of
ksh93 in that respect. I'd even consider it for my daily use if I hadn't
wasted half my life on my zsh setup. :-) -- Frank Terbeck in #!/bin/mksh



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654433: libhtp1: new symbols but unversioned .shlibs

[Sam Hocevar]

Package: libhtp1
Version: 0.2.6-1
Severity: serious
Justification: Policy 8.6.3

   libhtp1 versions add new symbols but do not provide a minimal
version in .shlibs. For instance, I can build a binary with 0.2.6-1
that uses htp_config_register_request_uri_normalize, but that binary
will not run with libhtp1 0.2.3-1.

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (999, 'stable'), (70, 'testing'), (30, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.5-grsec (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libhtp1 depends on:
ii  libc6   2.13-21  Embedded GNU C Library: Shared lib
ii  zlib1g  1:1.2.3.4.dfsg-3 compression library - runtime

libhtp1 recommends no packages.

libhtp1 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654432: bml: FTBFS(any-i386): No rule to make target `BuzzMachineLoader.dll', needed by `all-am'. Stop.

[Christoph Egger]

Package: src:bml
Version: 0.6.0-1
Severity: serious
Tags: sid wheezy
Justification: fails to build from source (but built successfully in the past)

Hi!

Your package failed to build on the buildds:

make[4]: *** No rule to make target `BuzzMachineLoader.dll', needed by 
`all-am'.  Stop.

Full build log at
https://buildd.debian.org/status/fetch.php?pkg=bml&arch=kfreebsd-i386&ver=0.6.0-1&stamp=1324999681

Regards

Christoph



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654430: vips: FTBFS(kfreebsd): fatal error: linux/types.h: No such file or directory

[Christoph Egger]

Package: src:vips
Version: 7.26.7-1
Severity: serious
Tags: sid wheezy
User: debian-...@lists.debian.org
Usertags: kfreebsd
X-Debbugs-Cc: debian-...@lists.debian.org
Justification: fails to build from source (but built successfully in the past)

Hi!

Your package failed to build on the kfreebsd-* buildds:

/bin/bash ../../libtool --tag=CC   --mode=compile gcc -std=gnu99 
-DHAVE_CONFIG_H -I. -I../.. -I../../libvips/include -DG_DISABLE_CAST_CHECKS 
-pthread -fopenmp -I/usr/lib/x86_64-kfreebsd-gnu/glib-2.0/include 
-I/usr/include/pango-1.0 -I/usr/include/orc-0.4 -I/usr/include/libxml2 
-I/usr/include/libpng12 -I/usr/include/libexif -I/usr/include/glib-2.0 
-I/usr/include/freetype2 -I/usr/include/OpenEXR -I/usr/include/ImageMagick  
 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat 
-Wformat-security -Werror=format-security -Wall -c -o im_video_v4l1.lo 
im_video_v4l1.c
libtool: compile:  gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../.. 
-I../../libvips/include -DG_DISABLE_CAST_CHECKS -pthread -fopenmp 
-I/usr/lib/x86_64-kfreebsd-gnu/glib-2.0/include -I/usr/include/pango-1.0 
-I/usr/include/orc-0.4 -I/usr/include/libxml2 -I/usr/include/libpng12 
-I/usr/include/libexif -I/usr/include/glib-2.0 -I/usr/include/freetype2 
-I/usr/include/OpenEXR -I/usr/include/ImageMagick -g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security 
-Wall -c im_video_v4l1.c  -fPIC -DPIC -o .libs/im_video_v4l1.o
im_video_v4l1.c:56:25: fatal error: linux/types.h: No such file or directory
compilation terminated.
make[4]: *** [im_video_v4l1.lo] Error 1

Full build log at
https://buildd.debian.org/status/fetch.php?pkg=vips&arch=kfreebsd-amd64&ver=7.26.7-1&stamp=1325445697

Regards

Christoph

If you have further questions please mail debian-...@lists.debian.org



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654428: blender: FTBFS:

[Christoph Egger]

Package: src:blender
Version: 2.61-1
Severity: serious
Tags: sid wheezy
Justification: fails to build from source (but built successfully in the past)

Hi!

Your package failed to build on the buildds:

[100%] Building CXX object 
extern/libmv/CMakeFiles/extern_libmv.dir/third_party/glog/src/signalhandler.cc.o
cd 
/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/obj-ia64-linux-gnu/extern/libmv
 && /usr/bin/c++   -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
-D_LARGEFILE64_SOURCE -D__LITTLE_ENDIAN__ -DV3DLIB_ENABLE_SUITESPARSE 
-DGOOGLE_GLOG_DLL_DECL="" -DNDEBUG -D__STDC_CONSTANT_MACROS -fopenmp -pipe 
-fPIC -funsigned-char -fno-strict-aliasing  -Wall -Wno-invalid-offsetof 
-Wno-sign-compare  -Wno-deprecated-declarations -Wno-unused-parameter 
-Wno-unused-but-set-variable -O2 -DNDEBUG 
-I/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv 
-I/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/Eigen3 
-I/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/ssba
 
-I/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/ldl/Include
 -I/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/colamd/Include 
-I/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/glog/src
-o CMakeFiles/extern_libmv.dir/third_party/glog/src/signalhandler.cc.o -c 
/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/glog/src/signalhandler.cc
/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/glog/src/signalhandler.cc:
 In function 'void* google::{anonymous}::GetPC(void*)':
/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/glog/src/signalhandler.cc:75:28:
 error: 'mcontext_t' has no member named 'gregs'
/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/extern/libmv/third_party/glog/src/signalhandler.cc:75:28:
 error: 'REG_EIP' was not declared in this scope
make[3]: *** 
[extern/libmv/CMakeFiles/extern_libmv.dir/third_party/glog/src/signalhandler.cc.o]
 Error 1
make[3]: Leaving directory 
`/build/buildd-blender_2.61-1-ia64-WRtBgh/blender-2.61/obj-ia64-linux-gnu'
make[2]: *** [extern/libmv/CMakeFiles/extern_libmv.dir/all] Error 2
make[1]: *** [all] Error 2

Full build log at
https://buildd.debian.org/status/fetch.php?pkg=blender&arch=kfreebsd-amd64&ver=2.61-1&stamp=1325562602

Regards

Christoph



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Processed: relevant bugs for libav transition

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unblock 654237 by 654230 641508 651625 652763 652061
Bug #654237 [release.debian.org] transition: libav 0.8
Was blocked by: 654215 654183 654230 654220 641508 654219 654213 654233 654223 
654212 651625 654232 652763 654229 653887 654221 654224 652061 654222
Removed blocking bug(s) of 654237: 652763, 641508, 652061, 651625, and 654230
> quit
Stopping processing here.

Please contact me if you need assistance.
-- 
654237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654237
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#556068: marked as done (FTBFS with binutils-gold)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 15:36:35 +
with message-id 
and subject line Bug#556068: fixed in poldi 0.4.1-2.1
has caused the Debian Bug report #556068,
regarding FTBFS with binutils-gold
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
556068: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556068
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: poldi
Version: 0.4.1-2
Severity: minor
User: peter.fritzs...@gmx.de
Usertags: no-add-needed

Tried to build your package and it fails to build with GNU binutils-gold. The
important difference is that --no-add-needed is the default behavior of of GNU
binutils-gold. Please provide all needed libraries to the linker when building
your executables.

Objects inside an .a archive aren't linked yet. This means that you must resolve
their symbols when linking to a program.

More informations can be found at
 
http://wiki.debian.org/qa.debian.org/FTBFS#A2009-11-02Packagesfailingbecausebinutils-gold.2BAC8-indirectlinking

x86_64-linux-gnu-gcc -Wall -I../src/util -I../src -Wall -g -O2 -Wall   -o 
parse-test parse_test-parse-test.o ../src/util/libpoldi-util.a -lgcrypt 
/usr/bin/ld: parse_test-parse-test.o: in function main:parse-test.c:83: error: 
undefined reference to 'gpg_strerror'
/usr/bin/ld: parse_test-parse-test.o: in function main:parse-test.c:103: error: 
undefined reference to 'gpg_strerror'
/usr/bin/ld: ../src/util/libpoldi-util.a(libpoldi_util_a-simplelog.o): in 
function log_set_backend_file:/usr/include/gpg-error.h:637: error: undefined 
reference to 'gpg_err_code_from_errno'
/usr/bin/ld: ../src/util/libpoldi-util.a(libpoldi_util_a-simplelog.o): in 
function log_create:/usr/include/gpg-error.h:637: error: undefined reference to 
'gpg_err_code_from_errno'
/usr/bin/ld: ../src/util/libpoldi-util.a(libpoldi_util_a-simpleparse.o): in 
function simpleparse_create:/usr/include/gpg-error.h:637: error: undefined 
reference to 'gpg_err_code_from_errno'
/usr/bin/ld: ../src/util/libpoldi-util.a(libpoldi_util_a-simpleparse.o): in 
function simpleparse_parse:simpleparse.c:376: error: undefined reference to 
'gpg_strerror'
/usr/bin/ld: ../src/util/libpoldi-util.a(libpoldi_util_a-simpleparse.o): in 
function internal_parse_stream:/usr/include/gpg-error.h:637: error: undefined 
reference to 'gpg_err_code_from_errno'
collect2: ld returned 1 exit status
make[3]: *** [parse-test] Error 1


--- End Message ---
--- Begin Message ---
Source: poldi
Source-Version: 0.4.1-2.1

We believe that the bug you reported is fixed in the latest version of
poldi, which is due to be installed in the Debian FTP archive:

libpam-poldi_0.4.1-2.1_amd64.deb
  to main/p/poldi/libpam-poldi_0.4.1-2.1_amd64.deb
poldi_0.4.1-2.1.diff.gz
  to main/p/poldi/poldi_0.4.1-2.1.diff.gz
poldi_0.4.1-2.1.dsc
  to main/p/poldi/poldi_0.4.1-2.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 556...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre  (supplier of updated poldi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 03 Jan 2012 14:57:20 +
Source: poldi
Binary: libpam-poldi
Architecture: source amd64
Version: 0.4.1-2.1
Distribution: unstable
Urgency: low
Maintainer: Joachim Breitner 
Changed-By: Steve McIntyre 
Description: 
 libpam-poldi - PAM module allowing authentication using a OpenPGP smartcard
Closes: 556068
Changes: 
 poldi (0.4.1-2.1) unstable; urgency=low
 .
   * NMU
   * Add -lgpg-error when linking tests, to fix FTBFS. Closes: #556068.
   * Lintian-inspired cleanups:
 + Update debhelper compat level from 4 to 8
 + Add simple initial build-arch and build-indep rules
 + Update Standards-Version
 + Move from dh_clean -k to dh_prep
 + Add versioned debhelper dep on version 8+
 + Add depends on dpkg (>= 1.15.4) | install-info
 + Remove .../info/dir.gz
Checksums-Sha1: 
 85a6d348845b82e5d712384471bf70610cc19c95 1805 poldi_0.4.1-2.1.dsc
 ed45a7ff8507bfe0404f0840bab7b292fd915dbc 7763 poldi_0.4.1-2.1.diff.gz
 dc0166f4f7b92c3f740c1893bb4071c8ddce4302 106586 
libpam-poldi_0.4.1-2.1_amd64.deb
Checksums-Sha256: 
 a244d9d3d9337d2315a1f173dc109b3f717b0a3fcfbd196e62439024a1fd361d 1805 
poldi_0.4.1-2.1.

Bug#556068: NMU diff

[Steve McIntyre]

attached

Cheers,
-- 
Steve McIntyresteve.mcint...@linaro.org
 Linaro.org | Open source software for ARM SoCs
diff -u poldi-0.4.1/debian/rules poldi-0.4.1/debian/rules
--- poldi-0.4.1/debian/rules
+++ poldi-0.4.1/debian/rules
@@ -22,8 +22,9 @@
dh_testdir
CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) 
--build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man 
--infodir=\$${prefix}/share/info --sysconfdir=/etc 
--with-pam-module-directory=/lib/security
 
-
-build: build-stamp
+build-arch: build-stamp
+build-indep: build-stamp
+build: build-arch build-indep
 
 build-stamp:  config.status
dh_testdir
@@ -44,7 +45,7 @@
 install: build
dh_testdir
dh_testroot
-   dh_clean -k 
+   dh_prep
dh_installdirs
 
$(MAKE) install install-conf-skeleton 
DESTDIR=$(CURDIR)/debian/libpam-poldi
@@ -73,6 +74,7 @@
dh_strip
dh_compress
dh_fixperms
+   rm -f $(CURDIR)/debian/libpam-poldi/usr/share/info/dir.gz
 #  dh_perl
 #  dh_python
 #  dh_makeshlibs
diff -u poldi-0.4.1/debian/control poldi-0.4.1/debian/control
--- poldi-0.4.1/debian/control
+++ poldi-0.4.1/debian/control
@@ -3,13 +3,13 @@
 Priority: extra
 Maintainer: Joachim Breitner 
 Uploaders: Lionel Elie Mamane 
-Build-Depends: debhelper (>= 4.0.0), libgcrypt11-dev, libgpg-error-dev, 
libusb-dev, libpam0g-dev, libksba-dev
-Standards-Version: 3.8.2
+Build-Depends: debhelper (>= 8.0.0), libgcrypt11-dev, libgpg-error-dev, 
libusb-dev, libpam0g-dev, libksba-dev
+Standards-Version: 3.9.2
 Homepage: http://www.g10code.com/p-poldi.html
 
 Package: libpam-poldi
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, gpgsm
+Depends: ${shlibs:Depends}, ${misc:Depends}, gpgsm, dpkg (>= 1.15.4) | 
install-info
 Recommends: gnupg (>= 1.4.0)
 Description: PAM module allowing authentication using a OpenPGP smartcard
  This PAM module will allow you to login, screenlock and validate to
diff -u poldi-0.4.1/debian/compat poldi-0.4.1/debian/compat
--- poldi-0.4.1/debian/compat
+++ poldi-0.4.1/debian/compat
@@ -1 +1 @@
-4
+8
diff -u poldi-0.4.1/debian/changelog poldi-0.4.1/debian/changelog
--- poldi-0.4.1/debian/changelog
+++ poldi-0.4.1/debian/changelog
@@ -1,3 +1,18 @@
+poldi (0.4.1-2.1) unstable; urgency=low
+
+  * NMU
+  * Add -lgpg-error when linking tests, to fix FTBFS. Closes: #556068.
+  * Lintian-inspired cleanups:
++ Update debhelper compat level from 4 to 8
++ Add simple initial build-arch and build-indep rules
++ Update Standards-Version
++ Move from dh_clean -k to dh_prep
++ Add versioned debhelper dep on version 8+
++ Add depends on dpkg (>= 1.15.4) | install-info
++ Remove .../info/dir.gz
+
+ -- Steve McIntyre   Tue, 03 Jan 2012 14:57:20 +
+
 poldi (0.4.1-2) unstable; urgency=low
 
   * Install a global scdaemon config file, scdaemon bails out if it does
only in patch2:
unchanged:
--- poldi-0.4.1.orig/tests/Makefile.in
+++ poldi-0.4.1/tests/Makefile.in
@@ -220,7 +220,7 @@
 top_srcdir = @top_srcdir@
 parse_test_SOURCES = parse-test.c
 parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src
-parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt
+parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt 
-lgpg-error
 pam_test_SOURCES = pam-test.c
 pam_test_CFLAGS = -Wall
 pam_test_LDADD = -lpam -lpam_misc

Bug#653941: marked as done (tcc: fail to execute compiled binaries)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 15:18:10 +
with message-id 
and subject line Bug#653941: fixed in tcc 0.9.25-11
has caused the Debian Bug report #653941,
regarding tcc: fail to execute compiled binaries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
653941: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653941
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tcc
Version: 0.9.25-10
Severity: grave
Justification: renders package unusable

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi there,

When compiling with tcc, the resulting binaries can't be executed:

$ echo 'main(){puts("hello");}' | tcc -
$ ./a.out
- -bash: ./a.out: No such file or directory
$ ls -la
total 12
drwxr-xr-x  2 andreas andreas 4096 Jan  1 18:44 .
drwxr-xr-x 62 andreas andreas 4096 Jan  1 18:43 ..
- -rwxrwxr-x  1 andreas andreas 3392 Jan  1 18:43 a.out

Happens on testing and unstable, not on stable.


- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-7-generic (SMP w/2 CPU cores)
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages tcc depends on:
ii  dpkg   1.16.1.2
ii  libc6  2.13-24

Versions of packages tcc recommends:
ii  libc6-dev [libc-dev]  2.13-24

tcc suggests no packages.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPALehAAoJEGHzRCZ03mYkYakP/joJg359TLian5W2iw5GJsrh
eD10kMfnLRv8TkavD/zT5QQp4dSARDrTIKFkEW0ZIKhNYXVJQYIYGRF8ELGELpxG
2odUYs5eVn7ZJr43Ap17CPUFf/OI/mocH9CgUA4ZL73Fx5rsMHkBvPnqz+OZVdRg
ND4XZj8SjZY/j9gG8Yws7AJoOzpuFRBS7sJZWfX0IWMB/BuhIT6vt32HukIGsq74
XrU/XpESJfbNcWbnMiNEO8tsdjQSiNkBGh2bwPNcuSPNZwqPwLmMgijX3pN+EHsI
XCysbXHKkmL1lIHwvFBxt5zfV/Av9nnORMeOsnW1Vs1UZ6sBBrr6rBt79T+rtMJl
dKlaCd9WXy3yfjJ7/JXkJJo7t92q2FfmtedKY8WQrSCyS29CGfSBHYIFQsd89Dkf
6enf1svpPBQTatYd9P8TiIWSZ15IyNwNtLj2vUpsdfoszzVgsacP3jOVdkG60K4R
47wTewhdx81gFTGEVxwT6X3saT96DBDriVrqSp8un1PG6CimXf2vFkx2RHeWeE3o
/D3+pyhAjD626bh0YwjSMllJrDWaICz3P8yw61vi2CMVr0FtzM3b7yhri3lo4M2T
fWPYHkqg1lRe0W7rNaVan9aUUKnfD6PTNfwRDQcRfxyYfAA3JgNtzbjGxqS08Xze
jvWMmceWPXgb8nUFsqVb
=eD/F
-END PGP SIGNATURE-


--- End Message ---
--- Begin Message ---
Source: tcc
Source-Version: 0.9.25-11

We believe that the bug you reported is fixed in the latest version of
tcc, which is due to be installed in the Debian FTP archive:

libtcc-dev_0.9.25-11_amd64.deb
  to main/t/tcc/libtcc-dev_0.9.25-11_amd64.deb
tcc_0.9.25-11.debian.tar.gz
  to main/t/tcc/tcc_0.9.25-11.debian.tar.gz
tcc_0.9.25-11.dsc
  to main/t/tcc/tcc_0.9.25-11.dsc
tcc_0.9.25-11_amd64.deb
  to main/t/tcc/tcc_0.9.25-11_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 653...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Preud'homme  (supplier of updated tcc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 03 Jan 2012 15:53:32 +0100
Source: tcc
Binary: tcc libtcc-dev
Architecture: source amd64
Version: 0.9.25-11
Distribution: unstable
Urgency: medium
Maintainer: Aurélien GÉRÔME 
Changed-By: Thomas Preud'homme 
Description: 
 libtcc-dev - Fast library for dynamic code generation
 tcc- Small ANSI C compiler
Closes: 653941
Changes: 
 tcc (0.9.25-11) unstable; urgency=medium
 .
   * Change ELF interpreter from /lib/ld-linux-x86-64.so.2 — contrary to what
 announces previous entry — to /lib64/ld-linux-x86-64.so.2
 (Closes: #653941).
Checksums-Sha1: 
 d11c02b4e330177eb00f0f4a8bffbe178c647c45 1995 tcc_0.9.25-11.dsc
 e38d4b1e30a7a00662fa73c233811bfd7b33f6c2 37099 tcc_0.9.25-11.debian.tar.gz
 57830ede735ba9cf3afce92cad36630bb76004ee 135430 tcc_0.9.25-11_amd64.deb
 1618e449d0067cdee6fec97a5015df3d458d4fc5 100266 libtcc-dev_0.9.25-11_amd64.deb
Checksums-Sha256: 
 1c56c6cf5811d36c4337f694ab468b62605c07dfef91c2f9e405320605ed9957 1995 
tcc_0.9.25-11.dsc
 82ec6c56848126553d747ef688bb9746771102d81fe6e44556064d844a02b3ad 37099 
tcc_0.9.25-11.debian.tar.gz
 cd12cce55a0503f4cb9673ffca301eb1110ca03edb5f88d2202ce875c75135a5 135430 
tcc_0.9.25-11_amd64.deb
 64e4a12f5dddad75ff629d4c7ff488c7a0f7227e5ba7cd90e0697a3517ba3af3 100266 
libtcc-dev_0.9.25-11_amd64.deb

Bug#638198: marked as done (CVE-2011-2910: Missing return checks)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 15:02:19 +
with message-id 
and subject line Bug#638198: fixed in ax25-tools 0.0.8-13.2
has caused the Debian Bug report #638198,
regarding CVE-2011-2910: Missing return checks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
638198: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638198
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ax25-tools
Severity: grave
Tags: security

Please see http://seclists.org/oss-sec/2011/q3/300

This is CVE-2011-2910. This doesn't warrant a DSA, but could be fixed
in a point update.

Cheers,
Moritz


--- End Message ---
--- Begin Message ---
Source: ax25-tools
Source-Version: 0.0.8-13.2

We believe that the bug you reported is fixed in the latest version of
ax25-tools, which is due to be installed in the Debian FTP archive:

ax25-tools_0.0.8-13.2.diff.gz
  to main/a/ax25-tools/ax25-tools_0.0.8-13.2.diff.gz
ax25-tools_0.0.8-13.2.dsc
  to main/a/ax25-tools/ax25-tools_0.0.8-13.2.dsc
ax25-tools_0.0.8-13.2_i386.deb
  to main/a/ax25-tools/ax25-tools_0.0.8-13.2_i386.deb
ax25-xtools_0.0.8-13.2_i386.deb
  to main/a/ax25-tools/ax25-xtools_0.0.8-13.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 638...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes  (supplier of updated ax25-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 01 Jan 2012 15:13:41 +0100
Source: ax25-tools
Binary: ax25-tools ax25-xtools
Architecture: source i386
Version: 0.0.8-13.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Hamradio Maintainers 
Changed-By: Luk Claes 
Description: 
 ax25-tools - tools for AX.25 interface configuration
 ax25-xtools - tools for AX.25 interface configuration -- X11-based
Closes: 638198
Changes: 
 ax25-tools (0.0.8-13.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
 Closes: #638198.
Checksums-Sha1: 
 1c48fdafb06a751887f76f1363a1373e1e1afc33 1377 ax25-tools_0.0.8-13.2.dsc
 83b7a3ab576984ffa1e48d63e0dc5f6b69328763 134797 ax25-tools_0.0.8-13.2.diff.gz
 43b023adb3050ce6ee91d354db8dc44c533d46c5 228428 ax25-tools_0.0.8-13.2_i386.deb
 85b2060c755247f0eb4f5e84e37029b8def4b27e 43034 ax25-xtools_0.0.8-13.2_i386.deb
Checksums-Sha256: 
 3c31566df0054a0b62abdcf4ee4c5f10df71c4d2373178d932a8e870dce7a588 1377 
ax25-tools_0.0.8-13.2.dsc
 7048bef4719dff8976da4bc2cd78bbdb9ae90312280189da513f401766376247 134797 
ax25-tools_0.0.8-13.2.diff.gz
 26ef7f54a09505810220dff9ea8b59aafa992f1438fc45231c66b651f79af908 228428 
ax25-tools_0.0.8-13.2_i386.deb
 9cb2b57a3fc6505adaf06b1701082c5c97064d665cdd2b71541ead371766a26e 43034 
ax25-xtools_0.0.8-13.2_i386.deb
Files: 
 f8e828efa5180b260b26143ed514e772 1377 hamradio extra ax25-tools_0.0.8-13.2.dsc
 9e3a96e23a74c97886e1a587dde6c5e9 134797 hamradio extra 
ax25-tools_0.0.8-13.2.diff.gz
 2d3993cc0c9c46131d48d92b021a92d5 228428 hamradio extra 
ax25-tools_0.0.8-13.2_i386.deb
 7972abbe04494f64a7f898ee6c0f6118 43034 hamradio extra 
ax25-xtools_0.0.8-13.2_i386.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8Aa10ACgkQ5UTeB5t8Mo0cAACfeSgWh5XCHy6ZiQVbkFkU2hSC
0HUAn38s/RxOlp3knsjfMCTONbVAqc3E
=IHuO
-END PGP SIGNATURE-


--- End Message ---

Bug#654408: whiptail crashes

[Jakub Wilk]

Package: whiptail
Version: 0.52.14-3
Severity: grave
Justification: renders package unusable

This version of whiptail crashes very often:

$ whiptail --yesno  10 40
=== Backtrace: =
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6aa81)[0xf7574a81]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6d864)[0xf7577864]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_malloc+0x5c)[0xf757946c]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(+0x4c8d)[0xf779dc8d]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(+0x4d9a)[0xf779dd9a]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(+0xf42f)[0xf77a842f]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(newtDrawForm+0xcb)[0xf77a1e3f]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(newtFormRun+0x6c)[0xf77a2951]
/usr/lib/i386-linux-gnu/libnewt.so.0.52(newtRunForm+0x24)[0xf77a25b4]
whiptail[0x804c93b]
whiptail[0x804ac13]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xf7520e46]
whiptail[0x80497b1]
=== Memory map: 
08048000-0804e000 r-xp  fd:00 5114293
/usr/bin/whiptail
0804e000-0804f000 r--p 5000 fd:00 5114293
/usr/bin/whiptail
0804f000-0805 rw-p 6000 fd:00 5114293
/usr/bin/whiptail
092b-09355000 rw-p  00:00 0  [heap]
f700-f7021000 rw-p  00:00 0
f7021000-f710 ---p  00:00 0
f718a000-f71a6000 r-xp  fd:00 6553793
/lib/i386-linux-gnu/libgcc_s.so.1
f71a6000-f71a7000 rw-p 0001b000 fd:00 6553793
/lib/i386-linux-gnu/libgcc_s.so.1
f71ba000-f71c1000 r--s  fd:00 4592608
/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
f71c1000-f71c2000 rw-p  00:00 0
f71c2000-f72e2000 r--p 0043a000 fd:00 4721094
/usr/lib/locale/locale-archive
f72e2000-f74e2000 r--p  fd:00 4721094
/usr/lib/locale/locale-archive
f74e2000-f74e4000 rw-p  00:00 0
f74e4000-f7508000 r-xp  fd:00 6553803
/lib/i386-linux-gnu/i686/cmov/libm-2.13.so
f7508000-f7509000 r--p 00023000 fd:00 6553803
/lib/i386-linux-gnu/i686/cmov/libm-2.13.so
f7509000-f750a000 rw-p 00024000 fd:00 6553803
/lib/i386-linux-gnu/i686/cmov/libm-2.13.so
f750a000-f765d000 r-xp  fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f765d000-f765e000 ---p 00153000 fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f765e000-f766 r--p 00153000 fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f766-f7661000 rw-p 00155000 fd:00 6553808
/lib/i386-linux-gnu/i686/cmov/libc-2.13.so
f7661000-f7664000 rw-p  00:00 0
f7664000-f766f000 r-xp  fd:00 6553821
/lib/i386-linux-gnu/libpopt.so.0.0.0
f766f000-f767 rw-p a000 fd:00 6553821
/lib/i386-linux-gnu/libpopt.so.0.0.0
f767-f7672000 r-xp  fd:00 6553693
/lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
f7672000-f7673000 r--p 1000 fd:00 6553693
/lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
f7673000-f7674000 rw-p 2000 fd:00 6553693
/lib/i386-linux-gnu/i686/cmov/libdl-2.13.so
f7674000-f7675000 rw-p  00:00 0
f7675000-f774e000 r-xp  fd:00 6553882
/lib/i386-linux-gnu/libslang.so.2.2.4
f774e000-f775f000 rw-p 000d8000 fd:00 6553882
/lib/i386-linux-gnu/libslang.so.2.2.4
f775f000-f7799000 rw-p  00:00 0
f7799000-f77b r-xp  fd:00 4587794
/usr/lib/i386-linux-gnu/libnewt.so.0.52.14
f77b-f77b1000 r--p 00017000 fd:00 4587794
/usr/lib/i386-linux-gnu/libnewt.so.0.52.14
f77b1000-f77b2000 rw-p 00018000 fd:00 4587794
/usr/lib/i386-linux-gnu/libnewt.so.0.52.14
f77c5000-f77c7000 rw-p  00:00 0
f77c7000-f77c8000 r-xp  00:00 0  [vdso]
f77c8000-f77e3000 r-xp  fd:00 6555602
/lib/i386-linux-gnu/ld-2.13.so
f77e3000-f77e4000 r--p 0001b000 fd:00 6555602
/lib/i386-linux-gnu/ld-2.13.so
f77e4000-f77e5000 rw-p 0001c000 fd:00 6555602
/lib/i386-linux-gnu/ld-2.13.so
ff7e6000-ff807000 rw-p  00:00 0  [stack]
Aborted


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-rc7-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages whiptail depends on:
ii  libc6   

Bug#652700: haildb ftbfs if libcloog-ppl0 is not installed

[gregor herrmann]

On Tue, 20 Dec 2011 05:35:15 +, peter green wrote:

> haildb ftbfs in wheezy and sid with the following error
> 
> "sorry, unimplemented: Graphite loop optimizations can only be used
> if the libcloog-ppl0 package is installed"

Hm, builds fine here as-is (i386 sid cowbuilder chroot).
 
Cheers,
gregor

-- 
 .''`.   Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-NP: St Louis Jimmy Oden: Florida hurricane


signature.asc
Description: Digital signature

Bug#516394: [please]

[Sergiusz Pawlowicz]

Dear Security Team,
Could you please try to forge my DNS cache, the address is: 127.0.0.1,
or ::1, if you prefer to attack it through IPv6.

Serge



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654406: orig.tar.gz as shipped contains staging/garbage

[Michael Tokarev]

Source: id3v2
Version: 0.1.12-2
Severity: serious

Here's the complete listing of .orig.tar.gz as of version 0.1.12:

drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:29 id3v2-0.1.12/
-rw-r--r-- nagilo/nagilo 19552 2010-03-27 02:28 id3v2-0.1.12/list.o
-rw-r--r-- nagilo/nagilo  6012 2010-03-27 02:26 id3v2-0.1.12/frametable.h
-rw-r--r-- nagilo/nagilo  6843 2010-03-27 02:26 id3v2-0.1.12/convert.cpp
-rw-r--r-- nagilo/nagilo 0 2010-03-27 02:26 id3v2-0.1.12/build-stamp
-rw-r--r-- nagilo/nagilo 27712 2010-03-27 02:26 id3v2-0.1.12/id3v2.cpp
-rw-r--r-- nagilo/nagilo   620 2010-03-27 02:28 id3v2-0.1.12/Makefile
-rw-r--r-- nagilo/nagilo 28160 2010-03-27 02:28 id3v2-0.1.12/id3v2.o
-rw-r--r-- nagilo/nagilo 12361 2010-03-27 02:26 id3v2-0.1.12/list.cpp
-rw-r--r-- nagilo/nagilo  2774 2010-03-27 02:26 id3v2-0.1.12/genre.cpp
-rw-r--r-- nagilo/nagilo 0 2010-03-27 02:26 id3v2-0.1.12/ChangeLog
-rw-r--r-- nagilo/nagilo 27671 2010-03-27 02:26 id3v2-0.1.12/COPYING
-rw-r--r-- nagilo/nagilo 13072 2010-03-27 02:28 id3v2-0.1.12/convert.o
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:26 id3v2-0.1.12/debian/
-rwxr-xr-x nagilo/nagilo  1410 2010-03-27 02:26 id3v2-0.1.12/debian/rules
-rw-r--r-- nagilo/nagilo15 2010-03-27 02:26 id3v2-0.1.12/debian/docs
-rw-r--r-- nagilo/nagilo   316 2010-03-27 02:26 id3v2-0.1.12/debian/copyright
-rw-r--r-- nagilo/nagilo   291 2010-03-27 02:26 id3v2-0.1.12/debian/control
-rw-r--r-- nagilo/nagilo   463 2010-03-27 02:26 id3v2-0.1.12/debian/changelog
-rw-r--r-- nagilo/nagilo 8 2010-03-27 02:26 id3v2-0.1.12/debian/dirs
-rwxr-xr-x nagilo/nagilo 51157 2010-03-27 02:28 id3v2-0.1.12/id3v2
-rw-r--r-- nagilo/nagilo  1344 2010-03-27 02:26 id3v2-0.1.12/create_map.cpp
-rw-r--r-- nagilo/nagilo  1010 2010-03-27 02:26 id3v2-0.1.12/genre.h
-rw-r--r-- nagilo/nagilo  5396 2010-03-27 02:28 id3v2-0.1.12/genre.o
-rw-r--r-- nagilo/nagilo  1427 2010-03-27 02:26 id3v2-0.1.12/id3v2.1
-rw-r--r-- nagilo/nagilo   332 2010-03-27 02:26 id3v2-0.1.12/INSTALL
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:27 id3v2-0.1.12/.git/
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:22 id3v2-0.1.12/.git/hooks/
-rwxr-xr-x nagilo/nagilo   398 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/pre-applypatch.sample
-rwxr-xr-x nagilo/nagilo   160 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/post-commit.sample
-rwxr-xr-x nagilo/nagilo  1219 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/prepare-commit-msg.sample
-rwxr-xr-x nagilo/nagilo   894 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/commit-msg.sample
-rwxr-xr-x nagilo/nagilo   552 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/post-receive.sample
-rwxr-xr-x nagilo/nagilo   452 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/applypatch-msg.sample
-rwxr-xr-x nagilo/nagilo  3609 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/update.sample
-rwxr-xr-x nagilo/nagilo  4942 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/pre-rebase.sample
-rwxr-xr-x nagilo/nagilo   189 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/post-update.sample
-rwxr-xr-x nagilo/nagilo  1576 2010-03-27 02:22 
id3v2-0.1.12/.git/hooks/pre-commit.sample
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:22 id3v2-0.1.12/.git/branches/
-rw-r--r-- nagilo/nagilo41 2010-03-27 02:23 id3v2-0.1.12/.git/ORIG_HEAD
-rw-r--r-- nagilo/nagilo54 2010-03-27 02:27 id3v2-0.1.12/.git/COMMIT_EDITMSG
-rw-r--r-- nagilo/nagilo  1632 2010-03-27 02:27 id3v2-0.1.12/.git/index
-rw-r--r-- nagilo/nagilo91 2010-03-27 02:23 id3v2-0.1.12/.git/FETCH_HEAD
-rw-r--r-- nagilo/nagilo   283 2010-03-27 02:23 id3v2-0.1.12/.git/config
-rw-r--r-- nagilo/nagilo23 2010-03-27 02:23 id3v2-0.1.12/.git/HEAD
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:23 id3v2-0.1.12/.git/refs/
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:27 id3v2-0.1.12/.git/refs/heads/
-rw-r--r-- nagilo/nagilo41 2010-03-27 02:27 
id3v2-0.1.12/.git/refs/heads/master
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:22 id3v2-0.1.12/.git/refs/tags/
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:23 id3v2-0.1.12/.git/refs/remotes/
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:23 
id3v2-0.1.12/.git/refs/remotes/origin/
-rw-r--r-- nagilo/nagilo32 2010-03-27 02:23 
id3v2-0.1.12/.git/refs/remotes/origin/HEAD
-rw-r--r-- nagilo/nagilo73 2010-03-27 02:22 id3v2-0.1.12/.git/description
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:22 id3v2-0.1.12/.git/info/
-rw-r--r-- nagilo/nagilo   240 2010-03-27 02:22 id3v2-0.1.12/.git/info/exclude
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:23 id3v2-0.1.12/.git/logs/
-rw-r--r-- nagilo/nagilo   379 2010-03-27 02:27 id3v2-0.1.12/.git/logs/HEAD
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:23 id3v2-0.1.12/.git/logs/refs/
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:23 
id3v2-0.1.12/.git/logs/refs/heads/
-rw-r--r-- nagilo/nagilo   379 2010-03-27 02:27 
id3v2-0.1.12/.git/logs/refs/heads/master
-rw-r--r-- nagilo/nagilo94 2010-03-27 02:23 id3v2-0.1.12/.git/packed-refs
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:27 id3v2-0.1.12/.git/objects/
drwxr-xr-x nagilo/nagilo 0 2010-03-27 02:27 id3v2-0.1.12/.git/objects/55/
-r--r-

Processed: affects 654380

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 654380 win32-loader
Bug #654380 [nsis] nsis: build with recent mingw breaks NSISdl plugin
Added indication that 654380 affects win32-loader
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#654380: #654380 (was: nsis: The zmemcpy patch breaks NSISdl::download (at least).)

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 654380 + pending
Bug #654380 [nsis] nsis: build with recent mingw breaks NSISdl plugin
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654380: #654380 (was: nsis: The zmemcpy patch breaks NSISdl::download (at least).)

[Didier Raboud]

tags 654380 + pending
thanks

> Le mardi, 3 janvier 2012 11.00:10, Didier Raboud a écrit :
> 
> This seems to correspond to RedHat's [RH#734905] and to NSIS's
> [NSIS#3406350].
> 
> I'm currently trying a build with the attached patch and will report back
> if it works or not.

It works indeed. And the patch is shipped since multiple releases in Fedora, 
so I pushed it to nsis' packaging repository:

http://anonscm.debian.org/gitweb/?p=collab-maint/nsis.git;a=commit;h=f89eb1af

Thomas: do you have other things you want in before I can upload nsis with 
that change ?

Cheers,

OdyX


signature.asc
Description: This is a digitally signed message part.

Processed: correct bug number

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 640688 patch
Bug #640688 [src:slxfig] slxfig: FTBFS: configure: error: unable to find the 
slang library and header file slang.h
Added tag(s) patch.
> user debian-d...@lists.debian.org
Setting user to debian-d...@lists.debian.org (was randomact...@ubuntu.com).
> usertags 640688 multiarch
Bug#640688: slxfig: FTBFS: configure: error: unable to find the slang library 
and header file slang.h
There were no usertags set.
Usertags are now: multiarch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
640688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640688
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654319: sarg: FTBFS: Can't exec "cmake": No such file or directory

[Christoph Egger]

Hi!

Luigi Gangitano  writes:
> I cannot reproduce this bug, can you please check the debhelper
> version on the box? Since sarg uses debhelper for all of its building,
> this should definitely be a debhelper bug, not a sarg one.

  As sarg fails on all 13 buildds I strongly doubt it is a buildd
problem. Have you ever checked to build your package in a clean chroot
(like sbuild or pbuilder)? Are you sure your build-dependencies are
correct? I can, for instance, not see any dependency on cmake.

Regards

Christoph



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653321: marked as done (fabric: Missing dependency on python-paramiko)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 13:02:39 +
with message-id 
and subject line Bug#653321: fixed in fabric 1.3.2-5
has caused the Debian Bug report #653321,
regarding fabric: Missing dependency on python-paramiko
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
653321: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653321
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: fabric
Version: 1.3.2-4
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch



*** /tmp/tmpIpyzn0/bug_body
In Ubuntu, the attached patch was applied to achieve the following:


  * Add python-paramiko to build dependencies (fixes FTBFS)
- update debian/control


Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 
'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-13-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru fabric-1.3.2/debian/changelog fabric-1.3.2/debian/changelog
diff -Nru fabric-1.3.2/debian/control fabric-1.3.2/debian/control
--- fabric-1.3.2/debian/control	2011-12-14 10:44:56.0 -0600
+++ fabric-1.3.2/debian/control	2011-12-26 15:53:57.0 -0600
@@ -1,12 +1,12 @@
 Source: fabric
 Section: net
 Priority: optional
 Maintainer: Chris Lamb 
 Build-Depends: debhelper (>= 7.0.50~)
-Build-Depends-Indep: python-support, python-setuptools, python-sphinx
+Build-Depends-Indep: python-support, python-setuptools, python-sphinx, python-paramiko
 Standards-Version: 3.9.2
 Vcs-Git: git://github.com/lamby/pkg-fabric.git
 Vcs-Browser: https://github.com/lamby/pkg-fabric
 Homepage: http://fabfile.org/
 
 Package: fabric
--- End Message ---
--- Begin Message ---
Source: fabric
Source-Version: 1.3.2-5

We believe that the bug you reported is fixed in the latest version of
fabric, which is due to be installed in the Debian FTP archive:

fabric_1.3.2-5.debian.tar.gz
  to main/f/fabric/fabric_1.3.2-5.debian.tar.gz
fabric_1.3.2-5.dsc
  to main/f/fabric/fabric_1.3.2-5.dsc
fabric_1.3.2-5_all.deb
  to main/f/fabric/fabric_1.3.2-5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 653...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb  (supplier of updated fabric package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Tue, 03 Jan 2012 12:43:42 +
Source: fabric
Binary: fabric
Architecture: source all
Version: 1.3.2-5
Distribution: unstable
Urgency: low
Maintainer: Chris Lamb 
Changed-By: Chris Lamb 
Description: 
 fabric - Simple Pythonic remote deployment tool
Closes: 653321 653322
Changes: 
 fabric (1.3.2-5) unstable; urgency=low
 .
   * Move to dh_python2 from python-support. Patch by/via Micah Gersten
 . (Closes: #653322)
   * Add missing python-paramiko to Build-Depends. (Closes: #653321)
Checksums-Sha1: 
 bcdda123bafb6a11c6bb3aa046f75512ecc04d3c 1185 fabric_1.3.2-5.dsc
 e7f8c86bc4fe2709c7af8a76c05e77eb0f9a9d9f 4264 fabric_1.3.2-5.debian.tar.gz
 af634e965e8ca6506a90d20617f56d0a0900aaf1 308350 fabric_1.3.2-5_all.deb
Checksums-Sha256: 
 4372b92104457abeb78dadee814e97ffde883409c3d0a5bd0359213de0419a83 1185 
fabric_1.3.2-5.dsc
 31a25000f8e2e58aee68d64c75a08e7186b65ad683e05f56ba8cc73e485506bd 4264 
fabric_1.3.2-5.debian.tar.gz
 c4fc3a85745e53c097aee24616c7f20e29a0954f61a795ff7917759edb20a4c1 308350 
fabric_1.3.2-5_all.deb
Files: 
 46c568b122533315e4ce20576406491c 1185 net optional fabric_1.3.2-5.dsc
 8a760192a77a1be97c3b3021ea884b41 4264 net optional fabric_1.3.2-5.debian.tar.gz
 474609da1e30416f3c6186d359d89bfc 308350 net optional fabric_1.3.2-5_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8C+Z4ACgkQ5/8uW2NPmiCI3QCfVJ4v3qTdvrQgeChn+whyEWmf
xwoAnAklBddb9Ix35GXPce0zVEbSEHoj
=/K7m
-END PGP SIGNATURE-


--- End Message ---

Processed: slxfig: FTBFS: configure: error: unable to find the slang library and header file slang.h

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 622051 patch
Bug #622051 [src:isakmpd] isakmpd: FTBFS: (.text+0x4f): undefined reference to 
`inflateEnd'
Ignoring request to alter tags of bug #622051 to the same tags previously set
> user debian-d...@lists.debian.org
Setting user to debian-d...@lists.debian.org (was randomact...@ubuntu.com).
> usertags 622051 multiarch
Bug#622051: isakmpd: FTBFS: (.text+0x4f): undefined reference to `inflateEnd'
Usertags were: multiarch.
Usertags are now: multiarch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
622051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#640688: slxfig: FTBFS: configure: error: unable to find the slang library and header file slang.h

[Ilya Barygin]

tags 622051 patch
user debian-d...@lists.debian.org
usertags 622051 multiarch
thanks

Hello, here's a patch from Ubuntu:
https://launchpad.net/ubuntu/+source/slxfig/0.2.0~.35-1ubuntu1

diff -u slxfig-0.2.0~.35/debian/rules slxfig-0.2.0~.35/debian/rules
--- slxfig-0.2.0~.35/debian/rules
+++ slxfig-0.2.0~.35/debian/rules
@@ -6,6 +6,9 @@
 DEB_MAKE_BUILD_TARGET := all RPATH=
 DEB_MAKE_INSTALL_TARGET := install datarootdir=/usr/share  \
   DESTDIR=$(DEB_DESTDIR)
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_CONFIGURE_EXTRA_FLAGS +=
--with-slanglib=/usr/lib/$(DEB_HOST_MULTIARCH) \
+  --with-slanginc=/usr/include

 pkg = slxfig
 ver = 0



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#653321: fabric: Missing dependency on python-paramiko

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 653321 + pending
Bug #653321 [fabric] fabric: Missing dependency on python-paramiko
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
653321: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653321
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#653321: fabric: Missing dependency on python-paramiko

[Chris Lamb]

tags 653321 + pending
thanks

>   * Add python-paramiko to build dependencies (fixes FTBFS)
> - update debian/control

Thanks for the patch; pending upload.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org
   `-


signature.asc
Description: PGP signature

Bug#627152: [Pkg-alsa-devel] Bug#627152: alsa-source: problem exists with i868 also (linux-headers-2.6.38-2-686)

[Jordi Mallach]

On Thu, Dec 29, 2011 at 11:31:51AM +0100, Julien Cristau wrote:
> Can that "soon" be "now"?

I'm extremely busy until the 22nd, but I can try my best. If that doesn't
work out, I'll have a look at the end of the month.

-- 
Jordi Mallach Pérez  --  Debian developer http://www.debian.org/
jo...@sindominio.net jo...@debian.org http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#652257: marked as done (frama-c: FTBFS: configure: error: cannot find OcamlGraph in the current directory.)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 11:32:23 +
with message-id 
and subject line Bug#652257: fixed in frama-c 20111001+nitrogen+dfsg-1
has caused the Debian Bug report #652257,
regarding frama-c: FTBFS: configure: error: cannot find OcamlGraph in the 
current directory.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
652257: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652257
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: frama-c
Version: 20110201+carbon+dfsg-2
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20111210 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> make[1]: Entering directory 
> `/build/frama-c-5xZIPw/frama-c-20110201+carbon+dfsg'
> mkdir -p lib/plugins
> mkdir -p lib/gui
> touch .depend .make-clean .make-clean-stamp
> [ ! -f src/kernel/config.ml ] || cp src/kernel/config.ml 
> src/kernel/config.ml.debian
> ./configure  --prefix=/usr   \
>   --mandir=\${prefix}/share/man   \
>   --infodir=\${prefix}/share/info \
>   --datarootdir=\${prefix}/share  \
>   --disable-impact \
>   --disable-security   \
>   --enable-verbosemake \
>   CFLAGS=""   \
>   LDFLAGS="-Wl,-z,defs"
> configure: WARNING: unrecognized options: --disable-security
> configure: **
> configure: * CONFIGURE MAKE *
> configure: **
> checking for make... make
> make version is GNU Make 3.81: Good!
> Make will be verbose.
> configure: *
> configure: * CONFIGURE OCAML COMPILERS *
> configure: *
> checking for ocamlc... ocamlc
> OCaml version is 3.12.1: good!
> ocaml library path is /usr/lib/ocaml
> checking for ocamlopt... ocamlopt
> checking ocamlopt version and standard library... ok
> checking for ocamlc.opt... ocamlc.opt
> checking ocamlc.opt version and standard library... ok
> checking for ocamlopt.opt... ocamlopt.opt
> checking ocamlc.opt version and standard library... ok
> configure: ***
> configure: * CONFIGURE MANDATORY TOOLS AND LIBRARIES *
> configure: ***
> checking for ocamldep... ocamldep
> checking for ocamldep.opt... ocamldep.opt
> checking for ocamllex... ocamllex
> checking for ocamllex.opt... ocamllex.opt
> checking for ocamlyacc... ocamlyacc
> checking for /usr/lib/ocaml/ocamlgraph/graph.cmx... yes
> configure: OcamlGraph 1.8.1 is incompatible with Frama-C.
> configure: switching to OcamlGraph provided by Frama-C
> checking for ocamlgraph... no
> checking for ocamlgraph.tar.gz... no
> configure: error: cannot find OcamlGraph in the current directory.
>Quite strange: would your Frama-C distribution be corrupted?
>Anyway:
>1. download the latest version from http://ocamlgraph.lri.fr/download
>2. install it by './configure && make && make install'
>3. rerun ./configure here
> make[1]: *** [override_dh_auto_configure] Error 1

The full build log is available from:
   
http://people.debian.org/~lucas/logs/2011/12/10/frama-c_20110201+carbon+dfsg-2_lsid64.buildlog

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.


--- End Message ---
--- Begin Message ---
Source: frama-c
Source-Version: 20111001+nitrogen+dfsg-1

We believe that the bug you reported is fixed in the latest version of
frama-c, which is due to be installed in the Debian FTP archive:

frama-c-base_20111001+nitrogen+dfsg-1_amd64.deb
  to main/f/frama-c/frama-c-base_20111001+nitrogen+dfsg-1_amd64.deb
frama-c_20111001+nitrogen+dfsg-1.debian.tar.gz
  to main/f/frama-c/frama-c_20111001+nitrogen+dfsg-1.debian.tar.gz
frama-c_20111001+nitrogen+dfsg-1.dsc
  to main/f/frama-c/frama-c_20111001+nitrogen+dfsg-1.dsc
frama-c_20111001+nitrogen+dfsg-1_amd64.deb
  to main/f/frama-c/frama-c_20111001+nitrogen+dfsg-1_amd64.deb
frama-c_20111001+nitrogen+dfsg.orig.tar.gz
  to main/f/frama-c/frama-c_20111001+nitrogen+dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments pl

Processed: More information on #635321 required

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 635321 important
Bug #635321 [libsoundtouch0] memory corruption when using bpmdetect
Severity set to 'important' from 'grave'

> tags 635321 moreinfo
Bug #635321 [libsoundtouch0] memory corruption when using bpmdetect
Added tag(s) moreinfo.
> tags 635321 - confirmed
Bug #635321 [libsoundtouch0] memory corruption when using bpmdetect
Removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
635321: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635321
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#635321: More information on #635321 required

[Alessio Treglia]

severity 635321 important
tags 635321 moreinfo
tags 635321 - confirmed
thanks

Hi,

I cannot reproduce this anymore.
I set a lower severity for now as we're waiting for more
information from the reporter.

Regards,

-- 
Alessio Treglia  | www.alessiotreglia.com
Debian Developer | ales...@debian.org
Ubuntu Core Developer| quadris...@ubuntu.com
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: #654380 (was: nsis: The zmemcpy patch breaks NSISdl::download (at least).)

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 654380 nsis: build with recent mingw breaks NSISdl plugin
Bug #654380 [nsis] nsis: The zmemcpy patch breaks NSISdl::download (at least).
Changed Bug title to 'nsis: build with recent mingw breaks NSISdl plugin' from 
'nsis: The zmemcpy patch breaks NSISdl::download (at least).'
> tags 654380 + upstream
Bug #654380 [nsis] nsis: build with recent mingw breaks NSISdl plugin
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654380
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654380: #654380 (was: nsis: The zmemcpy patch breaks NSISdl::download (at least).)

[Didier Raboud]

retitle 654380 nsis: build with recent mingw breaks NSISdl plugin
tags 654380 + upstream
thanks

Le mardi, 3 janvier 2012 11.00:10, Didier Raboud a écrit :
> Package: nsis
> Version: 2.46-6
> Severity: serious
> Justification: Breaks win32-loader
> 
> Hi Thomas,
> 
> it seems that the zmemcpy patch currently breaks the win32-loader build by
> making NSISdl::download fail.
> 
> To reproduce that: try win32-loader 0.7.4.2 as built with nsis 2.46-5 [0]
> and try (works with wine). Now try to rebuild it from source with nsis
> 2.46-6 installed; it will fail at the first NSISdl::download call time.

Hmm. After more investigation, it seems that said patch is not the culprit.

My issue is that NSISdl::download doesn't work anymore; when run in wine, the
console shows:

err:module:import_dll Library libgcc_s_sjlj-1.dll (which is needed by 
L"C:\\windows\\temp\\nsg1012.tmp\\NSISdl.dll") not found
err:module:import_dll Library libstdc++-6.dll (which is needed by 
L"C:\\windows\\temp\\nsg1012.tmp\\NSISdl.dll") not found

This seems to correspond to RedHat's [RH#734905] and to NSIS's [NSIS#3406350].

I'm currently trying a build with the attached patch and will report back if
it works or not.

Cheers,

OdyX

[RH#734905]https://bugzilla.redhat.com/show_bug.cgi?id=734905
[NSIS#3406350] 
http://sourceforge.net/tracker/?func=detail&aid=3406350&group_id=22049&atid=373087
--- a/SCons/Config/gnu
+++ b/SCons/Config/gnu
@@ -115,6 +115,8 @@
 plugin_env.Append(LINKFLAGS = ['-mwindows'])# build windows executables
 plugin_env.Append(LINKFLAGS = ['$ALIGN_FLAG'])  # 512 bytes align
 plugin_env.Append(LINKFLAGS = ['$MAP_FLAG'])# generate map file
+plugin_env.Append(LINKFLAGS = ['-static-libgcc'])   # Make sure libgcc is statically linked in, for the plugins to work.
+plugin_env.Append(LINKFLAGS = ['-static-libstdc++']) # Make sure libstdc++ is statically linked in, for the plugins to work.
 
 ### cross-platform util environment
 

Bug#649900: marked as done (CVE-2011-4344: XSS)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jan 2012 10:16:45 +
with message-id <4f02d58d.4080...@ubuntu.com>
and subject line RE: CVE-2011-4344: XSS
has caused the Debian Bug report #649900,
regarding CVE-2011-4344: XSS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
649900: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649900
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libjenkins-winstone-java
Severity: grave
Tags: security

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb

Patch:
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch

Cheers,
Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


--- End Message ---
--- Begin Message ---
Version: 0.9.10-jenkins-29+dfsg-1

Closing as fix released in 0.9.10-jenkins-29

-- 
James Page
Ubuntu Core Developer

--- End Message ---

Bug#649900: CVE-2011-4344: XSS

[James Page]

This XSS issue was resolved/released in 0.9.10-jenkins-29 so the package
in Debian already contains the fix for this security issue.

Apologies - I should have detailed this in the changelog entry.

Cheers

James

-- 
James Page
Ubuntu Core Developer



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#644501: marked as done (libeventmachine-ruby: not installable in sid, needs to be upgraded to newer libeventmachine-ruby1.8)

[Debian Bug Tracking System]

Your message dated Tue, 3 Jan 2012 11:05:59 +0100
with message-id <20120103100559.gd5...@density.luon.net>
and subject line Closed by upload
has caused the Debian Bug report #644501,
regarding libeventmachine-ruby: not installable in sid, needs to be upgraded to 
newer libeventmachine-ruby1.8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644501: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644501
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libeventmachine-ruby
Version: 0.12.10-1
Architecture: all
Severity: serious
User: trei...@debian.org
Usertags: edos-outdated

Hi,

libeventmachine-ruby depends on libeventmachine-ruby1.8 (<< 0.12.10-1.1~).
However, the version currently in sid is newer than that:

% rmadison --suite=sid --architecture=all libeventmachine-ruby1.8
 libeventmachine-ruby1.8 | 0.12.10-2 | sid | all

-Ralf.
-- 
Ralf Treinen
Laboratoire Preuves, Programmes et Systèmes
Université Paris Diderot, Paris, France.
http://www.pps.jussieu.fr/~treinen/


--- End Message ---
--- Begin Message ---
Version: 0.12.10-2

Hi,

A new version of ruby-eventmachine has recently been uploaded that
includes a gem2deb transition.  See also below:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 28 Sep 2011 21:25:39 +0200
Source: ruby-eventmachine
Binary: ruby-eventmachine libeventmachine-ruby1.8 libeventmachine-ruby 
libeventmachine-ruby-doc
Architecture: source amd64 all
Version: 0.12.10-2
Distribution: unstable
Urgency: low
Maintainer: Debian Ruby Extras Maintainers 

Changed-By: Paul van Tilburg 
Description: 
 libeventmachine-ruby - Transitional package for ruby-eventmachine
 libeventmachine-ruby-doc - Transitional package for ruby-eventmachine
 libeventmachine-ruby1.8 - Transitional package for ruby-eventmachine
 ruby-eventmachine - Ruby/EventMachine library
Changes: 
 ruby-eventmachine (0.12.10-2) unstable; urgency=low
 .
   [ Laurent Arnoud ]
   * Switch to gem2deb-based packaging. Source and binary package
renamed to
 ruby-eventmachine. Transitional packages added.
 .
   [ Paul van Tilburg ]
   * debian/copyright: small fixes to further comply with the DEP5 format.
Checksums-Sha1: 
 3e5e35ad2c2e5b1699d4ae3d7f15336128aa96dc 1773 ruby-eventmachine_0.12.10-2.dsc
 11b8b0267a21c3be4fb7506872367b4790cd8748 219637 
ruby-eventmachine_0.12.10.orig.tar.gz
 aac6bca10d7b705ddd2b6f48daddf7109f013859 3639 
ruby-eventmachine_0.12.10-2.debian.tar.gz
 5dc3b2230710ce90ec52b8bc11b0e2fa242f2b84 221872 
ruby-eventmachine_0.12.10-2_amd64.deb
 314ad72d76dfbb6904509d504df91c80b097c37d 8664 
libeventmachine-ruby1.8_0.12.10-2_all.deb
 3dc6cc2dc7b57122165000568315509f75aff3f2 8662 
libeventmachine-ruby_0.12.10-2_all.deb
 675197916862dadcfa033a5c79cf251822eb5381 8664 
libeventmachine-ruby-doc_0.12.10-2_all.deb
Checksums-Sha256: 
 e6a91841b7367bf5dc0e88c285fb3b922b7f9e668be3e4efb11ad509f2dd691b 1773 
ruby-eventmachine_0.12.10-2.dsc
 3d7879da41b3a28cb7610ee1ce29e017b809f72b0064c107bf55e2e1ac43f36d 219637 
ruby-eventmachine_0.12.10.orig.tar.gz
 13c31f55d70ea23c4d2fc9102364592b89809a62e9bb6a1e4c14de1d5e952d83 3639 
ruby-eventmachine_0.12.10-2.debian.tar.gz
 6a722b4518a2d998b0e3637298bba4e2a953f19d2640499b3997f82d007afea8 221872 
ruby-eventmachine_0.12.10-2_amd64.deb
 2dbe758c680a1795b3c27f116ba846b1affe06b8db41d0f7ad8d3c0d777adccb 8664 
libeventmachine-ruby1.8_0.12.10-2_all.deb
 0ce0fa7c4205ef9d2484e8d8d138d50852504c0bc1d90a9860a5f1e001325f2f 8662 
libeventmachine-ruby_0.12.10-2_all.deb
 11afcbbc989913a7660d5bad2a5eb8b60baacdaf6bf0be9a05ac10024f9d2edb 8664 
libeventmachine-ruby-doc_0.12.10-2_all.deb
Files: 
 19dfaf61e26ea13fa70cebdf3e90e970 1773 ruby optional 
ruby-eventmachine_0.12.10-2.dsc
 eb60ccf034129601467abfd91f6e747a 219637 ruby optional 
ruby-eventmachine_0.12.10.orig.tar.gz
 3c691b95e7b2e1730e55c469f00f518e 3639 ruby optional 
ruby-eventmachine_0.12.10-2.debian.tar.gz
 ff0385ae84b5c7693e7c9bbe79a1821d 221872 ruby optional 
ruby-eventmachine_0.12.10-2_amd64.deb
 f35df54e4b6c1d424fd9e17e531b93bd 8664 oldlibs optional 
libeventmachine-ruby1.8_0.12.10-2_all.deb
 dcaee887e319c875ffa5da939cb4716a 8662 oldlibs optional 
libeventmachine-ruby_0.12.10-2_all.deb
 649efc473d56982c7e63120720e63241 8664 oldlibs optional 
libeventmachine-ruby-doc_0.12.10-2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6DdeUACgkQJBBhylAGQYE1uQCbBshSGfaorrFZCMZJwO14G7gB
EVIAnjs0yd9OLtl4wDQq8IvkR15vszw7
=dxS9
-END PGP SIGNATURE-


Accepted:
libeventmachine-ruby-doc_0.12.10-2_all.deb
  to main/r/ruby-eventmachine/libeventmachine-ruby-doc_0.12.10-2_all

Processed: Forwarded

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 654341 https://launchpad.net/bugs/911146
Bug #654341 [inkscape] inkscape reads .eps files from /tmp instead of the 
current directory
Set Bug forwarded-to-address to 'https://launchpad.net/bugs/911146'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654341: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#654380: nsis: The zmemcpy patch breaks NSISdl::download (at least).

[Didier Raboud]

Package: nsis
Version: 2.46-6
Severity: serious
Justification: Breaks win32-loader

Hi Thomas, 

it seems that the zmemcpy patch currently breaks the win32-loader build by
making NSISdl::download fail.

To reproduce that: try win32-loader 0.7.4.2 as built with nsis 2.46-5 [0] and
try (works with wine). Now try to rebuild it from source with nsis 2.46-6
installed; it will fail at the first NSISdl::download call time.

Now, as I need to get win32-loader uploaded before Wheezy's freeze, I
consider this bug serious enough to warrant the `serious` severity.

Cheers,

OdyX

N.B. I would be happy to upload nsis with this patch removed if we don't
manage to find a better solution.

[0] http://cdn.debian.net/debian/tools/win32-loader/unstable/win32-loader.exe

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (150, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nsis depends on:
ii  libc62.13-24
ii  libgcc1  1:4.6.2-9
ii  libstdc++6   4.6.2-9
ii  nsis-common  2.46-5
ii  zlib1g   1:1.2.3.4.dfsg-3

nsis recommends no packages.

Versions of packages nsis suggests:
pn  mingw-w64   2.0.1-1
pn  nsis-doc2.46-5
pn  nsis-pluginapi  2.46-5
pn  wine

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#516394: [CVE-2008-4392]

[Giuseppe Iuculano]

Dear Sergiusz,


it seems my reply to your private email didn't convince you, so replying
again on behalf of the Security Team.


> Dear Security Team,
> 
> CVE-2008-4392 has "Candidate" status and is being reviewed for almost
> three years now, and still must accepted by the CVE Editorial
> Board[0].

This is unimportant, there are a lot of of CVEs under review, this
doesn't mean they are invalid


> 
> Why, after so many years, Debian Security Team, after a clear
> statement from prof. Bernstain[1], without confirmation of this rumour
> from CVE Editorial Board, still blocks djbdns software from the
> society?

Thijs already wrote we are waiting a patch.
All resolver in the Debian archive are properly hardened against cache
poisoning, I really don't understand why djbdns should be an exception.



> Attackers with an access to the network are able to forge DNS
> responses, and if we treat is as a bug, we must remove all DNS cache
> software from Debian ASAP.


If you are privy to a way to poison other resolver in the Debian
archive, please open a bug and we will be happy to discuss the impact.

Cheers,
Giuseppe.




signature.asc
Description: OpenPGP digital signature

Processed: reassign 654355 to src:ggz-client-libs, reassign 654365 to src:libggz

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 654355 src:ggz-client-libs 0.0.14.1-1.1
Bug #654355 [ggz-client-libs] RM: ggz-client-libs -- RoM/RoQA; unmaintained
Bug reassigned from package 'ggz-client-libs' to 'src:ggz-client-libs'.
Bug No longer marked as found in versions 0.0.14.1-1.1.
Bug #654355 [src:ggz-client-libs] RM: ggz-client-libs -- RoM/RoQA; unmaintained
Bug Marked as found in versions ggz-client-libs/0.0.14.1-1.1.
> reassign 654365 src:libggz 0.0.14.1-1.1
Bug #654365 [libggz] RM: libggz -- RoM/RoQA; unmaintained
Bug reassigned from package 'libggz' to 'src:libggz'.
Bug No longer marked as found in versions 0.0.14.1-1.1.
Bug #654365 [src:libggz] RM: libggz -- RoM/RoQA; unmaintained
Bug Marked as found in versions libggz/0.0.14.1-1.1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
654365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654365
654355: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654355
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#651688: [pkg-ggz-maintainers] Should ggz-server be orphaned or removed from Debian?

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> clone 651688 -1 -2 -3 -4 -5 -6 -7 -8 -10 -11 -12 -13 -14
Bug#651688: Should ggz-server be orphaned or removed from Debian?
Bug 651688 cloned as bugs 654355-654367.

> # removing ggz-client-libs breaks freeciv, kdegames, lordsawar, widelands
> reassign -1 ggz-client-libs 0.0.14.1-1.1
Bug #654355 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ggz-client-libs'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
Bug #654355 [ggz-client-libs] Should ggz-server be orphaned or removed from 
Debian?
There is no source info for the package 'ggz-client-libs' at version 
'0.0.14.1-1.1' with architecture ''
Unable to make a source version for version '0.0.14.1-1.1'
Bug Marked as found in versions 0.0.14.1-1.1.
> retitle -1 RM: ggz-client-libs -- RoM/RoQA; unmaintained
Bug #654355 [ggz-client-libs] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-client-libs -- RoM/RoQA; unmaintained' from 
'Should ggz-server be orphaned or removed from Debian?'
> reassign -2 ftp.debian.org
Bug #654356 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ftp.debian.org'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
> retitle -2 RM: ggz-docs -- RoM/RoQA; unmaintained
Bug #654356 [ftp.debian.org] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-docs -- RoM/RoQA; unmaintained' from 'Should 
ggz-server be orphaned or removed from Debian?'
> severity -2 normal
Bug #654356 [ftp.debian.org] RM: ggz-docs -- RoM/RoQA; unmaintained
Severity set to 'normal' from 'serious'

> reassign -3 ftp.debian.org
Bug #654357 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ftp.debian.org'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
> retitle -3 RM: ggz-gnome-client -- RoM/RoQA; unmaintained
Bug #654357 [ftp.debian.org] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-gnome-client -- RoM/RoQA; unmaintained' from 
'Should ggz-server be orphaned or removed from Debian?'
> severity -3 normal
Bug #654357 [ftp.debian.org] RM: ggz-gnome-client -- RoM/RoQA; unmaintained
Severity set to 'normal' from 'serious'

> reassign -4 ftp.debian.org
Bug #654358 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ftp.debian.org'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
> retitle -4 RM: ggz-grubby -- RoM/RoQA; unmaintained
Bug #654358 [ftp.debian.org] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-grubby -- RoM/RoQA; unmaintained' from 'Should 
ggz-server be orphaned or removed from Debian?'
> severity -4 normal
Bug #654358 [ftp.debian.org] RM: ggz-grubby -- RoM/RoQA; unmaintained
Severity set to 'normal' from 'serious'

> reassign -5 ftp.debian.org
Bug #654359 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ftp.debian.org'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
> retitle -5 RM: ggz-gtk-client -- RoM/RoQA; unmaintained
Bug #654359 [ftp.debian.org] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-gtk-client -- RoM/RoQA; unmaintained' from 
'Should ggz-server be orphaned or removed from Debian?'
> severity -5 normal
Bug #654359 [ftp.debian.org] RM: ggz-gtk-client -- RoM/RoQA; unmaintained
Severity set to 'normal' from 'serious'

> reassign -6 ftp.debian.org
Bug #654360 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ftp.debian.org'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
> retitle -6 RM: ggz-gtk-games -- RoM/RoQA; unmaintained
Bug #654360 [ftp.debian.org] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-gtk-games -- RoM/RoQA; unmaintained' from 'Should 
ggz-server be orphaned or removed from Debian?'
> severity -6 normal
Bug #654360 [ftp.debian.org] RM: ggz-gtk-games -- RoM/RoQA; unmaintained
Severity set to 'normal' from 'serious'

> reassign -7 ftp.debian.org
Bug #654361 [src:ggz-server] Should ggz-server be orphaned or removed from 
Debian?
Bug reassigned from package 'src:ggz-server' to 'ftp.debian.org'.
Bug No longer marked as found in versions ggz-server/0.0.14.1-1.5.
> retitle -7 RM: ggz-python -- RoM/RoQA; unmaintained
Bug #654361 [ftp.debian.org] Should ggz-server be orphaned or removed from 
Debian?
Changed Bug title to 'RM: ggz-python -- RoM/RoQA; unmaintained' from 'Should 
ggz-server be orphaned or removed from Debian?'
> severity -7 normal
Bug #654361 [ftp.debian.org] RM: ggz-python -- RoM/RoQA; unmaintained
Severity set to 'normal' from 

Bug#651688: [pkg-ggz-maintainers] Should ggz-server be orphaned or removed from Debian?

[Ansgar Burchardt]

clone 651688 -1 -2 -3 -4 -5 -6 -7 -8 -10 -11 -12 -13 -14
# removing ggz-client-libs breaks freeciv, kdegames, lordsawar, widelands
reassign -1 ggz-client-libs 0.0.14.1-1.1
retitle -1 RM: ggz-client-libs -- RoM/RoQA; unmaintained
reassign -2 ftp.debian.org
retitle -2 RM: ggz-docs -- RoM/RoQA; unmaintained
severity -2 normal
reassign -3 ftp.debian.org
retitle -3 RM: ggz-gnome-client -- RoM/RoQA; unmaintained
severity -3 normal
reassign -4 ftp.debian.org
retitle -4 RM: ggz-grubby -- RoM/RoQA; unmaintained
severity -4 normal
reassign -5 ftp.debian.org
retitle -5 RM: ggz-gtk-client -- RoM/RoQA; unmaintained
severity -5 normal
reassign -6 ftp.debian.org
retitle -6 RM: ggz-gtk-games -- RoM/RoQA; unmaintained
severity -6 normal
reassign -7 ftp.debian.org
retitle -7 RM: ggz-python -- RoM/RoQA; unmaintained
severity -7 normal
reassign -8 ggz-sdl-games 0.0.14.1-1.1
retitle -8 RM: ggz-sdl-games -- RoM/RoQA; unmaintained
severity -8 normal
# removing ggz-server breaks lordsawar
retitle 651688 RM: ggz-server -- RoM/RoQA; unmaintained
reassign -10 ftp.debian.org
retitle -10 RM: ggz-txt-client -- RoM/RoQA; unmaintained
severity -10 normal
reassign -11 ftp.debian.org
retitle -11 RM: ggz-utils -- RoM/RoQA; unmaintained
severity -11 normal
# removing libggz breaks ggz-client-libs (ok), widelands, lordsawar
reassign -12 libggz 0.0.14.1-1.1
retitle -12 RM: libggz -- RoM/RoQA; unmaintained
reassign -13 ftp.debian.org
retitle -13 RM: meta-ggz -- RoM/RoQA; unmaintained
severity -13 normal
reassign -14 ftp.debian.org
retitle -14 RM: ggz-base-libs/experimental -- RoM/RoQA; unmaintained
severity -14 normal
thanks

Josef Spillner  writes:
> :: Roger Light Montag 02 Januar 2012
>> > It appears that Josef is no longer active
>> 
>> He replied to my email fairly promptly so I'm sure he'll do so with
>> this as well.
>
> [x] done :-)
> Ansgar, the list of GGZ 0.0.14 packages to be removed looks complete to me, 
> so 
> please go ahead. Please note that there's also ggz-base-libs of version 
> 0.99.x 
> in experimental which may need removal.

Thanks for your reply.  I've requested removal for those packages that
do not have any reverse dependencies in Debian at the moment so the
largest part of GGZ will be gone soon.

For the remaining packages (ggz-client-libs, ggz-server, libggz), I plan
to file bugs for the games still (build-)depending on them and request
removal later.  For now I've just cloned this bug to them as a reminder.

> I've imported all binNMUs, patches and pending bug reports into the pkg-ggz 
> SVN just in case work will continue.

All packages will stay available on snapshot.debian.org as well should
somebody want to work at them again at a later time.  Same for the bug
reports (though they will be closed and later archived, but you can
still look them up).

Regards,
Ansgar



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Downgrading/untagging

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> severity 627503 important
Bug #627503 [tinyproxy] CVE-2011-1843
Severity set to 'important' from 'grave'

> tag 627503 - security
Bug #627503 [tinyproxy] CVE-2011-1843
Removed tag(s) security.
> retitle 627503 Validate Port directive value
Bug #627503 [tinyproxy] CVE-2011-1843
Changed Bug title to 'Validate Port directive value' from 'CVE-2011-1843'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
627503: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627503
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#627503: Downgrading/untagging

[Jordi Mallach]

severity 627503 important
tag 627503 - security
retitle 627503 Validate Port directive value
thanks

A small summary of what's going on with this:

- The Debian security team does not consider this to be a security issue
  as tinyproxy's configuration file is under the control of the admin, and
  an exploit needs changing the Port value to something that can trigger a
  buffer overflow.

- This was fixed anyway in a Debian patch in 1.8.2-2, which is currently
  in testing and unstable.

- 1.8.3-1, recently uploaded to unstable, is the first upstream release to
  officially include this fix.

- We're uploading 1.8.2squeeze2 to stable so the fix appears in the next
  point release anyway, via the normal t-p-u path.

Thanks,
Jordi
-- 
Jordi Mallach Pérez  --  Debian developer http://www.debian.org/
jo...@sindominio.net jo...@debian.org http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/


signature.asc
Description: Digital signature