Bug#697586: libpango1.0-0: Segfaults and takes Evolution with it
Am 09.01.2013 21:04, schrieb Michael Biebl: 3.6.3 is known buggy. You might either downgrade to the unstable version or to 3.6.4. Please report back if that fixes your problem. I have just upgraded to 3.6.4, I'll see if that fixes the issue. Thanks, - Fabian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697836: iceweasel-l10n-de: iceweasel only speaks English
Package: iceweasel-l10n-de Version: 1:18.0-1 Severity: grave After upgrading iceweasel and iceweasel-l10n-de from 17.0.1-2, the browser displays its menus and dialogues in English, rendering the German language pack useless. Another problem I noticed is that the entries for German Wikipedia and dict.leo.org have disappeared from the search engine menu; this is likely related since they are shipped in the package. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.7.2-rc1-nouveau (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel-l10n-de depends on: ii iceweasel 18.0-1 Versions of packages iceweasel-l10n-de recommends: ii myspell-de-de 20120607-1 iceweasel-l10n-de suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: severity of 697836 is important ...
Processing commands for cont...@bugs.debian.org: severity 697836 important Bug #697836 [iceweasel-l10n-de] iceweasel-l10n-de: iceweasel only speaks English Severity set to 'important' from 'grave' forwarded 697836 https://bugzilla.mozilla.org/show_bug.cgi?id=818468 Bug #697836 [iceweasel-l10n-de] iceweasel-l10n-de: iceweasel only speaks English Set Bug forwarded-to-address to 'https://bugzilla.mozilla.org/show_bug.cgi?id=818468'. thanks Stopping processing here. Please contact me if you need assistance. -- 697836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697836 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697836: iceweasel-l10n-de: iceweasel only speaks English
This is related to https://bugzilla.mozilla.org/show_bug.cgi?id=818468 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689268: linux-image-3.2.0-3-amd64: Intel HD 4000 (Ivy Bridge) graphics freeze
Hi, Hm, I'm a little confused. Are you sure 3.3-rc1 is not affected, and if not, why bisect between 3.2 and 3.3-rc1 instead of -rc6? What git tree are you using to bisect the Debian kernel? So far, the status seems: Debian3.2.32-1: hang in few hours of use Upstream 3.3-rc1 ... 3.3 no hang ever observed so far Debian3.2.35-2: hang once a week or so (2 hangs so far) getting hangs on anything other than the Debian 3.2.32-1 has been challenging. If if's just timing based, I might just have been lucky during my bisects. Riku -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697721: python-django-registration: FTBFS with python3-sphinx: AttributeError: 'str' object has no attribute '__dict__'
On Tue, 08 Jan 2013, Jakub Wilk wrote: This happens because the source package includes doctree pickles (in which parsed rST sources are cached) were generated by Python 2.X, and cannot be loaded by Python 3.X. Please ask upstream to exclude the doctrees/ subdirectory from their tarballs. Meanwhile please use the attached patch as a work-around. So if I understand correctly the python-sphinx upstream bug entry, I don't have to ask upstream to remove the doctrees, sphinx will detect alone that it's not compatible. Now a question about your patch: override_dh_auto_clean: - rm -rf docs/_build/html + rm -rf docs/_build/ dh_auto_clean override_dh_auto_build: cd registration /usr/bin/django-admin compilemessages + rm -rf docs/_build/doctrees/ cd docs $(MAKE) html dh_auto_build Why do you have to remove docs/_build/doctrees/ again in override_dh_auto_build ? any dpkg-buildpackage call starts with debian/rules clean and thus docs/_build will already have been removed... What am I missing ? Cheers, -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696051: marked as done (potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets - CVE-2012-6075)
Your message dated Thu, 10 Jan 2013 09:47:54 + with message-id e1ttejq-0002yn...@franck.debian.org and subject line Bug#696051: fixed in qemu 1.1.2+dfsg-4 has caused the Debian Bug report #696051, regarding potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets - CVE-2012-6075 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: qemu Severity: serious Tags: upstream patch pending security When guest does not enable large packet receiving from the qemu-emulated e1000 device, and a large packet is received from the network, qemu will happily transfer whole thing to guest, causing a guest buffer overflow. This is fixed by upstream commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb , with the following comment by Michael Contreras: Tested with linux guest. This error can potentially be exploited. At the very least it can cause a DoS to a guest system, and in the worse case it could allow remote code execution on the guest system with kernel level privilege. Risk seems low, as the network would need to be configured to allow large packets. So it can be considered a low-risk security issue, too. /mjt ---End Message--- ---BeginMessage--- Source: qemu Source-Version: 1.1.2+dfsg-4 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev m...@tls.msk.ru (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 09 Jan 2013 23:05:17 +0400 Source: qemu Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils Architecture: source all i386 Version: 1.1.2+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team pkg-qemu-de...@lists.alioth.debian.org Changed-By: Michael Tokarev m...@tls.msk.ru Description: qemu - fast processor emulator qemu-keymaps - QEMU keyboard maps qemu-system - QEMU full system emulation binaries qemu-user - QEMU user mode emulation binaries qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 668658 696051 Changes: qemu (1.1.2+dfsg-4) unstable; urgency=medium . * linux-user-fix-mips-32-on-64-prealloc-case.patch (Closes: #668658) * e1000-discard-oversized-packets-based-on-SBP_LPE.patch: the second half of the fix for CVE-2012-6075. (Finally Closes: #696051) Checksums-Sha1: 5db147f83cbaef6ffdc0f0a2533f7fc6fae71d10 2425 qemu_1.1.2+dfsg-4.dsc 05ffa5e5e6821887b7a2e16b3c7f93d9b9df02c3 61092 qemu_1.1.2+dfsg-4.debian.tar.gz cd9369b8c6ee033551558527ee89b1a4e83b39ce 48816 qemu-keymaps_1.1.2+dfsg-4_all.deb fac38280fa07cc89ee292574e0633b2991dc0427 114064 qemu_1.1.2+dfsg-4_i386.deb d9bf9a3f1ddc46f45c9e4e5f841287c23ac166d5 28418124 qemu-system_1.1.2+dfsg-4_i386.deb 3c218c49c91ba9121cae8486a2267a1ececeb3bd 7610364 qemu-user_1.1.2+dfsg-4_i386.deb be62e2b4838979d9bf7f8d6732e70f15288d2554 14767092 qemu-user-static_1.1.2+dfsg-4_i386.deb 5ba9555a9f60b9efaea9836d6985b298f012d5f6 711746 qemu-utils_1.1.2+dfsg-4_i386.deb Checksums-Sha256: 974356406950d7c285bfcc8a537ed6ec8dbaceb257a83cb45edd32299a7d1fba 2425 qemu_1.1.2+dfsg-4.dsc 01ad66f39750814b10b918c5933636595e702266577279b923e95d90a653277a 61092 qemu_1.1.2+dfsg-4.debian.tar.gz 0c7ceab99c9c43796b33aa9884754a41ab23819e42315674f013ea11b5945ed1 48816 qemu-keymaps_1.1.2+dfsg-4_all.deb 7c8c79600283d7e3737d40c34fb4a00c93c61170239c059a713b7d73f0dac09f 114064 qemu_1.1.2+dfsg-4_i386.deb ecb4a0c683c455eb22beb24264a73efbbde9a8c84aa2626557cac1843e3cfc3e 28418124 qemu-system_1.1.2+dfsg-4_i386.deb 6e19eb6ea885a7cd3cbfec1cb469814857ad8513b1ea6de062cbe97cf5988686 7610364 qemu-user_1.1.2+dfsg-4_i386.deb 392e7e47fd7fdeb990a5dfb43e2274d363af52735b143afa8db6239905242729 14767092 qemu-user-static_1.1.2+dfsg-4_i386.deb 119eb0b39c8185fa144cb33f05210962d1a0b38c05c68c0820fa814935b83d35 711746 qemu-utils_1.1.2+dfsg-4_i386.deb
Bug#696051: marked as done (potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets - CVE-2012-6075)
Your message dated Thu, 10 Jan 2013 09:48:08 + with message-id e1ttek4-0002iq...@franck.debian.org and subject line Bug#696051: fixed in qemu-kvm 1.1.2+dfsg-4 has caused the Debian Bug report #696051, regarding potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets - CVE-2012-6075 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: qemu Severity: serious Tags: upstream patch pending security When guest does not enable large packet receiving from the qemu-emulated e1000 device, and a large packet is received from the network, qemu will happily transfer whole thing to guest, causing a guest buffer overflow. This is fixed by upstream commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb , with the following comment by Michael Contreras: Tested with linux guest. This error can potentially be exploited. At the very least it can cause a DoS to a guest system, and in the worse case it could allow remote code execution on the guest system with kernel level privilege. Risk seems low, as the network would need to be configured to allow large packets. So it can be considered a low-risk security issue, too. /mjt ---End Message--- ---BeginMessage--- Source: qemu-kvm Source-Version: 1.1.2+dfsg-4 We believe that the bug you reported is fixed in the latest version of qemu-kvm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev m...@tls.msk.ru (supplier of updated qemu-kvm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 09 Jan 2013 23:05:17 +0400 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: source i386 Version: 1.1.2+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Michael Tokarev m...@tls.msk.ru Changed-By: Michael Tokarev m...@tls.msk.ru Description: kvm- dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 696051 Changes: qemu-kvm (1.1.2+dfsg-4) unstable; urgency=medium . * e1000-discard-oversized-packets-based-on-SBP_LPE.patch: the second half of the fix for CVE-2012-6075. (Finally Closes: #696051) Checksums-Sha1: 41e5c693fb93e277cdfad0d4051d76ce31f784d2 1949 qemu-kvm_1.1.2+dfsg-4.dsc 4da0ae6a33e05c17227e83a5aee1d22363d8547e 48974 qemu-kvm_1.1.2+dfsg-4.debian.tar.gz 95f59365af4a1bea51fffeced45b895076081b09 1756522 qemu-kvm_1.1.2+dfsg-4_i386.deb e0d0436f9358e5be0fd01a8f8b05234f68270215 5098504 qemu-kvm-dbg_1.1.2+dfsg-4_i386.deb 4e9f3f123899e6982f2538bc9115e6de75843d6f 23048 kvm_1.1.2+dfsg-4_i386.deb Checksums-Sha256: 39a847852ba1ef0d46a65814c12cf4ddf10cd9a869122f60b63643b5b80668bf 1949 qemu-kvm_1.1.2+dfsg-4.dsc b1fff4401e85c2a0c8e2172ff70cf1ad356ea591c4beb822ee0b6b5596bfbb7b 48974 qemu-kvm_1.1.2+dfsg-4.debian.tar.gz d6a30e5e3d4ac87803ea0b1aa6e9052aeef6f255c7d1e552c7461e93185ab60f 1756522 qemu-kvm_1.1.2+dfsg-4_i386.deb 81e452e962479c4864258c9ca8026f698fe6db7101183447b33df2e2fe127579 5098504 qemu-kvm-dbg_1.1.2+dfsg-4_i386.deb 459ccc382fae00106f8d7128e8182b0a011ea718ac20e62781e3e9c945292f4a 23048 kvm_1.1.2+dfsg-4_i386.deb Files: 73f094ba620ad87c0d196108819b1bf0 1949 misc optional qemu-kvm_1.1.2+dfsg-4.dsc 66a9b24e1978f642f730b37ce6925ae6 48974 misc optional qemu-kvm_1.1.2+dfsg-4.debian.tar.gz 9e239db72bd78576bf1a66458a37eaf5 1756522 misc optional qemu-kvm_1.1.2+dfsg-4_i386.deb 4d7e3b5b24da965e0dbf9d53968acc90 5098504 debug extra qemu-kvm-dbg_1.1.2+dfsg-4_i386.deb 18facf25305faebe541793143359642b 23048 oldlibs extra kvm_1.1.2+dfsg-4_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iJwEAQECAAYFAlDuitgACgkQUlPFrXTwyDi/XQP7BBaMfu/cDloMjbM0SqM5TcxS K/6y/POPMtiXF4cl9pnBqce3rTh2pkmN2bdXV65yaVyK4GZDzEY0GTYFXDem2BZV 14qF/8YqrZjI2r8npWxuZgfft0XNR/pUd6JgM+SKs1hFHRoE7RvISul2LufnPNrE LnBQgZ2vIp43sJ5EuKU= =cPOo -END PGP SIGNATUREEnd Message---
Bug#696424: Possible patch
Hi David On Mon, Jan 07, 2013 at 09:06:53AM +, David Weber wrote: Attached is the debdiff contianing these three refreshed for the version in unstable and testing. But I'm not yet ready to propose a NMU. Testing of the resulting package is welcome! Thanks for the debdiff! It works as expected: It creates the files with the right permissions without breaking functionality. A problem could be that the files aren't freshly created by a simple restart of the daemon. Should something be done about that? Some options could be: - Notify the user to stop libvirtd and sanlock and run rm /var/run/sanlock/sanlock.sock; rm /var/log/sanlock.log - Change the file permissions through the package update - Do nothing because most likely nobody uses sanlock on Debain atm. I have not a final answer here, but it might be easy to implement like libvirt-bin does in postint, mabye only conditionally checking (so doing it during package update from a 'broken' version): [...] if ! dpkg-statoverride --list /var/log/sanlock.log /dev/null 21; then # fix permissions fi [...] and the same for /var/run/sanlock/sanlock.sock. Great hint. I modified the patch in that way and also added the fix for #689696 Guido, can you pull that debdiff directly or should I send you an updated debian.tar.gz? Regards, Salvatore To: car...@debian.org Cc: martin.quin...@loria.fr 696...@bugs.debian.org j...@inutil.org a...@sigxcpu.org sanlock_cve.debdiff Description: Binary data
Bug#697617: jenkins: remote code execution vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/01/13 00:54, Miguel Landaeta wrote: Hi, I'm working in backporting a fix for this issue to this version of Jenkins. It doesn't too hard to do it but I had not tested properly the patch I got. If everything goes well I'll attach a debdiff to this bug report very soon. Thanks Miguel; I'm also about to upload the latest version of Jenkins to experimental which includes a fix for this issue and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696816 (which requires a new version of jenkins-winstone as well). We might want to consider whether updating unstable/testing to 1.480.2 is actually the best way forward at this point in time. - -- James Page Ubuntu Core Developer Debian Maintainer james.p...@ubuntu.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJQ7pX6AAoJEL/srsug59jDM9sP/3E07QJTYx8B+gltG2+Wc6Qh Lyn/qXV1GPrUs2pKwzyhUa6gOBdQ6CR+PsVa529aSw4j8sIrcLl5qGLexJE6xuC6 u2Fwl5SgFi7WZriS1pK8NEHVyVncjU39gVLCrIrS0U06V6PSDZ+9wfnWDQE/Jzuo WUgOh09YEhxJYdqWt+OsrvMirtCY1w5CzofS+TQ414GHj7mVZAVgRgZwxf3N+Vaz u2avaaqC1cQcb2ZTPfsN/bDlFRNFREJTpHtLhfCmhhAwsveL9LkOCX/NcJOQm/LP PF1WWrPzrDyLzqdNhp6awnndOFOvkq27Pkb0V4G8wom1chgPONEKSrzYFmzphKo9 zPOxiVkK8FOu4hb4J+KNS57KN/t3v/mUad7aoXMVlMUtMv2dbCIGhW2Nf89YbaWC YSbcdTVk0EM/0ar2P3gvcAZGlppMKjbbAYvAWWN/3BPdfYyRwVsw1Hq72tPvrr6a 7hBZ6uKzool8RZAf9qSfSWC/a17NELKXnrbtb8bglHGwOgltkQHoRWC2fyL4t+w+ QH1HdLeP/Yc/GCZK1jwtOVRW5XxIXqyzcD+/YncIUVNqtIFLmBZbLEw56JspxxKl Nix1M9OYKIDa1rBKjYER5ICZXdrv1hUerqLgGe4/+E8x/WT2XB6m1bTkt6YOsn5Y jiqHFGUNyH80R1k5EBKF =biqm -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: 695...@bugs.debian.org
Processing commands for cont...@bugs.debian.org: severity 695690 normal Bug #695690 [src:openvdb] openvdb: FTBFS: TestCurl finds numeric discrepancies Severity set to 'normal' from 'serious' thanks Stopping processing here. Please contact me if you need assistance. -- 695690: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695690 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696816: marked as done (jenkins: Security issues were found in Jenkins core)
Your message dated Thu, 10 Jan 2013 10:47:49 + with message-id e1ttffp-0006lr...@franck.debian.org and subject line Bug#696816: fixed in jenkins 1.480.2+dfsg-1~exp1 has caused the Debian Bug report #696816, regarding jenkins: Security issues were found in Jenkins core to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696816: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated high severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 Regards, Nobuhiro ---End Message--- ---BeginMessage--- Source: jenkins Source-Version: 1.480.2+dfsg-1~exp1 We believe that the bug you reported is fixed in the latest version of jenkins, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Page james.p...@ubuntu.com (supplier of updated jenkins package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 09:50:50 + Source: jenkins Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat Architecture: source all Version: 1.480.2+dfsg-1~exp1 Distribution: experimental Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: James Page james.p...@ubuntu.com Description: jenkins- Continuous Integration and Job Scheduling Server jenkins-cli - Jenkins CI Command Line Interface jenkins-common - Jenkins common Java components and web application jenkins-external-job-monitor - Jenkins CI external job monitoring jenkins-slave - Jenkins slave node helper jenkins-tomcat - Jenkins CI on Tomcat 6 libjenkins-java - Jenkins CI core Java libraries libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM Closes: 696816 697617 Changes: jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low . * New upstream release (Closes: #696816, #697617): - d/control: Added new BD on libjbcrypt-java. - d/control: Versioned BD jenkins-winstone = 0.9.10-jenkins-40. - d/control: Versioned BD jenkins-trilead-ssh2 = 214-jenkins-1. - Fixes the following security vulnerabilities: CVE-2012-6072, CVE-2012-6073, CVE-2012-6072, CVE-2013-0158. * Tidied lintian warnings. * Bumped Standards-Version: 3.9.4, no changes. Checksums-Sha1: 61b96c26379a93b0f8831241b2d8155ed2c1fca5 4523 jenkins_1.480.2+dfsg-1~exp1.dsc 142722450b04d9bca1411fbcd876badd7bfbd076 4563554 jenkins_1.480.2+dfsg.orig.tar.gz 75831e84f212e6a14d430fdf9db45e895ea918b3 46490 jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz 6fdc27ccbead9992decef198142f0b9e50c2df8d 6886032 libjenkins-java_1.480.2+dfsg-1~exp1_all.deb 9026e4a6d8938034e98ca044fff1c3b8eea8b863 15768 libjenkins-plugin-parent-java_1.480.2+dfsg-1~exp1_all.deb 3c06021dd2a9b016ef4e848a757a9ca5a694a33f 33533788 jenkins-common_1.480.2+dfsg-1~exp1_all.deb b4e3fc9784ded3add022ce570fa2444510d114f3 19620 jenkins_1.480.2+dfsg-1~exp1_all.deb a3149f9dfcf6f41be9cbc3b5f0b5e0747f3a6006 18718 jenkins-slave_1.480.2+dfsg-1~exp1_all.deb 97d6982aefa9e2269ce665e58d95cd2481e8b0a6 6850002 jenkins-external-job-monitor_1.480.2+dfsg-1~exp1_all.deb f84b515753348ae792ab59cdb335b0c0cc0376d2 689022 jenkins-cli_1.480.2+dfsg-1~exp1_all.deb 05e1ff6f5f7d3ccd69a508e081512c8bc05332fb 15804 jenkins-tomcat_1.480.2+dfsg-1~exp1_all.deb Checksums-Sha256: 678a1b06b46dd9c4a3540bfc535ef61b9159dd644271157963feccb0f94e8f31 4523 jenkins_1.480.2+dfsg-1~exp1.dsc ac0554a00195cdb7de0b56500beef6c36ac02bb244ade7a79024f562ec4cf418 4563554 jenkins_1.480.2+dfsg.orig.tar.gz 60c07aec907caaa5bf29aca0f1dc423610f0e344a6a83d9b976d02544751c4ae 46490 jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz 9051e9440e22d22bb93002bada18b6722d37e3a2e8692f54571162dd4c7f6c13 6886032 libjenkins-java_1.480.2+dfsg-1~exp1_all.deb b9459171af4aba12075eae552ba01938cb1a6eb33c1e3f3f6ff094a33b2e806c 15768
Bug#697617: marked as done (jenkins: CVE-2013-0158: remote code execution vulnerability)
Your message dated Thu, 10 Jan 2013 10:47:49 + with message-id e1ttffp-0006lu...@franck.debian.org and subject line Bug#697617: fixed in jenkins 1.480.2+dfsg-1~exp1 has caused the Debian Bug report #697617, regarding jenkins: CVE-2013-0158: remote code execution vulnerability to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated critical severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Regards, Nobuhiro ---End Message--- ---BeginMessage--- Source: jenkins Source-Version: 1.480.2+dfsg-1~exp1 We believe that the bug you reported is fixed in the latest version of jenkins, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 697...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Page james.p...@ubuntu.com (supplier of updated jenkins package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 09:50:50 + Source: jenkins Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat Architecture: source all Version: 1.480.2+dfsg-1~exp1 Distribution: experimental Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: James Page james.p...@ubuntu.com Description: jenkins- Continuous Integration and Job Scheduling Server jenkins-cli - Jenkins CI Command Line Interface jenkins-common - Jenkins common Java components and web application jenkins-external-job-monitor - Jenkins CI external job monitoring jenkins-slave - Jenkins slave node helper jenkins-tomcat - Jenkins CI on Tomcat 6 libjenkins-java - Jenkins CI core Java libraries libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM Closes: 696816 697617 Changes: jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low . * New upstream release (Closes: #696816, #697617): - d/control: Added new BD on libjbcrypt-java. - d/control: Versioned BD jenkins-winstone = 0.9.10-jenkins-40. - d/control: Versioned BD jenkins-trilead-ssh2 = 214-jenkins-1. - Fixes the following security vulnerabilities: CVE-2012-6072, CVE-2012-6073, CVE-2012-6072, CVE-2013-0158. * Tidied lintian warnings. * Bumped Standards-Version: 3.9.4, no changes. Checksums-Sha1: 61b96c26379a93b0f8831241b2d8155ed2c1fca5 4523 jenkins_1.480.2+dfsg-1~exp1.dsc 142722450b04d9bca1411fbcd876badd7bfbd076 4563554 jenkins_1.480.2+dfsg.orig.tar.gz 75831e84f212e6a14d430fdf9db45e895ea918b3 46490 jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz 6fdc27ccbead9992decef198142f0b9e50c2df8d 6886032 libjenkins-java_1.480.2+dfsg-1~exp1_all.deb 9026e4a6d8938034e98ca044fff1c3b8eea8b863 15768 libjenkins-plugin-parent-java_1.480.2+dfsg-1~exp1_all.deb 3c06021dd2a9b016ef4e848a757a9ca5a694a33f 33533788 jenkins-common_1.480.2+dfsg-1~exp1_all.deb b4e3fc9784ded3add022ce570fa2444510d114f3 19620 jenkins_1.480.2+dfsg-1~exp1_all.deb a3149f9dfcf6f41be9cbc3b5f0b5e0747f3a6006 18718 jenkins-slave_1.480.2+dfsg-1~exp1_all.deb 97d6982aefa9e2269ce665e58d95cd2481e8b0a6 6850002 jenkins-external-job-monitor_1.480.2+dfsg-1~exp1_all.deb f84b515753348ae792ab59cdb335b0c0cc0376d2 689022 jenkins-cli_1.480.2+dfsg-1~exp1_all.deb 05e1ff6f5f7d3ccd69a508e081512c8bc05332fb 15804 jenkins-tomcat_1.480.2+dfsg-1~exp1_all.deb Checksums-Sha256: 678a1b06b46dd9c4a3540bfc535ef61b9159dd644271157963feccb0f94e8f31 4523 jenkins_1.480.2+dfsg-1~exp1.dsc ac0554a00195cdb7de0b56500beef6c36ac02bb244ade7a79024f562ec4cf418 4563554 jenkins_1.480.2+dfsg.orig.tar.gz 60c07aec907caaa5bf29aca0f1dc423610f0e344a6a83d9b976d02544751c4ae 46490 jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz 9051e9440e22d22bb93002bada18b6722d37e3a2e8692f54571162dd4c7f6c13 6886032 libjenkins-java_1.480.2+dfsg-1~exp1_all.deb
Bug#697847: missing source for Win32 binaries
Package: src:ace Severity: serious The source for bin/LabVIEW_RT/*.exe seems to be missing from the source package (at least from 6.0.3-5 and 6.1.2-1). As they seem to be related to LabVIEW I suspect they cannot be built in Debian either. Ansgar -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697848: non-free files in main
Package: src:ace Severity: serious Hi, the following license conditions (from 6.1.2-1's d/copyright) look quite non-free as they restrict how the program may be modified: [...] You may copy and extend functionality (but may not remove functionality) of the Interface Definition Language CFE without charge, but you are not authorized to license or distribute it to anyone else except as part of a product or program developed by you or with the express written consent of Sun Microsystems, Inc. (Sun). You may copy, modify, distribute, or sublicense the LICENSED PRODUCT without charge as part of a product or software program developed by you, so long as you preserve the functionality of interoperating with the Object Management Group's Internet Inter-ORB Protocol version one. However, any uses other than the foregoing uses shall require the express written consent of Sun Microsystems, Inc. There's also a license allowing only educational and commercial use, but no redistribution or modification: All of the files in these directories are copyright Addison Wesley, and they come with absolutely no warranty whatsoever. Permission is hereby granted to use these programs for educational or commercial purposes. Ansgar -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696974: marked as done (jenkins: Security issues were found in Jenkins core)
Your message dated Thu, 10 Jan 2013 11:32:38 + with message-id e1ttgnc-0007zr...@franck.debian.org and subject line Bug#696974: fixed in jenkins-winstone 0.9.10-jenkins-37+dfsg-2 has caused the Debian Bug report #696974, regarding jenkins: Security issues were found in Jenkins core to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696974: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated high severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 Regards, Nobuhiro ---End Message--- ---BeginMessage--- Source: jenkins-winstone Source-Version: 0.9.10-jenkins-37+dfsg-2 We believe that the bug you reported is fixed in the latest version of jenkins-winstone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Page james.p...@ubuntu.com (supplier of updated jenkins-winstone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 11:03:23 + Source: jenkins-winstone Binary: libjenkins-winstone-java libjenkins-winstone-java-doc Architecture: source all Version: 0.9.10-jenkins-37+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: James Page james.p...@ubuntu.com Description: libjenkins-winstone-java - Jenkins branch of Winstone servlet container libjenkins-winstone-java-doc - Documentation for libjenkins-winstone-java Closes: 696974 Changes: jenkins-winstone (0.9.10-jenkins-37+dfsg-2) unstable; urgency=high . * Fix HTTP splitting vulnerability (Closes: #696974): - d/p/CVE-2012-6072.patch: Cherry picked fix from upstream VCS which prevents HTTP headers being split into multiple lines. - Fixes: CVE-2012-6072 Checksums-Sha1: 34026550b6638e79e8b1816d3aac8e87c4ce9dad 2460 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.dsc 9ac80fddaea0a5e80f15b915cdbedc02837ca213 69008 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.debian.tar.gz e36678f682358aeec5fa131b95f3644a716998d8 356008 libjenkins-winstone-java_0.9.10-jenkins-37+dfsg-2_all.deb e155a5332a34c2c8074f49beb9cc9f02fa324b09 996072 libjenkins-winstone-java-doc_0.9.10-jenkins-37+dfsg-2_all.deb Checksums-Sha256: e8b2c9b805bd18e5fc177d2988bc095edb79f80df0c19880559bb65116cea040 2460 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.dsc 94d2d6bdbf4c4a94267129d639e24e3395f45ac43ad75ac2e538acf9ab1440f4 69008 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.debian.tar.gz 086e2b237da527ef1aa0ce038416b7a874736e16a71779b8d5ab0ba8d301e3e3 356008 libjenkins-winstone-java_0.9.10-jenkins-37+dfsg-2_all.deb 69c5883444b14013b2fce8c2611d2c0401178380c8a67ea7645d9e961a2aa883 996072 libjenkins-winstone-java-doc_0.9.10-jenkins-37+dfsg-2_all.deb Files: 437d570864d231a9490a924806586ccb 2460 java optional jenkins-winstone_0.9.10-jenkins-37+dfsg-2.dsc 70f00bc42f0fc9a918e906d51c4891f9 69008 java optional jenkins-winstone_0.9.10-jenkins-37+dfsg-2.debian.tar.gz 863a9a3522976fa2fba8e9183ba987bf 356008 java optional libjenkins-winstone-java_0.9.10-jenkins-37+dfsg-2_all.deb 4424a054aed69067c0a0929b8fd7121b 996072 doc optional libjenkins-winstone-java-doc_0.9.10-jenkins-37+dfsg-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQ7qPCAAoJEL/srsug59jDsH0QAIIw72YflpOjKYkUVQRZz0DD 3eALCsHA75ocwjoER4nbUaCLgr88WQPn8xDcwA4n2PSNWM6/mZpNwylYAj6az3Om Yc8Eq7vW4TkpHqaRs7vbj/Lvx4eHteD4RVp1nQVhiLQUXjjnAtx6Tome13uO4r5F flErW8QMZTBzV3AqmkD90Q5IY91s8zDyCdICnFyWDmYA4wRrjxX3J8K+k/eXAL/p klb/zhQi8Onxu0UDQU9LEQqsbl3/GxlL/ECS/eEO7pGnKRuFBpOfOcCXTZcxME6V jQ9p74NoXNTcXEp8XHBMmM9XFVaYcKHlvW04t4kPKEQSh92s95vtGMbJLcM0l/kv WlqcErrbC2NqZB11/BTiTEhxF/dmxeUiWjesK07ZcjqfsIuMTyKxZmrlyGcv/W0l aBEyqVDmPXI09+fqhTc3l3iP1QdzqjKJLT+hYClmZntv1XSYcOkv7r3OXUV38eLx vFDi+n2oi5aIktMJUDdmGNEsSxQvrye4ZtFAIEb0eQRcXcrSiKX1ksUsoZGmdeAL
Bug#689268: linux-image-3.2.0-3-amd64: Intel HD 4000 (Ivy Bridge) graphics freeze
Am 10.01.2013 09:39, schrieb Riku Voipio: getting hangs on anything other than the Debian 3.2.32-1 has been challenging. If if's just timing based, I might just have been lucky during my bisects. Here vanilla 3.4.24 from kernel.org runs absolutely stable since a few weeks. But me came up another idea: 'modinfo i916' list an option which appears to be a watchdog function: parm: enable_hangcheck:Periodically check GPU activity for detecting hangs. WARNING: Disabling this can cause system wide hangs. (default: true) (bool) which actually describes the symptoms. Could it be that in the Debian-kernel either the hangs are not detected securely, or that it just fails to reset the module? /Ingo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697721: python-django-registration: FTBFS with python3-sphinx: AttributeError: 'str' object has no attribute '__dict__'
* Raphael Hertzog hert...@debian.org, 2013-01-10, 09:43: This happens because the source package includes doctree pickles (in which parsed rST sources are cached) were generated by Python 2.X, and cannot be loaded by Python 3.X. Please ask upstream to exclude the doctrees/ subdirectory from their tarballs. Meanwhile please use the attached patch as a work-around. So if I understand correctly the python-sphinx upstream bug entry, I don't have to ask upstream to remove the doctrees, sphinx will detect alone that it's not compatible. It's still a bad idea for upstream to include them in the tarball: - They take significant amount of space. - They leak information about upstream's home directory layout; try this for example: $ strings docs/_build/doctrees/*.doctree | grep ^/User Maybe more importantly, they are bad for us, because they are unauditable. Quoting http://docs.python.org/2/library/pickle.html: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Anyway, I made this pull request: https://bitbucket.org/ubernostrum/django-registration/pull-request/34 Now a question about your patch: override_dh_auto_clean: - rm -rf docs/_build/html + rm -rf docs/_build/ dh_auto_clean override_dh_auto_build: cd registration /usr/bin/django-admin compilemessages + rm -rf docs/_build/doctrees/ cd docs $(MAKE) html dh_auto_build Why do you have to remove docs/_build/doctrees/ again in override_dh_auto_build ? any dpkg-buildpackage call starts with debian/rules clean and thus docs/_build will already have been removed... I don't believe one can assume that clean is always run before build. dpkg-buildpackage does that, because it has no way of knowing whether the package is in a clean state or not. But IMO the following is also a legitimate way to build a package: $ dpkg-source -x foo_*.dsc $ cd foo-*/ $ debian/rules build $ fakeroot debian/rules binary -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging as pending bugs that are closed by packages in NEW
Processing commands for cont...@bugs.debian.org: # Thursday 17 January 07:03:10 UTC 2013 # Tagging as pending bugs that are closed by packages in NEW # http://ftp-master.debian.org/new.html # # Source package in NEW: a href=http://packages.qa.debian.org/entangle;entangle/a tags 689576 + pending Bug #689576 [entangle] entangle: modifies a shipped file: /usr/share/glib-2.0/schemas/gschemas.compiled Added tag(s) pending. # Source package in NEW: a href=http://packages.qa.debian.org/entangle;entangle/a tags 695342 + pending Bug #695342 [entangle] Uses wrong location for gobject-introspection files Added tag(s) pending. # Source package in NEW: waagent tags 695575 + pending Bug #695575 [wnpp] ITP: waagent -- Windows Azure Linux Agent Added tag(s) pending. # Source package in NEW: libm4rie tags 697792 + pending Bug #697792 [wnpp] ITP: libm4rie -- extended Method of the Four Russians Inversion library Added tag(s) pending. End of message, stopping processing here. Please contact me if you need assistance. -- 689576: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689576 695342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695342 695575: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695575 697792: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697792 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697865: libnss3-1d: fix for DSA-2599 is incomplete
Package: libnss3-1d Version: 3.12.8-1+squeeze6 Severity: grave Tags: security Justification: user security hole -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Versions of packages libnss3-1d depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library ii libsqlite3-03.7.3-1 SQLite 3 shared library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime libnss3-1d recommends no packages. libnss3-1d suggests no packages. http://www.debian.org/security/2013/dsa-2599 updated squeeze by updating ckbi (certdata.txt and certdata.c) to distrust the mis-issued TURKTRUST intermediate CAs. In preparing updates for Ubuntu, I saw that while 'strings /usr/lib/nss/libnssckbi.so' shows that the certificates were added to libnssckbi.so (certutil will only show root certificates, so you can't verify the inclusion of the intermediates with this tool-- if there is another tool to do this, please let me know :), nss does not actually blacklist them. If I follow the instructions from the upstream bug[1] to verify the certs are blacklisted, the certs chain is shown as good: # Compile nss since we need access to vfychain and it isn't shipped in packages $ sudo apt-get build-dep nss $ sudo apt-get install libnss3-1d # needed at runtime for vfychain (make sure # it is 3.12.8-1+squeeze6) $ apt-get source nss=3.12.8-1+squeeze6 $ cd nss-*/ $ fakeroot debian/rules build $ mozilla/dist/bin/vfychain -u 1 /tmp/turktrust-google-1.der \ /tmp/turktrust-google-2.der \ /tmp/turktrust-google-3.der Chain is good! $ mozilla/dist/bin/vfychain -u 3 /tmp/turktrust-intermediate-2.der \ /tmp/turktrust-google-3.der Chain is good! Both of these should show 'Chain is bad!'. I can confirm that simply updating ckbi is not enough for nss 3.13.1 and earlier. I did not check wheezy. I was able to confirm that if I recompile nspr 2:4.9.4-2 and nss 2:3.14.1.with.ckbi.1.93-1 on an Ubuntu 12.10 system, vfychain would correctly blacklist them. As a result, I am considering upgrading nss and nspr on all of Ubuntu's stable releases to the latest upstream versions (with ckbi 1.93) to address this issue rather than trying to identify and cherrypick the commits to make blacklisting an intermediate work. [1]https://bugzilla.mozilla.org/show_bug.cgi?id=825022#c8 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697617: jenkins: remote code execution vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/01/13 15:46, Miguel Landaeta wrote: We might want to consider whether updating unstable/testing to 1.480.2 is actually the best way forward at this point in time. Hi James, I don't know if it is feasible at this point in the release cycle to have a new upstream release of jenkins in sid even if it fixes some security issues. Agreed; its a last resort. I backported the fix for CVE-2013-0158 from stable branch and I applied it to 1.447.2+dfsg-2. It applies cleanly but I'm getting a FTBFS. I don't have time to review it right now but I'll go back to it later. I'm attaching the debdiff I got and the FTBFS log error. I did much the same for the version in Ubuntu 12.04 (1.424.6); and hit similar issues. The key problem is the extent of the patch to fix this issue and the amount of code change in the TCP/Agent communication area between 1.480.2 and earlier versions we already have packaged. I'm trying to get some advice from upstream on this - hopefully I'll hear back in the next ~24hrs BTW, recently the team of developers with I work with began to use Jenkins so I have some interest in it. If you are OK with that I can jump in as co-maintainer. Yes please! Cheers James - -- James Page Ubuntu Core Developer Debian Maintainer james.p...@ubuntu.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJQ7vRvAAoJEL/srsug59jDePQP/3ZNVyvgr6jsG66T1Q/6QEkt HdtZd01UkKZyjmRFwjVDTA73Iu4Y8DI7xArmt4CwzMLwBom5T77wqI80zcr2IjpM /QRJmi9rycztfPvjdGfHSZDR2s/9i+nrHIEBEi+I35zkFROj9QTN6cbmytEw2/LU p7oEsiysl6n/zvj5DqnsH5VjvqmQ1Y7ovR7MBT27ZRTXI39k3dzIM8eOpU/la4Mw t2kKbMJ/M+Xm6eb5G1XHpogQ2/v7WRXMNy0LZdg18shsVrduMf99c+ScacdEWPYf txNos0lmjV+dWfXgQFUNn390Im/u3SceounIKQ9ppiiA4osmptn2x8fwcQHHR+Bg Ph2Yn+Oln7mIASoZ9Ge9MK3ydIDt4UHaAltGoJJdQc4gs9Zc7h/AhD0dwaNodk3E BB3yZOKE46kAhlUx4u6PDxy2k6FmJY0eTY3J3Rp1s2V6quaNI1xvnXDkTHfDpgFr zdznY6D5KTvuSvqXCrufg4z5D/yWev5OYLis+QYS0mf7QuOsg2F8EFRywupqps1P qi+1+dKdiNg94Xwh+Gwt8OpT44yhWWIp2Wcg+ujisBeKf+XDrb/7V3BZk9hYSkuv dETJrGPlKqkLvQv8fIpOhpENDYiMNtMtHGSs/C7UETcNnAH4LmsLt05GihxgFPQH yfY6QFN5a2Gt7Km9ymag =XG02 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697866: libgtk-3-bin fails to upgrade to 3.4.2-5
Package: libgtk-3-bin Version: 3.4.2-5 Severity: serious When trying to upgrade from 3.4.2-4 to 3.4.2-5 I get following error and aptitude aborts Adding 'diversion of /usr/sbin/update-icon-caches to /usr/sbin/update-icon-caches.gtk2 by libgtk-3-bin' dpkg-divert: error: rename involves overwriting `/usr/sbin/update-icon-caches.gtk2' with different file `/usr/sbin/update-icon-caches', not allowed dpkg: error processing /var/cache/apt/archives/libgtk-3-bin_3.4.2-5_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/libgtk-3-bin_3.4.2-5_amd64.deb This leaves the package management in broken state hence I marked the bug as serious -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 armel Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgtk-3-bin depends on: ii libgtk-3-0 3.4.2-5 ii libgtk-3-common 3.4.2-5 libgtk-3-bin recommends no packages. libgtk-3-bin suggests no packages. -- no debconf information -- Vasudev Kamath http://copyninja.info Connect on ~friendica: copyninja@{frndk.de | vasudev.homelinux.net} IRC nick: copyninja | vasudev {irc.oftc.net | irc.freenode.net} GPG Key: C517 C25D E408 759D 98A4 C96B 6C8F 74AE 8770 0B7E signature.asc Description: Digital signature
Bug#697617: jenkins: remote code execution vulnerability
On Thu, Jan 10, 2013 at 2:03 PM, James Page james.p...@ubuntu.com wrote: I did much the same for the version in Ubuntu 12.04 (1.424.6); and hit similar issues. The key problem is the extent of the patch to fix this issue and the amount of code change in the TCP/Agent communication area between 1.480.2 and earlier versions we already have packaged. Yeah, and besides that this is going to be a large patch. I don't think Release Team is going to be much happy about that at this stage either. I'm trying to get some advice from upstream on this - hopefully I'll hear back in the next ~24hrs Good to know, I'll stay tuned. BTW, recently the team of developers with I work with began to use Jenkins so I have some interest in it. If you are OK with that I can jump in as co-maintainer. Yes please! Fine, Cheers, -- Miguel Landaeta, miguel at miguel.cc secure email with PGP 0x6E608B637D8967E9 available at http://keyserver.pgp.com/ Faith means not wanting to know what is true. -- Nietzsche -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697866: Attaching dpkg-divert --list output
Here is the output of dpkg-diver --list command on my system diversion of /usr/bin/pg_config to /usr/bin/pg_config.libpq-dev by postgresql-common diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash diversion of /usr/bin/firefox to /usr/bin/firefox.real by iceweasel Best Regards -- Vasudev Kamath http://copyninja.info Connect on ~friendica: copyninja@{frndk.de | vasudev.homelinux.net} IRC nick: copyninja | vasudev {irc.oftc.net | irc.freenode.net} GPG Key: C517 C25D E408 759D 98A4 C96B 6C8F 74AE 8770 0B7E signature.asc Description: Digital signature
Bug#661471: marked as done (gnome-themes-standard: removal of gnome-themes-standard makes files disappear from gnome-accessibility-themes)
Your message dated Thu, 10 Jan 2013 17:47:36 + with message-id e1ttme4-0003ar...@franck.debian.org and subject line Bug#661471: fixed in gnome-themes-standard 3.6.2-1 has caused the Debian Bug report #661471, regarding gnome-themes-standard: removal of gnome-themes-standard makes files disappear from gnome-accessibility-themes to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 661471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661471 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gnome-themes-standard Version: Severity: serious User: debian...@lists.debian.org Usertags: piuparts replaces-without-breaks Hi, during a test with piuparts and EDOS tools I noticed your package causes removal of files that also belong to another package. This is caused by using Replaces without corresponding Breaks. The installation sequence to reproduce this problem is apt-get install gnome-accessibility-themes # (1) apt-get install gnome-themes-standard apt-get remove gnome-themes-standard # (2) The list of installed files at points (1) and (2) should be identical, but the following files have disappeared: /usr/share/icons/HighContrast/index.theme /usr/share/icons/HighContrastInverse/index.theme /usr/share/themes/HighContrast/gtk-2.0/gtkrc /usr/share/themes/HighContrast/index.theme /usr/share/themes/HighContrastInverse/gtk-2.0/gtkrc /usr/share/themes/HighContrastInverse/index.theme /usr/share/themes/LowContrast/gtk-2.0/gtkrc /usr/share/themes/LowContrast/index.theme This is a serious bug violating policy 7.6, see http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces and also see the footnote that describes this incorrect behavior http://www.debian.org/doc/debian-policy/footnotes.html#f53 The gnome-themes-standard package has the following relationships with gnome-accessibility-themes: Conflicts: n/a Breaks:n/a Replaces: gnome-accessibility-themes ( 3.0) gnome-accessibility-themes is only available as 2.30.2-1 in squeeze, wheezy, and sid. From the attached log (scroll to the bottom...): 0m40.0s ERROR: FAIL: After purging files have disappeared: /usr/share/icons/HighContrast/index.theme owned by: gnome-themes-standard /usr/share/icons/HighContrastInverse/index.theme owned by: gnome-themes-standard /usr/share/themes/HighContrast/gtk-2.0/gtkrc owned by: gnome-themes-standard /usr/share/themes/HighContrast/index.theme owned by: gnome-themes-standard /usr/share/themes/HighContrastInverse/gtk-2.0/gtkrcowned by: gnome-themes-standard /usr/share/themes/HighContrastInverse/index.theme owned by: gnome-themes-standard /usr/share/themes/LowContrast/gtk-2.0/gtkrcowned by: gnome-themes-standard /usr/share/themes/LowContrast/index.theme owned by: gnome-themes-standard 0m40.0s ERROR: FAIL: After purging files have been modified: /var/lib/dpkg/info/gnome-accessibility-themes.list not owned cheers, Andreas REPL_gnome-accessibility-themes_gnome-themes-standard.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: gnome-themes-standard Source-Version: 3.6.2-1 We believe that the bug you reported is fixed in the latest version of gnome-themes-standard, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 661...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl bi...@debian.org (supplier of updated gnome-themes-standard package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 18:17:33 +0100 Source: gnome-themes-standard Binary: gnome-themes-standard gnome-themes-standard-data gnome-accessibility-themes Architecture: source all amd64 Version: 3.6.2-1 Distribution: experimental Urgency: low Maintainer: Debian GNOME Maintainers pkg-gnome-maintain...@lists.alioth.debian.org Changed-By: Michael Biebl bi...@debian.org Description: gnome-accessibility-themes - Accessibility themes for the GNOME desktop gnome-themes-standard - Standard GNOME themes gnome-themes-standard-data - Data files for GNOME standard themes Closes: 661471 691691 694055
Bug#694055: marked as done (gnome-themes-standard: fails to upgrade from 'sid' - trying to overwrite /usr/share/gnome-background-properties/adwaita.xml)
Your message dated Thu, 10 Jan 2013 17:47:36 + with message-id e1ttme4-0003ax...@franck.debian.org and subject line Bug#694055: fixed in gnome-themes-standard 3.6.2-1 has caused the Debian Bug report #694055, regarding gnome-themes-standard: fails to upgrade from 'sid' - trying to overwrite /usr/share/gnome-background-properties/adwaita.xml to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694055: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694055 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gnome-themes-standard Version: 3.6.0.2-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: affects -1 + mutter Hi, during a test with piuparts I noticed your package fails to upgrade from 'sid' to 'experimental'. It installed fine in 'sid', then the upgrade to 'experimental' fails because it tries to overwrite other packages files without declaring a Breaks+Replaces relation. See policy 7.6 at http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces From the attached log (scroll to the bottom...): Preparing to replace gnome-themes-standard 3.4.2-2.1 (using .../gnome-themes-standard_3.6.0.2-2_amd64.deb) ... Unpacking replacement gnome-themes-standard ... dpkg: error processing /var/cache/apt/archives/gnome-themes-standard_3.6.0.2-2_amd64.deb (--unpack): trying to overwrite '/usr/share/gnome-background-properties/adwaita.xml', which is also in package gnome-themes-standard-data 3.4.2-2.1 cheers, Andreas mutter_3.6.1-1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: gnome-themes-standard Source-Version: 3.6.2-1 We believe that the bug you reported is fixed in the latest version of gnome-themes-standard, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl bi...@debian.org (supplier of updated gnome-themes-standard package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 18:17:33 +0100 Source: gnome-themes-standard Binary: gnome-themes-standard gnome-themes-standard-data gnome-accessibility-themes Architecture: source all amd64 Version: 3.6.2-1 Distribution: experimental Urgency: low Maintainer: Debian GNOME Maintainers pkg-gnome-maintain...@lists.alioth.debian.org Changed-By: Michael Biebl bi...@debian.org Description: gnome-accessibility-themes - Accessibility themes for the GNOME desktop gnome-themes-standard - Standard GNOME themes gnome-themes-standard-data - Data files for GNOME standard themes Closes: 661471 691691 694055 Changes: gnome-themes-standard (3.6.2-1) experimental; urgency=low . [ Sjoerd Simons ] * Recommend gtk2-engines-pixbuf instead of gtk2-engines. Closes: #691691 . [ Michael Biebl ] * New upstream release. . [ Theppitak Karoonboonyanan ] * Split out gnome-accessibility-themes to fullfill the old dependencies. (Closes: #661471) * Capitalize GNOME in package description. [lintian] * Split out gnome-themes-standard-data for arch-indep files. [lintian] * Add multi-arch support. - Bump B-Deps debhelper (= 8.1.3), cdbs (= 0.4.93~). - d/rules: Add DEB_CONFIGURE_EXTRA_FLAGS. - Declare M-A: same for gnome-themes-standard; M-A: foreign for gnome-themes-standard-data gnome-accessibility-themes. . [ Josselin Mouette ] * The above closes: #694055. * New upstream release. * Only recommend gnome-accessibility-themes. The metapackages will be in charge of the Depends. * Build-depend on libgtk2.0-dev. * Install GTK2 engine. * Stop removing .la files, we don’t list them in *.install anyway. Checksums-Sha1: 765cf103aa92ae6355ef3a4d1a7dea068b9ba42f 2441 gnome-themes-standard_3.6.2-1.dsc c7f40cc078c67169caee4883c76c5d192061fed2 3609716 gnome-themes-standard_3.6.2.orig.tar.xz 0c1badc0cc2f189580a1a55f43962474a913fe85 4877 gnome-themes-standard_3.6.2-1.debian.tar.gz eb4d8c424a48c081aa0580410708cc71729c6e77 1578066 gnome-themes-standard-data_3.6.2-1_all.deb 7a172a63e9b216130e22c8d0747e27c91d62625a 2124544
Bug#697866: libgtk-3-bin fails to upgrade to 3.4.2-5
On 10.01.2013 18:25, Vasudev Kamath wrote: Package: libgtk-3-bin Version: 3.4.2-5 Severity: serious When trying to upgrade from 3.4.2-4 to 3.4.2-5 I get following error and aptitude aborts Adding 'diversion of /usr/sbin/update-icon-caches to /usr/sbin/update-icon-caches.gtk2 by libgtk-3-bin' dpkg-divert: error: rename involves overwriting `/usr/sbin/update-icon-caches.gtk2' with different file `/usr/sbin/update-icon-caches', not allowed dpkg: error processing /var/cache/apt/archives/libgtk-3-bin_3.4.2-5_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 2 Errors were encountered while processing: /var/cache/apt/archives/libgtk-3-bin_3.4.2-5_amd64.deb This leaves the package management in broken state hence I marked the bug as serious The relevant code hasn't been changed for ages, so I really doubt that it is a problem specific to 3.4.2-5. What does dpkg -S /usr/sbin/update-icon-caches give you. Which version of libgtk2.0-0 do you have installed? What's the output of md5sum /usr/sbin/update-icon-caches* -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#696424: Possible patch
Hi David On Thu, Jan 10, 2013 at 10:16:35AM +, David Weber wrote: Hi David On Mon, Jan 07, 2013 at 09:06:53AM +, David Weber wrote: Attached is the debdiff contianing these three refreshed for the version in unstable and testing. But I'm not yet ready to propose a NMU. Testing of the resulting package is welcome! Thanks for the debdiff! It works as expected: It creates the files with the right permissions without breaking functionality. A problem could be that the files aren't freshly created by a simple restart of the daemon. Should something be done about that? Some options could be: - Notify the user to stop libvirtd and sanlock and run rm /var/run/sanlock/sanlock.sock; rm /var/log/sanlock.log - Change the file permissions through the package update - Do nothing because most likely nobody uses sanlock on Debain atm. I have not a final answer here, but it might be easy to implement like libvirt-bin does in postint, mabye only conditionally checking (so doing it during package update from a 'broken' version): [...] if ! dpkg-statoverride --list /var/log/sanlock.log /dev/null 21; then # fix permissions fi [...] and the same for /var/run/sanlock/sanlock.sock. Great hint. I modified the patch in that way and also added the fix for #689696 Btw, after thinking about further on it: As both /var/log/sanlock.log and /var/run/sanlock/sanlock.sock are not files installed by the package, I think the check with dpkg-statoverride is in this case wrong! Sorry about the wrong suggestion. So I think it's best to remove this again. Regarding the second: I suggest to include in this upload only fixes compliant with the freeze policy: [1]: http://release.debian.org/wheezy/freeze_policy.html (but I have not looked if #689696 can be considered RC). +sanlock (2.2-1.1) unstable; urgency=low + + * Fix CVE-2012-5638 sanlock world writable /var/log/sanlock.log. Thanks to Salvatore Bonaccorso (Closes: #696424) would wrap this line +Add patches cherry-picked from git repository: + - 0001-sanlock-remove-umask-0.patch + - 0001-sanlock-use-lockfile-mode-644.patch + - 0001-wdmd-use-lockfile-mode-644.patch + * Replace restrict field name (Closes: #689696) +Add patche cherry.picked from git repository: ^ s{patche}{patch} and s{cherry.picked}{cherry picked} Again thanks for your work! Regards, Salvatore signature.asc Description: Digital signature
Bug#697870: redhat-cluster-suite: Fails to install due to removed clvm package
Package: redhat-cluster-suite Version: 3.1.8-1 Severity: serious Justification: fails to install -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi redhat-cluster-suite fails to install as clvm package was dropped in lvm2 source package: lvm2 (2.02.95-6) unstable; urgency=low * Drop cluster (clvm) support. It never properly worked and is more dead than alive. -- Bastian Blank wa...@debian.org Wed, 02 Jan 2013 11:11:41 +0100 See [1], thus redhat-cluster, ocfs2-tools and qpid-cpp are at risk to be removed from wheezy. [1]: https://lists.debian.org/debian-release/2013/01/msg00120.html - cut-cut-cut-cut-cut-cut- # apt-get install redhat-cluster-suite Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: redhat-cluster-suite : Depends: clvm but it is not going to be installed E: Unable to correct problems, you have held broken packages. - cut-cut-cut-cut-cut-cut- Regards, Salvatore -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ7wXIAAoJEHidbwV/2GP+ER0QAMxyrqdQFIy3mgREycPjQZuf Q3J3d4aAzFfxzVlvnhOPfq/GGcT0YFm80MII38B9wBsMngtcZ5BFnw7SC9tvDyei NAQTcLusZpA3b7MaefaDy7ko8g/dRzh2M6blH7AA/Q4vBXPjSnPZHy3xhT1S3DLM pQJiPoicHD/kY/+AFYuw/Y4U/eSPZDzc2EqFWbzgzfGz0ZvJPLh2zByxs5zHB2CP YtzrlGrPtzEL0M7g8xw7ZjAC4yThKUtitufcvZnKlp8wVzyI/BFhHGCR77zP0ySn pc2zYc1j7gidNFNVQhm0fp0yRrgwvwWAZBYUnuyfUnj7DINP0NuoeEiI23bPSbDw z3wO/kJ9Vfpl85b1/EPpgRk4IdaCPyD5jrYQAHLQ5xAqtPBHAQmxUrgNSaRlSX7W aB56aqRLZwAnZO2OlM0vsVBTJTCtml2Yk9iSehq+39Fm1N9MU+JBRRluDhfD/IMR GRoTQzMo5ojdO8gUPizSV2S7s7KGdYeO/TrJ7bTo42Zz03vck6PUIAhGJt4/SRZo A7xJcFUuG5F6bntyc9hZleyG5Z6FlwVVZ9YOb9pso56bUvem/gszPqqd0/NDw+gP 5ZmadNKrfzT07VOC5i1JaeF5IU3eS1hfLcmaRG6+FFiKlUZojNimCW1Hk1Soi3Rk z+heNv9P+SyTKofpYPDy =Bx2U -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed (with 1 errors): your mail
Processing commands for cont...@bugs.debian.org: user debian...@lists.debian.org Setting user to debian...@lists.debian.org (was roucaries.bast...@gmail.com). forcemerge 695716 697809 Bug #695716 [src:cgdb] cgdb: includes non-free documentation (GFDL with unmodifiable sections) Unable to merge bugs because: package of #697809 is 'cgdb' not 'src:cgdb' Failed to forcibly merge 695716: Did not alter merged bugs Debbugs::Control::set_merged('transcript', 'GLOB(0x1ab9ef8)', 'requester', 'Bastien ROUCARIES roucaries.bast...@gmail.com', 'request_addr', 'cont...@bugs.debian.org', 'request_msgid', 'CAE2SPAZcLhwij2A=7psf4t2gc5osluywwjah+oemg2o1hu6...@mail.gma...', 'request_subject', ...) called at /usr/local/lib/site_perl/Debbugs/Control/Service.pm line 552 eval {...} called at /usr/local/lib/site_perl/Debbugs/Control/Service.pm line 551 Debbugs::Control::Service::control_line('line', undef, 'clonebugs', 'HASH(0x1a33160)', 'limit', 'HASH(0x1a32b48)', 'common_control_options', 'ARRAY(0x1a32b90)', 'errors', ...) called at /usr/lib/debbugs/service line 474 usertags 695716 gfdl-invariant Usertags were: gfdl-invariant. Usertags are now: gfdl-invariant. thanks Stopping processing here. Please contact me if you need assistance. -- 695716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695716 697809: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697809 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697871: dma generated headers misses the domain part (violates section-3.4.1 of rfc2822)
Package: dma Severity: grave Justification: violates section-3.4.1 of rfc2822, therefore could make unrelated software on the system to break or cause data loss (missing/bounced e-mails) DMA should append the system mailname (/etc/mailname), or the system hostname when the mailname is not available automatically to the generated e-mails when the user don't specify a domain name. Take, for example the following headers of a generated mail from cron on a system running dma: Received: from root (uid 0) (envelope-from root@localhost) id 18000e2 by localhost (DragonFly Mail Agent); Thu, 10 Jan 2013 17:33:25 +0100 From: root (Cron Daemon) To: root Subject: Cron root@localhosttest -x /usr/sbin/anacron || ( cd / run-parts --report /etc/cron.hourly ) (failed) Content-Type: text/plain; charset=UTF-8 X-Cron-Env: SHELL=/bin/sh X-Cron-Env: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin X-Cron-Env: HOME=/root X-Cron-Env: LOGNAME=root Date: Thu, 10 Jan 2013 07:33:25 +0100 Message-Id: 50ee60b5.18000e2.7a0902f8@localhost The same message when generated by a sane MTA (Exim for example) will have: From: root@localhost (Cron Daemon) To: root@localhost To reproduce, Execute the following command on a system running DMA. echo This is the main body of the mail | mail -s Testing dma sanity mym...@address.com -- -f root If DMA is configured to deliver to an smarthost (exim), you will get your mail bounced back. This is the DragonFly Mail Agent at satellite.address.com. There was an error delivering your mail to mym...@address.com. mail.adress.com [192.168.122.1] did not like our MAIL FROM: 501 root: sender address must contain a domain Message headers follow. Received: from root (uid 0) (envelope-from root) id 1806b45 by satellite.address.com (DragonFly Mail Agent); Thu, 10 Jan 2013 19:12:42 +0100 To: mym...@address.com Subject: Testing dma sanity Date: Thu, 10 Jan 2013 19:12:42 +0100 Message-Id: 50ef049a.1806b45.2d33b...@satellite.address.com From: root Now do the same test on another system running Exim and you will see how Exim automatically adds an @mailname.tld The MTA should append _always_ an @ with the mailname/hostname part when the user don't specify it. Since this bug potentially breaks unrelated software I am marking it as a RC bug. I noticed this because my procmail rules stopped working as expected and because of bounced mails after installing DMA. Regards! signature.asc Description: OpenPGP digital signature
Processed: your mail
Processing commands for cont...@bugs.debian.org: reassign 697809 src:cgdb Bug #697809 [cgdb] [cgdb] You have a gfdl text with invariant section Bug reassigned from package 'cgdb' to 'src:cgdb'. Ignoring request to alter found versions of bug #697809 to the same values previously set Ignoring request to alter fixed versions of bug #697809 to the same values previously set forcemerge 695716 697809 Bug #695716 [src:cgdb] cgdb: includes non-free documentation (GFDL with unmodifiable sections) Bug #697809 [src:cgdb] [cgdb] You have a gfdl text with invariant section Marked as found in versions cgdb/0.6.6-2. Merged 695716 697809 thanks Stopping processing here. Please contact me if you need assistance. -- 695716: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695716 697809: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697809 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#685061: gfs2-utils: diff for NMU version 3.1.3-1.1
tags 685061 + patch thanks Dear maintainer, I noticed this bug as affecting also redhat-cluster. I prepared a patch adding a dependency on gfs2-cluster for gfs2-utils. Attached is the proposed debdiff for a NMU (but I have not yet uploaded to a delayed queue). Regards, Salvatore diff -Nru gfs2-utils-3.1.3/debian/changelog gfs2-utils-3.1.3/debian/changelog --- gfs2-utils-3.1.3/debian/changelog 2012-08-06 14:17:02.0 +0200 +++ gfs2-utils-3.1.3/debian/changelog 2013-01-10 19:37:13.0 +0100 @@ -1,3 +1,14 @@ +gfs2-utils (3.1.3-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Add missing Depends on gfs2-cluster for gfs2-utils. +Fix gfs2-utils: fails to install due to incorrect dependencies in +init.d LSB header. gfs2-utils init script contains a dependency on the +service providing gfs_controld, which in turn is provided by +gfs2-cluster. (Closes: #685061) + + -- Salvatore Bonaccorso car...@debian.org Thu, 10 Jan 2013 19:36:49 +0100 + gfs2-utils (3.1.3-1) unstable; urgency=low * Initial release as stand-alone package; this used to be part of the diff -Nru gfs2-utils-3.1.3/debian/control gfs2-utils-3.1.3/debian/control --- gfs2-utils-3.1.3/debian/control 2012-08-06 14:14:55.0 +0200 +++ gfs2-utils-3.1.3/debian/control 2013-01-10 19:37:13.0 +0100 @@ -10,7 +10,7 @@ Package: gfs2-utils Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, psmisc, cman +Depends: ${misc:Depends}, ${shlibs:Depends}, psmisc, cman, gfs2-cluster (= ${binary:Version}) Replaces: gfs2-tools (= 3.0.17) Conflicts: gfs2-tools (= 3.0.17) Description: Global File System 2 - filesystem tools signature.asc Description: Digital signature
Processed: gfs2-utils: diff for NMU version 3.1.3-1.1
Processing commands for cont...@bugs.debian.org: tags 685061 + patch Bug #685061 [gfs2-utils] gfs2-utils: fails to install due to incorrect dependencies in init.d LSB header Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. -- 685061: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: affects 697865
Processing commands for cont...@bugs.debian.org: affects 697865 + release.debian.org Bug #697865 [libnss3-1d] libnss3-1d: fix for DSA-2599 is incomplete Added indication that 697865 affects release.debian.org thanks Stopping processing here. Please contact me if you need assistance. -- 697865: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697865 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696837: [patch]
On Tue, Jan 08, 2013 at 12:17:58AM +1000, Eddy Pronk wrote: deluged has the dependency. The deluge-common package should have it instead. No, it shouldn't. -- WBR, wRAR signature.asc Description: Digital signature
Bug#697847: [Pkg-ace-devel] Bug#697847: missing source for Win32 binaries
tags 697847 + confirmed thanks On 10/01/2013 12:26, Ansgar Burchardt wrote: The source for bin/LabVIEW_RT/*.exe seems to be missing from the source package (at least from 6.0.3-5 and 6.1.2-1). As they seem to be related to LabVIEW I suspect they cannot be built in Debian either. Hello, thanks for the report. The .exe is not used for building nor is it distributed. We need a repackaged version for this. Since my GPG key has expired, I will not be able to upload this in a timely fashion, so you can consider this email as a call for NMU. Thanks, Regards, Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: [Pkg-ace-devel] Bug#697847: missing source for Win32 binaries
Processing commands for cont...@bugs.debian.org: tags 697847 + confirmed Bug #697847 [src:ace] missing source for Win32 binaries Added tag(s) confirmed. thanks Stopping processing here. Please contact me if you need assistance. -- 697847: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697847 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697808: [Pkg-zsh-devel] Bug#697808: zsh: missing copyright file after upgrade from 5.0.2-1
Hi Axel, I've seen that this is already fixed in git. Thanks! I'm though surprised that Lintian didn't catch that issue. Maybe because of the symlink in the package. lintian is not the correct tool to detect this situation. It would have to know if in previous versions of the package the symlink was already there or if it was a directory. lintian doesn't have that information. That's more the area of piuparts. Regards -- Sebastian Ramacher signature.asc Description: Digital signature
Bug#697870: redhat-cluster-suite: Fails to install due to removed clvm package
Control: tags -1 + patch Hi According to [1] it looks okay to drop the Depends on clvm, as this was noted as supplement to redhat-cluster-suite. [1]: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Cluster_Suite_Overview/index.html#s1-rhcs-intro-CSO Attached proposed debdiff for unstable. I can do a NMU and can upload if needed (and would upload this to a delayed in any case to give you time). But please let me know if you would like to do the upload yourself. Regards, Salvatore diff -Nru redhat-cluster-3.1.8/debian/changelog redhat-cluster-3.1.8/debian/changelog --- redhat-cluster-3.1.8/debian/changelog 2012-08-05 10:34:43.0 +0200 +++ redhat-cluster-3.1.8/debian/changelog 2013-01-10 21:40:59.0 +0100 @@ -1,3 +1,13 @@ +redhat-cluster (3.1.8-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Drop clvm Depends for redhat-cluster-suite binary package. +Cluster (clvm) support was dropped in lvm2 source package by removing +the clvm binary package. Drop the Depends also in redhat-cluster-suite. +(Closes: #697870) + + -- Salvatore Bonaccorso car...@debian.org Thu, 10 Jan 2013 21:40:28 +0100 + redhat-cluster (3.1.8-1) unstable; urgency=low [ Andres Rodriguez ] diff -Nru redhat-cluster-3.1.8/debian/control redhat-cluster-3.1.8/debian/control --- redhat-cluster-3.1.8/debian/control 2012-08-05 10:42:02.0 +0200 +++ redhat-cluster-3.1.8/debian/control 2013-01-10 21:40:59.0 +0100 @@ -23,7 +23,7 @@ Package: redhat-cluster-suite Architecture: all Depends: ${misc:Depends}, cman (= ${binary:Version}), rgmanager (= ${binary:Version}), - gfs2-utils (= 3.1), clvm, fence-agents, resource-agents + gfs2-utils (= 3.1), fence-agents, resource-agents Description: Red Hat cluster suite - metapackage RHCS is a cluster management infrastructure, for building high-availability multi-node clusters with service and IP failover on signature.asc Description: Digital signature
Processed: Re: Bug#697870: redhat-cluster-suite: Fails to install due to removed clvm package
Processing control commands: tags -1 + patch Bug #697870 [redhat-cluster-suite] redhat-cluster-suite: Fails to install due to removed clvm package Added tag(s) patch. -- 697870: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697870 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696075: marked as done (lcl-utils: directory vs. symlink mess after squeeze = wheezy upgrade: /etc/lazarus)
Your message dated Thu, 10 Jan 2013 21:18:48 + with message-id e1ttpws-00053q...@franck.debian.org and subject line Bug#696075: fixed in lazarus 0.9.30.4-4 has caused the Debian Bug report #696075, regarding lcl-utils: directory vs. symlink mess after squeeze = wheezy upgrade: /etc/lazarus to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696075 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: lcl-utils Version: 0.9.30.4-1.1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during an upgrade test with piuparts I noticed your package installs files over an existing symlink, overwriting files from another package in a way that is not detected by dpkg: 0m44.0s INFO: dirname part contains a symlink: /etc/lazarus/environmentoptions.xml != /etc/lazarus-0.9.30.4/environmentoptions.xml (lcl-utils) /etc/lazarus/helpoptions.xml != /etc/lazarus-0.9.30.4/helpoptions.xml (lcl-utils) Looks like /etc/lazarus was a symlink in squeeze and is a directory in wheezy. Note that dpkg intentionally does not replace directories with symlinks and vice versa. This creates a serious mess with the conffiles in /etc ... There are also some obsolete conffiles (could be false positives due to this symlinkmess), look at dpkg-maintscript-helper for easy cleanup: OBSOLETE CONFFILE /etc/lazarus/helpoptions.xml REGISTERED BY lcl-utils (MODIFIED) OBSOLETE CONFFILE /etc/lazarus/environmentoptions.xml REGISTERED BY lcl-utils (MODIFIED) and there are files left on the system after purge: 0m46.6s INFO: Warning: Package purging left files on system: /etc/lazarus.bak/ not owned /etc/lazarus.bak/environmentoptions.xmlnot owned /etc/lazarus.bak/helpoptions.xml not owned I didn't look at the maintainer scripts or the package to analyze what's going on (or what was intended to happen). Cheers, Andreas lcl-utils_0.9.30.4-1.1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: lazarus Source-Version: 0.9.30.4-4 We believe that the bug you reported is fixed in the latest version of lazarus, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Abou Al Montacir abou.almonta...@sfr.fr (supplier of updated lazarus package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 08 Jan 2013 17:37:00 +0100 Source: lazarus Binary: lazarus-0.9.30.4 lazarus-src-0.9.30.4 lazarus-ide-0.9.30.4 lazarus-ide-gtk2-0.9.30.4 lazarus-ide-qt4-0.9.30.4 lcl-0.9.30.4 lcl-utils-0.9.30.4 lcl-units-0.9.30.4 lcl-nogui-0.9.30.4 lcl-gtk2-0.9.30.4 lcl-qt4-0.9.30.4 lazarus-doc-0.9.30.4 lazarus lazarus-src lazarus-ide lazarus-ide-gtk2 lazarus-ide-qt4 lcl lcl-utils lcl-units lcl-nogui lcl-gtk2 lcl-qt4 lazarus-doc Architecture: source amd64 all Version: 0.9.30.4-4 Distribution: unstable Urgency: low Maintainer: Carlos Laviola clavi...@debian.org Changed-By: Abou Al Montacir abou.almonta...@sfr.fr Description: lazarus- IDE for Free Pascal - SDK dependency package lazarus-0.9.30.4 - IDE for Free Pascal - suite lazarus-doc - IDE for Free Pascal - documentation dependency package lazarus-doc-0.9.30.4 - IDE for Free Pascal - documentation lazarus-ide - IDE for Free Pascal - common IDE files dependency package lazarus-ide-0.9.30.4 - IDE for Free Pascal - common IDE files lazarus-ide-gtk2 - IDE for Free Pascal - GTK+ version lazarus-ide-gtk2-0.9.30.4 - IDE for Free Pascal - GTK+ version lazarus-ide-qt4 - IDE for Free Pascal - IDE build on top of Qt backend dependency p lazarus-ide-qt4-0.9.30.4 - IDE for Free Pascal - Qt version lazarus-src - IDE for Free Pascal - LCL source code dependency package lazarus-src-0.9.30.4 - IDE for Free Pascal - LCL source code lcl- Lazarus Components Library - LCL dependency package lcl-0.9.30.4 - Lazarus Components Library - LCL suite lcl-gtk2 - Lazarus Components Library - GTK+ backend dependency package lcl-gtk2-0.9.30.4 - Lazarus Components Library - GTK+ backend lcl-nogui - Lazarus Components Library -
Bug#696837: [patch]
The file that imports libtorrent is packaged in deluge-common. Why do you think it should not have a dependency on it? What would be the right fix? On Fri, Jan 11, 2013 at 6:18 AM, Andrey Rahmatullin w...@wrar.name wrote: On Tue, Jan 08, 2013 at 12:17:58AM +1000, Eddy Pronk wrote: deluged has the dependency. The deluge-common package should have it instead. No, it shouldn't. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697892: src:virtualbox: FTBFS in sid and experimental: /usr/bin/kmk_sed: file /tmp/buildd/virtualbox-4.1.18-dfsg/src/VBox/Runtime/common/err/errmsg.sed line 31: Unmatched [ or [^
Package: src:virtualbox Version: 4.1.18-dfsg-1.1 Severity: serious Tags: sid experimental Justification: fails to build from source (but built successfully in the past) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 While trying to rebuild virtualbox with the patch from #691169 (which works fine BTW), I noticed that the package doesn't build in a sid or experimental chroot. The error is: kBuild: Creating directory /tmp/buildd/virtualbox-4.1.18-dfsg/out/obj/Runtime/ kmk_builtin_mkdir -p -- /tmp/buildd/virtualbox-4.1.18-dfsg/out/obj/Runtime/ kBuild: Generating /tmp/buildd/virtualbox-4.1.18-dfsg/out/obj/Runtime/errmsgdata.h from /tmp/buildd/virtualbox-4.1.18-dfsg/include/iprt/err.h /tmp/buildd/virtualbox-4.1.18-dfsg/include/VBox/err.h /usr/bin/kmk_redirect -wo /tmp/buildd/virtualbox-4.1.18-dfsg/out/obj/Runtime/errmsgdata.h -- /usr/bin/kmk_sed -f /tmp/buildd/virtualbox-4.1.18-dfsg/src/VBox/Runtime/common/err/errmsg.sed /tmp/buildd/virtualbox-4.1.18-dfsg/include/iprt/err.h /tmp/buildd/virtualbox-4.1.18-dfsg/include/VBox/err.h /usr/bin/kmk_sed: file /tmp/buildd/virtualbox-4.1.18-dfsg/src/VBox/Runtime/common/err/errmsg.sed line 31: Unmatched [ or [^ kmk: *** [/tmp/buildd/virtualbox-4.1.18-dfsg/out/obj/Runtime/errmsgdata.h] Error 1 kmk: *** Deleting file `/tmp/buildd/virtualbox-4.1.18-dfsg/out/obj/Runtime/errmsgdata.h' kmk: *** Waiting for unfinished jobs Fortunately for wheezy, it builds fine (with and without the patch) in a testing chroot. I'm attaching the complete build log. Cheers, gregor - -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_AT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQ7045AAoJELs6aAGGSaoG+34P/3T5VFLVFaVZE6Vs1eFFs/Gd U5StS1XGBwkrtCdCta4h6zFYlDzU5jCRqAHylGNeBoHFdLVMi+IC1zX0XLP/lz7f avUv6Xu8ydCu/Wad18McwI3NMc+AvWajG5dZy8I2H96sU8wG4awV7vjBElXxlWeM +kpWj4hfHa70voGMOLyFrQ14NLxp5VKNRPIgIhmLe07mQRPDfe7pKHElIiOxlKqM T7fr29n3qw9TpyrK0buN0zgLtE1dzPMGjnTH6CasBNcM0WYTk7Uf699gOzF4+qyc FUv1jz8sCwfaxyQekzCF3dXmtcLOmJ5Vf9D+5DPOVvFT8RNnVBN3lN/y+pgcWT8Q QT0sDCG1MCZXFbh105a83kYhd4UAFqN6ghsdM5tciQPCob7AuBZViiVcvhEXxgh4 D2qvtNad8wj1Zfq7Q/AavlLwTx3iFxL1Ym7CAw4xhtqiVnejAylCQF3ubsWc23X5 khDH/aEbobL8kAuqb99cZ+ieLhsyiffp81vlnhN1ExRTt3utmxwPhQTf4H0UXpDJ h+gqRClqMBFbZc/71iarObq7oVYCZfha0rmEofnEc4qx2I8+XMAal7Y5i7s0GydI Poifi/ICbwfk9fKSbBcbuofPUpEOJSaoAkfqfoMeRt+FUsx91bhB0wD1RmH6sf3Z 1+HnWLg7penVDG6QWT6R =AOYz -END PGP SIGNATURE- virtualbox_4.1.18-dfsg-1.1_amd64.build.gz Description: GNU Zip compressed data
Bug#697032: rcpp: FTBFS[kfreebsd]: #error Rcpp::Timer not supported by your OS.
On Mon, 2012-12-31 at 17:41:52 +, Steven Chamberlain wrote: On 31/12/12 17:06, Dirk Eddelbuettel wrote: https://r-forge.r-project.org/scm/viewvc.php/pkg/Rcpp/src/Timer.cpp?root=rcppr1=4182r2=4181pathrev=4182 Actually... presence of time.h rather depends on the libc, not the kernel? So __GLIBC__ is perhaps more relevant than __FreeBSD_kernel__ in this case - plus it should work for other GNU/k*BSD variants if/when they exist. Well, that's still suboptimal, the ideal solution in this kind of cases is to test for the feature at build time, which avoids all this ifdef whitelists, and subsequent updates. While here, I think I can explain the build failure on GNU/Hurd. The test for __MACH__ applies to both Apple systems and GNU systems. I suggest using mach/mach_time.h only for __APPLE__, and then adding __GNU__ to the list for time.h For Mac OS X I'd test for __APPLE__ __MACH__, otherwise that could trigger on other non Mach-based Apple systems. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697865: libnss3-1d: fix for DSA-2599 is incomplete
On Thu, Jan 10, 2013 at 10:54:05AM -0600, Jamie Strandboge wrote: I can confirm that simply updating ckbi is not enough for nss 3.13.1 and earlier. Damn. Intermediate blacklisting was done in https://bugzilla.mozilla.org/show_bug.cgi?id=642503 and this was part of 3.13. It looks like it's not too hard to backport. I'll look at that tomorrow. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: reassign 691169 to src:virtualbox, forcibly merging 691169 696011, tagging 696011 ...
Processing commands for cont...@bugs.debian.org: reassign 691169 src:virtualbox Bug #691169 [virtualbox-dkms] virtualbox-dkms: fails to build kernel-module with kernel 3.6.3 Bug #696667 [virtualbox-dkms] virtualbox-dkms: Build fails with 3.6-trunk kernel Bug reassigned from package 'virtualbox-dkms' to 'src:virtualbox'. Bug reassigned from package 'virtualbox-dkms' to 'src:virtualbox'. No longer marked as found in versions virtualbox/4.1.18-dfsg-1.1. No longer marked as found in versions virtualbox/4.1.18-dfsg-1.1. Ignoring request to alter fixed versions of bug #691169 to the same values previously set Ignoring request to alter fixed versions of bug #696667 to the same values previously set forcemerge 691169 696011 Bug #691169 [src:virtualbox] virtualbox-dkms: fails to build kernel-module with kernel 3.6.3 Bug #696667 [src:virtualbox] virtualbox-dkms: Build fails with 3.6-trunk kernel Bug #696011 [src:virtualbox] virtualbox: kernel modules fail to build against linux kernel v3.7 Severity set to 'serious' from 'important' Severity set to 'serious' from 'important' Added tag(s) experimental. Added tag(s) experimental. Bug #696667 [src:virtualbox] virtualbox-dkms: Build fails with 3.6-trunk kernel Marked as found in versions virtualbox/4.1.18-dfsg-1.1. Marked as found in versions virtualbox/4.1.18-dfsg-1.1. Added tag(s) upstream and patch. Added tag(s) upstream and patch. Bug #696953 [src:virtualbox] virtualbox-source: Virtualbox does not compile with 3.7 kernels Merged 691169 696011 696667 696953 tags 696011 + patch upstream Bug #696011 [src:virtualbox] virtualbox: kernel modules fail to build against linux kernel v3.7 Bug #691169 [src:virtualbox] virtualbox-dkms: fails to build kernel-module with kernel 3.6.3 Bug #696667 [src:virtualbox] virtualbox-dkms: Build fails with 3.6-trunk kernel Bug #696953 [src:virtualbox] virtualbox-source: Virtualbox does not compile with 3.7 kernels Ignoring request to alter tags of bug #696011 to the same tags previously set Ignoring request to alter tags of bug #691169 to the same tags previously set Ignoring request to alter tags of bug #696667 to the same tags previously set Ignoring request to alter tags of bug #696953 to the same tags previously set retitle 696011 kernel modules fail to build against linux kernel v3.{6,7} Bug #696011 [src:virtualbox] virtualbox: kernel modules fail to build against linux kernel v3.7 Bug #691169 [src:virtualbox] virtualbox-dkms: fails to build kernel-module with kernel 3.6.3 Bug #696667 [src:virtualbox] virtualbox-dkms: Build fails with 3.6-trunk kernel Bug #696953 [src:virtualbox] virtualbox-source: Virtualbox does not compile with 3.7 kernels Changed Bug title to 'kernel modules fail to build against linux kernel v3.{6,7}' from 'virtualbox: kernel modules fail to build against linux kernel v3.7' Changed Bug title to 'kernel modules fail to build against linux kernel v3.{6,7}' from 'virtualbox-dkms: fails to build kernel-module with kernel 3.6.3' Changed Bug title to 'kernel modules fail to build against linux kernel v3.{6,7}' from 'virtualbox-dkms: Build fails with 3.6-trunk kernel' Changed Bug title to 'kernel modules fail to build against linux kernel v3.{6,7}' from 'virtualbox-source: Virtualbox does not compile with 3.7 kernels' thanks Stopping processing here. Please contact me if you need assistance. -- 691169: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691169 696011: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696011 696667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696667 696953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696953 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696837: [patch]
On Fri, Jan 11, 2013 at 08:54:28AM +1000, Eddy Pronk wrote: The file that imports libtorrent is packaged in deluge-common. deluge-common doesn't need python-libtorrent to function. Why do you think it should not have a dependency on it? What would be the right fix? Did you read my previous email in this bug? -- WBR, wRAR signature.asc Description: Digital signature
Bug#696909: Dup
This is a DUP of 680566. You can't just use bfd without memory saving options cause the link can use more than 2gb addressable limit on arm boxes without pae. Gold 2.23 builds chromium correctly. (But not on armel without workarounds due to bug 696284) -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Bug#697901: c2html and scheme9: error when trying to install together
Package: scheme9,c2html Version: scheme9/2012.12.17-1 Version: c2html/0.9.6-3 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Date: 2013-01-10 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: WARNING: The following packages cannot be authenticated! c2html scheme9 Authentication warning overridden. Can not write log, openpty() failed (/dev/pts not mounted?) Selecting previously unselected package c2html. (Reading database ... 10762 files and directories currently installed.) Unpacking c2html (from .../c2html_0.9.6-3_amd64.deb) ... Selecting previously unselected package scheme9. Unpacking scheme9 (from .../scheme9_2012.12.17-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/scheme9_2012.12.17-1_amd64.deb (--unpack): trying to overwrite '/usr/bin/c2html', which is also in package c2html 0.9.6-3 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Processing triggers for man-db ... Errors were encountered while processing: /var/cache/apt/archives/scheme9_2012.12.17-1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) This is a serious bug as it makes installation fail, and violates sections 7.6.1 and 10.1 of the policy. An optimal solution would consist in only one of the packages installing that file, and renaming or removing the file in the other package. Depending on the circumstances you might also consider Replace relations or file diversions. If the conflicting situation cannot be resolved then, as a last resort, the two packages have to declare a mutual Conflict. Please take into account that Replaces, Conflicts and diversions should only be used when packages provide different implementations for the same functionality. Here is a list of files that are known to be shared by both packages (according to the Contents file for sid/amd64, which may be slightly out of sync): /usr/bin/c2html This bug has been filed against both packages. If you, the maintainers of the two packages in question, have agreed on which of the packages will resolve the problem please reassign the bug to that package. You may then also register in the BTS that the other package is affected by the bug. -Ralf. PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694939: marked as done (libfstrcmp-dev: missing Breaks+Replaces: fstrcmp ( 0.5))
Your message dated Fri, 11 Jan 2013 03:34:07 + with message-id e1ttvnf-0003z2...@franck.debian.org and subject line Bug#694939: fixed in fstrcmp 0.6.D001-1 has caused the Debian Bug report #694939, regarding libfstrcmp-dev: missing Breaks+Replaces: fstrcmp ( 0.5) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694939 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libfstrcmp-dev Version: 0.5.D001-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, the manpages were moved around again in the last upload, so we are going for the next iteration ... Automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously unselected package libfstrcmp-dev. Unpacking libfstrcmp-dev (from .../libfstrcmp-dev_0.5.D001-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libfstrcmp-dev_0.5.D001-1_amd64.deb (--unpack): trying to overwrite '/usr/share/man/man3/fwcscmpi.3.gz', which is also in package fstrcmp 0.4.D001-1 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/share/man/man3/fmemcmp.3.gz usr/share/man/man3/fmemcmpi.3.gz usr/share/man/man3/fstrcasecmp.3.gz usr/share/man/man3/fstrcasecmpi.3.gz usr/share/man/man3/fstrcmp.3.gz usr/share/man/man3/fstrcmpi.3.gz usr/share/man/man3/fstrcoll.3.gz usr/share/man/man3/fstrcolli.3.gz usr/share/man/man3/fwcscmp.3.gz usr/share/man/man3/fwcscmpi.3.gz The following relationships are currently defined: Package: libfstrcmp-dev Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: libfstrcmp-dev Breaks: fstrcmp ( 0.5) Replaces: fstrcmp ( 0.5) The B+R that were added to fstrcmp in the last upload can probably be dropped again since the manpages are back in libfstrcmp-dev. Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. fstrcmp=0.4.D001-1_libfstrcmp-dev=0.5.D001-1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: fstrcmp Source-Version: 0.6.D001-1 We believe that the bug you reported is fixed in the latest version of fstrcmp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Miller pmil...@opensource.org.au (supplier of updated fstrcmp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 05 Dec 2012 17:47:33 +1100 Source: fstrcmp Binary: fstrcmp fstrcmp-doc libfstrcmp0 libfstrcmp0-dbg libfstrcmp-dev Architecture: source amd64 all Version: 0.6.D001-1 Distribution: unstable Urgency: low Maintainer: Peter Miller pmil...@opensource.org.au Changed-By: Peter Miller pmil...@opensource.org.au Description: fstrcmp- fuzzy comparison of strings fstrcmp-doc - fuzzy string compare library - documentation libfstrcmp-dev - fuzzy string compare library - development files libfstrcmp0 - fuzzy string compare library - runtime library libfstrcmp0-dbg - fuzzy string compare library - debugging
Processed: your mail
Processing commands for cont...@bugs.debian.org: tag 697721 + pending Bug #697721 [src:python-django-registration] python-django-registration: FTBFS with python3-sphinx: AttributeError: 'str' object has no attribute '__dict__' Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 697721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697721 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#697721: marked as done (python-django-registration: FTBFS with python3-sphinx: AttributeError: 'str' object has no attribute '__dict__')
Your message dated Fri, 11 Jan 2013 07:47:30 + with message-id e1ttzks-0005nl...@franck.debian.org and subject line Bug#697721: fixed in python-django-registration 0.8-2 has caused the Debian Bug report #697721, regarding python-django-registration: FTBFS with python3-sphinx: AttributeError: 'str' object has no attribute '__dict__' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 697721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697721 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: python-django-registration Version: 0.8-1 Severity: serious Justification: fails to build from source If python3-sphinx is installed, but python-sphinx is not, python-django-registration FTBFS: | cd docs /usr/bin/make html | make[2]: Entering directory `/build/python-django-registration-105ATe/python-django-registration-0.8/docs' | sphinx-build -b html -d _build/doctrees . _build/html | Running Sphinx v1.1.3 | loading pickled environment... done | building [html]: targets for 11 source files that are out of date | updating environment: 0 added, 0 changed, 0 removed | looking for now-outdated files... none found | preparing documents... done | writing output... [ 9%] backend-api | Making output directory... | | Exception occurred: | File /usr/lib/python3/dist-packages/sphinx/cmdline.py, line 189, in main | app.build(force_all, filenames) | File /usr/lib/python3/dist-packages/sphinx/application.py, line 204, in build | self.builder.build_update() | File /usr/lib/python3/dist-packages/sphinx/builders/__init__.py, line 196, in build_update | 'out of date' % len(to_build)) | File /usr/lib/python3/dist-packages/sphinx/builders/__init__.py, line 252, in build | self.write(docnames, list(updated_docnames), method) | File /usr/lib/python3/dist-packages/sphinx/builders/__init__.py, line 291, in write | doctree = self.env.get_and_resolve_doctree(docname, self) | File /usr/lib/python3/dist-packages/sphinx/environment.py, line 1230, in get_and_resolve_doctree | doctree = self.get_doctree(docname) | File /usr/lib/python3/dist-packages/sphinx/environment.py, line 1215, in get_doctree | doctree = pickle.load(f) | AttributeError: 'str' object has no attribute '__dict__' This happens because the source package includes doctree pickles (in which parsed rST sources are cached) were generated by Python 2.X, and cannot be loaded by Python 3.X. Please ask upstream to exclude the doctrees/ subdirectory from their tarballs. Meanwhile please use the attached patch as a work-around. -- Jakub Wilk --- python-django-registration-0.8/debian/rules 2012-07-10 15:50:02.0 +0200 +++ python-django-registration-0.8/debian/rules 2013-01-08 22:04:03.0 +0100 @@ -6,11 +6,12 @@ dh $@ --with python2,sphinxdoc override_dh_auto_clean: - rm -rf docs/_build/html + rm -rf docs/_build/ dh_auto_clean override_dh_auto_build: cd registration /usr/bin/django-admin compilemessages + rm -rf docs/_build/doctrees/ cd docs $(MAKE) html dh_auto_build ---End Message--- ---BeginMessage--- Source: python-django-registration Source-Version: 0.8-2 We believe that the bug you reported is fixed in the latest version of python-django-registration, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 697...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog hert...@debian.org (supplier of updated python-django-registration package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 09:44:11 +0100 Source: python-django-registration Binary: python-django-registration Architecture: source all Version: 0.8-2 Distribution: unstable Urgency: low Maintainer: Debian Python Modules Team python-modules-t...@lists.alioth.debian.org Changed-By: Raphaël Hertzog hert...@debian.org Description: python-django-registration - User-registration application for Django Closes: 697721 Changes: python-django-registration (0.8-2) unstable; urgency=low . * Drop docs/_build entirely on clean so that we don't keep around docs/_build/doctrees which might not work with