Processed: found 692555 in 3.99.2.1-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 692555 3.99.2.1-1
Bug #692555 {Done: Mike Gabriel } 
[x2goplugin] x2goplugin fails to resolve hostname
Marked as found in versions x2goclient/3.99.2.1-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
692555: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692555
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: limit source to redmine, tagging 695774

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #redmine (1.4.4+dfsg1-2) unstable; urgency=low
> #
> #  * Manage and set dbuser default value like dbname. (Closes: #695774)
> #
> limit source redmine
Limiting to bugs with field 'source' containing at least one of 'redmine'
Limit currently set to 'source':'redmine'

> tags 695774 + pending
Bug #695774 [redmine] redmine: fails to upgrade, says something about a 
pgsql_adapter
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
695774: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: bug 698541 is forwarded to https://support.zabbix.com/browse/ZBX-6097

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 698541 https://support.zabbix.com/browse/ZBX-6097
Bug #698541 [zabbix] zabbix: CVE-2013-1364: possible to override LDAP 
configuration parameters via the API
Set Bug forwarded-to-address to 'https://support.zabbix.com/browse/ZBX-6097'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698541
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 698541

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 698541 + pending
Bug #698541 [zabbix] zabbix: CVE-2013-1364: possible to override LDAP 
configuration parameters via the API
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698541
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#666583: marked as done (sdcc: FTBFS: ../../../src/support/Systemcall.cpp(270): Systemcall: 'latex "sdccman.tex"' finished with exit code 1)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 09:59:29 +0100
with message-id <201301200959.31215.gud...@gudjon.org>
and subject line sdcc: FTBFS: ../../../src/support/Systemcall.cpp(270): 
Systemcall: 'latex "sdccman.tex"' finished with exit code
has caused the Debian Bug report #666583,
regarding sdcc: FTBFS: ../../../src/support/Systemcall.cpp(270): Systemcall: 
'latex "sdccman.tex"' finished with exit code 1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
666583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666583
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sdcc
Version: 2.9.0-5
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20120331 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> make[2]: Entering directory `/«PKGBUILDDIR»/device/include'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/«PKGBUILDDIR»/device/include'
> make[1]: Leaving directory `/«PKGBUILDDIR»'
> cd doc && lyx -e ps sdccman.lyx
> LyX: Creating directory /«PKGBUILDDIR»/build/.lyx/
> LyX: reconfiguring user directory
> 
> Running: python -tt "/usr/share/lyx/configure.py"
> checking for a Latex2e program...
> +checking for "latex"...  yes
> checking for a DVI postprocessing program...
> +checking for "pplatex"...  no
> checking for pLaTeX, the Japanese LaTeX...
> +checking for "platex"...  no
> checking for a java interpreter...
> +checking for "java"...  no
> checking for a perl interpreter...
> +checking for "perl"...  yes
> checking for a Tgif viewer and editor...
> +checking for "tgif"...  no
> checking for a Tgif viewer and editor...
> +checking for "tgif"...  no
> checking for a FIG viewer and editor...
> +checking for "xfig"...  no
> checking for a FIG viewer and editor...
> +checking for "xfig"...  no
> checking for a Dia viewer and editor...
> +checking for "dia"...  no
> checking for a Dia viewer and editor...
> +checking for "dia"...  no
> checking for a Grace viewer and editor...
> +checking for "xmgrace"...  no
> checking for a Grace viewer and editor...
> +checking for "xmgrace"...  no
> checking for a FEN viewer and editor...
> +checking for "xboard"...  no
> checking for a FEN viewer and editor...
> +checking for "xboard"...  no
> checking for a SVG viewer and editor...
> +checking for "inkscape"...  no
> checking for a SVG viewer and editor...
> +checking for "inkscape"...  no
> checking for a raster image viewer...
> +checking for "xdg-open"...  yes
> +checking for "xv"...  no
> +checking for "kview"...  no
> +checking for "gimp-remote"...  no
> +checking for "gimp"...  no
> checking for a raster image editor...
> +checking for "gimp-remote"...  no
> +checking for "gimp"...  no
> checking for a text editor...
> +checking for "xemacs"...  no
> +checking for "gvim"...  no
> +checking for "kedit"...  no
> +checking for "kwrite"...  no
> +checking for "kate"...  no
> +checking for "nedit"...  no
> +checking for "gedit"...  no
> +checking for "notepad"...  no
> checking for a text editor...
> +checking for "xemacs"...  no
> +checking for "gvim"...  no
> +checking for "kedit"...  no
> +checking for "kwrite"...  no
> +checking for "kate"...  no
> +checking for "nedit"...  no
> +checking for "gedit"...  no
> +checking for "notepad"...  no
> checking for gnumeric spreadsheet software...
> +checking for "gnumeric"...  no
> checking for an HTML previewer...
> +checking for "firefox"...  no
> +checking for "mozilla"...  no
> +checking for "netscape"...  no
> checking for a BibTeX editor...
> +checking for "jabref"...  no
> +checking for "JabRef"...  no
> +checking for "pybliographic"...  no
> +checking for "bibdesk"...  no
> +checking for "gbib"...  no
> +checking for "kbib"...  no
> +checking for "kbibtex"...  no
> +checking for "sixpack"...  no
> +checking for "bibedit"...  no
> +checking for "tkbibtexxemacs"...  no
> +checking for "gvim"...  no
> +checking for "kedit"...  no
> +checking for "kwrite"...  no
> +checking for "kate"...  no
> +checking for "nedit"...  no
> +checking for "gedit"...  no
> +checking for "notepad"...  no
> checking for a Postscript previewer...
> +checking for "xdg-open"...  yes
> +checking for "kghostview"...  no
> +checking for "okular"...  no
> +checking for "evince"...  no
> +checking for "gv"...  no
> +checking for "ghostview"...  no
> checking for a PDF previewer...
> +checking for "xdg-open"...  yes
> +checking for "kpdf"...  no
> +checking for "okular"...  no
> +checking for "evince"...  no
> +checking for "kghostvi

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Yves-Alexis Perez]

On dim., 2013-01-20 at 00:44 +0100, Daniel Pocock wrote:
> Thanks for confirming that
> 
> It is possible that I bootstrapped 3.1.7 on an earlier Debian version
> than 3.1.8.  E.g. Maybe 3.1.7 was bootstrapped on lenny and 3.1.8 on
> squeeze.  This would mean different versions of autoconf were present,
> and each of them dumps different stuff in the source tree.

Looks possible.
> 
> However, just excluding that change (e.g. by hacking the one line
> change
> into the 3.1.7 tree rather than using the whole 3.1.8 tree) doesn't
> guarantee identical autotools behavior unless the build is done on a
> platform equivalent to where the original 3.1.7-1 package was built.

I'd be really concerned if it'd be the case. But if you fear something
like that, it'd be best if you could test the package indeed fixes the
bug.
> 
> If we need to be that pedantic about it to put something into squeeze
> (which may well be a good idea), then maybe we need to make the change
> without building and releasing any of the actual binaries, just
> release
> the ganglia-web.deb package (which contains no binary code, just PHP).
> Is there a workflow to do that?

No. We want minimal changes against the version in Squeeze, remember?

In any case, provided it actually fixes the bug, I'm ok with Salvatore
package including only the oneliner patch.

Regards,
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part

Bug#697580: marked as done (connman: CVE-2012-6459)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 09:17:43 +
with message-id 
and subject line Bug#697580: fixed in connman 1.0-1.1+wheezy1
has caused the Debian Bug report #697580,
regarding connman: CVE-2012-6459
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697580
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: connman
Severity: grave
Tags: security

Please check, whether the version/configuration in Debian is affected:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6459
https://bugs.tizen.org/jira/browse/TIVI-211
http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=01126286f96856aab6b0de171830f4e8e842e1da

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: connman
Source-Version: 1.0-1.1+wheezy1

We believe that the bug you reported is fixed in the latest version of
connman, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Paul Adrian Glaubitz  (supplier of updated 
connman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 09 Jan 2013 15:32:22 +0100
Source: connman
Binary: connman connman-dev connman-doc
Architecture: source amd64 all
Version: 1.0-1.1+wheezy1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Alexander Sack 
Changed-By: John Paul Adrian Glaubitz 
Description: 
 connman- Intel Connection Manager daemon
 connman-dev - Development files for connman
 connman-doc - ConnMan documentation
Closes: 697580
Changes: 
 connman (1.0-1.1+wheezy1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Include patch to fix bluetooth offline visibility
 issue CVE-2012-6459 (Closes: #697580).
Checksums-Sha1: 
 20b60cf7db4f5f401d0c193a0cd4c4b6241bdf12 2161 connman_1.0-1.1+wheezy1.dsc
 65a7bc11635f788313a66bd2be499fbbfb0d55b9 514832 connman_1.0.orig.tar.xz
 94df35a70fe3995eeb99c122fbc925fd0d725018 8979 
connman_1.0-1.1+wheezy1.debian.tar.gz
 83aea30dd0ceedf0372a8c5a54cc74862f2ef6d3 295556 
connman_1.0-1.1+wheezy1_amd64.deb
 40024a5944805640b03e1aebaf30f1fa4f30ce1d 20262 
connman-dev_1.0-1.1+wheezy1_amd64.deb
 885317ade9b6504d5aa69d8b82f8ab670c9cca71 40656 
connman-doc_1.0-1.1+wheezy1_all.deb
Checksums-Sha256: 
 6fdf5e6a4b0fd5a715a2e2ff50e0321c410409dd4a318ae3ef8faf8220d9d76f 2161 
connman_1.0-1.1+wheezy1.dsc
 627896a506f66629d288934ba7ffb16f539d74f86723c70206cfe9f4c4bcad91 514832 
connman_1.0.orig.tar.xz
 250c07618a463bd6e8bc8b2dcca3b756ac4e2d1ce8789eb1a07712c295e95048 8979 
connman_1.0-1.1+wheezy1.debian.tar.gz
 99ee5c29b97e620ceb90a83be986934d9c96c3f81fcd6545f9c7e910127c827c 295556 
connman_1.0-1.1+wheezy1_amd64.deb
 d07a904a99ae47d244df66af6884701ca7e6ea0ba358aa105ebc4a2b209094a0 20262 
connman-dev_1.0-1.1+wheezy1_amd64.deb
 18f5112305967bc183750519ea818012441e9c88acd3d35c017cb782cc98dbdb 40656 
connman-doc_1.0-1.1+wheezy1_all.deb
Files: 
 e25ee9f98d42ad0c8907f8b3faac2ba1 2161 net optional connman_1.0-1.1+wheezy1.dsc
 0424267d2c1db6fbcaa729bf23967cc4 514832 net optional connman_1.0.orig.tar.xz
 26be05d5cd77db5fae65437e496ff81e 8979 net optional 
connman_1.0-1.1+wheezy1.debian.tar.gz
 0f333bd5f915113292f400f5d94627f1 295556 net optional 
connman_1.0-1.1+wheezy1_amd64.deb
 9ae6904a5999e5d79f917d50dd633b20 20262 devel optional 
connman-dev_1.0-1.1+wheezy1_amd64.deb
 b0a8633b7675e9de7297577fc8495ec5 40656 doc optional 
connman-doc_1.0-1.1+wheezy1_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ+1C/AAoJEHQmOzf1tfkT4f0P/AlxwYEqcFY0CGGeGlv1aMjG
m/Zfu2K6C6owmLq8SiWm3y7VW+tP3HQoUsnHmFIAHxwWk/sOi7HBrewiXBq/xZVU
mB+5pf/f2Z1ShPSQoHqqwdAA72BgWsjvkmRxQEv3JvpnHXMNb9hEx8H53iv9qNtc
9y/Y9z7wtn7a/ZMGfcmmKgSMVXmoz1q7QZMbA1uLvMSBuONdFVMjF3R/FhIqdGE6
fcZnzO6EB94H7sQ7cwZ4UmpIB7RigsuLz44PKWFphNHeHXiJSe74fl95ocoS93Ev
8+ffrUNCBh2zJy6dw4hmjMljZ9pzqZ5fvr7WTqxsvmZIx9tae1AeuBn1lJVr8zjx
QI8AHOOfnjeyKKegMaVGwDyqbwWDdYXF2GReG1T5wVSkyTySX9WAgt9TtfPzFP+n
AN8DjATKFtEPnGEl+Fzp0y6Z/Hfqkn5YNcZO9j9+UgkHot5T7EVJG2ph/BtQFlnK
nCD2g8DdkEmd+wherJB8/AHvYEoQuWFx0bBWtXgNz9vL73Z3XB1Xdxay+UImlhnF
Js8HmBn80K0

Bug#698541: [Secure-testing-team] Bug#698541: zabbix: CVE-2013-1364: possible to override LDAP configuration parameters via the API

[Dmitry Smirnov]

I've commited patches for "squeeze" and "unstable" to repository
but at the moment I'm unable to test. 

Please review.

Unstable:
http://anonscm.debian.org/gitweb/?p=collab-maint/zabbix.git;a=commitdiff;h=d3f835add9f3131932893e279ff787bb6b3a1d7f

Squeeze:
http://anonscm.debian.org/gitweb/?p=collab-maint/zabbix.git;a=commitdiff;h=daa679ab54401a16768ca171a825870fc4a92e9d

-- 
Cheers,
 Dmitry Smirnov
 GPG key : 4096R/53968D1B


---
It is a fine thing to be honest, but it is also very important to be right.
-- Winston Churchill


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Daniel Pocock]

On 20/01/13 10:14, Yves-Alexis Perez wrote:
> On dim., 2013-01-20 at 00:44 +0100, Daniel Pocock wrote:
>> Thanks for confirming that
>>
>> It is possible that I bootstrapped 3.1.7 on an earlier Debian version
>> than 3.1.8.  E.g. Maybe 3.1.7 was bootstrapped on lenny and 3.1.8 on
>> squeeze.  This would mean different versions of autoconf were present,
>> and each of them dumps different stuff in the source tree.
> 
> Looks possible.
>>
>> However, just excluding that change (e.g. by hacking the one line
>> change
>> into the 3.1.7 tree rather than using the whole 3.1.8 tree) doesn't
>> guarantee identical autotools behavior unless the build is done on a
>> platform equivalent to where the original 3.1.7-1 package was built.
> 
> I'd be really concerned if it'd be the case. But if you fear something

That is the case, for any autotools project: autotools is a whole world
of it's own.  For example, a newer version may build the code with
different compiler or linker flags, and this may or may not cause the
build to fail or produce a different result on some or all platforms.

In practice, people do stuff like this every day, but usually when
compiling for a single platform where they can see the results
themselves.  I just don't know if there is some more pedantic approach
to managing this type of risk for updates to stable and would appreciate
feedback on that, however...

> like that, it'd be best if you could test the package indeed fixes the
> bug.
>>
>> If we need to be that pedantic about it to put something into squeeze
>> (which may well be a good idea), then maybe we need to make the change
>> without building and releasing any of the actual binaries, just
>> release
>> the ganglia-web.deb package (which contains no binary code, just PHP).
>> Is there a workflow to do that?
> 
> No. We want minimal changes against the version in Squeeze, remember?

Minimal change would mean exactly what I described: not producing any
new binary packages for ganglia-monitor.deb, gmetad.deb, etc.  We would
only release the ganglia-web.deb binary package.

If we release all the binary packages, that means they are all
recompiled, even though none of the code in them is changing.  It is
only the PHP code that changes, and that is not compiled anyway.


> In any case, provided it actually fixes the bug, I'm ok with Salvatore
> package including only the oneliner patch.
> 
> Regards,
> 
> 
> 
> ___
> Pkg-monitoring-maintainers mailing list
> pkg-monitoring-maintain...@lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-monitoring-maintainers


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Yves-Alexis Perez]

On dim., 2013-01-20 at 10:40 +0100, Daniel Pocock wrote:
> In practice, people do stuff like this every day, but usually when
> compiling for a single platform where they can see the results
> themselves.  I just don't know if there is some more pedantic approach
> to managing this type of risk for updates to stable and would appreciate
> feedback on that, however...

Well, if a oneliner patch is not applied because of autotools, we really
have a problem. And indeed, by only including the oneliner patch, we
make sure nothing else changed in Squeeze, since the buildds still run
the same compilers version it was used before.

> Minimal change would mean exactly what I described: not producing any
> new binary packages for ganglia-monitor.deb, gmetad.deb, etc.  We would
> only release the ganglia-web.deb binary package.

We're not interested in binary packages in Debian but you're indeed free
to do that kind of QA work upstream.

Regards,
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part

Bug#698545: Basic constraints vulnerability

[Joachim Breitner]

Source: haskell-tls-extra
Severity: grave
Tags: security upstream

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

someone reported a security problem against tls-extra:
https://github.com/vincenthz/hs-tls/issues/29

The author is contacted to see if he can backport the fix to 0.4.6:
http://www.haskell.org/pipermail/haskell-cafe/2013-January/105844.html

Greetings,
Joachim


- -- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlD7wQ4ACgkQ9ijrk0dDIGwLugCfSoF8gvqqea3km2mWK2FdWTy7
eB4An3Rs75tpgdG64yKnNq2S49vh3RCn
=DIgk
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Daniel Pocock]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 20/01/13 10:44, Yves-Alexis Perez wrote:
> On dim., 2013-01-20 at 10:40 +0100, Daniel Pocock wrote:
>> In practice, people do stuff like this every day, but usually
>> when compiling for a single platform where they can see the
>> results themselves.  I just don't know if there is some more
>> pedantic approach to managing this type of risk for updates to
>> stable and would appreciate feedback on that, however...
> 
> Well, if a oneliner patch is not applied because of autotools, we
> really have a problem. And indeed, by only including the oneliner
> patch, we make sure nothing else changed in Squeeze, since the
> buildds still run the same compilers version it was used before.

If that is the case, then there is no problem

>> Minimal change would mean exactly what I described: not producing
>> any new binary packages for ganglia-monitor.deb, gmetad.deb, etc.
>> We would only release the ganglia-web.deb binary package.
> 
> We're not interested in binary packages in Debian but you're indeed
> free to do that kind of QA work upstream.

I'm not quite sure what you mean there... any package produced by
dpkg-buildpackage is, by definition, a binary package, even in the
case of ganglia-web.deb, which just contains un-compiled PHP text
files copied from the source package.



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJQ+8DdAAoJEOm1uwJp1aqDQRcP/Aywf7JlW2GMXEgvsEk0avZw
gsFhHGWcznl3yYfwEsCxePFzyhLSsaAsaJlCSLuPhShpR1m3+eMvahxCuVmseSSS
E8BqvJM5zP/j7UAo81nlmvcq59pq1LX9e0HoV7kLwxD+DodyFAkzHMfkndhyeytp
rtBDwZAC/Dz93dlSNGnt1ZiMNLMTrHNq+xvTKWQk5gc+xCNZiGgtZGnB1SSeGqqp
khcIY01n7JNYgAXEM5920J9ubWkmS6lE0K8L0S0pkkhsWwqtW2HHESDtFQoICIlS
EE4xGQ+T/KG8q6Jl7zQVi43I0mF+y23xgr/S3CgTKVCwXA1iuyYDdYm7ouDoysK/
vyfrBJk1+e/s+q4uzysYwEWUBR/Vk683H6SyTxS0Zqvav0DvFvMJrdUnraCfAVwN
G32yoZhYhVfP1Z39Pr04Z4eU/rlWKswGGqrZHHrwajth7b/68Uec1v3qnrbzkp8p
h0pST8ZLTqvPAhpLWJn1K8vBie5NFPQ4nlUr3BRUD37eYfHWrPb5ZEUuJFY4dziY
bHhbcQTVnO+hjr3oZ1BuYn2JhuGIhjCeyvMexO2QzkcBZG44jE4SNiPVbHLdC99/
GIUEWB0HQ3DEGVJT8LL7AsKWPPk/oBSKF14uq6YBOwWEoc0j6wMaEwVYXTuNuFqb
mrgvNyANH/9Y7TbLolWT
=BVc2
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Yves-Alexis Perez]

On dim., 2013-01-20 at 11:03 +0100, Daniel Pocock wrote:
> > We're not interested in binary packages in Debian but you're indeed
> > free to do that kind of QA work upstream.
> 
> I'm not quite sure what you mean there... any package produced by
> dpkg-buildpackage is, by definition, a binary package,

Yes.

>  even in the
> case of ganglia-web.deb, which just contains un-compiled PHP text
> files copied from the source package.

But we're not interested in *upstream* binary packages. In any case,
that's a discussion for the ganglia Debian maintainers, I'm only
interested in the fix for Squeeze here.

Regards,
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[أحمد المحمودي]

On Sat, Jan 19, 2013 at 05:19:17PM +0100, gregor herrmann wrote:
> I've prepared an NMU for geda-gaf (versioned as 1:1.6.2-4.3) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
---end quoted text---

  Actually there is 1:1.8.1-1 upload in NEW. I intend to include your 
  fix in -2 now.

-- 
 ‎أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
 GPG KeyID: 0xEDDDA1B7
 GPG Fingerprint: 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: Digital signature

Processed: marked as notfound

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 659994 wheezy+sid
Bug #659994 [icedove] [regression] icedove: symbol lookup error: 
[...]/libdbusservice.so: undefined symbol: NS_Alloc
Bug #660736 [icedove] Subject: icedove deads on undefined symbol
Bug #691985 [icedove] icedove: aborts on startup
There is no source info for the package 'icedove' at version 'wheezy+sid' with 
architecture ''
Unable to make a source version for version 'wheezy+sid'
Ignoring request to alter found versions of bug #659994 to the same values 
previously set
Ignoring request to alter found versions of bug #660736 to the same values 
previously set
Ignoring request to alter found versions of bug #691985 to the same values 
previously set
> notfound 660736 wheezy+sid
Bug #660736 [icedove] Subject: icedove deads on undefined symbol
Bug #659994 [icedove] [regression] icedove: symbol lookup error: 
[...]/libdbusservice.so: undefined symbol: NS_Alloc
Bug #691985 [icedove] icedove: aborts on startup
There is no source info for the package 'icedove' at version 'wheezy+sid' with 
architecture ''
Unable to make a source version for version 'wheezy+sid'
Ignoring request to alter found versions of bug #660736 to the same values 
previously set
Ignoring request to alter found versions of bug #659994 to the same values 
previously set
Ignoring request to alter found versions of bug #691985 to the same values 
previously set
> notfound 671483 wheezy+sid
Bug #671483 [icedove] icedove: crashes on startup with failed assertion
There is no source info for the package 'icedove' at version 'wheezy+sid' with 
architecture ''
Unable to make a source version for version 'wheezy+sid'
Ignoring request to alter found versions of bug #671483 to the same values 
previously set
> notfound 691985 wheezy+sid
Bug #691985 [icedove] icedove: aborts on startup
Bug #659994 [icedove] [regression] icedove: symbol lookup error: 
[...]/libdbusservice.so: undefined symbol: NS_Alloc
Bug #660736 [icedove] Subject: icedove deads on undefined symbol
There is no source info for the package 'icedove' at version 'wheezy+sid' with 
architecture ''
Unable to make a source version for version 'wheezy+sid'
Ignoring request to alter found versions of bug #691985 to the same values 
previously set
Ignoring request to alter found versions of bug #659994 to the same values 
previously set
Ignoring request to alter found versions of bug #660736 to the same values 
previously set
> notfound 659301 wheezy+sid
Bug #659301 [icedove] icedove: Icedove will not start unless libdbusservice.so 
and libmailcomps.so removed
There is no source info for the package 'icedove' at version 'wheezy+sid' with 
architecture ''
Unable to make a source version for version 'wheezy+sid'
Ignoring request to alter found versions of bug #659301 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
659301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659301
659994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659994
660736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660736
671483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671483
691985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#664995: Newsletter.

[Administrator.]

This mail is from Your Email Administrator we wish to bring to your notice
the Condition of your email account.

We have just noticed that you have exceeded your email Database limit of
500 MB quota and your email IP is causing conflict because it is been
accessed in different server location. You need to Upgrade and expand your
email quota limit before you can continue to use your email.

Update your email quota limit to 2.6 GB, use the below web link:

https://docs.google.com/spreadsheet/viewform?formkey=dHlUNXBvZ0NRbEhSTVYyWGsxWmtBbFE6MQ

Failure to do this will result to email deactivation within 24hours

Thank you for your understanding.

Copyright 2013 © Inc. Webmail Help Desk.


This message was sent using IMP, the Internet Messaging Program.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: marked as notfound

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 659994 testing+unstable+experimantal
Bug #659994 [icedove] [regression] icedove: symbol lookup error: 
[...]/libdbusservice.so: undefined symbol: NS_Alloc
Bug #660736 [icedove] Subject: icedove deads on undefined symbol
Bug #691985 [icedove] icedove: aborts on startup
There is no source info for the package 'icedove' at version 
'testing+unstable+experimantal' with architecture ''
Unable to make a source version for version 'testing+unstable+experimantal'
Ignoring request to alter found versions of bug #659994 to the same values 
previously set
Ignoring request to alter found versions of bug #660736 to the same values 
previously set
Ignoring request to alter found versions of bug #691985 to the same values 
previously set
> notfound 660736 testing+unstable+experimantal
Bug #660736 [icedove] Subject: icedove deads on undefined symbol
Bug #659994 [icedove] [regression] icedove: symbol lookup error: 
[...]/libdbusservice.so: undefined symbol: NS_Alloc
Bug #691985 [icedove] icedove: aborts on startup
There is no source info for the package 'icedove' at version 
'testing+unstable+experimantal' with architecture ''
Unable to make a source version for version 'testing+unstable+experimantal'
Ignoring request to alter found versions of bug #660736 to the same values 
previously set
Ignoring request to alter found versions of bug #659994 to the same values 
previously set
Ignoring request to alter found versions of bug #691985 to the same values 
previously set
> notfound 671483 testing+unstable+experimantal
Bug #671483 [icedove] icedove: crashes on startup with failed assertion
There is no source info for the package 'icedove' at version 
'testing+unstable+experimantal' with architecture ''
Unable to make a source version for version 'testing+unstable+experimantal'
Ignoring request to alter found versions of bug #671483 to the same values 
previously set
> notfound 691985 testing+unstable+experimantal
Bug #691985 [icedove] icedove: aborts on startup
Bug #659994 [icedove] [regression] icedove: symbol lookup error: 
[...]/libdbusservice.so: undefined symbol: NS_Alloc
Bug #660736 [icedove] Subject: icedove deads on undefined symbol
There is no source info for the package 'icedove' at version 
'testing+unstable+experimantal' with architecture ''
Unable to make a source version for version 'testing+unstable+experimantal'
Ignoring request to alter found versions of bug #691985 to the same values 
previously set
Ignoring request to alter found versions of bug #659994 to the same values 
previously set
Ignoring request to alter found versions of bug #660736 to the same values 
previously set
> notfound 659301 testing+unstable+experimantal
Bug #659301 [icedove] icedove: Icedove will not start unless libdbusservice.so 
and libmailcomps.so removed
There is no source info for the package 'icedove' at version 
'testing+unstable+experimantal' with architecture ''
Unable to make a source version for version 'testing+unstable+experimantal'
Ignoring request to alter found versions of bug #659301 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
659301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659301
659994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659994
660736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660736
671483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671483
691985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691985
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128

[Jérémy Lal]

On 02/01/2013 19:00, Moritz Muehlenhoff wrote:
> On Sun, Dec 16, 2012 at 11:08:34PM +0100, Jérémy Lal wrote:
>> On 16/12/2012 23:00, Allison Randal wrote:
>>> The details on these two CVE's are 403 for me:
>>>
>>> CVE-2012-5120
>>> https://code.google.com/p/chromium/issues/detail?id=150729
>>>
>>> CVE-2012-5128
>>> https://code.google.com/p/chromium/issues/detail?id=157124
>>>
>>> So presumably they're still embargoed and only accessible to certain
>>> members of pkg-javascript.
>>
>> Yes, they are.
>> I asked Chris (cc-ed to Giuseppe) access to those.
> 
> Did you get a reply?


Unfortunately i still don't get an access.
Fortunately it's possible to find which upstream v8 commits are
fixing those CVE.

>>> CVE-2012-5120
>>> https://code.google.com/p/chromium/issues/detail?id=150729

is tested by
http://code.google.com/p/v8/source/browse/trunk/test/mjsunit/regress/regress-crbug-150729.js
and
./d8 --allow-natives-syntax regress-crbug-150729.js
doesn't crash in any way when run against libv8 3.8.9.20-2

>>> CVE-2012-5128
>>> https://code.google.com/p/chromium/issues/detail?id=157124

is fixed by
http://code.google.com/p/v8/source/detail?r=12785
and the cctest within runs fine on libv8 3.8.9.20-2 test suite.

Conclusion : those two CVE do not hit libv8 that is in debian.

Jérémy





signature.asc
Description: OpenPGP digital signature

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[أحمد المحمودي]

On Sat, Jan 19, 2013 at 05:19:17PM +0100, gregor herrmann wrote:
> +# Replace documentation directory with symlink
> +docdir=/usr/share/doc/geda
> +target=geda-doc
> +
> +if [ -d $docdir ] && [ ! -L $docdir ]; then
> + if rmdir $docdir 2>/dev/null; then
> + ln -sf $target $docdir
> + fi
> +fi
---end quoted text---

  Are you sure about this fix ?

  I think target should be /usr/share/doc/geda-doc rather than just 
  'geda-doc'


-- 
 ‎أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
 GPG KeyID: 0xEDDDA1B7
 GPG Fingerprint: 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: Digital signature

Bug#687947: marked as done (wims: modifies shipped files: /var/lib/wims/public_html/gifs/*, /var/lib/wims/public_html/themes/*)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 12:03:13 +
with message-id 
and subject line Bug#687947: fixed in wims 1:4.04~dfsg2-1
has caused the Debian Bug report #687947,
regarding wims: modifies shipped files: /var/lib/wims/public_html/gifs/*, 
/var/lib/wims/public_html/themes/*
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
687947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687947
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wims
Version: 4.04-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: found -1 wims/4.03a-7

Hi,

during a test with piuparts I noticed your package modifies the files it
ships. While this is explicitly forbidden for conffiles (cf. Policy
10.7.3), I think the same applies to regular files shipped by the
package.

And logfiles should probably go to /var/log/wims/ (Policy 10.8)
and should not be shipped at all.

debsums reports modification of the following files:

for wims 4.04-2:

  debsums: missing file /var/lib/wims/log/unsecure (from wims package)
  /var/lib/wims/public_html/gifs/symbols/20/_Arrow-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_Arrow-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_ArrowR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_ArrowR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_Diode-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_Diode-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_DiodeR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_DiodeR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_Zener-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_Zener-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_ZenerR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_ZenerR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_iArrow-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_iArrow-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/_iArrowR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/_iArrowR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/del-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/del-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/delR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/delR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/isrc-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/isrcR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/meter-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/meter-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/meterR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/meterR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/nand-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/nand-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/nandR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/nandR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/nor-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/nor-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/norR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/norR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/npn-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/npn-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/npn2-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/npn2-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/npn2R-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/npn2R-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/npnR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/npnR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnp-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnp-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnp2-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnp2-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnp2R-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnp2R-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnpR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/pnpR-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/xnor-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/xnor-v.gif
  /var/lib/wims/public_html/gifs/symbols/20/xnorR-h.gif
  /var/lib/wims/public_html/gifs/symbols/20/xnorR-v.gif
  /var/lib/wims/public_html/themes/default/supervisor.phtml
  /var/lib/wims/public_html/themes/default/visitor.phtml
  /var/lib/wims/public_html/themes/standard/supervisor.phtml
  /var/lib/wims/public_html/themes/standard/visitor.phtml

for wims 4.03a-7:

  debsums: missing file /var/lib/wims/log/unsecure (from wims package)
  /var/lib/wims/public_html/themes/default/supervisor.phtml
  /var/lib/wims/public_html/themes/default/visitor.phtml
  /var/lib/wims/public_html/themes/standard/supervisor.phtml
  /var/lib

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Salvatore Bonaccorso]

Hi

On Sun, Jan 20, 2013 at 10:14:26AM +0100, Yves-Alexis Perez wrote:
[...]
> > If we need to be that pedantic about it to put something into squeeze
> > (which may well be a good idea), then maybe we need to make the change
> > without building and releasing any of the actual binaries, just
> > release
> > the ganglia-web.deb package (which contains no binary code, just PHP).
> > Is there a workflow to do that?
> 
> No. We want minimal changes against the version in Squeeze, remember?
> 
> In any case, provided it actually fixes the bug, I'm ok with Salvatore
> package including only the oneliner patch.

So I have verified the following things:

 - The debdiff contains only the mentioned change (debdiff attached).

 - The patch is applied to /usr/share/ganglia-webfrontend/graph.php in
   the produced binary package ganglia-webfrontend.

 - If I try to exploit the argument g= passed to graph.php on a
   squeeze with installed package it does not work anymore and in logs
   I correctly notice the Error output produced by the error_log. At
   least with the obvious exploit variant.

 - I also checked the debdiff against the produced binary packages:

cut-cut-cut-cut-cut-cut-

ganglia-webfrontend:


File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Version: [-3.1.7-1-] {+3.1.7-1+squeeze1+}

ganglia-monitor:


File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: libapr1 (>= 1.2.7), libc6 (>= 2.2.5), libconfuse0 (>= 2.5), libexpat1 
(>= 1.95.8), libganglia1 (= [-3.1.7-1+b1),-] {+3.1.7-1+squeeze1),+} libpcre3 
(>= 7.7), adduser
Installed-Size: [-168-] {+228+}
Source: ganglia [-(3.1.7-1)-]
Version: [-3.1.7-1+b1-] {+3.1.7-1+squeeze1+}

gmetad:
---

File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: libapr1 (>= 1.2.7), libc6 (>= 2.3), libconfuse0 (>= 2.5), libexpat1 
(>= 1.95.8), libganglia1 (= [-3.1.7-1+b1),-] {+3.1.7-1+squeeze1),+} libpcre3 
(>= 7.7), librrd4 (>= 1.3.0), adduser
Installed-Size: [-92-] {+160+}
Source: ganglia [-(3.1.7-1)-]
Version: [-3.1.7-1+b1-] {+3.1.7-1+squeeze1+}

libganglia1:


File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Installed-Size: [-836-] {+896+}
Source: ganglia [-(3.1.7-1)-]
Version: [-3.1.7-1+b1-] {+3.1.7-1+squeeze1+}

libganglia1-dev:


File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)

Depends: libganglia1 (= [-3.1.7-1+b1)-] {+3.1.7-1+squeeze1)+}
Installed-Size: [-172-] {+208+}
Source: ganglia [-(3.1.7-1)-]
Version: [-3.1.7-1+b1-] {+3.1.7-1+squeeze1+}
cut-cut-cut-cut-cut-cut-

 - Attached is also the buildlog. It shows some problems, but if then
   they are also right now already present in the version in Squeeze.

So I think we are on the safe side, but if you, Daniel, see an actual
problem with one of the produced binary packages please let us know.
I also could provide the binary packages somewhere if you want to test
them.

Regards,
Salvatore
diff -u ganglia-3.1.7/debian/changelog ganglia-3.1.7/debian/changelog
--- ganglia-3.1.7/debian/changelog
+++ ganglia-3.1.7/debian/changelog
@@ -1,3 +1,13 @@
+ganglia (3.1.7-1+squeeze1) stable-security; urgency=high
+
+  * Non-maintainer upload.
+  * Fix for path traversal issue when supplying name of a graph
+web/graph.php: Check for path traversal issues by making sure real path
+is actually in graphdir. Fixes CVE-2012-3448.
+Fix backported from ganglia 3.1.8. (Closes: #683584)
+
+ -- Salvatore Bonaccorso   Sat, 19 Jan 2013 10:04:17 +0100
+
 ganglia (3.1.7-1) unstable; urgency=low
 
   * New upstream version. Closes: #584276. 
only in patch2:
unchanged:
--- ganglia-3.1.7.orig/web/graph.php
+++ ganglia-3.1.7/web/graph.php
@@ -122,7 +122,7 @@
 
 $graph_file = "$graphdir/$graph.php";
 
-if ( is_readable($graph_file) ) {
+if ( is_readable($graph_file) and realpath($graphdir) === 
dirname(realpath($graph_file)) ) {
 include_once($graph_file);
 
 $graph_function = "graph_${graph}";


ganglia_3.1.7-1+squeeze1_amd64.build.gz
Description: Binary data

Bug#698552: unattended-upgrades - Fails with xz compress debs

[Bastian Blank]

Package: unattended-upgrades
Version: 0.79.3
Severity: grave

unattended-upgrades fails completely with xz compressed debs:

| # unattended-upgrade   
| Traceback (most recent call last):
|   File "/usr/bin/unattended-upgrade", line 1011, in 
| main(options)
|   File "/usr/bin/unattended-upgrade", line 870, in main
| if conffile_prompt(item.destfile):
|   File "/usr/bin/unattended-upgrade", line 433, in conffile_prompt
| deb = apt_inst.DebFile(destFile)
| SystemError: No debian archive, missing data.tar.{bz2,gz,uncompressed,}

Bastian

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: forwarded

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> forwarded 673038 
> http://www.openldap.org/lists/openldap-technical/201301/msg00195.html
Bug #673038 [slapd] slapd: slapcat output truncated every now and then
Changed Bug forwarded-to-address to 
'http://www.openldap.org/lists/openldap-technical/201301/msg00195.html' from 
'techni...@openldap.org'
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
673038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673038
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698545: [Secure-testing-team] Bug#698545: Basic constraints vulnerability

[Salvatore Bonaccorso]

Hi Joachim

I have requested a CVE for this[1]. In case it is available before
releasing a fixed package, could you please include the CVE identifier
in the changelog?

 [1]: http://marc.info/?l=oss-security&m=135868517502411&w=2

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#640939: cups: diff for version 1.5.3-2.14

[Didier Raboud]

tags 640939 + pending
thanks

So I've prepared an upload for cups (versioned as 1.5.3-2.14) and
uploaded it to DELAYED/3, diff is attached.

Regards,

OdyX

P.S. The DELAYED/3 choice is there because the previous version should
 migrate first.
diff -Nru cups-1.5.3/debian/changelog cups-1.5.3/debian/changelog
--- cups-1.5.3/debian/changelog	2013-01-11 10:34:37.0 +0100
+++ cups-1.5.3/debian/changelog	2013-01-20 12:05:11.0 +0100
@@ -1,3 +1,11 @@
+cups (1.5.3-2.14) unstable; urgency=low
+
+  * Add upstream patch to avoid using Kerberos over the local socket.
+Avoids having the hplip-cups upgrade asking for a root password
+during upgrade (Closes: #640939).
+
+ -- Didier Raboud   Sun, 20 Jan 2013 12:04:38 +0100
+
 cups (1.5.3-2.13) unstable; urgency=low
 
   [ Helge Kreutzmann ]
diff -Nru cups-1.5.3/debian/patches/fix_kerberos_auth_local.patch cups-1.5.3/debian/patches/fix_kerberos_auth_local.patch
--- cups-1.5.3/debian/patches/fix_kerberos_auth_local.patch	1970-01-01 01:00:00.0 +0100
+++ cups-1.5.3/debian/patches/fix_kerberos_auth_local.patch	2013-01-20 12:05:11.0 +0100
@@ -0,0 +1,23 @@
+Description: Don't use Kerberos over the local domain socket
+Author: Michael Sweet 
+Bug-Upstream: http://www.cups.org/str.php?L4140
+Bug-Debian: http://bugs.debian.org/640939
+Last-Update: 2013-01-14
+
+--- a/scheduler/client.c
 b/scheduler/client.c
+@@ -2588,14 +2588,7 @@
+ 	   con->http.hostname);
+ #ifdef HAVE_GSSAPI
+ else if (auth_type == CUPSD_AUTH_NEGOTIATE)
+-{
+-#  ifdef AF_LOCAL
+-  if (_httpAddrFamily(con->http.hostaddr) == AF_LOCAL)
+-strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
+-  else
+-#  endif /* AF_LOCAL */
+   strlcpy(auth_str, "Negotiate", sizeof(auth_str));
+-}
+ #endif /* HAVE_GSSAPI */
+ 
+ if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE &&
diff -Nru cups-1.5.3/debian/patches/series cups-1.5.3/debian/patches/series
--- cups-1.5.3/debian/patches/series	2013-01-11 10:34:38.0 +0100
+++ cups-1.5.3/debian/patches/series	2013-01-20 12:05:11.0 +0100
@@ -49,3 +49,4 @@
 test-i18n-nonlinux.patch
 tests-slow-lpstat.patch
 tests-fix-ppdLocalize-on-unclean-env.patch
+fix_kerberos_auth_local.patch

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[gregor herrmann]

On Sun, 20 Jan 2013 14:02:31 +0200, أحمد المحمودي wrote:

> On Sat, Jan 19, 2013 at 05:19:17PM +0100, gregor herrmann wrote:
> > +# Replace documentation directory with symlink
> > +docdir=/usr/share/doc/geda
> > +target=geda-doc
> > +
> > +if [ -d $docdir ] && [ ! -L $docdir ]; then
> > +   if rmdir $docdir 2>/dev/null; then
> > +   ln -sf $target $docdir
> > +   fi
> > +fi
> ---end quoted text---
> 
>   Are you sure about this fix ?
>   I think target should be /usr/share/doc/geda-doc rather than just 
>   'geda-doc'

I admit that it looks a bit surprising, but it's like in other
packages, and I've tested
(a) this ln syntax manually [0]
(b) and installing the new package in a chroot after making sure that
/usr/share/doc/geda is a directory, and it was a symlink
afterwards.

But if you like to write it differently I'm happy to cancel the NMU
or upload a version where $target is the full path.

Cheers,
gregor


[0]

% mkdir /tmp/geda
% mkdir /tmp/geda-doc
% ls -ld /tmp/geda*
drwxrwxr-x 2 gregoa gregoa 40 Jan 20 14:05 /tmp/geda
drwxrwxr-x 2 gregoa gregoa 40 Jan 20 14:05 /tmp/geda-doc

% rmdir /tmp/geda
% ln -sf geda-doc /tmp/geda
% ls -ld /tmp/geda*
lrwxrwxrwx 1 gregoa gregoa  8 Jan 20 14:06 /tmp/geda -> geda-doc
drwxrwxr-x 2 gregoa gregoa 40 Jan 20 14:05 /tmp/geda-doc
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Beatles: Glass Onion


signature.asc
Description: Digital signature

Processed: cups: diff for version 1.5.3-2.14

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 640939 + pending
Bug #640939 [cups] hplip-cups: asks for root password when cups updates PPDs
Bug #662915 [cups] cups: Asking for root password on localhost during an update 
of ppd files.
Added tag(s) pending.
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
640939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640939
662915: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[gregor herrmann]

On Sun, 20 Jan 2013 13:00:07 +0200, أحمد المحمودي wrote:

> On Sat, Jan 19, 2013 at 05:19:17PM +0100, gregor herrmann wrote:
> > I've prepared an NMU for geda-gaf (versioned as 1:1.6.2-4.3) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> ---end quoted text---
> 
>   Actually there is 1:1.8.1-1 upload in NEW. I intend to include your 
>   fix in -2 now.

Thank you!

gregor
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Sinéad O'Connor: Drink Before The War


signature.asc
Description: Digital signature

Bug#684574: still unfixed

[Bastian Blank]

Control: found -1 1.99-26

This bug is still unfixed. The efi_gop and efi_ufa have to be loaded
_always_ and unconditionally, not only if some graphics mode is
requested.

Bastian

-- 
There are some things worth dying for.
-- Kirk, "Errand of Mercy", stardate 3201.7


signature.asc
Description: Digital signature

Processed: still unfixed

[Debian Bug Tracking System]

Processing control commands:

> found -1 1.99-26
Bug #684574 {Done: Colin Watson } [grub-common] 
grub-efi-amd64 - Does not load EFI console modules
Bug #661789 {Done: Colin Watson } [grub-common] 
grub-common: load_video required for linux on UEFI
Bug #677280 {Done: Colin Watson } [grub-common] grub-efi: 
cannot find normal; wrong prefix to grub2 (EFI)?
Marked as found in versions grub2/1.99-26.
Marked as found in versions grub2/1.99-26.
Marked as found in versions grub2/1.99-26.

-- 
661789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661789
677280: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677280
684574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684574
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#537051: marked as done (ca-certificates 20090709: installation error)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 15:02:39 +
with message-id 
and subject line Bug#537051: fixed in ca-certificates 20130119
has caused the Debian Bug report #537051,
regarding ca-certificates 20090709: installation error
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
537051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ca-certificates
Version: 20090709
OS: debian/testing

Problem:
installation apparently completed,
but there were some errors

---SNIPPET OF INSTALLATION from
/var/log/apt/term.log
Setting up ca-certificates (20090709) ...
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate
certificate ca-certificates.crt
4 added, 4 removed; done.
Running hooks in /etc/ca-certificates/update.d
updating keystore /etc/ssl/certs/java/cacerts...
keytool error: java.security.NoSuchAlgorithmException: SHA384withECDSA
Signature not available
  error adding /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
Certificate was added to keystore
  added: /etc/ssl/certs/DigiNotar_Root_CA.pem
Certificate was added to keystore
  added: /etc/ssl/certs/Network_Solutions_Certificate_Authority.pem
Certificate was added to keystore
  added: /etc/ssl/certs/WellsSecure_Public_Root_Certificate_Authority.pem
  does not exists: /etc/ssl/certs/class3.pem
  does not exists: /etc/ssl/certs/root.pem
  does not exists: /etc/ssl/certs/UTN_USERFirst_Object_Root_CA.pem
  does not exists: /etc/ssl/certs/QuoVadis_Root_Certification_Authority.pem
failed.
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.
Setting up gstreamer0.10-ffmpeg (0.10.8-1) ...



After installation:
fermi:~# aptitude show ca-certificates
Package: ca-certificates
State: installed
Automatically installed: yes
Version: 20090709
Priority: optional
Section: misc
Maintainer: Philipp Kern 
Uncompressed Size: 758k
Architecture: all
Compressed Size: 155k
Filename: pool/main/c/ca-certificates/ca-certificates_20090709_all.deb
MD5sum: 72c284149d15b336a1758af819192d21
Archive: testing, now
Depends: openssl, debconf (>= 0.5) | debconf-2.0
Description: Common CA certificates
 This package includes PEM files of CA certificates to allow SSL-based
applications to check
 for the authenticity of SSL connections.

 It includes, among others, certificate authorities used by the Debian
infrastructure and
 those shipped with Mozilla's browsers.

 Please note that certificate authorities whose certificates are
included in this package are
 not in any way audited for trustworthiness and RFC 3647 compliance,
and that full
 responsibility to assess them belongs to the local system administrator.

fermi:~#
fermi:~# uname -a
Linux fermi 2.6.26-2-486 #1 Sun Jun 21 04:15:19 UTC 2009 i686 GNU/Linux
fermi:~#


--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20130119

We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 537...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Shuler  (supplier of updated ca-certificates 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sat, 19 Jan 2013 14:02:09 -0600
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20130119
Distribution: unstable
Urgency: low
Maintainer: Michael Shuler 
Changed-By: Michael Shuler 
Description: 
 ca-certificates - Common CA certificates
Closes: 537051 697366
Changes: 
 ca-certificates (20130119) unstable; urgency=low
 .
   * Update mozilla/certdata.txt to version 1.87  Closes: #697366
 Certificates removed (-) (none added):
 - "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
   * Remove unneeded and confusing usage of interest-noawait; remove unneeded
 Pre-Depends on dpkg. Thanks to Guillem Jover for the help and patch.
 Closes: #537051
Checksums-Sha1: 
 5131c1639cd9c0ae51f097301f4ea4134fcaca3a 1409 ca-certificates_20130119.dsc
 e96ba8005000bde7886a78efa0e8ae148a0d6b08 301542 ca-certificates_20130

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[Bdale Garbee]

gregor herrmann  writes:

> I've prepared an NMU for geda-gaf (versioned as 1:1.6.2-4.3) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Be aware that 1.8.1-1 has been uploaded to unstable and is awaiting NEW
processing. 

Bdale


pgp6e10CYUEH6.pgp
Description: PGP signature

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[gregor herrmann]

On Sun, 20 Jan 2013 08:07:03 -0700, Bdale Garbee wrote:

> > I've prepared an NMU for geda-gaf (versioned as 1:1.6.2-4.3) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> Be aware that 1.8.1-1 has been uploaded to unstable and is awaiting NEW
> processing. 

Thanks, I've noted the version in NEW but for some reason I assumed
it was targetting experimental.

Having it in unstable now would be unfortunate (with or without this
fix) since a new upstream version would most probably not migrate to
testing, meaning we'd need an upload to testing-proposed-updates.

I guess it makes sense to cancel the NMU since both Ahmed and you are
looking after the package, and let you sort out the best way to
proceed?


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Andrew Lloyd Webber & Tim Rice


signature.asc
Description: Digital signature

Processed: Pending

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 697668 pending
Bug #697668 [kde-style-oxygen] Tries to overwrite 
/usr/lib/kde4/kstyle_oxygen_config.so
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697668: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697668
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Eli Zaretskii]

> From: Rob Browning 
> Date: Sat, 19 Jan 2013 22:09:28 -0600
> Cc: 696026-forwar...@bugs.debian.org, Vincent Lefevre ,
>   696...@bugs.debian.org
> 
> Vincent Lefevre  writes:
> 
> > Package: emacs24
> > Version: 24.2+1-1
> > Severity: grave
> > Justification: causes non-serious data loss
> >
> > The file "file1" (attached) has the following contents:
> >
> >   6c e2 80 99 c3 a9 0a 74  65 73 74 e9 0a   |l..test..|
> >
> > 1. Open "file1" with "emacs -Q". It is regarded as
> >an in-is13194-devanagari-unix file.
> >
> > 2. Type M-: (set-buffer-modified-p t) to mark the buffer as modified
> >(so that one can save it).
> >
> > 3. Save the file with C-x C-s. It is proposed:
> >
> > [...]
> > Select one of the safe coding systems listed below,
> > or cancel the writing with C-g and edit the buffer
> >to remove or modify the problematic characters,
> > or specify any other coding system (and risk losing
> >the problematic characters).
> >
> >   raw-text emacs-mule no-conversion
> >
> > 4. Choose raw-text (the default) or no-conversion. One can assume
> >that the file will not be modified. But it gets corrupted: one
> >obtains a file "file2" (attached) with the following contents:
> >
> >   6c e0 a5 88 80 99 e0 a4  a5 e0 a4 8a 0a 74 65 73  
> > |ltes|
> > 0010  74 e0 a4 bc 0a|t|
> >
> > Note: Actually "file1" has mixed UTF-8 and ISO-8859-1 contents due to
> > a user error. But due to this bug, an attempt to fix the problem with
> > Emacs makes things even worse! BTW, I had the same problem in the past
> > when attempting to edit an mbox file with Emacs (in this case, having
> > mixed UTF-8 and ISO-8859-1 contents is normal). How Emacs interprets
> > such contents doesn't matter, but by default, it mustn't corrupt the
> > file on saving.
> >
> > There is no such problem with GNU Emacs 23.4.1 (Debian package
> > emacs23 23.4+1-4).

First, this isn't really a regression: Emacs 23 has the same
"problem".  It's just that Emacs 23 doesn't autodetect
in-is13194-devanagari in this file, while Emacs 24 does.  If you say
"C-x RET c raw-text RET C-x C-f" to visit this file in Emacs 24, the
problem will be gone, which is exactly what happens in Emacs 23,
because it visits the file in raw-text to begin with.  Conversely, if
you use "C-x RET c in-is13194-devanagari RET C-x C-f" to visit the
file in Emacs 23, you will get the same "problem" saving it.

I didn't research the reason why Emacs 24 autodetects this encoding,
and whether this is on purpose.  Perhaps Handa-san could tell.

More to the point: there seems to be a fundamental misunderstanding
here regarding the effect of selecting an encoding at save time.  It
sounds like the OP thought that selecting a "literal" encoding, such
as raw-text, which is supposed to leave the binary stream unaltered
(apart of the EOL format), will ensure that a buffer will be saved
exactly as it was originally found on disk.  But this is false.  What
raw-text and no-conversion do is to write out the _internal_
representation of each character without any conversions.  The
original encoded form of the characters as found on disk at visit time
_cannot_ be recovered by saving with raw-text, because that encoded
form is lost without a trace when the file is _visited_ and decoded
into the internal representation.  The only information that's left is
the coding-system used to decode the characters.  But since the file's
encoding in this case is inconsistent, that coding-system cannot be
used to save it back (Emacs will not let you do so, as demonstrated in
the report), and therefore the original form cannot be recovered this
way.

What the user should do to avoid this data loss is prevent the
incorrect decoding of the file's contents when the file is visited.
To this end, the file should be visited with no-conversion or
raw-text, using "C-x RET c raw-text RET C-x C-f".  Then it will be
possible to repair the file and write it back using the same raw-text
encoding.

If the fact that the file's encoding is inconsistent is not
realized until some time after the file is visited, the user should
use "C-x RET r raw-text RET" to re-visit the file using raw-text.

IOW, only selecting the appropriate encoding _at_visit_time_ can
prevent data loss in these cases.  The expectation that "Emacs mustn't
corrupt the file on saving" when the file has inconsistent encoding
and was decoded with anything but raw-text or no-conversion is
unjustified.

Personally, I don't think there's a bug here.  It's a cockpit error.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#698333: drupal6: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

[Debian Bug Tracking System]

Processing control commands:

> affects -1 drupal6-mod-views/2.16-1
Bug #698333 [drupal6] drupal6: SA-CORE-2013-001 - Drupal core - Multiple 
vulnerabilities
Added indication that 698333 affects drupal6-mod-views/2.16-1

-- 
698333: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698333
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698334: drupal7: SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

[Steven Chamberlain]

Hi,

I'm curious:

"jQuery versions 1.6.3 and higher provide protection against common
forms of this problem; thus, the vulnerability is mitigated if your site
has upgraded to a recent version of jQuery"

does that mean the drupal-7 package *could* now use the libjs-jquery
package instead of an embedded copy?

The libjs-jquery/1.7.2 package seems it was already immune to this
issue.  (Proof of concept at http://ma.la/jquery_xss/ - save it locally
and you can swap out the jquery.js to test other versions).

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Yves-Alexis Perez]

On dim., 2013-01-20 at 13:07 +0100, Salvatore Bonaccorso wrote:
> So I have verified the following things:
> 
>  - The debdiff contains only the mentioned change (debdiff attached).
> 
>  - The patch is applied to /usr/share/ganglia-webfrontend/graph.php in
>the produced binary package ganglia-webfrontend.
> 
>  - If I try to exploit the argument g= passed to graph.php on a
>squeeze with installed package it does not work anymore and in logs
>I correctly notice the Error output produced by the error_log. At
>least with the obvious exploit variant.

Can you upload to security-master? Remember to build with -sa.

Regards,
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part

Bug#684574: still unfixed

[Colin Watson]

On Sun, Jan 20, 2013 at 02:36:40PM +0100, Bastian Blank wrote:
> This bug is still unfixed. The efi_gop and efi_ufa have to be loaded
> _always_ and unconditionally, not only if some graphics mode is
> requested.

Mm, sorry, I misunderstood the rationale for this slightly before, but I
understand better now.  This is really the fault of the Debian-specific
gfxpayload_keep_default patch; I'm going to revert a small part of that
which was responsible for disabling video module loading and hence
prevented the screen_info structure from being set up properly on entry
to Linux.

I'd appreciate confirmation that 1.99-27 fixes this for real.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[Bdale Garbee]

gregor herrmann  writes:

> Thanks, I've noted the version in NEW but for some reason I assumed
> it was targetting experimental.

> Having it in unstable now would be unfortunate (with or without this
> fix) since a new upstream version would most probably not migrate to
> testing, meaning we'd need an upload to testing-proposed-updates.

There's a balance here, but in my opinion it is *way* past time for 1.8
to be in unstable.

> I guess it makes sense to cancel the NMU since both Ahmed and you are
> looking after the package, and let you sort out the best way to
> proceed?

[shrug]  I have no interest at all in 1.6 at this point, so if you think
fixing this bug in wheezy is important, maybe a testing-proposed-updates
upload would still be useful?  

FWIW, let me explain why I don't care about 1.6 any more.

There's at least one nasty DRC bug in the version of pcb packaged
in Debian that forced me to move to a fresher upstream version for my
production use of pcb.  Once you start using fresher pcb from upstream,
you must upgrade geda-gaf because older versions don't understand the
dimensional suffixes present in the files created by newer pcb... using
an older gsch2pcb *break* the pcb design by smashing dimensions when it
doesn't understand the new suffixes.

Sadly, my latest conversation with pcb upstream suggests there's no
sense of urgency for making a new "release" of pcb.  I'm really tempted
to build a newer version of pcb for unstable despite this, since what
I'm running now seems better in every way than the 16-month-old bits
currently packaged in Debian... that way at least the bits in unstable
would be "useful again".

This obviously conflicts with the idea of keeping unstable available as a
path for easy patch migration to testing, though.  Personally, having
bits in unstable that are useful to me is much more important than
fixing wheezy right now, since I'm already resigned to the idea that
we're going to have to do builds for backports to keep geda-gaf and pcb
useful to wheezy users in the future.

Bdale


pgp9tZDKvAyaN.pgp
Description: PGP signature

Bug#694808: marked as done (libv8: CVE-2012-5120 CVE-2012-5128)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 18:23:38 +0100
with message-id <50fc281a.6090...@melix.org>
and subject line Re: Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
has caused the Debian Bug report #694808,
regarding libv8: CVE-2012-5120 CVE-2012-5128
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
694808: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694808
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libv8
Severity: grave
Tags: security
Justification: user security hole

Please see 
http://googlechromereleases.blogspot.de/2012/11/stable-channel-release-and-beta-channel.html

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
I think this bug should be closed because i carefully
ran the upstream regression tests and hence checked the
issues didn't apply to libv8 3.8.x.

Please feel free to reopen it in case of any doubt.

Jérémy.--- End Message ---

Processed: found 619244 in 44-8, found 677805 in sid/None, found 669278 in sid/None, found 646837 in sid/None ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 619244 44-8
Bug #619244 [systemd] systemd: unowned files after purge (policy 6.8, 10.8): 
/etc/machine-id
Marked as found in versions systemd/44-8.
> found 677805 sid/None
Bug #677805 [sugar-chat-activity-0.86] sugar-chat-activity-0.86: fails to 
upgrade from squeeze: Could not perform immediate configuration on 
'python-sugar-toolkit-0.88'.
The source sid and version None do not appear to match any binary packages
Marked as found in versions sid/None.
> found 669278 sid/None
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source sid and version None do not appear to match any binary packages
Marked as found in versions sid/None.
Marked as found in versions sid/None.
> found 646837 sid/None
Bug #646837 [bugzilla3] Without liburl-perl bugzilla3 cant be installed
The source sid and version None do not appear to match any binary packages
Marked as found in versions sid/None.
> found 574220 wheezy/None
Bug #574220 {Done: Andreas Beckmann } 
[firebird2.0-classic] firebird2.0-classic: package purge (after dependencies 
removal) fails
Warning: Unknown package 'firebird2.0-classic'
The source wheezy and version None do not appear to match any binary packages
Marked as found in versions wheezy/None and reopened.
Warning: Unknown package 'firebird2.0-classic'
> close 574220
Bug #574220 [firebird2.0-classic] firebird2.0-classic: package purge (after 
dependencies removal) fails
Warning: Unknown package 'firebird2.0-classic'
Marked Bug as done
Warning: Unknown package 'firebird2.0-classic'
> found 698574 wheezy/None
Bug #698574 [dictionaries-common] dictionaries-common: Please add Conflicts: 
myspell-cs-cz, myspell-eu-es, myspell-gl-es
The source wheezy and version None do not appear to match any binary packages
Marked as found in versions wheezy/None.
> found 696375 wheezy/None
Bug #696375 [mono-gac] mono-gac: fails to upgrade from lenny if libgmime2.2-cil 
is still installed
The source wheezy and version None do not appear to match any binary packages
Marked as found in versions wheezy/None.
> found 696366 wheezy/None
Bug #696366 [zabbix-server-pgsql] zabbix-server-pgsql: fails to upgrade from 
lenny to squeeze
The source wheezy and version None do not appear to match any binary packages
Marked as found in versions wheezy/None.
> found 542157 wheezy/None
Bug #542157 {Done: Andreas Beckmann } [runit-run] fails to 
install
Warning: Unknown package 'runit-run'
The source wheezy and version None do not appear to match any binary packages
Marked as found in versions wheezy/None and reopened.
Warning: Unknown package 'runit-run'
> close 542157
Bug #542157 [runit-run] fails to install
Warning: Unknown package 'runit-run'
Marked Bug as done
Warning: Unknown package 'runit-run'
> found 660594 1.8.5p2-1
Bug #660594 [sudo,sudo-ldap] sudo: prompting due to modified conffiles which 
where not modified by the user
Marked as found in versions sudo/1.8.5p2-1.
> affects 660594 + qtparted
Bug #660594 [sudo,sudo-ldap] sudo: prompting due to modified conffiles which 
where not modified by the user
Added indication that 660594 affects qtparted
> unarchive 677054
Bug #677054 {Done: Sébastien Villemot } [nut-client] 
nut-client: prompting due to modified conffiles which were not modified by the 
user
Unarchived Bug 677054
> found 677054 2.6.4-2.2
Bug #677054 {Done: Sébastien Villemot } [nut-client] 
nut-client: prompting due to modified conffiles which were not modified by the 
user
Marked as found in versions nut/2.6.4-2.2 and reopened.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
542157: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542157
574220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574220
619244: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619244
646837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646837
660594: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660594
669278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669278
669878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669878
677054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677054
677805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677805
696366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696366
696375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696375
698574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698574
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[gregor herrmann]

On Sun, 20 Jan 2013 10:18:29 -0700, Bdale Garbee wrote:

> > Having it in unstable now would be unfortunate (with or without this
> > fix) since a new upstream version would most probably not migrate to
> > testing, meaning we'd need an upload to testing-proposed-updates.
> There's a balance here, but in my opinion it is *way* past time for 1.8
> to be in unstable.

Ok.
 
> > I guess it makes sense to cancel the NMU since both Ahmed and you are
> > looking after the package, and let you sort out the best way to
> > proceed?
> [shrug]  I have no interest at all in 1.6 at this point, so if you think
> fixing this bug in wheezy is important, maybe a testing-proposed-updates
> upload would still be useful?  

Or removing 1.6 from testing?

In any case, I've cancelled the NMU now in order not to inferfere
with the 1.8 version in NEW.
 
> FWIW, let me explain why I don't care about 1.6 any more.

[..]

Thank you for the details.
 
> This obviously conflicts with the idea of keeping unstable available as a
> path for easy patch migration to testing, though.  Personally, having
> bits in unstable that are useful to me is much more important than
> fixing wheezy right now, since I'm already resigned to the idea that
> we're going to have to do builds for backports to keep geda-gaf and pcb
> useful to wheezy users in the future.

I see; this also sounds a bit like it's not worth releasing wheezy
with 1.6?

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: The Eagles: James Dean


signature.asc
Description: Digital signature

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Rob Browning]

Eli Zaretskii  writes:

> More to the point: there seems to be a fundamental misunderstanding
> here regarding the effect of selecting an encoding at save time.  It
> sounds like the OP thought that selecting a "literal" encoding, such
> as raw-text, which is supposed to leave the binary stream unaltered
> (apart of the EOL format), will ensure that a buffer will be saved
> exactly as it was originally found on disk.  But this is false.  What
> raw-text and no-conversion do is to write out the _internal_
> representation of each character without any conversions.  The
> original encoded form of the characters as found on disk at visit time
> _cannot_ be recovered by saving with raw-text, because that encoded
> form is lost without a trace when the file is _visited_ and decoded
> into the internal representation.  The only information that's left is
> the coding-system used to decode the characters.  But since the file's
> encoding in this case is inconsistent, that coding-system cannot be
> used to save it back (Emacs will not let you do so, as demonstrated in
> the report), and therefore the original form cannot be recovered this
> way.

Ahh, right; that make sense to me.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#677280: marked as done (grub-efi: cannot find normal; wrong prefix to grub2 (EFI)?)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 17:33:09 +
with message-id 
and subject line Bug#661789: fixed in grub2 1.99-27
has caused the Debian Bug report #661789,
regarding grub-efi: cannot find normal; wrong prefix to grub2 (EFI)?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
661789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661789
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: grub-efi
Version: 1.99-22
Severity: critical
Justification: breaks the whole system

Dear Maintainer,

I recently succeeded in installing Debian stable on my Mac Pro (Model 
MacPro1,1), however, I cannot boot the system without
a supergrub rescue CD. Debian install used grub-pc, which created a grub.cfg 
that the supergrub CD could find. Once into Debian,
I installed grub-efi and it wrote an efi image and *.mod files to /boot/grub on 
the EFI system partition. I'm using rEFInd to
handle the EFI booting and it finds the Debian grub boot image. But when I 
select it, I am dumped at a grub-rescue partition.
When I look at the prefix, it is missing a / before boot and grub cannot find 
normal.mod. When I reset the prefix to
(hdX,Y)/boot/grub, I can insmod normal.

Once I 'insmod normal' and then type 'normal', I do get a regular grub prompt. 
I have not been able to successfully boot the system 
from that grub-prompt.

So, where in all the Debian scripts is that path set, so I can add the / before 
boot? (Does that sound like the problem to you?) 

I've looked in /etc/default/grub and didn't see it. I'm less confident I can 
accurately read all the files in /etc/grub.d. 
It might be in there, but I might have missed it because of all the 
substitutions, etc.

Also, I did dist-upgrade to sid to see if that fixed it, and things are working 
better. Under stable, after booting the supergrub CD,
it would find a grub.cfg, but the root was always wrong. If I edited the linux 
menuentry (at boottime), I could successfully boot.
Upon switching to sid, the root directory is correct in the grub.cfg on the 
system.

I'm happy to provide more information, if that will help. Thanks very much.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages grub-efi depends on:
ii  grub-common1.99-22
ii  grub-efi-ia32  1.99-22

grub-efi recommends no packages.

grub-efi suggests no packages.

-- no debconf information


--- End Message ---
--- Begin Message ---
Source: grub2
Source-Version: 1.99-27

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson  (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 20 Jan 2013 16:37:52 +
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu 
grub-pc-bin grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot 
grub-efi-ia32-bin grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64 
grub-ieee1275-bin grub-ieee1275 grub-firmware-qemu grub-yeeloong-bin 
grub-yeeloong grub-mount-udeb
Architecture: source i386
Version: 1.99-27
Distribution: unstable
Urgency: low
Maintainer: GRUB Maintainers 
Changed-By: Colin Watson 
Description: 
 grub-common - GRand Unified Bootloader (common files)
 grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
 grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
 grub-efi   - GRand Unified Bootloader, version 2 (dummy package)
 grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
 grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
 grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
 grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
 grub-emu   - GRand Unified Bootloader, version 2 (emulated version)
 grub

Bug#684574: marked as done (grub-efi-amd64 - Does not load EFI console modules)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 17:33:09 +
with message-id 
and subject line Bug#661789: fixed in grub2 1.99-27
has caused the Debian Bug report #661789,
regarding grub-efi-amd64 - Does not load EFI console modules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
661789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661789
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: grub-efi-amd64
Version: 1.99-22.1
Severity: important

The EFI grub does not load the EFI console modules (efi_gop, efi_uga).
This modules are necessary to have a working output from the loaded
Linux kernel.

The generated grub.cfg includes a function called load_video that is
used sometimes, but not in normal installations.

Bastian

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: grub2
Source-Version: 1.99-27

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson  (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 20 Jan 2013 16:37:52 +
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu 
grub-pc-bin grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot 
grub-efi-ia32-bin grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64 
grub-ieee1275-bin grub-ieee1275 grub-firmware-qemu grub-yeeloong-bin 
grub-yeeloong grub-mount-udeb
Architecture: source i386
Version: 1.99-27
Distribution: unstable
Urgency: low
Maintainer: GRUB Maintainers 
Changed-By: Colin Watson 
Description: 
 grub-common - GRand Unified Bootloader (common files)
 grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
 grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
 grub-efi   - GRand Unified Bootloader, version 2 (dummy package)
 grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
 grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
 grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
 grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
 grub-emu   - GRand Unified Bootloader, version 2 (emulated version)
 grub-firmware-qemu - GRUB firmware image for QEMU
 grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
 grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware 
binaries)
 grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
 grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
 grub-pc- GRand Unified Bootloader, version 2 (PC/BIOS version)
 grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
 grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
 grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
 grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
 grub2  - GRand Unified Bootloader, version 2 (dummy package)
 grub2-common - GRand Unified Bootloader (common files for version 2)
Closes: 661789
Changes: 
 grub2 (1.99-27) unstable; urgency=low
 .
   * Amend gfxpayload_keep_default.patch to no longer remove the call to
 load_video when GRUB_GFXPAYLOAD_LINUX is empty (closes: #661789).
Checksums-Sha1: 
 056b038fca9d894d5296315f3da98713e9dc70bb 3757 grub2_1.99-27.dsc
 b7eaaa234e39851342fdf1fb4c7c42de2045f922 420769 grub2_1.99-27.diff.gz
 914ef54268d671f96d18980001a96321147f9d54 2490 grub2_1.99-27_i386.deb
 98e8b629e10a0e05ccfcde5baaf52f79410a7de4 1084 grub-linuxbios_1.99-27_i386.deb
 66b3f5243bf261bd195fc41b8a064df960a0067a 1096 grub-efi_1.99-27_i386.deb
 50e2a2461e42738a6edccaeef9154ac9ad4995c7 1530836 grub-common_1.99-27_i386.deb
 a

Bug#661789: marked as done (grub-common: load_video required for linux on UEFI)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 17:33:09 +
with message-id 
and subject line Bug#661789: fixed in grub2 1.99-27
has caused the Debian Bug report #661789,
regarding grub-common: load_video required for linux on UEFI
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
661789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661789
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: grub-common
Version: 1.99-14
Severity: normal

Hello,

After experimenting a bit with UEFI, it seems Linux kernels require the boot
loader to load a video mode. That is, if you do not load_video and try to boot
a Linux, you will only get:

no suitable mode found


So, perhaps /etc/grub.d/10_linux could be updated so that it calls load_video
before loading a kernel on UEFI?

Regards,

-- 
Tanguy Ortolo

PS: I am stripping my configuration information which is not relevant here
because I am writing this report from another machine.


--- End Message ---
--- Begin Message ---
Source: grub2
Source-Version: 1.99-27

We believe that the bug you reported is fixed in the latest version of
grub2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson  (supplier of updated grub2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 20 Jan 2013 16:37:52 +
Source: grub2
Binary: grub2 grub-linuxbios grub-efi grub-common grub2-common grub-emu 
grub-pc-bin grub-pc grub-rescue-pc grub-coreboot-bin grub-coreboot 
grub-efi-ia32-bin grub-efi-ia32 grub-efi-amd64-bin grub-efi-amd64 
grub-ieee1275-bin grub-ieee1275 grub-firmware-qemu grub-yeeloong-bin 
grub-yeeloong grub-mount-udeb
Architecture: source i386
Version: 1.99-27
Distribution: unstable
Urgency: low
Maintainer: GRUB Maintainers 
Changed-By: Colin Watson 
Description: 
 grub-common - GRand Unified Bootloader (common files)
 grub-coreboot - GRand Unified Bootloader, version 2 (Coreboot version)
 grub-coreboot-bin - GRand Unified Bootloader, version 2 (Coreboot binaries)
 grub-efi   - GRand Unified Bootloader, version 2 (dummy package)
 grub-efi-amd64 - GRand Unified Bootloader, version 2 (EFI-AMD64 version)
 grub-efi-amd64-bin - GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
 grub-efi-ia32 - GRand Unified Bootloader, version 2 (EFI-IA32 version)
 grub-efi-ia32-bin - GRand Unified Bootloader, version 2 (EFI-IA32 binaries)
 grub-emu   - GRand Unified Bootloader, version 2 (emulated version)
 grub-firmware-qemu - GRUB firmware image for QEMU
 grub-ieee1275 - GRand Unified Bootloader, version 2 (Open Firmware version)
 grub-ieee1275-bin - GRand Unified Bootloader, version 2 (Open Firmware 
binaries)
 grub-linuxbios - GRand Unified Bootloader, version 2 (dummy package)
 grub-mount-udeb - export GRUB filesystems using FUSE (udeb)
 grub-pc- GRand Unified Bootloader, version 2 (PC/BIOS version)
 grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
 grub-rescue-pc - GRUB bootable rescue images, version 2 (PC/BIOS version)
 grub-yeeloong - GRand Unified Bootloader, version 2 (Yeeloong version)
 grub-yeeloong-bin - GRand Unified Bootloader, version 2 (Yeeloong binaries)
 grub2  - GRand Unified Bootloader, version 2 (dummy package)
 grub2-common - GRand Unified Bootloader (common files for version 2)
Closes: 661789
Changes: 
 grub2 (1.99-27) unstable; urgency=low
 .
   * Amend gfxpayload_keep_default.patch to no longer remove the call to
 load_video when GRUB_GFXPAYLOAD_LINUX is empty (closes: #661789).
Checksums-Sha1: 
 056b038fca9d894d5296315f3da98713e9dc70bb 3757 grub2_1.99-27.dsc
 b7eaaa234e39851342fdf1fb4c7c42de2045f922 420769 grub2_1.99-27.diff.gz
 914ef54268d671f96d18980001a96321147f9d54 2490 grub2_1.99-27_i386.deb
 98e8b629e10a0e05ccfcde5baaf52f79410a7de4 1084 grub-linuxbios_1.99-27_i386.deb
 66b3f5243bf261bd195fc41b8a064df960a0067a 1096 grub-efi_1.99-27_i386.deb
 50e2a2461e42738a6edccaeef9154ac9ad4995c7 1530836 grub-common_1.99-27_i386.deb
 a4412f672f9fd73e31e1eaa10323c484d38b19d3 94322 grub2-common_1.99-27_i386.deb
 9056585f1bbac8b026bad1307faecc3b5821bff4 1618068 grub-emu_1.9

Processed: notfound 669278 in konversation/1.4-1, notfound 669278 in sid/None ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 669278 konversation/1.4-1
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
No longer marked as found in versions konversation/1.4-1.
No longer marked as found in versions konversation/1.4-1.
> notfound 669278 sid/None
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source sid and version None do not appear to match any binary packages
No longer marked as found in versions sid/None.
No longer marked as found in versions sid/None.
> notfound 669278 kopete/4:4.8.4-1
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source kopete and version 4:4.8.4-1 do not appear to match any binary 
packages
No longer marked as found in versions kopete/4:4.8.4-1.
No longer marked as found in versions kopete/4:4.8.4-1.
> notfound 669278 wheezy/None
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source wheezy and version None do not appear to match any binary packages
No longer marked as found in versions wheezy/None.
No longer marked as found in versions wheezy/None.
> notfound 669278 kraft/0.45-2
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
No longer marked as found in versions kraft/0.45-2.
No longer marked as found in versions kraft/0.45-2.
> notfound 669278 kdeutils/4:4.8.4+5.77
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source kdeutils and version 4:4.8.4+5.77 do not appear to match any binary 
packages
No longer marked as found in versions kdeutils/4:4.8.4+5.77.
No longer marked as found in versions kdeutils/4:4.8.4+5.77.
> notfound 669278 kdebase-workspace-bin/4:4.8.4-5
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source kdebase-workspace-bin and version 4:4.8.4-5 do not appear to match 
any binary packages
No longer marked as found in versions kdebase-workspace-bin/4:4.8.4-5.
No longer marked as found in versions kdebase-workspace-bin/4:4.8.4-5.
> notfound 669278 digikam/4:2.6.0-1
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
No longer marked as found in versions digikam/4:2.6.0-1.
No longer marked as found in versions digikam/4:2.6.0-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
669278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669278
669878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698064: aranym: crashes from guest userspace when NatFeat is queried

[Thorsten Glaser]

Petr Stehlik dixit:

>In the very dark past NatFeats were meant to be called even from user
>space but later it was decided to use NatFeats from the kernel space
>only. Whatever needs to call host should use a device driver for that.

But there’s no device driver (or even procfs entry) to figure out
whether the system’s virtualised…

Granted, this is probably not that important. Thanks for fixing
(need still to test it… too few time…) the crash, though. I can
live with that and will just drop the idea to patch imvirt.

>what you were trying was sort of NatFeat mis-use, anyway. Is user-space
>program supposed to do HW detection in Linux? I doubt it. Let the kernel
>detect hardware for you and then check /proc/hardware or so.

From what I understand, in Linux, user space is supposed to do
everything ;-) They used to have a webserver in the kernel, though.

In my specific case, just detect whether it’s emulated or not.

>Antonin Kral is (or has always been) a DD.

Oh. Sorry for the mis-understanding, then.

>I am all for putting together 0.9.15 for sid.

Great!

bye,
//mirabilos
-- 
„nein: BerliOS und Sourceforge sind Plattformen für Projekte, github ist
eine Plattform für Einzelkämpfer“
-- dieses Zitat ist ein Beweis dafür, daß auch ein blindes Huhn
   mal ein Korn findet, bzw. – in diesem Fall – Recht haben kann


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#683584: [Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

[Salvatore Bonaccorso]

Hi

On Sun, Jan 20, 2013 at 06:15:30PM +0100, Yves-Alexis Perez wrote:
> On dim., 2013-01-20 at 13:07 +0100, Salvatore Bonaccorso wrote:
> > So I have verified the following things:
> > 
> >  - The debdiff contains only the mentioned change (debdiff attached).
> > 
> >  - The patch is applied to /usr/share/ganglia-webfrontend/graph.php in
> >the produced binary package ganglia-webfrontend.
> > 
> >  - If I try to exploit the argument g= passed to graph.php on a
> >squeeze with installed package it does not work anymore and in logs
> >I correctly notice the Error output produced by the error_log. At
> >least with the obvious exploit variant.
> 
> Can you upload to security-master? Remember to build with -sa.

Done!

And thanks for your work on the Security Team!

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: affects 669278

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> affects 669278 - kdebase
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
Removed indication that 669278 affects kdebase
Removed indication that 669878 affects kdebase
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
669278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669278
669878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696661: bind9 - Fails if openssl can't load the gost engine

[Steven Chamberlain]

Control: found -1 1:9.8.1.dfsg.P1-4.3

Hi,

bind9/1:9.8.1.dfsg.P1-4.4 and libdns81 have disappeared out of the
archive.  It is missing from debian/changelog since 1:9.8.4.dfsg-1

(The nmu was not acked conventionally;  the change had already been
merged in from upstream and the changelog entry was missed).

Therefore version tracking of this bug was not working properly;
britney/UDD do not list it as an RC bug, but apt-listbugs does.

I'm marking it as 'found' in the preceding version so that this bug does
not go missing.  Whether or not it still exists in 9.8.4 I do not know.

Thanks,
Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#696661: bind9 - Fails if openssl can't load the gost engine

[Debian Bug Tracking System]

Processing control commands:

> found -1 1:9.8.1.dfsg.P1-4.3
Bug #696661 [bind9] bind9 - Fails if openssl can't load the gost engine
Marked as found in versions bind9/1:9.8.1.dfsg.P1-4.3.

-- 
696661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#696661: bind9 - Fails if openssl can't load the gost engine

[Debian Bug Tracking System]

Processing control commands:

> found -1 1:9.8.1.dfsg.P1-4.3
Bug #696661 [bind9] bind9 - Fails if openssl can't load the gost engine
Ignoring request to alter found versions of bug #696661 to the same values 
previously set

-- 
696661: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696661
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#669278: Processed: found 619244 in 44-8, found 677805 in sid/None, found 669278 in sid/None, found 646837 in sid/None ...

[Andreas Beckmann]

On 2013-01-20 18:46, Pino Toscano wrote:
> Alle domenica 20 gennaio 2013, Debian Bug Tracking System ha scritto:
>> Marked as found in versions sid/None.
> 
> sid/None??? What's this?

A "magic version number" that is used by piuparts-analyze to classify
some of the packages affected by this bug and move the failing logs away
as "bugged" so that my attention goes to the important things.

> Also, what's the use of adding versions of other sources to (what is 
> now) a phonon bug? Would it be possible to not add them, since otherwise 
> you would end up adding all the phonon-dependent sources (directly or 
> indirectly, like most of the kde applications)?

See http://bugs.debian.org/669278#154

BTW, I filed a pre-approval request for the addition of the transitional
package I proposed: http://bugs.debian.org/698252


Andreas


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698585: [cdck] Instructs to put a disk into trash can

[Filipus Klutiero]

Package: cdck
Version: 0.7.0-5
Severity: serious

On this machine, cdck gives this verdict for the second of a series of 
10 home-made DVDs that contain personal videos:


! TOC and lseek() return different information about size , using 
lseek()'s number of sectors which is 2295104


Reading sectors 1-2295104
! unable to read sector 2236433, reason: Input/output error
! unable to read sector 2236434, reason: Input/output error
! unable to read sector 2236435, reason: Input/output error
! unable to read sector 2236436, reason: Input/output error
! unable to read sector 2236437, reason: Input/output error
! unable to read sector 2236438, reason: Input/output error
! unable to read sector 2236439, reason: Input/output error
! unable to read sector 2236440, reason: Input/output error
! unable to read sector 2236441, reason: Input/output error
! unable to read sector 2236442, reason: Input/output error
! unable to read sector 2236443, reason: Input/output error
! unable to read sector 2236444, reason: Input/output error
! unable to read sector 2236445, reason: Input/output error
! unable to read sector 2236446, reason: Input/output error
! unable to read sector 2236447, reason: Input/output error
! unable to read sector 2236448, reason: Input/output error
2295104 ok

CD overall:
   Sectors total: 2295104:
   Good sectors: 2295088:
   Bad sectors (incl. with poor timing): 16
CD timings:
   Minimal = 0 usec (0.00s)
   Maximal = 99086095 usec (99.086095s)
   Average = 1458 usec (0.001458s)

Conclusion:
   Disc contains BAD or even unreadable sectors, put it into trash can!


This install clearly has problems reading optical discs. For a set of 
10-15 DVDs which are all (at least) satisfactory according to tests on 
another machine, it only gives 7 as satisfactory or better. The rest are 
either considered BAD (this one), unstable, or are practically 
impossible to verify (I stop the verification after many hours). I know 
this machine's problem is not specific to cdck. If its problem is 
software, it has to be lower-level, since K3b is also affected. But this 
is not a reason to give instructions that can cause data loss.


I'm not very knowledgeable on optical discs, but I see 5 reasons why a 
problem could be detected:


1. A software bug (cdck, kernel or other)
2. An issue with the ODD
1. A damaged ODD
2. A dirty ODD
3. An issue with the disk
1. A damaged disc
2. A dirty disc

From these, the disk is only BAD in case 3.1. And even if there are 
actually BAD sectors on the disc, that doesn't mean all sectors are bad. 
In many cases, discs are the only stores of some data. In these cases, 
cdck should instruct to recover the recoverable data and only then to 
get rid of the disc. I agree that a damaged disc should in general be 
discarded to avoid giving a false impression that the data is available, 
but that's a secondary concern. The primary concern with a damaged disc 
should be to save the data which it uniquely stores. Putting a disk 
right in the trash can just because it has bad sectors is likely to 
cause data loss.


--- System information. ---
Architecture: i386
Kernel: Linux 3.2.0-4-amd64

Debian Release: 7.0
990 testing security.debian.org
990 testing debian.mirror.iweb.ca
500 unstable debian.mirror.iweb.ca
1 experimental debian.mirror.iweb.ca

--- Package information. ---
Depends (Version) | Installed
-+-=
libc6 (>= 2.3) | 2.13-37
libgcc1 (>= 1:4.1.1) | 1:4.7.2-5


Package's Recommends field is empty.

Suggests (Version) | Installed
===-+-===
gnuplot |

Bug#698490: git-extras: diff for NMU version 1.7.0-1.2

[Jonathan Wiltshire]

tags 698490 + pending
thanks

The patch is incomplete, this problem affects git-changelog too. Patch
attached; I have uploaded it to DELAYED/2.

Maintainer, please ensure this patch gets applied upstream (who also seem
not to understand set -e). I do not and will not have a github account.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff -Nru git-extras-1.7.0/debian/changelog git-extras-1.7.0/debian/changelog
--- git-extras-1.7.0/debian/changelog	2012-09-08 14:04:47.0 +0100
+++ git-extras-1.7.0/debian/changelog	2013-01-20 18:08:59.0 +
@@ -1,3 +1,11 @@
+git-extras (1.7.0-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * git-changelog, git-effort: Correct unsafe temporary file usage
+(Closes: #698490)
+
+ -- Jonathan Wiltshire   Sun, 20 Jan 2013 18:07:43 +
+
 git-extras (1.7.0-1.1) unstable; urgency=low
 
   * Non-maintainer upload to fix Release Critical bug.
diff -Nru git-extras-1.7.0/debian/patches/series git-extras-1.7.0/debian/patches/series
--- git-extras-1.7.0/debian/patches/series	2012-09-08 14:01:34.0 +0100
+++ git-extras-1.7.0/debian/patches/series	2013-01-20 18:15:13.0 +
@@ -1,3 +1,4 @@
 git-rename-tag-add-shebang
 change-sh-shebang-to-bash-shebang
 fix-git-ignore-manpage
+unsafe-tmp
diff -Nru git-extras-1.7.0/debian/patches/unsafe-tmp git-extras-1.7.0/debian/patches/unsafe-tmp
--- git-extras-1.7.0/debian/patches/unsafe-tmp	1970-01-01 01:00:00.0 +0100
+++ git-extras-1.7.0/debian/patches/unsafe-tmp	2013-01-20 18:19:31.0 +
@@ -0,0 +1,46 @@
+Description: correct unsafe usage of temporary files (git-changelog,
+ git-effort)
+Author: Jonathan Wiltshire 
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490
+Forwarded: no
+Last-Update: 2013-01-20
+
+
+Index: git-extras-1.7.0/bin/git-changelog
+===
+--- git-extras-1.7.0.orig/bin/git-changelog	2013-01-20 18:15:00.0 +
 git-extras-1.7.0/bin/git-changelog	2013-01-20 18:04:22.692229726 +
+@@ -19,7 +19,8 @@
+   CHANGELOG=`ls | egrep 'change|history' -i`
+   if test "$CHANGELOG" = ""; then CHANGELOG='History.md'; fi
+ fi
+-tmp="/tmp/changelog"
++tmp="$(mktemp --suffix=git-changelog)"
++trap "rm -rf '$tmp'" EXIT
+ printf "$HEAD" > $tmp
+ git-changelog --list >> $tmp
+ printf '\n' >> $tmp
+@@ -27,4 +28,4 @@
+ mv $tmp $CHANGELOG
+ test -n "$EDITOR" && $EDITOR $CHANGELOG
+ ;;
+-esac
+\ No newline at end of file
++esac
+Index: git-extras-1.7.0/bin/git-effort
+===
+--- git-extras-1.7.0.orig/bin/git-effort	2013-01-20 18:15:00.0 +
 git-extras-1.7.0/bin/git-effort	2013-01-20 18:05:35.402409644 +
+@@ -1,9 +1,11 @@
+ #!/bin/bash
+ 
+-tmp=/tmp/.git-effort
++tmp="$(mktemp --suffix=-git-effort)"
+ above='0'
+ color=
+ 
++trap "rm -rf '$tmp'" EXIT
++
+ #
+ # get date for the given 
+ #


signature.asc
Description: Digital signature

Processed: git-extras: diff for NMU version 1.7.0-1.2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 698490 + pending
Bug #698490 [git-extras] git-effort: predictable /tmp filename
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#669278: Processed: found 619244 in 44-8, found 677805 in sid/None, found 669278 in sid/None, found 646837 in sid/None ...

[Pino Toscano]

Alle domenica 20 gennaio 2013, Andreas Beckmann ha scritto:
> On 2013-01-20 18:46, Pino Toscano wrote:
> > Alle domenica 20 gennaio 2013, Debian Bug Tracking System ha 
scritto:
> >> Marked as found in versions sid/None.
> > 
> > sid/None??? What's this?
> 
> A "magic version number" that is used by piuparts-analyze to classify
> some of the packages affected by this bug and move the failing logs
> away as "bugged" so that my attention goes to the important things.
> 
> > Also, what's the use of adding versions of other sources to (what
> > is now) a phonon bug? Would it be possible to not add them, since
> > otherwise you would end up adding all the phonon-dependent sources
> > (directly or indirectly, like most of the kde applications)?
> 
> See http://bugs.debian.org/669278#154

To be honest the sid/None and the reply above sound like a slight abuse 
of the version of bugs: this bug is not *in* 
konversation/digikam/kopetec/etc, and adding their version to this bug 
does not sound appropriate.

If piuparts needs markers in bugs, please make it use own usertags.

-- 
Pino Toscano


signature.asc
Description: This is a digitally signed message part.

Processed: found 694451 in wheezy/None, affects 690172, found 622742 in 2.20.1-5.3, affects 669278 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 694451 wheezy/None
Bug #694451 [broffice.org] broffice.org: leaves diversions after upgrade from 
lenny to squeeze
The source wheezy and version None do not appear to match any binary packages
Marked as found in versions wheezy/None.
> affects 690172 + gnustep-back0.14 gnustep-back-dbg
Bug #690172 {Done: Matthias Klose } [gcc-4.7-base] 
gcc-4.7-base: adding Breaks: gcc-4.4-base (<< 4.4.7) ?
Added indication that 690172 affects gnustep-back0.14 and gnustep-back-dbg
> found 622742 2.20.1-5.3
Bug #622742 [libblkid-dev] libblkid-dev: after purging files have disappeared
Marked as found in versions util-linux/2.20.1-5.3.
> affects 669278 + kdebase-dev kde-guidance-powermanager kwin-baghira
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
Added indication that 669278 affects kdebase-dev, kde-guidance-powermanager, 
and kwin-baghira
Added indication that 669878 affects kdebase-dev, kde-guidance-powermanager, 
and kwin-baghira
> found 669278 kscreensaver/4:4.8.4-2
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source kscreensaver and version 4:4.8.4-2 do not appear to match any binary 
packages
Marked as found in versions kscreensaver/4:4.8.4-2.
Marked as found in versions kscreensaver/4:4.8.4-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
622742: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622742
669278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669278
669878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669878
690172: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690172
694451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694451
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698259: guilt: diff for NMU version 0.35-1.1

[Jonathan Wiltshire]

tags 698259 + patch
tags 698259 + pending
thanks

Dear maintainer,

I've prepared an NMU for guilt (versioned as 0.35-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

This only amends the maintainer email address, I did not make any other
changes.


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
diff -Nru guilt-0.35/debian/changelog guilt-0.35/debian/changelog
--- guilt-0.35/debian/changelog	2011-08-05 22:39:36.0 +0100
+++ guilt-0.35/debian/changelog	2013-01-20 18:33:01.0 +
@@ -1,3 +1,10 @@
+guilt (0.35-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Update maintainer email address (Closes: #698259)
+
+ -- Jonathan Wiltshire   Sun, 20 Jan 2013 18:32:26 +
+
 guilt (0.35-1) unstable; urgency=low
 
   * New upstream release. 
diff -Nru guilt-0.35/debian/control guilt-0.35/debian/control
--- guilt-0.35/debian/control	2011-08-05 22:39:23.0 +0100
+++ guilt-0.35/debian/control	2013-01-20 18:32:12.0 +
@@ -1,7 +1,7 @@
 Source: guilt
 Section: devel
 Priority: optional
-Maintainer: Iulian Udrea 
+Maintainer: Iulian Udrea 
 DM-Upload-Allowed: yes
 Build-Depends: debhelper (>= 7)
 Build-Depends-Indep: asciidoc (>> 7.0.2-3), xmlto, libexpat1-dev


signature.asc
Description: Digital signature

Processed: guilt: diff for NMU version 0.35-1.1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 698259 + patch
Bug #698259 [src:guilt] guilt: Maintainer address does not accept mail
Added tag(s) patch.
> tags 698259 + pending
Bug #698259 [src:guilt] guilt: Maintainer address does not accept mail
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
698259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698259
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: notfound 669278 in kscreensaver/4:4.8.4-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> notfound 669278 kscreensaver/4:4.8.4-2
Bug #669278 [src:phonon] please add phonon-backend-xine transitional package
Bug #669878 [src:phonon] Could not perform immediate configuration on 
'phonon-backend-vlc'
The source kscreensaver and version 4:4.8.4-2 do not appear to match any binary 
packages
No longer marked as found in versions kscreensaver/4:4.8.4-2.
No longer marked as found in versions kscreensaver/4:4.8.4-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
669278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669278
669878: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697085: marked as done (qemu-system: tries to overwrite doc/qemu/qemu-doc.html from qemu (missing Breaks+Replaces?))

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 18:48:17 +
with message-id 
and subject line Bug#697085: fixed in qemu 1.3.0+dfsg-2exp
has caused the Debian Bug report #697085,
regarding qemu-system: tries to overwrite doc/qemu/qemu-doc.html from qemu 
(missing Breaks+Replaces?)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qemu-system
Version: 1.3.0+dfsg-1~exp1
Severity: serious
Justification: failed upgrade

>From today's upgrade:

| Preparing to replace qemu-system 1.3.0+dfsg-1~exp1 (using 
.../qemu-system_1.3.0+dfsg-1~exp3_amd64.deb) ...
| Unpacking replacement qemu-system ...
| dpkg: error processing 
//var/cache/apt/archives/qemu-system_1.3.0+dfsg-1~exp3_amd64.deb (--install):
|  trying to overwrite '/usr/share/doc/qemu/qemu-doc.html', which is also in 
package qemu 1.3.0+dfsg-1~exp1
| dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

Known problem?

Thanks,
Jonathan
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.3.0+dfsg-2exp

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev  (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 20 Jan 2013 22:12:11 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-kvm qemu-user qemu-user-static 
qemu-utils
Architecture: source i386 all
Version: 1.3.0+dfsg-2exp
Distribution: experimental
Urgency: low
Maintainer: Debian QEMU Team 
Changed-By: Michael Tokarev 
Description: 
 qemu   - fast processor emulator
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 560853 697085
Changes: 
 qemu (1.3.0+dfsg-2exp) experimental; urgency=low
 .
   * qemu-nbd and qemu-io should be installed on kFreeBSD too
   * install qemu-system docs into /usr/share/doc/qemu-system,
 not .../qemu (Closes: #697085)
   * do not depend on ipxe, it does not provide our ROMs
   * move vde2 from Recommends to Suggests, since it isn't
 used often
   * require libspice-server-dev >= 0.12.2 and require it on i386 too,
 enable spice support
   * require libusbredirparser-dev >= 0.6, enable usb-redir
   * enable xen explicitly on amd64|i386
   * enable xfsctl explicitly on linux
   * sort build-deps in debian/control and add comments
   * set permissions of /dev/kvm in qemu-system.postinst
 the same way it is done in old qemu-kvm package
   * set --localstatedir=/var (will be used later by guest agent)
   * bump qemu-system dependency on seabios to 1.7.2
 and add symlinks for acpi-dsdt.aml and q35-acpi-dsdt.aml
   * import qemu-ifup and qemu-ifdown scripts from qemu-kvm,
 and modify qemu-ifup to allow usage of just `ip' command
 from iproute package (if installed) instead of old brctl+ifconfig.
 Add Breaks: for old iproute without bridge controls.
 Add iproute to Recomments, so that the scripts will actually work
 (previous script used sudo which should be in recommends too)
   * enable seccomp (and libseccomp-dev b-d) on linux,
 and add link-seccomp-only-with-softmmu-targets.patch
   * use $(MAKE) not make when building spapr-rtas.bin
   * update debian/watch (new place and new extensions)
   * add qemu-kvm package (transitional, depends on qemu-system),
 and add /usr/bin/kvm wrapper that calls qemu-system-x86_64
 with some arguments to match original qemu-kvm behavour.
 (Closes: #560853)
Checksums-Sha1: 
 c10f9db74ccf791eb99a9c1ea470e6c57b43e900 2511 qemu_1.3.0+dfsg-2exp.dsc
 44d574ba32d0183b7b2eb4cd8d4d6df6dae37b97 48396 
qemu_1.3.0+dfsg-2exp.debian.tar.gz
 1b77375ddf08e7d19d1466c1524266dae8864f8d 180018 qemu_1.3.0+dfsg-2exp_i386.deb
 ea8563

Bug#689268: Intel HD 4000 (Ivy Bridge) graphics freeze

[Vincent Blut]

Le samedi 19 janvier 2013 à 19:23 +0100, Vincent Blut a écrit :
> > Am 10.01.2013 09:39, schrieb Riku Voipio:
> > 
> > > getting hangs on anything other than the Debian 3.2.32-1 has
> > > been challenging. If if's just timing based, I might just have
> > > been lucky during my bisects.
> > 
> > Here vanilla 3.4.24 from kernel.org runs absolutely stable since a few
> > weeks. But me came up another idea:
> > 
> > 'modinfo i916' list an option which appears to be a watchdog function:
> > 
> > "parm:   enable_hangcheck:Periodically check GPU activity for
> > detecting hangs. WARNING: Disabling this can cause system wide hangs.
> > (default: true) (bool)"
> > 
> > which actually describes the symptoms. Could it be that in the
> > Debian-kernel either the hangs are not detected securely, or that it
> > just fails to reset the module?
> > 
> > /Ingo
> 
> Hi guys,
> 
> Well I have the same issue on my Ivybridge system:
> 
> $ lspci -nnv | grep VGA
> 00:02.0 VGA compatible controller [0300]: Intel Corporation 3rd Gen Core 
> processor Graphics Controller [8086:0166] (rev 09) (prog-if 00 [VGA 
> controller])
> 
> $ cat /var/log/Xorg.0.log | grep "Graphics Chipset"
> […]
> [ 8.388] (II) intel(0): Integrated Graphics Chipset: Intel(R) Ivybridge 
> Mobile (GT2)
> 
> On my system I observed this behavior:
> 
> Debian 3.2.35-2: random hangs (at least one per day)
> Upstream 3.2.37: random hangs (at least one per day)
> Upstream 3.3-rc1+: no hangs (tested for 2 weeks)
> 
> So that seems to be close to Riku's experience.
> 
> Anyway what strikes me a bell is the last Ingo's comment about 
> 'enable_hangcheck' module parameter 
> which was introduced in v3.1-rc1:
> 
> $ git tag --contains 6e96e7757a01
> v3.1-rc1
> […]
> v3.8-rc4
> 
> So I peeked about what kind of "hangcheck" changes could have been introduced 
> in v3.3-rc1
> and I found an interesting patch:
> 
> commit e6bfaf854272ec4641a9ef7b1cb1ca963031ba95
> drm/i915: don't bail out of intel_wait_ring_buffer too early
> 
> The commit message is particularly interesting!
> 
> I'll give it a try but if someone could beat me to it that would be cool (ULV 
> CPU here).

Unfortunately this commit has no positive effect! I got two freezes in
less than 15 minutes, so I set up an SSH connection in order to catch
some logs but after an uptime of 5h30 the system froze… the NIC too so
absolutely nothing useful to report :-(

> 
> Cheers,
> Vincent
> 
> 
> PS: Also, could you give a try to Julien Cristau's kernel images with DRM/KMS 
> subsystem backported from 3.4
> which might hit Wheezy?
> http://people.debian.org/~jcristau/linux-image-3.2.0-4.drm-amd64_3.2.35-3~jcristau.1_amd64.deb
> sha1sum f6711fe6d0d924aab82ec82fe1a86102a69a8c32
> (There are i686 and i486 flavours if you want)
> 
> 


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed (with 1 errors): Reassign

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 691011 src:kde-workspace
Bug #691011 [kde-plasma-desktop] kde-plasma-desktop: Download new google 
gadgets link from "get new widgets" causes plasma to segfault
Bug reassigned from package 'kde-plasma-desktop' to 'src:kde-workspace'.
No longer marked as found in versions meta-kde/5:77.
Ignoring request to alter fixed versions of bug #691011 to the same values 
previously set
> forcemerge 664225 691011
Bug #664225 [plasma-scriptengine-googlegadgets] 
plasma-scriptengine-googlegadgets: can't install widgets
Unable to merge bugs because:
package of #691011 is 'src:kde-workspace' not 
'plasma-scriptengine-googlegadgets'
Failed to forcibly merge 664225: Did not alter merged bugs
Debbugs::Control::set_merged('transcript', 'GLOB(0x20cd220)', 
'requester', 'Lisandro Damián Nicanor Pérez Meyer ', 
'request_addr', 'cont...@bugs.debian.org', 'request_msgid', 
'<201301201630.52941.perezme...@gmail.com>', 'request_subject', ...) called at 
/usr/local/lib/site_perl/Debbugs/Control/Service.pm line 552
eval {...} called at 
/usr/local/lib/site_perl/Debbugs/Control/Service.pm line 551
Debbugs::Control::Service::control_line('line', 'forcemerge 664225 
691011', 'clonebugs', 'HASH(0x203e160)', 'limit', 'HASH(0x203db48)', 
'common_control_options', 'ARRAY(0x203db90)', 'errors', ...) called at 
/usr/lib/debbugs/service line 474

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
664225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664225
691011: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed (with 1 errors): your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 691011 plasma-scriptengine-googlegadget
Bug #691011 [src:kde-workspace] kde-plasma-desktop: Download new google gadgets 
link from "get new widgets" causes plasma to segfault
Bug reassigned from package 'src:kde-workspace' to 
'plasma-scriptengine-googlegadget'.
Warning: Unknown package 'plasma-scriptengine-googlegadget'
Warning: Unknown package 'plasma-scriptengine-googlegadget'
Ignoring request to alter found versions of bug #691011 to the same values 
previously set
Warning: Unknown package 'plasma-scriptengine-googlegadget'
Warning: Unknown package 'plasma-scriptengine-googlegadget'
Ignoring request to alter fixed versions of bug #691011 to the same values 
previously set
Warning: Unknown package 'plasma-scriptengine-googlegadget'
> forcemerge 664225 691011
Bug #664225 [plasma-scriptengine-googlegadgets] 
plasma-scriptengine-googlegadgets: can't install widgets
Unable to merge bugs because:
package of #691011 is 'plasma-scriptengine-googlegadget' not 
'plasma-scriptengine-googlegadgets'
Failed to forcibly merge 664225: Did not alter merged bugs
Debbugs::Control::set_merged('transcript', 'GLOB(0x2b71030)', 
'requester', 'Lisandro Damián Nicanor Pérez Meyer ', 
'request_addr', 'cont...@bugs.debian.org', 'request_msgid', 
'<201301201636.31495.perezme...@gmail.com>', 'request_subject', ...) called at 
/usr/local/lib/site_perl/Debbugs/Control/Service.pm line 552
eval {...} called at 
/usr/local/lib/site_perl/Debbugs/Control/Service.pm line 551
Debbugs::Control::Service::control_line('line', 'forcemerge 664225 
691011', 'clonebugs', 'HASH(0x2aea160)', 'limit', 'HASH(0x2ae9b48)', 
'common_control_options', 'ARRAY(0x2ae9b90)', 'errors', ...) called at 
/usr/lib/debbugs/service line 474

> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
664225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664225
691011: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 691011 plasma-scriptengine-googlegadgets
Bug #691011 [plasma-scriptengine-googlegadget] kde-plasma-desktop: Download new 
google gadgets link from "get new widgets" causes plasma to segfault
Warning: Unknown package 'plasma-scriptengine-googlegadget'
Bug reassigned from package 'plasma-scriptengine-googlegadget' to 
'plasma-scriptengine-googlegadgets'.
Ignoring request to alter found versions of bug #691011 to the same values 
previously set
Ignoring request to alter fixed versions of bug #691011 to the same values 
previously set
> forcemerge 664225 691011
Bug #664225 [plasma-scriptengine-googlegadgets] 
plasma-scriptengine-googlegadgets: can't install widgets
Bug #691011 [plasma-scriptengine-googlegadgets] kde-plasma-desktop: Download 
new google gadgets link from "get new widgets" causes plasma to segfault
Set Bug forwarded-to-address to 'https://bugs.kde.org/show_bug.cgi?id=304460'.
Severity set to 'grave' from 'important'
Marked as found in versions kdebase-workspace/4:4.6.5-4, 
kde-workspace/4:4.8.4-3, and kde-workspace/4:4.7.4-2.
Merged 664225 691011
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
664225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664225
691011: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691011
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697930: nagios3: CVE-2012-6096

[Moritz Mühlenhoff]

On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
> Control: found -1 3.2.1-2
> 
> On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
> >Package: nagios3
> >Severity: grave
> >Tags: security
> >Justification: user security hole
> >
> >This was assigned CVE-2012-6096:
> >
> >http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html
> >
> >Fix:
> >
> >http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
> 
> I tested against squeeze and reproduced the problem. We use nagios
> at work so I'm happy to prepare DSA packages if required.

Jonathan, can you prepare packages for stable-security now that we have
a final patch?

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697930: [Pkg-nagios-devel] Bug#697930: nagios3: CVE-2012-6096

[Alexander Wirt]

On Sun, 20 Jan 2013, Moritz Mühlenhoff wrote:

> On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
> > Control: found -1 3.2.1-2
> > 
> > On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
> > >Package: nagios3
> > >Severity: grave
> > >Tags: security
> > >Justification: user security hole
> > >
> > >This was assigned CVE-2012-6096:
> > >
> > >http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html
> > >
> > >Fix:
> > >
> > >http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
> > 
> > I tested against squeeze and reproduced the problem. We use nagios
> > at work so I'm happy to prepare DSA packages if required.
> 
> Jonathan, can you prepare packages for stable-security now that we have
> a final patch?
We have? We have an icinga patch, its still on my list to check the nagios
patch if it fixes really all problems...

Alex


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[أحمد المحمودي]

On Sun, Jan 20, 2013 at 02:09:33PM +0100, gregor herrmann wrote:
> On Sun, 20 Jan 2013 14:02:31 +0200, أحمد المحمودي wrote:
> 
> > On Sat, Jan 19, 2013 at 05:19:17PM +0100, gregor herrmann wrote:
> > > +# Replace documentation directory with symlink
> > > +docdir=/usr/share/doc/geda
> > > +target=geda-doc
> > > +
> > > +if [ -d $docdir ] && [ ! -L $docdir ]; then
> > > + if rmdir $docdir 2>/dev/null; then
> > > + ln -sf $target $docdir
> > > + fi
> > > +fi
> > ---end quoted text---
> > 
> >   Are you sure about this fix ?
> >   I think target should be /usr/share/doc/geda-doc rather than just 
> >   'geda-doc'
> 
> I admit that it looks a bit surprising, but it's like in other
> packages, and I've tested
> (a) this ln syntax manually [0]
> (b) and installing the new package in a chroot after making sure that
> /usr/share/doc/geda is a directory, and it was a symlink
> afterwards.
---end quoted text---

  For this to run correctly, it must be that the postinst's CWD is 
  /usr/share/doc, is that guaranteed ?
-- 
 ‎أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
 GPG KeyID: 0xEDDDA1B7
 GPG Fingerprint: 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: Digital signature

Bug#694015: [Pkg-electronics-devel] Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[أحمد المحمودي]

On Sun, Jan 20, 2013 at 10:53:27PM +0200, أحمد المحمودي wrote:
> On Sun, Jan 20, 2013 at 02:09:33PM +0100, gregor herrmann wrote:
> > On Sun, 20 Jan 2013 14:02:31 +0200, أحمد المحمودي wrote:
> > 
> > > On Sat, Jan 19, 2013 at 05:19:17PM +0100, gregor herrmann wrote:
> > > > +# Replace documentation directory with symlink
> > > > +docdir=/usr/share/doc/geda
> > > > +target=geda-doc
> > > > +
> > > > +if [ -d $docdir ] && [ ! -L $docdir ]; then
> > > > +   if rmdir $docdir 2>/dev/null; then
> > > > +   ln -sf $target $docdir
> > > > +   fi
> > > > +fi
> > > ---end quoted text---
> > > 
> > >   Are you sure about this fix ?
> > >   I think target should be /usr/share/doc/geda-doc rather than just 
> > >   'geda-doc'
> > 
> > I admit that it looks a bit surprising, but it's like in other
> > packages, and I've tested
> > (a) this ln syntax manually [0]
> > (b) and installing the new package in a chroot after making sure that
> > /usr/share/doc/geda is a directory, and it was a symlink
> > afterwards.
> ---end quoted text---
> 
>   For this to run correctly, it must be that the postinst's CWD is 
>   /usr/share/doc, is that guaranteed ?
---end quoted text---

  Oh, nevermind the noise, you are right indeed. It would work 
  correctly, regardless of the CWD !

-- 
 ‎أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
 GPG KeyID: 0xEDDDA1B7
 GPG Fingerprint: 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: Digital signature

Bug#694015: [Pkg-electronics-devel] Bug#694015: Bug#694015: geda-gaf: diff for NMU version 1:1.6.2-4.3

[أحمد المحمودي]

Bdale, I've added gregoa's patch & pushed to git. Please upload.

-- 
 ‎أحمد المحمودي (Ahmed El-Mahmoudy)
  Digital design engineer
 GPG KeyID: 0xEDDDA1B7
 GPG Fingerprint: 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: Digital signature

Bug#694376: dovecot: diff for NMU version 1:2.1.7-6.1

[Jonathan Wiltshire]

tags 694376 + pending
thanks

Dear maintainer,

I've prepared an NMU for dovecot (versioned as 1:2.1.7-6.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.

Regards.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

diff -Nru dovecot-2.1.7/debian/changelog dovecot-2.1.7/debian/changelog
--- dovecot-2.1.7/debian/changelog	2012-12-14 22:31:33.0 +
+++ dovecot-2.1.7/debian/changelog	2013-01-20 20:54:30.0 +
@@ -1,3 +1,11 @@
+dovecot (1:2.1.7-6.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Move Breaks/Replaces mailavenger (<< 0.8.1-4) from dovecot-common
+to dovecot-core (Closes: #694376)
+
+ -- Jonathan Wiltshire   Sun, 20 Jan 2013 20:53:31 +
+
 dovecot (1:2.1.7-6) unstable; urgency=high
 
   * WARNING: in order to get this package into wheezy some functionality
diff -Nru dovecot-2.1.7/debian/control dovecot-2.1.7/debian/control
--- dovecot-2.1.7/debian/control	2012-12-14 22:31:33.0 +
+++ dovecot-2.1.7/debian/control	2013-01-20 20:53:29.0 +
@@ -14,8 +14,6 @@
 Priority: extra
 Architecture: all
 Depends: ${shlibs:Depends}, ${misc:Depends}, dovecot-core
-Breaks:   mailavenger (<< 0.8.1-4)
-Replaces: mailavenger (<< 0.8.1-4)
 Recommends: dovecot-gssapi, dovecot-sieve, dovecot-pgsql, dovecot-mysql, dovecot-sqlite, dovecot-ldap
 Suggests: dovecot-managesieved
 Description: Transitional package for dovecot
@@ -27,8 +25,8 @@
 Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ucf (>= 2.0020)
 Suggests: ntp, dovecot-gssapi, dovecot-sieve, dovecot-pgsql, dovecot-mysql, dovecot-sqlite, dovecot-ldap, dovecot-imapd, dovecot-pop3d, dovecot-lmtpd, dovecot-managesieved, dovecot-solr
 Provides: dovecot-common
-Replaces: dovecot-common (<< 1:2.0.14-2~)
-Breaks: dovecot-common (<< 1:2.0.14-2~)
+Replaces: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4)
+Breaks: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4)
 Description: secure mail server that supports mbox, maildir, dbox and mdbox mailboxes
  Dovecot is a mail server whose major goals are security and extreme
  reliability. It tries very hard to handle all error conditions and verify that


signature.asc
Description: Digital signature

Processed: dovecot: diff for NMU version 1:2.1.7-6.1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 694376 + pending
Bug #694376 [dovecot-common] dovecot-core: missing Breaks+Replaces: mailavenger 
(<< 0.8.1-4)
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
694376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Vincent Lefevre]

On 2013-01-20 18:49:38 +0200, Eli Zaretskii wrote:
> Personally, I don't think there's a bug here.  It's a cockpit error.

Perhaps it isn't a bug at save time. But then, selecting a lossy
encoding by default when visiting the file is the bug (and really
a regression), particularly if this isn't clearly told to the user.

Actually this is related, since the lossy encoding becomes a real
problem only at save time (and for copy-paste I assume, though the
file doesn't get overwritten by that).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697666: [pkg-mt-om-devel] Bug#697666: Bug#697666: movabletype-opensource: mt-upgrade.cgi vulnerability

[Dominic Hargreaves]

On Sat, Jan 19, 2013 at 08:18:10PM +0100, Yves-Alexis Perez wrote:
> On mar., 2013-01-08 at 18:04 +, Dominic Hargreaves wrote:
> > Security team, shall I upload to security-master?
> 
> Yes, please.

Okay, done.

> > It might be useful in a DSA to recommend restricting the
> > mt-upgrade.cgi
> > script to trusted IP addresses, but I don't think it's something we
> > can do by default, as browser accesss to mt-upgrade.cgi is needed to
> > complete upgrades.
> 
> To be honest, I'd be comfortable to restrict it to 127.0.0.1/::1 but
> that's not really something we can change on a stable update.

That is likely to render the site inoperable following an upgrade
with a schema change, because an admin has to log in with their
browser and get redirected to mt-upgrade.cgi. They're advised of
this possibility with a debconf note, but I still think it's risky
to lock peple out of doing this by default.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Eli Zaretskii]

> Date: Sun, 20 Jan 2013 22:25:08 +0100
> From: Vincent Lefevre 
> Cc: Rob Browning , Kenichi Handa ,
>   13...@debbugs.gnu.org, 696026-forwar...@bugs.debian.org,
>   696...@bugs.debian.org
> 
> On 2013-01-20 18:49:38 +0200, Eli Zaretskii wrote:
> > Personally, I don't think there's a bug here.  It's a cockpit error.
> 
> Perhaps it isn't a bug at save time. But then, selecting a lossy
> encoding by default when visiting the file is the bug (and really
> a regression), particularly if this isn't clearly told to the user.

The encoding isn't lossy.

In any case, I don't really understand your proposal.  Suppose the
file was indeed encoded in in-is13194-devanagari, would you argue then
that selecting it would be incorrect or undesirable behavior?

> Actually this is related, since the lossy encoding becomes a real
> problem only at save time (and for copy-paste I assume, though the
> file doesn't get overwritten by that).

It is only a problem when you try to save or otherwise output it
(e.g., send in an email).

But what you should do then is "C-x RET r raw-text RET", and recover.
That is the only way to avoid corruption in files that use
inconsistent encoding.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697085: qemu-system: tries to overwrite doc/qemu/qemu-doc.html from qemu (missing Breaks+Replaces?)

[Jonathan Nieder]

Michael Tokarev wrote:

> We believe that the bug you reported is fixed in the latest version of
> qemu, which is due to be installed in the Debian FTP archive.

Thanks.

[...]
>  qemu (1.3.0+dfsg-2exp) experimental; urgency=low
[...]
>* move vde2 from Recommends to Suggests, since it isn't
>  used often

Nice.

[...]
>* add qemu-kvm package (transitional, depends on qemu-system),
>  and add /usr/bin/kvm wrapper that calls qemu-system-x86_64
>  with some arguments to match original qemu-kvm behavour.
>  (Closes: #560853)

Oh, excellent!

Exciting times.  Thanks for your work.
Jonathan


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Vincent Lefevre]

On 2013-01-20 23:40:14 +0200, Eli Zaretskii wrote:
> > Date: Sun, 20 Jan 2013 22:25:08 +0100
> > From: Vincent Lefevre 
> > Cc: Rob Browning , Kenichi Handa ,
> > 13...@debbugs.gnu.org, 696026-forwar...@bugs.debian.org,
> > 696...@bugs.debian.org
> > 
> > On 2013-01-20 18:49:38 +0200, Eli Zaretskii wrote:
> > > Personally, I don't think there's a bug here.  It's a cockpit error.
> > 
> > Perhaps it isn't a bug at save time. But then, selecting a lossy
> > encoding by default when visiting the file is the bug (and really
> > a regression), particularly if this isn't clearly told to the user.
> 
> The encoding isn't lossy.

You said:

| The original encoded form of the characters as found on disk at
| visit time _cannot_ be recovered by saving with raw-text, because
| that encoded form is lost without a trace when the file is _visited_
  ^
| and decoded into the internal representation.

This is what lossy is.

On the opposite, the utf-8 encoding doesn't seem to be lossy: Emacs
seems to handle files with invalid UTF-8 sequences without any loss.
So, this encoding is safe, even if Emacs wrongly guess the encoding.

> In any case, I don't really understand your proposal.  Suppose the
> file was indeed encoded in in-is13194-devanagari, would you argue then
> that selecting it would be incorrect or undesirable behavior?

If Emacs modifies the contents when saving the file, it would be
incorrect.

> > Actually this is related, since the lossy encoding becomes a real
> > problem only at save time (and for copy-paste I assume, though the
> > file doesn't get overwritten by that).
> 
> It is only a problem when you try to save or otherwise output it
> (e.g., send in an email).
> 
> But what you should do then is "C-x RET r raw-text RET", and recover.
> That is the only way to avoid corruption in files that use
> inconsistent encoding.

But Emacs should clearly tell the user what to do after C-x C-s and
clearly say when there can be data loss. Currently it says:

"These default coding systems were tried to encode text
in the buffer `file1':
  (in-is13194-devanagari-unix (2 . 2376) (3 . 4194176) (4 . 4194201)
  (5 . 2341) (6 . 2314) (12 . 2364)) (utf-8-unix (3 . 4194176) (4 .
  4194201))
However, each of them encountered characters it couldn't encode:
  in-is13194-devanagari-unix cannot encode these: [...]
  utf-8-unix cannot encode these: [...]"

This shouldn't be regarded as a problem by the user, because if Emacs
could read and interpret the file (and such characters have not been
added by the user), it should be able to save it.

Then Emacs says: "Select one of the safe coding systems listed below
[...]", but doesn't say that something has already been lost. So, the
words "safe coding systems" are really misleading.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Vincent Lefevre]

On 2013-01-20 23:10:08 +0100, Vincent Lefevre wrote:
> But Emacs should clearly tell the user what to do after C-x C-s and
> clearly say when there can be data loss. Currently it says:
[...]

In fact, I fear that this may not be sufficient, because some data
loss silently occurs when visiting the file. If after the decoding, it
appears that there are no problematic characters (is this possible?),
the user would be able to save the file without any message from
Emacs.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#698585: [cdck] Instructs to put a disk into trash can

[Debian Bug Tracking System]

Processing control commands:

> severity -1 minor
Bug #698585 [cdck] [cdck] Instructs to put a disk into trash can
Severity set to 'minor' from 'serious'

-- 
698585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698585
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698585: [cdck] Instructs to put a disk into trash can

[gregor herrmann]

Control: severity -1 minor 

On Sun, 20 Jan 2013 13:21:13 -0500, Filipus Klutiero wrote:

> Package: cdck
> Version: 0.7.0-5
> Severity: serious

Ehm, are you sure about the severity?
 
> On this machine, cdck gives this verdict for the second of a series
> of 10 home-made DVDs that contain personal videos:

> >CD overall:
> >   Sectors total: 2295104:
> >   Good sectors: 2295088:
> >   Bad sectors (incl. with poor timing): 16
[..]
> >Conclusion:
> >   Disc contains BAD or even unreadable sectors, put it into trash can!

> This install clearly has problems reading optical discs. 

Ok, so cdck's output about 16 bad sectors is not implausible,
correct?

> From these, the disk is only BAD in case 3.1. And even if there are
> actually BAD sectors on the disc, that doesn't mean all sectors are
> bad. 

Right, and in the output above we see 2295088 good and 16 bad
sectors.

> In many cases, discs are the only stores of some data. In these
> cases, cdck should instruct to recover the recoverable data and only
> then to get rid of the disc. 

So the issue your pointing at is the output or more precisely the
last part "put it into trash can!"?

> I agree that a damaged disc should in
> general be discarded to avoid giving a false impression that the
> data is available, but that's a secondary concern. The primary
> concern with a damaged disc should be to save the data which it
> uniquely stores. Putting a disk right in the trash can just because
> it has bad sectors is likely to cause data loss.

I agree that saving data makes more sense than blindly throwing away
the disk. And I also see the point that the wording out the output is
not optimal; I always interpreted it as colloquial / tongue-in-cheek.

I hope you can agree that throwing away a disk is still the owner's
decision and responsibility and not the one of a piece of software
that write a slightly sloppy message to the screen :)
 
I'm happy to treat this as a language problem and to either drop the
"trash can" part or replace it with something like "you might want to
save data from it" or something similar. -- Severity adjusted
accordingly.


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: The Eagles: James Dean


signature.asc
Description: Digital signature

Bug#698545: marked as done (Basic constraints vulnerability)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 22:32:35 +
with message-id 
and subject line Bug#698545: fixed in haskell-tls-extra 0.4.6.1-1
has caused the Debian Bug report #698545,
regarding Basic constraints vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698545: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698545
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: haskell-tls-extra
Severity: grave
Tags: security upstream

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

someone reported a security problem against tls-extra:
https://github.com/vincenthz/hs-tls/issues/29

The author is contacted to see if he can backport the fix to 0.4.6:
http://www.haskell.org/pipermail/haskell-cafe/2013-January/105844.html

Greetings,
Joachim


- -- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlD7wQ4ACgkQ9ijrk0dDIGwLugCfSoF8gvqqea3km2mWK2FdWTy7
eB4An3Rs75tpgdG64yKnNq2S49vh3RCn
=DIgk
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
Source: haskell-tls-extra
Source-Version: 0.4.6.1-1

We believe that the bug you reported is fixed in the latest version of
haskell-tls-extra, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 698...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joachim Breitner  (supplier of updated haskell-tls-extra 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 20 Jan 2013 23:26:26 +0100
Source: haskell-tls-extra
Binary: libghc-tls-extra-dev libghc-tls-extra-prof libghc-tls-extra-doc
Architecture: source all amd64
Version: 0.4.6.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Haskell Group 

Changed-By: Joachim Breitner 
Description: 
 libghc-tls-extra-dev - TLS extra default values and helpers
 libghc-tls-extra-doc - TLS extra default values and helpers; documentation
 libghc-tls-extra-prof - TLS extra default values and helpers; profiling 
libraries
Closes: 698545
Changes: 
 haskell-tls-extra (0.4.6.1-1) unstable; urgency=low
 .
   * New upstream release, aimed for wheezy.
 Closes: #698545, a certificate validation security flaw.
   * Added patch: patches/pretend-lower-version
 This upstream release contains a bugfix that does not modify the ABI of
 the resulting library. To avoid having to recompile its reverse
 dependencies, we patch the .cabal file to pretend to be still version
 0.4.6.
Checksums-Sha1: 
 7a29268bab8c52c1aa0920d84905a4aa9ac70050 2425 haskell-tls-extra_0.4.6.1-1.dsc
 3d011e081de57a3118a47ea994e2b4953396d607 7955 
haskell-tls-extra_0.4.6.1.orig.tar.gz
 01c9380104bc897e5fdabac407b3a60b75b00550 2944 
haskell-tls-extra_0.4.6.1-1.debian.tar.gz
 f076f899e09889549a2c0ce8d79b0df7ad8b612c 46722 
libghc-tls-extra-doc_0.4.6.1-1_all.deb
 c9396003626940bc7d88f13e114f50c1798944e0 74466 
libghc-tls-extra-dev_0.4.6.1-1_amd64.deb
 3dd334657afc66864f98361996dea6300b4688e8 65486 
libghc-tls-extra-prof_0.4.6.1-1_amd64.deb
Checksums-Sha256: 
 b4c62e5af82741fbf750ceed63d94e2058243f8480faa42629fde33df9f47a85 2425 
haskell-tls-extra_0.4.6.1-1.dsc
 3cd18268947a8294a12582ea19ea5a3acefa2baa8494a0131268bc8c078466da 7955 
haskell-tls-extra_0.4.6.1.orig.tar.gz
 596dd165b499c349fca2564a037b55b4a56afbf9f7ece860c2ce625c95bfef68 2944 
haskell-tls-extra_0.4.6.1-1.debian.tar.gz
 7af32bda7ff4c5e565c029bdd0338794535970aee815f013da734ca4630e3cb7 46722 
libghc-tls-extra-doc_0.4.6.1-1_all.deb
 15652067dca849d023f27e39c77cc85af1afdf6a7511938371d8a7342d510303 74466 
libghc-tls-extra-dev_0.4.6.1-1_amd64.deb
 10bf39ed366b459e12e2139f42b826e9d4214173787c1c27bbb7abde6732a52a 65486 
libghc-tls-extra-prof_0.4.6.1-1_amd64.deb
Files: 
 2364eae367468055f88c668bc7b15e38 2425 haskell extra 
haskell-tls-extra_0.4.6.1-1.dsc
 49ecc28fb588262691af3594a6e227a2 7955 haskell extra 
haskell-tls-extra_0.4.6.1.orig.tar.g

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Andreas Schwab]

Eli Zaretskii  writes:

> I didn't research the reason why Emacs 24 autodetects this encoding,
> and whether this is on purpose.

It's a bug, fixed now.

Andreas.

-- 
Andreas Schwab, sch...@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698112: marked as done (asterisk: Segfault when making a call after update to 1.6.2.9-2+squeeze9)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 23:17:15 +
with message-id 
and subject line Bug#698112: fixed in asterisk 1:1.6.2.9-2+squeeze10
has caused the Debian Bug report #698112,
regarding asterisk: Segfault when making a call after update to 
1.6.2.9-2+squeeze9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698112: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698112
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.6.2.9-2+squeeze8
Severity: grave
Justification: renders package unusable


asterisk crashes when placing a call after a update to recent versions with 
apt-get

Upgrade: asterisk:i386 (1.6.2.9-2+squeeze8, 1.6.2.9-2+squeeze9), 
asterisk-sounds-main:i386 (1.6.2.9-2+squeeze8, 1.6.2.9-2+squeeze9), 
asterisk-config:i386 (1.6.2.9-2+squeeze8, 1.6.2.9-2+squeeze9)

Error:

[9058168.846934] asterisk[2585]: segfault at 1 ip b7493b77 sp b5415684 error 4 
in libc-2.11.3.so[b741e000+14]
[9058212.632085] asterisk[2709]: segfault at 1 ip b748db77 sp b540f684 error 4 
in libc-2.11.3.so[b7418000+14]



-- System Information:
Debian Release: 6.0.6
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser3.112+nmu2add and remove users and groups
ii  asterisk-config1:1.6.2.9-2+squeeze8  Configuration files for Asterisk
ii  asterisk-sounds-ma 1:1.6.2.9-2+squeeze8  Core Sound files for Asterisk (Eng
ii  dahdi  1:2.2.1.1-1   utilities for using the DAHDI kern
ii  libasound2 1.0.23-2.1shared library for ALSA applicatio
ii  libc-client2007e   8:2007e~dfsg-3.1  c-client library for mail protocol
ii  libc6  2.11.3-4  Embedded GNU C Library: Shared lib
ii  libcap21:2.19-3  support for getting/setting POSIX.
ii  libcurl3   7.21.0-2.1+squeeze2   Multi-protocol file transfer libra
ii  libgcc11:4.4.5-8 GCC support library
ii  libglib2.0-0   2.24.2-1  The GLib library of C routines
ii  libgmime-2.0-2a2.2.25-2  MIME library
ii  libgsm11.0.13-3  Shared libraries for GSM speech co
ii  libiksemel31.2-4 C library for the Jabber IM platfo
ii  libjack-jackd2-0 [ 1.9.6~dfsg.1-2JACK Audio Connection Kit (librari
ii  libldap-2.4-2  2.4.23-7.2OpenLDAP libraries
ii  liblua5.1-05.1.4-5   Simple, extensible, embeddable pro
ii  libncurses55.7+20100313-5shared libraries for terminal hand
ii  libnewt0.520.52.11-1 Not Erik's Windowing Toolkit - tex
ii  libogg01.2.0~dfsg-1  Ogg bitstream library
ii  libopenais31.1.2-2   Standards-based cluster framework 
ii  libopenr2-31.3.0-2   MFC/R2 (telephony) call setup libr
ii  libpopt0   1.16-1lib for parsing cmdline parameters
ii  libpq5 8.4.13-0squeeze1  PostgreSQL C client library
ii  libpri1.4  1.4.11.3-1Primary Rate ISDN specification li
ii  libradiusclient-ng 0.5.6-1.1 Enhanced RADIUS client library
ii  libresample1   0.1.3-3   real-time audio resampling library
ii  libsdl1.2debian1.2.14-6.1Simple DirectMedia Layer
ii  libsnmp15  5.4.3~dfsg-2  SNMP (Simple Network Management Pr
ii  libspandsp20.0.6~pre12-1 Telephony signal processing librar
ii  libspeex1  1.2~rc1-1 The Speex codec runtime library
ii  libspeexdsp1   1.2~rc1-1 The Speex extended runtime library
ii  libsqlite0 2.8.17-6  SQLite shared library
ii  libss7-1   1.0.2-1   Signalling System 7 (ss7) library
ii  libssl0.9.80.9.8o-4squeeze13 SSL shared libraries
ii  libstdc++6 4.4.5-8   The GNU Standard C++ Library v3
ii  libsybdb5  0.82-7libraries for connecting to MS SQL
ii  libtiff4   3.9.4-5+squeeze8  Tag Image File Format (TIFF) libra
ii  libtonezone2.0 1:2.2.1.1-1   tonezone library (runtime)
ii  libvorbis0a1.3.1-1+squeeze1  The Vorbis General Audio Compressi
ii  libvorbisenc2  1.3.1-1+squeeze1  The Vorbis General Audio Compressi
ii  libvpb04.2.52-2  Voicetronix telephony hardware use
ii  libx11-6   2:1.3.3-4  

Bug#698118: marked as done (asterisk: version 1:1.6.2.9-2+squeeze9 crashes on SIP call, +squeeze6 does not)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 23:17:15 +
with message-id 
and subject line Bug#698118: fixed in asterisk 1:1.6.2.9-2+squeeze10
has caused the Debian Bug report #698118,
regarding asterisk: version 1:1.6.2.9-2+squeeze9 crashes on SIP call, +squeeze6 
does not
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698118
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: asterisk
Version: 1:1.6.2.9-2+squeeze9
Severity: grave
Justification: renders package unusable

I have a production, fully working asterisk server.
I use many Siemens C470IP cordless phones on the office, they are SIP peers in 
my asterisk installation.
I had "asterisk" and "asterisk-config" version 1:1.6.2.9-2+squeeze6 installed, 
and all was working nicely.
Today, I updated to 1.6.2.9-2+squeeze9 and found out that asterisk seems 
working, but as soon as I do a SIP call with the cordless, asterisk crashes 
suddenly.
I reverted to 1.6.2.9-2+squeeze6 since this is a production asterisk and I 
can't have downtimes.
This is Debian Stable! A package should not break like this :(

Cheers,
Diego Guella



-- System Information:
Debian Release: 6.0.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages asterisk depends on:
ii  adduser3.112+nmu2add and remove users and groups
ii  asterisk-config1:1.6.2.9-2+squeeze9  Configuration files for Asterisk
ii  asterisk-core-soun 1.4.19-1  asterisk PBX sound files - English
ii  dahdi  1:2.2.1.1-1   utilities for using the DAHDI kern
ii  libasound2 1.0.23-2.1shared library for ALSA applicatio
ii  libc-client2007e   8:2007e~dfsg-3.1  c-client library for mail protocol
ii  libc6  2.11.3-4  Embedded GNU C Library: Shared lib
ii  libcap21:2.19-3  support for getting/setting POSIX.
ii  libcurl3   7.21.0-2.1+squeeze2   Multi-protocol file transfer libra
ii  libgcc11:4.4.5-8 GCC support library
ii  libglib2.0-0   2.24.2-1  The GLib library of C routines
ii  libgmime-2.0-2a2.2.25-2  MIME library
ii  libgsm11.0.13-3  Shared libraries for GSM speech co
ii  libiksemel31.2-4 C library for the Jabber IM platfo
ii  libjack-jackd2-0 [ 1.9.6~dfsg.1-2JACK Audio Connection Kit (librari
ii  libldap-2.4-2  2.4.23-7.2OpenLDAP libraries
ii  liblua5.1-05.1.4-5   Simple, extensible, embeddable pro
ii  libncurses55.7+20100313-5shared libraries for terminal hand
ii  libnewt0.520.52.11-1 Not Erik's Windowing Toolkit - tex
ii  libogg01.2.0~dfsg-1  Ogg bitstream library
ii  libopenais31.1.2-2   Standards-based cluster framework 
ii  libopenr2-31.3.0-2   MFC/R2 (telephony) call setup libr
ii  libpopt0   1.16-1lib for parsing cmdline parameters
ii  libpq5 8.4.13-0squeeze1  PostgreSQL C client library
ii  libpri1.4  1.4.11.3-1Primary Rate ISDN specification li
ii  libradiusclient-ng 0.5.6-1.1 Enhanced RADIUS client library
ii  libresample1   0.1.3-3   real-time audio resampling library
ii  libsdl1.2debian1.2.14-6.1Simple DirectMedia Layer
ii  libsnmp15  5.4.3~dfsg-2  SNMP (Simple Network Management Pr
ii  libspandsp20.0.6~pre12-1 Telephony signal processing librar
ii  libspeex1  1.2~rc1-1 The Speex codec runtime library
ii  libspeexdsp1   1.2~rc1-1 The Speex extended runtime library
ii  libsqlite0 2.8.17-6  SQLite shared library
ii  libss7-1   1.0.2-1   Signalling System 7 (ss7) library
ii  libssl0.9.80.9.8o-4squeeze13 SSL shared libraries
ii  libstdc++6 4.4.5-8   The GNU Standard C++ Library v3
ii  libsybdb5  0.82-7libraries for connecting to MS SQL
ii  libtiff4   3.9.4-5+squeeze8  Tag Image File Format (TIFF) libra
ii  libtonezone2.0 1:2.2.1.1-1   tonezone library (runtime)
ii  libvorbis0a1.3.1-1+squeeze1  The Vorbis General Audio Compressi
ii  libvorbi

Bug#685952: ruby-gherkin: does not build on several achitecture, blocking newer cucumber

[Steve McIntyre]

On Sun, Aug 26, 2012 at 07:17:07PM -0300, Antonio Terceiro wrote:
>
>shawn escreveu isso aí:
>> On Wed, 2012-08-08 at 17:19 +0200, Cédric Boutillier wrote: 
>> > Hi!
>> > 
>> > ruby-gherkin does not build on the current architectures: armel, armhf,
>> > powerpc, s390 and s390x. Since I do not have access to any of these
>> > architectures, I was wondering if someone else had any clue about why
>> > the compilation fails (the failing tests are the same on all these
>> > architectures).
>> 
>> Without having looked at the code, this list of failing architectures
>> makes me almost certain it is a problem of assuming the C type "char" is
>> signed. The easy fix is to change the offending "char" declaration
>> "signed char".

Shawn is exactly right, AFAICS. It *is* an invalid assumption about
signed-char. I don't know what happened to anybody else's attempts to
debug this, but I just did a build on harris (armhf porter box). The
current unstable source fails to build with the same symptoms as
described. Running the following command:

$ find . -name '*.rb' | xargs grep -l CFLAGS | xargs sed -i 's/Wall/Wall 
-fsigned-char/g'

fixes the issue - the build succeeds after that. The equivalent patch
to make that change in the source is quite simple to generate for
inclusion in debian/patches, but messy because of the big set of
separate extconf.rb files. This package is a *mess* as shipped by
upstream, with lots of needless repetition.

In fact, looking at the .c source files here, I'm tempted to say that
we don't actually *have* real source in this package.

93sam@harris:~/build/ruby-gherkin/ruby-gherkin-2.11.1$ grep ^#line 
ext/gherkin_lexer_fi/gherkin_lexer_fi.c
#line 1 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 254 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 89 "ext/gherkin_lexer_fi/gherkin_lexer_fi.c"
#line 258 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 819 "ext/gherkin_lexer_fi/gherkin_lexer_fi.c"
#line 425 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 826 "ext/gherkin_lexer_fi/gherkin_lexer_fi.c"
#line 83 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 89 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 93 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 98 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 108 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 112 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 116 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 120 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 124 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 128 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 132 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 136 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 143 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 148 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 153 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 158 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 162 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 168 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 175 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 179 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 185 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 189 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 203 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 207 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 1116 "ext/gherkin_lexer_fi/gherkin_lexer_fi.c"
#line 207 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"
#line 1179 "ext/gherkin_lexer_fi/gherkin_lexer_fi.c"
#line 426 "/Users/ahellesoy/github/gherkin/tasks/../ragel/i18n/fi.c.rl"

Most of the "source" here is being generated from fi.c.rl, and we
don't have that file in this package, nor anywhere else in the Debian
archive. Ick. :-( Is there a good reason why?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"It's actually quite entertaining to watch ag129 prop his foot up on
 the desk so he can get a better aim."  [ seen in ucam.chat ]


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Rob Browning]

Andreas Schwab  writes:

> Eli Zaretskii  writes:
>
>> I didn't research the reason why Emacs 24 autodetects this encoding,
>> and whether this is on purpose.
>
> It's a bug, fixed now.

Great, and thanks.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tag 696026 +fixed-upstream
Bug #696026 [emacs24] emacs24: file corruption on saving
Added tag(s) fixed-upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
696026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696026
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696051: marked as done (potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets - CVE-2012-6075)

[Debian Bug Tracking System]

Your message dated Sun, 20 Jan 2013 23:33:16 +
with message-id 
and subject line Bug#696051: fixed in qemu 1.3.0+dfsg-3exp
has caused the Debian Bug report #696051,
regarding potential guest-side buffer overflow caused by e1000 device emulation 
and large incoming packets - CVE-2012-6075
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qemu
Severity: serious
Tags: upstream patch pending security

When guest does not enable large packet receiving from the qemu-emulated
e1000 device, and a large packet is received from the network, qemu will
happily transfer whole thing to guest, causing a guest buffer overflow.

This is fixed by upstream commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb ,
with the following comment by Michael Contreras:

 Tested with linux guest. This error can potentially be exploited. At the very
 least it can cause a DoS to a guest system, and in the worse case it could
 allow remote code execution on the guest system with kernel level privilege.
 Risk seems low, as the network would need to be configured to allow large
 packets.

So it can be considered a low-risk security issue, too.

/mjt
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.3.0+dfsg-3exp

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev  (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 21 Jan 2013 02:54:15 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-kvm qemu-user qemu-user-static 
qemu-utils
Architecture: source i386 all
Version: 1.3.0+dfsg-3exp
Distribution: experimental
Urgency: low
Maintainer: Debian QEMU Team 
Changed-By: Michael Tokarev 
Description: 
 qemu   - fast processor emulator
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 696051
Changes: 
 qemu (1.3.0+dfsg-3exp) experimental; urgency=low
 .
   * add ability to specify os-arch in configure-opts
   * libseccomp is linux-x86 not linux-any
   * e1000-discard-oversized-packets-based-on-SBP_LPE.patch
 CVE-2012-6075 (Closes: #696051)
Checksums-Sha1: 
 3c3c78c312070b29bd5ea92ba93c15fb385997b9 2524 qemu_1.3.0+dfsg-3exp.dsc
 15bba0621288d5a2394b20ce903481c016af94f1 49303 
qemu_1.3.0+dfsg-3exp.debian.tar.gz
 21b1e2b150118779951daf320f4abc6b4c114331 180132 qemu_1.3.0+dfsg-3exp_i386.deb
 8d58000c3ba34e720cf79d98c2feb529757afacb 52722 
qemu-keymaps_1.3.0+dfsg-3exp_all.deb
 1a7ecd36f6d2de2269f4e26b528b05438fe1c41e 33887444 
qemu-system_1.3.0+dfsg-3exp_i386.deb
 231217b7855b7ee93e4d7a3e6039de19a9099460 37454 
qemu-kvm_1.3.0+dfsg-3exp_i386.deb
 5c1d5566553cce12a9d6669b9f5df45bf6cddb6c 8546816 
qemu-user_1.3.0+dfsg-3exp_i386.deb
 bbfc818fc285fe802117c8046b87c2b8bd4abc3e 15962248 
qemu-user-static_1.3.0+dfsg-3exp_i386.deb
 888b85ddde6d9efa83905e033ef358d626f4f152 875902 
qemu-utils_1.3.0+dfsg-3exp_i386.deb
Checksums-Sha256: 
 1d4c8c27afb568170ef16660b636eff6f6c13bf0da66162168e5d3cf9601488a 2524 
qemu_1.3.0+dfsg-3exp.dsc
 e59a3c9cb4763a61575bf0667e9bc3eeb0f79dad65eb504d87fd2dd5edb143ad 49303 
qemu_1.3.0+dfsg-3exp.debian.tar.gz
 1422e55172002f79a590778089fccaa4f0b68fd3291db89ef819957fea65e2fd 180132 
qemu_1.3.0+dfsg-3exp_i386.deb
 05f1e3c8e1bf6f682aced505bd0f32b2457c08cef745d8afc072c8f47f5ec8b3 52722 
qemu-keymaps_1.3.0+dfsg-3exp_all.deb
 2843f8881badc78cb1e366ecade23dc344b98b9131f926b558fa47d77c696dd4 33887444 
qemu-system_1.3.0+dfsg-3exp_i386.deb
 3979ae1ad53ef95cb4547791df21d10f03aa9f44584ef8fe12f70a0d64e5fb26 37454 
qemu-kvm_1.3.0+dfsg-3exp_i386.deb
 329226f4aeb0608e8d78437c7a888590781780315345dca33a8ba53727e40644 8546816 
qemu-user_1.3.0+dfsg-3exp_i386.deb
 13a7ce

Bug#692081: emacs24-lucid: Crashes on startup

[Rob Browning]

Samuel Bronson  writes:

> The backtrace would be more readable if there had been an emacs24-dbg
> or emacs24-lucid-dbg package available .

OK, hint taken -- could you try again with emacs24-lucid{,-dbg} 24.2+1-2
(once it makes it to sid), and see if we can produce a bit more useful
information?

(Or better yet, we discover that the problem has been fixed...)

Thanks for the help.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#686113: Fails to configure with emacs24 / causes emacs24 upgrade to fail

[Rob Browning]

Norbert Preining  writes:

[Apologies for taking so long to respond.]

> I would like to ask for your help concerning bug #686113. It is somehow
> strange that the byte compile doe snot work.
>
> I reduced it to the following minimal example:
>   ; from the path.el generatd in the emacsen install script
>   (setq load-path (cons "." load-path))
>   (setq byte-compile-warnings nil)
>   ;
>   ; the next two lines are in the org-mu4.el file that do not compile
>   ; this line works
>   (require 'org nil 'noerror)
>   ; this line breaks
>   (require 'org-exp nil 'noerror)

What's pwd (the current directory) when the byte-compile command is
executed, and what's in that directory (or more specifically, are there
any org* files in that directory)?

> In principle when the mu4e .el files are compiled, what happens is
>   emacs24 -no-site-file -q -batch -l path.el -f batch-byte-compile ...
> wher path.el contains the first two code lines.

Would it be easy to create a trivial tarfile that reproduces the
problem?

> Now the above example always breaks with
>   In toplevel form:
>   bla.el:9:9:Error: Can't find library org

Since the require has 'noerror, I'd guess that this has to be coming
from elsewhere, or do I misunderstand the situation?

> where line 9 is the line with (require 'org-exp nil 'noerror)
> but only if emacs24-el is *not* installed. As soon as I install 
> emacs24-el, all is fine.

Well, Debian's Emacs is a little different in that it separates the .el
and .elc files, but that shouldn't matter unless someone is doing
something untoward with the load-path.

Also note that the recently uploaded emacs 2.0.5 fixes some non-trivial
problems with load-path, though I don't know if they're relevant to your
situation.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#684788: emacs24-lucid: segfaults on startup

[Rob Browning]

giacomo boffi  writes:

> Package: emacs24-lucid
> Version: 24.1+1-4
> Followup-For: Bug #684788
>
> Dear Maintainer,
>
> i'd like to confirm the bug report of L-ukasz

If either of you have time, could you retry with 24.2+1-2 (once it
migrates to unstable), and if emacs still crashes, could you install the
new emacs24-lucid-dbg package so that gdb can (hopefully) provide a bit
more information?

Thanks for the help.
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689578: sysklogd modifies /etc/syslog.conf with helper script

[Andres Salomon]

> On Sat, Oct 13, 2012 at 00:41:35 +0200, Michael Biebl wrote:
>
> > A better approach imho would be to simply remove sysklogd from the
> > archive. It's dead upstream, apparently no longer properly
> > maintained in Debian, and there are enough more then suitable
> > alternatives. With rsyslog we even have a drop-in replacement.
> > 
> I've added a hint to remove it from wheezy.
>
> Cheers,
> Julien

Hm.  Rather than simply remove it, can we actually provide an upgrade
path to rsyslog?  I'd be happy to NMU a version of ksyslogd that
does this in unstable (for consideration in wheezy), as long as rsyslog
is truly a drop-in replacement.

It seems that new squeeze installs default to using rsyslog.  However,
I still have several older systems that've been upgraded from earlier
Debian releases that are still using ksyslogd/klogd.  There's been no
indication that ksyslogd had been deprecated in favor of something
else.  If not for the 100% klogd cpu bug (#680099), I'd probably have
continued running it forever without realizing we've switched to
rsyslog.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Eli Zaretskii]

> Date: Sun, 20 Jan 2013 23:10:08 +0100
> From: Vincent Lefevre 
> Cc: r...@defaultvalue.org, ha...@gnu.org, 13...@debbugs.gnu.org,
>   696026-forwar...@bugs.debian.org, 696...@bugs.debian.org
> 
> On 2013-01-20 23:40:14 +0200, Eli Zaretskii wrote:
> > > Date: Sun, 20 Jan 2013 22:25:08 +0100
> > > From: Vincent Lefevre 
> > > Cc: Rob Browning , Kenichi Handa ,
> > >   13...@debbugs.gnu.org, 696026-forwar...@bugs.debian.org,
> > >   696...@bugs.debian.org
> > > 
> > > On 2013-01-20 18:49:38 +0200, Eli Zaretskii wrote:
> > > > Personally, I don't think there's a bug here.  It's a cockpit error.
> > > 
> > > Perhaps it isn't a bug at save time. But then, selecting a lossy
> > > encoding by default when visiting the file is the bug (and really
> > > a regression), particularly if this isn't clearly told to the user.
> > 
> > The encoding isn't lossy.
> 
> You said:
> 
> | The original encoded form of the characters as found on disk at
> | visit time _cannot_ be recovered by saving with raw-text, because
> | that encoded form is lost without a trace when the file is _visited_
>   ^
> | and decoded into the internal representation.
> 
> This is what lossy is.

In that sense, every encoding except no-conversion is lossy.

> On the opposite, the utf-8 encoding doesn't seem to be lossy: Emacs
> seems to handle files with invalid UTF-8 sequences without any loss.
> So, this encoding is safe, even if Emacs wrongly guess the encoding.

No, it isn't, although you could get away with it most of the time.

> But Emacs should clearly tell the user what to do after C-x C-s and
> clearly say when there can be data loss.

At save time, "data loss" is wrt what's in the buffer.  In that sense,
the encodings Emacs suggested don't lose any data.

> Then Emacs says: "Select one of the safe coding systems listed below
> [...]", but doesn't say that something has already been lost. So, the
> words "safe coding systems" are really misleading.

It's misleading because you misunderstand what is "safe" at buffer
save time.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Eli Zaretskii]

> Date: Sun, 20 Jan 2013 23:22:11 +0100
> From: Vincent Lefevre 
> Cc: r...@defaultvalue.org, ha...@gnu.org, 13...@debbugs.gnu.org,
>   696026-forwar...@bugs.debian.org, 696...@bugs.debian.org
> 
> On 2013-01-20 23:10:08 +0100, Vincent Lefevre wrote:
> > But Emacs should clearly tell the user what to do after C-x C-s and
> > clearly say when there can be data loss. Currently it says:
> [...]
> 
> In fact, I fear that this may not be sufficient, because some data
> loss silently occurs when visiting the file.

Exactly!

> If after the decoding, it appears that there are no problematic
> characters (is this possible?), the user would be able to save the
> file without any message from Emacs.

I don't know how to do that within the framework of Emacs handling of
non-ASCII text.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#589731: marked as done (python-scipy: missing source for Cython-generated files)

[Debian Bug Tracking System]

Your message dated Mon, 21 Jan 2013 03:47:56 +
with message-id 
and subject line Bug#589731: fixed in python-scipy 0.10.1+dfsg2-1
has caused the Debian Bug report #589731,
regarding python-scipy: missing source for Cython-generated files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
589731: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589731
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: python-scipy
Version: 0.7.2-1
Severity: serious
Justification: Policy 2.2.1

The source tarball contains two *.c files that were generated by Cython:

$ grep -r 'Generated by Cython' .
./scipy/spatial/ckdtree.c:/* Generated by Cython 0.12.1 on Mon Feb  8 18:11:01 
2010 */
./scipy/stats/vonmises_cython.c:/* Generated by Cython 0.12.1 on Mon Feb  8 
18:10:52 2010 */

However, there are Cython sources for these files included in the 
.orig.tar.gz.


--
Jakub Wilk


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: python-scipy
Source-Version: 0.10.1+dfsg2-1

We believe that the bug you reported is fixed in the latest version of
python-scipy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 589...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Taylor  (supplier of updated python-scipy 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Thu, 29 Nov 2012 21:56:31 +0100
Source: python-scipy
Binary: python-scipy python3-scipy python-scipy-dbg python3-scipy-dbg
Architecture: source amd64
Version: 0.10.1+dfsg2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team 

Changed-By: Julian Taylor 
Description: 
 python-scipy - scientific tools for Python
 python-scipy-dbg - scientific tools for Python - debugging symbols
 python3-scipy - scientific tools for Python 3
 python3-scipy-dbg - scientific tools for Python 3 - debugging symbols
Closes: 589731
Changes: 
 python-scipy (0.10.1+dfsg2-1) unstable; urgency=low
 .
   * add missing cython and swig sources from git tag (Closes: #589731)
   * generate cython c files, requires python-mako and cython build depends
   * ensure that all swig files are regenerated
   * update debian/orig-tar.sh appropriately
   * interpnd-generator.patch: fix the interpnd.pyx generation
Checksums-Sha1: 
 950cf978ef7f6fc0f08652c33bffd2ab47dd02b7 2022 python-scipy_0.10.1+dfsg2-1.dsc
 322f21cb23cd0650b0124624f23f17a1e63c4e06 6425548 
python-scipy_0.10.1+dfsg2.orig.tar.gz
 bf7157f413859804420ef8312cd9a699e7a53f6a 14400 
python-scipy_0.10.1+dfsg2-1.debian.tar.gz
 0185a70cc3bdf7b110362957621b885b6d20cce1 12358744 
python-scipy_0.10.1+dfsg2-1_amd64.deb
 5de263a7ba27f7a005524a5e90207223932813ab 7166218 
python3-scipy_0.10.1+dfsg2-1_amd64.deb
 35b8cf0129ae2716c5ab5450cc4722a9e86e47a1 29515206 
python-scipy-dbg_0.10.1+dfsg2-1_amd64.deb
 b6cb327384619641b7dc83b991dff7903346565c 14898290 
python3-scipy-dbg_0.10.1+dfsg2-1_amd64.deb
Checksums-Sha256: 
 e1829a805262fd0ee1d4d8fc8ea1c4aa1faf1fd9515a297ed9d25e98b3beb6a0 2022 
python-scipy_0.10.1+dfsg2-1.dsc
 d607c69e6f27ac8ea64d191b8c2e08c3c91010f439aec1d0c84bfed52a072c55 6425548 
python-scipy_0.10.1+dfsg2.orig.tar.gz
 21498c134248c83bba75af7694dfd531328f1976917da1b91f363182546798bf 14400 
python-scipy_0.10.1+dfsg2-1.debian.tar.gz
 592a0d4573c8229b40ce0b334d044c7e044199648f3f97c2cf120a9e1329dafd 12358744 
python-scipy_0.10.1+dfsg2-1_amd64.deb
 f872a8144a5eb5e182ed0053151da0aa8f9480cdbdd3fb46c3566d25c0a9586d 7166218 
python3-scipy_0.10.1+dfsg2-1_amd64.deb
 8f9419aacc6380d028b84894d07db00e6f51767659df95f1a1ad3b1affd515fe 29515206 
python-scipy-dbg_0.10.1+dfsg2-1_amd64.deb
 6f4b7eae9624b87d9eee5d65817c6ad1a1815179ddc833e0a7efd26c894455a4 14898290 
python3-scipy-dbg_0.10.1+dfsg2-1_amd64.deb
Files: 
 57c64e9a93546c5dd39922f0a8bb09ca 2022 python extra 
python-scipy_0.10.1+dfsg2-1.dsc
 078235d025ec3b15422d18712a0e139a 6425548 python extra 
python-scipy_0.10.1+dfsg2.orig.tar.gz
 9193bbd1b37fd2f71cfb1d5b3c929fec 14400 python extra 
python-scipy_0.10.1+dfsg2-1.debian.tar.gz
 ef77cbc7c9eab5132e7d221577bf67cf 12358744 python extra 
python-scipy_0.10.1+dfsg2-1_amd64.deb
 99c0599d6e4a269cf266687bb4ff1

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

[Vincent Lefevre]

On 2013-01-21 05:48:14 +0200, Eli Zaretskii wrote:
> > You said:
> > 
> > | The original encoded form of the characters as found on disk at
> > | visit time _cannot_ be recovered by saving with raw-text, because
> > | that encoded form is lost without a trace when the file is _visited_
> >   ^
> > | and decoded into the internal representation.
> > 
> > This is what lossy is.
> 
> In that sense, every encoding except no-conversion is lossy.

Even 8-bit encodings such as latin-1?

> > On the opposite, the utf-8 encoding doesn't seem to be lossy: Emacs
> > seems to handle files with invalid UTF-8 sequences without any loss.
> > So, this encoding is safe, even if Emacs wrongly guess the encoding.
> 
> No, it isn't, although you could get away with it most of the time.

Could you give an example where one loses data with the utf-8 encoding?

> > But Emacs should clearly tell the user what to do after C-x C-s and
> > clearly say when there can be data loss.
> 
> At save time, "data loss" is wrt what's in the buffer.  In that sense,
> the encodings Emacs suggested don't lose any data.

"data loss" is the difference between the original file and the saved
file.

> > Then Emacs says: "Select one of the safe coding systems listed below
> > [...]", but doesn't say that something has already been lost. So, the
> > words "safe coding systems" are really misleading.
> 
> It's misleading because you misunderstand what is "safe" at buffer
> save time.

No, it's misleading because Emacs didn't say that data were lost
when visiting the file.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#658896: please try to downgrade libgcrypt11 to 1.4.6

[Trek]

Hi,

can you try to downgrade libgcrypt11 to the version 1.4.6-9?
You can download it from:

http://snapshot.debian.org/archive/debian/20110807T212024Z/pool/main/libg/libgcrypt11/


this resolved a bug using claws-mail and midori with libgcrypt 1.5,
that seems to have problems with its memory management:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640123


If this is the case, may be that libgcrypt11 should be downgraded
before wheezy is released.


Ciao!


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org