Bug#698736: marked as done (qemu-system: /usr/bin/kvm is a directory, should be a script)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Wed, 23 Jan 2013 07:47:52 +
with message-id 
and subject line Bug#698736: fixed in qemu 1.3.0+dfsg-4exp
has caused the Debian Bug report #698736,
regarding qemu-system: /usr/bin/kvm is a directory, should be a script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698736
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qemu-system
Version: 1.3.0+dfsg-3exp
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Newest qemu-system absorbs old qemu-kvm functionality.
However, script to launch kvm is /usr/bin/kvm/kvm, where it is looked in 
/usr/bin/kvm, as shown below.

gerardo@envy17:/usr/bin$ dpkg -L qemu-system | grep kvm
/usr/bin/kvm
/usr/bin/kvm/kvm
/usr/share/qemu/kvmvapic.bin

Thanks,
Gerardo Malazdrewicz

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
x32

Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=es_AR.utf8, LC_CTYPE=es_AR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages qemu-system depends on:
ii  ipxe-qemu 1.0.0+git-20120202.f6840ba-3
ii  libaio1   0.3.109-3
ii  libasound21.0.26+git20121221-1
ii  libbluetooth3 4.101-1
ii  libbrlapi0.5  4.4-8
ii  libc6 2.16-0experimental1
ii  libcurl3-gnutls   7.28.1-1
ii  libfdt1   1.3.0-2
ii  libgl1-mesa-glx [libgl1]  9.1~git1211131112.fe2ef4-0
ii  libglib2.0-0  2.34.3-1
ii  libgnutls26   2.12.22-1
ii  libiscsi1 1.4.0-3
ii  libjpeg8  8d-1
ii  libncurses5   5.9-10
ii  libpixman-1-0 0.26.0-3
ii  libpng12-01.2.49-3
ii  libpulse0 3.0+20130121fixes-1
ii  libsasl2-22.1.25.dfsg1-4+b1.0.1-1
ii  libsdl1.2debian   1.2.15-5
ii  libseccomp1   1.0.1-1
ii  libspice-server1  0.12.2-0nocelt1exp
ii  libtinfo5 5.9-10
ii  libusbredirparser10.6-1
ii  libuuid1  2.20.1-5.3
ii  libvdeplug2   2.3.2-4
ii  libx11-6  2:1.5.0-1
ii  libxen-4.14.1.3-8
ii  libxenstore3.04.2.0-1
ii  openbios-ppc  1.0+svn1060-1
ii  openbios-sparc1.0+svn1060-1
ii  openhackware  0.4.1-6
ii  qemu-keymaps  1.3.0+dfsg-3exp
ii  seabios   1.7.2-1
ii  vgabios   0.7a-3
ii  zlib1g1:1.2.7.dfsg-13

Versions of packages qemu-system recommends:
ii  iproute 20121211-2
ii  qemu-utils  1.3.0+dfsg-3exp

Versions of packages qemu-system suggests:
ii  samba  2:3.6.10-1
ii  vde2   2.3.2-4

-- no debconf information

-- debsums errors found:
debsums: can't open qemu-system file /usr/bin/kvm/kvm (No es un directorio)
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.3.0+dfsg-4exp

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 698...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev  (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 23 Jan 2013 11:08:47 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils 
qemu-kvm
Architecture: source i386 all
Version: 1.3.0+dfsg-4exp
Distribution: experimental
Urgency: low
Maintainer: Debian QEMU Team 
Changed-By: Michael Tokarev 
Description: 
 qemu   - fast processor emulator
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 698736
Changes: 
 qemu (1.3.0+dfsg-4exp

Bug#694770: marked as done (libc6-dev-s390: can't compile 31-bit programs on s390x due to missing "asm/errno.h")

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Wed, 23 Jan 2013 00:11:01 -0700
with message-id <20130123071101.gm29...@0c3.net>
and subject line libc6-dev-s390: can't compile 31-bit programs
has caused the Debian Bug report #694770,
regarding libc6-dev-s390: can't compile 31-bit programs on s390x due to missing 
"asm/errno.h"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
694770: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694770
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libc6-dev-s390
Version: 2.13-37
Severity: grave
Justification: renders package unusable

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?

I tried to compile 31-bit program on 64-bit s390x system

   * What exactly did you do (or not do) that was effective (or
 ineffective)?

Try to compile a simple program that includes errno.h:

#include 
int main(void) { return 0; }

Compile it with this command: gcc-4.7 -m31 errno.c

   * What was the outcome of this action?
In file included from /usr/include/bits/errno.h:25:0,
 from /usr/include/errno.h:36,
 from errno.c:1:
/usr/include/linux/errno.h:4:23: fatal error: asm/errno.h: Adresář nebo soubor 
neexistuje

   * What outcome did you expect instead?

The program should compile.



This bug can be worked around if you do:
# cd /usr/include
# ln -s s390x-linux-gnu s390-linux-gnu
 then, compiling programs with -m31 works fine.

The directory /usr/include/s390-linux-gnu should be installed by 31-bit 
libc development package libc6-dev-s390.


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: s390x

Kernel: Linux 3.2.0-4-s390x (SMP w/8 CPU cores)
Locale: LANG=cs_CZ.utf8, LC_CTYPE=cs_CZ.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6-dev-s390 depends on:
ii  libc6-dev   2.13-37
ii  libc6-s390  2.13-37

Versions of packages libc6-dev-s390 recommends:
pn  gcc-multilib  

libc6-dev-s390 suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
On the s390x machine I have access to, I see the following:

(s390x-sid)adconrad@zelenka:~$ cat foo.c 
#include 
int main(void) { return 0; }
(s390x-sid)adconrad@zelenka:~$ gcc-4.6 -m31 -o foo foo.c 
(s390x-sid)adconrad@zelenka:~$ 
(s390x-sid)adconrad@zelenka:~$ cpp -H foo.c | grep '^\.'
. /usr/include/errno.h
.. /usr/include/features.h
... /usr/include/s390x-linux-gnu/bits/predefs.h
... /usr/include/s390x-linux-gnu/sys/cdefs.h
 /usr/include/s390x-linux-gnu/bits/wordsize.h
... /usr/include/s390x-linux-gnu/gnu/stubs.h
 /usr/include/s390x-linux-gnu/bits/wordsize.h
 /usr/include/s390x-linux-gnu/gnu/stubs-64.h
.. /usr/include/s390x-linux-gnu/bits/errno.h
... /usr/include/linux/errno.h
 /usr/include/s390x-linux-gnu/asm/errno.h
. /usr/include/asm-generic/errno.h
.. /usr/include/asm-generic/errno-base.h

There's no reason for /usr/include/s390-linux-gnu to exist on
the system, though gcc will happily search there if you have
libc6-dev:s390 installed via multiarch.

The biarch multilib packages instead operate by shipping files
in /usr/include and some clever symlinks.  The output of your
compile line leads me to believe that, perhaps, your dev
packages are a little on the confused side or, perhaps, your
/usr/include/bits is a directory instead of a symlink (it's hard
to tell this from a distance, just taking some shots in the dark.

I suspect that the following will solve your issue:

"apt-get --reinstall install libc6-dev-s390"

But, if not, you may have a compiler bug there, rather than a
libc6 bug.  The default compilers in unstable certainly work,
at any rate.

... Adam--- End Message ---

Bug#697848: NMU of ace ?

2013-01-22 Thread Ralf Treinen 
Hi,

On Tue, Jan 22, 2013 at 10:32:13PM +0100, Thomas Girard wrote:

> ace source package consists in the following software:
>  - ACE, a C++ networking library
>  - TAO, a CORBA ORB built on top of ACE
> 
> What is faulty here is TAO_IDL (idl to C++ mapping) and a piece of
> marshalling code (again, for TAO). So ACE can remain in main, but TAO
> has to go to non-free.
> 
> This means two repackaging: one for ACE and another for TAO (not
> distributed stand-alone ATM) in non-free.

OK. Here is what I will try tonight when I get back from work:
- repack the orig.tar.gz without the two windows executables, the TAO
  source tree, and the files in examples/ that are under Addison Wesley
  licence.
- remove all tao-related packages from debian/control, that is

Package: libtao-2.1.2
Package: libtao-dev
Package: libtao-doc
Package: libtao-orbsvcs-2.1.2
Package: libtao-orbsvcs-dev
Package: libtao-qtresource-2.1.2
Package: libtao-qtresource-dev
Package: libtao-xtresource-2.1.2
Package: libtao-xtresource-dev
Package: libtao-flresource-2.1.2
Package: libtao-flresource-dev
Package: libtao-tkresource-2.1.2
Package: libtao-tkresource-dev
Package: libtao-foxresource-2.1.2
Package: libtao-foxresource-dev
Package: tao-idl
Package: tao-ifr
Package: tao-imr
Package: tao-ft
Package: tao-utils
Package: tao-cosnaming
Package: tao-naming
Package: tao-costrading
Package: tao-trading
Package: tao-cosevent
Package: tao-event
Package: tao-rtevent
Package: tao-ftrtevent
Package: tao-cosnotification
Package: tao-notify
Package: tao-load
Package: tao-tls
Package: tao-log
Package: tao-scheduling
Package: tao-cosconcurrency
Package: tao-concurrency
Package: tao-coslifecycle
Package: tao-lifecycle
Package: tao-costime
Package: tao-time

- remove all files from debian/ that are related to these packages, and
  other mentions of tao stuff in debian/rules and possibly elsewhere in
  debian/* files.

In what concerns a new tao package for nonfree I leave that to you ...

Cheers -Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#631729: irssi-plugin-xmpp: Memory corruption and crash with /xmppconnect

2013-01-22 Thread Florian Schlichting 
> As this only happens for me when connecting to a host that resolves to
> both ipv4 and ipv6 (for irssi-plugin-xmpp that is: '/xmppconnect -h
> localhost ', NOT '/xmppconnect -h 127.0.0.1 '), I suppose the
> GIO watch is triggered once for each protocol version. This may either
> be a bug in glib, or needs to be caught in libloudmouth.

I now realize that things may be a bit more complicated than that, as
connections to e.g. 'inva...@twattle.net' result in a faultless ipv6
connection that continues all the way through to the password prompt.

Perhaps the issue is limited to cases where the name resolution happens
via /etc/hosts, and returns results for both protocols? (It is *not*
limited to connections to "localhost", it also happens when /etc/hosts
specifies both an ipv4 and an ipv6 address for a remote host.)

And KiBi, is your use case covered by these considerations?


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697848: [Pkg-ace-devel] Bug#697848: NMU of ace ?

2013-01-22 Thread Ralf Treinen 
On Tue, Jan 22, 2013 at 11:30:14PM +0100, Pau Garcia i Quiles wrote:

>Can we try to get that code relicensed? I'd say Remedy, OCI and even the
>very DOC Group are infringing the license themselves by redistributing and
>modifying[*] this code.
>[*] I have not checked the SVN repository yet but I'd bet the code has
>suffered at least some modification since it was written and Addison
>Wesley wrote that license

Relicensing is probably the best solution, generally speaking, but I suppose
it will come too late for wheezy.

-Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 697848

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 697848 + pending
Bug #697848 [src:ace] non-free files in main
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697848
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: tagging 697847

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 697847 + pending
Bug #697847 [src:ace] missing source for Win32 binaries
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
697847: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697847
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698736: qemu-system: /usr/bin/kvm is a directory, should be a script

2013-01-22 Thread Michael Tokarev 

23.01.2013 02:06, Gerardo Esteban Malazdrewicz wrote:

Package: qemu-system
Version: 1.3.0+dfsg-3exp
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Newest qemu-system absorbs old qemu-kvm functionality.
However, script to launch kvm is /usr/bin/kvm/kvm, where it is looked in 
/usr/bin/kvm, as shown below.


Yes it's a bug indeed.  Fixed in git already, I didn't even notice it
but I changed the way this wrapper is installed.  I'm uploading a new
version anyway, so it will be fixed in a few minutes.

But I question Severity+Justirication - more or less just curious
actually, why do you think this renders package unusable?  The
file in question (/usr/bin/kvm wrongly packaged as /usr/bin/kvm/kvm)
is a compatibility script to simplify moving from old qemu-kvm to
new qemu-system.  First thing it says is just that -- to move to
qemu-system-x86_64.  Why do you think the lack (or improper install)
of this file renders package unusable?  It is not the binary you
should be using, the right binary is qemu-system-x86_64...

Thanks,

/mjt


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698462: marked as done (FTBFS due to inkscape)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Wed, 23 Jan 2013 06:17:37 +
with message-id 
and subject line Bug#698462: fixed in taurus 3.0.0-2
has caused the Debian Bug report #698462,
regarding FTBFS due to inkscape
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698462
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: taurus
Version: 3.0.0-1
Severity: serious

inkscape ask a few question during the build.
It means that it stop the build -> FTBFS

now we use imagemagick as fallback



-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-486
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
From: =?UTF-8?q?Picca=20Fr=C3=A9d=C3=A9ric-Emmanuel?= 
Date: Fri, 18 Jan 2013 21:20:39 +0100
Subject: upstream fix for the FTBFS due to image conversion

---
 setup.py |   24 +---
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/setup.py b/setup.py
index c3afb89..92d570a 100644
--- a/setup.py
+++ b/setup.py
@@ -585,7 +585,6 @@ if sphinx:
 def run(self):
 self.resource_dir = abspath('lib', 'taurus', 'qt', 'qtgui', 'resource')
 self.taurus = os.path.join(self.resource_dir, 'taurus.png')
-import PyQt4.Qt
 orig_dir = os.path.abspath(os.curdir)
 os.chdir(self.resource_dir)
 
@@ -699,13 +698,13 @@ if sphinx:
 
 class build_doc(BuildDoc):
 user_options = BuildDoc.user_options + \
- [('use-inkscape', None, 
-   "Use inkscape for building the icon catalog (useful if QApplication cannot be used when building, but requires inkscape)")]
-boolean_options = BuildDoc.boolean_options + ['use-inkscape']
+ [('external-img-tools', None, 
+   "Use external tools for converting the icon catalog (useful if QApplication cannot be used while building, but requires inkscape and imagemagick)")]
+boolean_options = BuildDoc.boolean_options + ['external-img-tools']
 
 def initialize_options (self):
 BuildDoc.initialize_options(self)
-self.use_inkscape = False
+self.external_img_tools = False
 
 def has_doc_api(self):
 return True
@@ -757,20 +756,20 @@ if sphinx:
 # copy the tango icons to the build directory of documentation
 target = os.path.join(build_dir, 'devel')
 
-if not self.use_inkscape:
+if not self.external_img_tools:
 import PyQt4.Qt
 if PyQt4.Qt.qApp.instance() is None:
 self.app = PyQt4.Qt.QApplication([])
 
 print("\tBuilding PNGs for icon catalog")   
-os.path.walk(resource, svg_to_png, (resource, target, self.use_inkscape))
+os.path.walk(resource, svg_to_png, (resource, target, self.external_img_tools))
 return
 
 cmdclass['build_doc'] = build_doc
 
 def svg_to_png(arg, dirname, fnames):
-resource, target, use_inkscape = arg
-if not use_inkscape:
+resource, target, external_img_tools = arg
+if not external_img_tools:
 import PyQt4.Qt
 relpath = os.path.relpath(dirname, start=resource)
 path = os.path.join(target, relpath)
@@ -783,9 +782,12 @@ def svg_to_png(arg, dirname, fnames):
 target_fname = fbase + ".png"
 full_target_fname = os.path.join(path, target_fname)
 if not os.path.isfile(full_target_fname):
-if use_inkscape:
-cmd = "inkscape -z -e '%s' -w 24 '%s' > /dev/null"%(full_target_fname, full_source_fname)
+if external_img_tools:
+cmd = "inkscape -z '%s' -e '%s' -w 24 >/dev/null 2>/dev/null"%(full_source_fname, full_target_fname)
 ok = not(os.system(cmd))
+if not ok:
+cmd = "convert -resize 24 '%s' '%s' >/dev/null 2>/dev/null"%(full_source_fname, full_target_fname)
+ok = not(os.system(cmd))
 else:
 pixmap = PyQt4.Qt.QPixmap(full_source_fname)
 pix = pixmap.scaledToWidth(24, PyQt4.Qt.Qt.SmoothTransformation)
--- End Message ---
--- Begin Message ---
Source: taurus
Source-Version: 3.0.0-2

We believe that the bug you r

Bug#696144: 20_head_tests.cf: regex for illegal IP address contains valid network 5/8

2013-01-22 Thread Noah Meyerhans 
On Tue, Jan 22, 2013 at 01:15:39PM +0100, Alexander Neumann wrote:
> This bug should be fixed ASAP squeeze, for example Hetzner[1] was allocated
> 5.9.0.0/16, so a lot of mail servers are hit by this bug. A very simple
> patch is attached.

Note that if you're running sa-update regularly, you won't need to worry
about this. The updates channels have been carrying the fix for this for
years, literally.

I'll see about getting a fixed upgraded for squeeze in the next day or
two...

noah



signature.asc
Description: Digital signature

Bug#698745: dpkg breaks other packages during installation of a package

2013-01-22 Thread Uwe Storbeck 
Package: dpkg
Version: 1.16.9
Severity: grave
Justification: causes non-serious data loss

Dear Maintainer,

before and after the upgrade from squeeze to wheezy I checked
my system with debsums. After the upgrade I found several
modified files. I tried to fix the changed files by reinstalling
the associated packages.

But when I reinstall one package to fix the changed files
of that package unrelated files from a different package get
modified which weren't modified before.

The behaviour is not always consistent. Sometimes files of a
different package get removed, sometimes they get changed
(it looks like they get overwritten by files from the package
I install). Sometimes even the reinstallation of the second
package which had been broken by the installation of the first
package breaks the first package again, creating an error loop.
I have seen this behaviour with the same files and packages on
more than one system and the systems were running without
problems on squeeze before so that I think I can exclude
hardware issues.

The bug happens with more than one package and I don't see
anything which is overwriting files from a different package
in these packages. That's why I file this bug against dpkg.
But I'm not an expert for debian packages, so be free to
reassign the bug to any other package. I also do not know what
the appropriate severity for this bug should be. But when the
package system corrupts installed files on the system I think
that's a release critical bug, hence severity grave.

As my description is probably hard to understand I have attached
a logfile where I have tried to track the installation problems
down to a minimum of commands.

There's also a second logfile attached from another upgrade
where I have tried to fix the problems by reinstalling the
packages with aptitude first.

I don't know if this bug is related to bug #687611 as I also
had a modified file debian-archive-removed-keys.gpg on all the
systems which I have upgraded to wheezy so far. This file has
been fixed on all systems by reinstalling the package
debian-archive-keyring without any side effects on other
packages though.

Regards

Uwe




grappa:~# debsums --changed
/usr/share/doc/e2fsprogs/copyright
/usr/share/doc/libtiff-tools/README
/usr/share/doc/libtiff-tools/TODO
/usr/share/doc/libtiff-tools/changelog.Debian.gz
/usr/share/doc/libtiff-tools/changelog.gz
/var/lib/xine/xine.desktop

grappa:~# apt-cache policy e2fsprogs
e2fsprogs:
  Installed: 1.42.5-1
  Candidate: 1.42.5-1
  Version table:
 *** 1.42.5-1 0
750 http://ftp.debian.org/debian/ wheezy/main i386 Packages
650 http://ftp.debian.org/debian/ sid/main i386 Packages
100 /var/lib/dpkg/status

grappa:~# dpkg -l e2fsprogs
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---=
ii  e2fsprogs  1.42.5-1 i386 ext2/ext3/ext4 file system utilit

grappa:~# md5sum /usr/share/doc/e2fsprogs/copyright
726570c997e520841dbf8f7611b173ae  /usr/share/doc/e2fsprogs/copyright

grappa:~# grep copyright /var/lib/dpkg/info/e2fsprogs.md5sums 
51a47eee51e75de66777fc781af2f063  usr/share/doc/e2fsprogs/copyright

grappa:~# dpkg-deb -R /var/cache/apt/archives/e2fsprogs_1.42.5-1_i386.deb 
/tmp/e2fsprogs

grappa:~# grep copyright /tmp/e2fsprogs/DEBIAN/md5sums 
51a47eee51e75de66777fc781af2f063  usr/share/doc/e2fsprogs/copyright

grappa:~# ll /usr/share/doc/e2fsprogs/copyright 
/tmp/e2fsprogs/usr/share/doc/e2fsprogs/copyright
-rw-r--r-- 1 root root 3586 2012-07-06 15:37 
/tmp/e2fsprogs/usr/share/doc/e2fsprogs/copyright
-rw-r--r-- 1 root root  995 2012-07-06 15:37 /usr/share/doc/e2fsprogs/copyright

grappa:~# dpkg -r --force-remove-essential e2fsprogs
dpkg: warning: overriding problem because --force enabled:
 This is an essential package - it should not be removed.
(Reading database ... 568582 files and directories currently installed.)
Removing e2fsprogs ...
Processing triggers for man-db ...

grappa:~# dpkg -i /var/cache/apt/archives/e2fsprogs_1.42.5-1_i386.deb
Selecting previously unselected package e2fsprogs.
(Reading database ... 568522 files and directories currently installed.)
Unpacking e2fsprogs (from .../e2fsprogs_1.42.5-1_i386.deb) ...
Setting up e2fsprogs (1.42.5-1) ...
Processing triggers for man-db ...

grappa:~# debsums --changed
/usr/share/doc/e2fsck-static/copyright
/usr/share/doc/libtiff-tools/README
/usr/share/doc/libtiff-tools/TODO
/usr/share/doc/libtiff-tools/changelog.Debian.gz
/usr/share/doc/libtiff-tools/changelog.gz
/var/lib/xine/xine.desktop

grappa:~# apt-cache policy e2fsck-static
e2fsck-static:
  Installed: 1.42.5-1
  Candidate: 1.42.5-1
  Version table:
 *** 1.42.5-1 0
750 http://ftp

Processed: found 669391 in ptex-jisfonts/2-21.1

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> found 669391 ptex-jisfonts/2-21.1
Bug #669391 [ptex-jisfonts] ptex-jisfonts: unowned file 
/usr/local/share/texmf/ls-R after purge (policy 6.8, 9.1.2)
Marked as found in versions ptex-jisfonts/2-21.1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
669391: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669391
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#631729: irssi-plugin-xmpp: Memory corruption and crash with /xmppconnect

2013-01-22 Thread Debian Bug Tracking System 
Processing control commands:

> reassign 631729 libloudmouth1-0
Bug #631729 [irssi-plugin-xmpp] irssi-plugin-xmpp: segfaults when connecting to 
local Prosody
Bug reassigned from package 'irssi-plugin-xmpp' to 'libloudmouth1-0'.
No longer marked as found in versions irssi-plugin-xmpp/0.51+cvs20100627-1 and 
irssi-plugin-xmpp/0.52-1.
Ignoring request to alter fixed versions of bug #631729 to the same values 
previously set
> retitle 631729 libloudmouth1-0: segfaults when connecting to a dual-stacked 
> host
Bug #631729 [libloudmouth1-0] irssi-plugin-xmpp: segfaults when connecting to 
local Prosody
Changed Bug title to 'libloudmouth1-0: segfaults when connecting to a 
dual-stacked host' from 'irssi-plugin-xmpp: segfaults when connecting to local 
Prosody'
> tags 631729 = ipv6
Bug #631729 [libloudmouth1-0] libloudmouth1-0: segfaults when connecting to a 
dual-stacked host
Added tag(s) ipv6; removed tag(s) unreproducible.

-- 
631729: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631729
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#631729: irssi-plugin-xmpp: Memory corruption and crash with /xmppconnect

2013-01-22 Thread Florian Schlichting 
Control: reassign 631729 libloudmouth1-0
Control: retitle 631729 libloudmouth1-0: segfaults when connecting to a 
dual-stacked host
Control: tags 631729 = ipv6

I am able to reproduce this now, both on i386 and amd64. The key is to
connect to a hostname that resolves to both an IPv4 and an IPv6 address
(there seems to have been a time when new installs created an /etc/hosts
where this was the case for 'localhost', hence the difference between
local and remote connections for some users). This is valgrind's
memcheck output:

==11869== Invalid read of size 4
==11869==at 0x4F384EE: socket_connect_cb (lm-socket.c:518)
==11869==by 0x427417D: g_io_unix_dispatch (giounix.c:166)
==11869==by 0x4233D85: g_main_context_dispatch (gmain.c:2539)
==11869==by 0x4234124: g_main_context_iterate.isra.21 (gmain.c:3146)
==11869==by 0x4234200: g_main_context_iteration (gmain.c:3207)
==11869==by 0x45204D2: (below main) (libc-start.c:226)
==11869==  Address 0x512e58c is 4 bytes inside a block of size 24 free'd
==11869==at 0x402B06C: free (in 
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11869==by 0x4239D0A: standard_free (gmem.c:98)
==11869==by 0x4239F8F: g_free (gmem.c:252)
==11869==by 0x4F37A0D: _lm_socket_succeeded (lm-socket.c:415)
==11869==by 0x4F386E9: socket_connect_cb (lm-socket.c:552)
==11869==by 0x427417D: g_io_unix_dispatch (giounix.c:166)
==11869==by 0x4233D85: g_main_context_dispatch (gmain.c:2539)
==11869==by 0x4234124: g_main_context_iterate.isra.21 (gmain.c:3146)
==11869==by 0x4234200: g_main_context_iteration (gmain.c:3207)
==11869==by 0x45204D2: (below main) (libc-start.c:226)

And the backtrace is, as above:

#0  lm_socket_ref (socket=0x100010003) at lm-socket.c:1208
#1  0x7faa7563f6df in socket_connect_cb (source=0x1297750, 
condition=G_IO_OUT, connect_data=0x1294020) at lm-socket.c:518
#2  0x7faa77752355 in g_main_context_dispatch () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x7faa77752688 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x7faa77752744 in g_main_context_iteration () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x0041905c in main ()

Looking at loudmouth's loudmouth/lm-socket.c, it seems clear to me that
socket_connect_cb is called twice with condition G_IO_OUT, while
expecting for this to happen no more than once, so that on the second
invocation, connect_data->socket has already been freed.

As this only happens for me when connecting to a host that resolves to
both ipv4 and ipv6 (for irssi-plugin-xmpp that is: '/xmppconnect -h
localhost ', NOT '/xmppconnect -h 127.0.0.1 '), I suppose the
GIO watch is triggered once for each protocol version. This may either
be a bug in glib, or needs to be caught in libloudmouth.

Florian


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698740: gnome-applets: Force-Quit applet freezes/crashes, refuses to recognize mouse clicks or escape key

2013-01-22 Thread Avery Payne 
Package: gnome-applets
Version: 3.4.1-3
Severity: grave
Justification: causes non-serious data loss

Dear Maintainer,

The Force-Quit applet for Gnome 3 creates a serious usability issue.  After
attaching the applet to a panel, attempting to use it will start the applet and
show the overlay window.  The window states that the user should click on the
window they want to quit, or press escape to abort this process.  While the
pointer on the screen will change as part of this, clicking on any window does
NOT close the application.  In fact, it appears that all mouse click events are
simply "eaten" and the mouse effective does nothing from that point forward.
Just as a side note, I also attempted to click the application entry in the
bottom panel, just to be sure there wasn't some hidden UI option that might
work as well.  Pressing Escape to end the process doesn't work either.  I have
tried this option twice, and each time, the only way to "unlock" the session
was to literally abort it by restarting the display manager.  While this does
not affect the system in a critical way, it does affect the user's session, and
I can easily see where it could lead to data loss because the X session was
dumped, in turn causing all programs to be killed with it.  I have also
attempted to see if the program could be killed by switching to a console and
doing a ps aux | grep "myusername", but I have not had much luck in locating
the application - it implies that the applet may be crashing (or simply running
under a different account).

At the very least, the applet should respond to the escape key to allow the
user to exit back to their session, rather than creating a situation where the
mouse pointer is completely ineffective.  While this does not address the
primary function of the applet (to force-quit another application) it at least
functions as a fail-safe in a case where the software could fail, allowing the
user to get out of a potentially bad situation.



-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnome-applets depends on:
ii  gconf-service3.2.5-1+build1
ii  gconf2   3.2.5-1+build1
ii  gir1.2-gconf-2.0 3.2.5-1+build1
ii  gir1.2-gdkpixbuf-2.0 2.26.1-1
ii  gir1.2-gtk-3.0   3.4.2-5
ii  gir1.2-panelapplet-4.0   3.4.2.1-3
ii  gnome-applets-data   3.4.1-3
ii  gnome-icon-theme 3.4.0-2
ii  gnome-panel  3.4.2.1-3
ii  gvfs 1.12.3-3
ii  libatk1.0-0  2.4.0-2
ii  libc62.13-37
ii  libcairo21.12.2-2
ii  libcpufreq0  008-1
ii  libdbus-1-3  1.6.8-1
ii  libdbus-glib-1-2 0.100-1
ii  libgconf-2-4 3.2.5-1+build1
ii  libgdk-pixbuf2.0-0   2.26.1-1
ii  libglib2.0-0 2.33.12+really2.32.4-3
ii  libgstreamer-plugins-base0.10-0  0.10.36-1
ii  libgstreamer0.10-0   0.10.36-1
ii  libgtk-3-0   3.4.2-5
ii  libgtop2-7   2.28.4-3
ii  libgucharmap-2-90-7  1:3.4.1.1-2.1
ii  libgweather-3-0  3.4.1-1+build1
ii  libnotify4   0.7.5-1
ii  libpanel-applet-4-0  3.4.2.1-3
ii  libpango1.0-01.30.0-1
ii  libpolkit-gobject-1-00.105-3
ii  libupower-glib1  0.9.17-1
ii  libwnck-3-0  3.4.2-1
ii  libx11-6 2:1.5.0-1
ii  libxml2  2.8.0+dfsg1-7
ii  python   2.7.3~rc2-1
ii  python-gi3.2.2-1
ii  upower   0.9.17-1

Versions of packages gnome-applets recommends:
ii  gnome-media   3.4.0-1
ii  gnome-system-monitor  3.4.1-2+b1
ii  gstreamer0.10-pulseaudio  0.10.31-3+nmu1
ii  policykit-1-gnome 0.105-2

Versions of packages gnome-applets suggests:
ii  tomboy  1.10.0-2

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697848: [Pkg-ace-devel] Bug#697848: NMU of ace ?

2013-01-22 Thread Pau Garcia i Quiles 
On Tue, Jan 22, 2013 at 10:32 PM, Thomas Girard wrote:

> On 22/01/2013 21:40, Ralf Treinen wrote:
> >> I'm more annoyed by #697848. The first two issues raised by Ansgar were
> >> not yet discussed with upstream because I need a confirmation on what
> >> is exactly the issue. If this is what I underlined in my reply then I
> >> am afraid we will have no easy solution except for moving ace to
> >> non-free.
> >
> > I am afraid I agree with Ansgar that the licence is rife with problems,
> > in particular the part where you are not allowed to remove functionality.
> > This can be read as forbidding to rip part of the source code and reuse
> > it in a different projet. Can it be DFSG-free if this is not allowed ?
>
> Agreed, but I believe Sun intent here was to ensure that
> standardization and implementation efforts (IDL to C++ and IIOP
> marshalling rules) do not get ruined by code modifications. Yes, I am
> interpreting.
>
> @Johnny: any opinion on this? See [1] for the context.
>

I'm afraid Johnny was not CC'ed in your mail, do not forget to add
pkg-ace-devel to the CC list


>
> > Different parts of the source code are covered by different licences. The
> > question for me was rather whether it is possible to keep a kernel ace
> > package containing only source code that is not covered by problematic
> > licences, and possibly move the rest into an ace-nonfree package. Are you
> > saying that this is not possible, and that the only possible action
> > would be to move everything to non-free? I don't know anything about the
> > structure of the ace package.
>
> ace source package consists in the following software:
>  - ACE, a C++ networking library
>  - TAO, a CORBA ORB built on top of ACE
>
> What is faulty here is TAO_IDL (idl to C++ mapping) and a piece of
> marshalling code (again, for TAO). So ACE can remain in main, but TAO
> has to go to non-free.
>
> This means two repackaging: one for ACE and another for TAO (not
> distributed stand-alone ATM) in non-free.
>

Can we try to get that code relicensed? I'd say Remedy, OCI and even the
very DOC Group are infringing the license themselves by redistributing and
modifying[*] this code.

[*] I have not checked the SVN repository yet but I'd bet the code has
suffered at least some modification since it was written and Addison Wesley
wrote that license

-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

Bug#698737: owncloud: Multiple XSS vulnerabilities (oC-SA-2013-001)

2013-01-22 Thread Salvatore Bonaccorso 
Source: owncloud
Severity: grave
Tags: security

Hi

The following announce on multiple XSS vulnerabilities in owncloud was
done:

[0] http://owncloud.org/about/security/advisories/oC-SA-2013-001/

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[1] http://security-tracker.debian.org/tracker/CVE-2013-0201
[2] http://security-tracker.debian.org/tracker/CVE-2013-0202
[3] http://security-tracker.debian.org/tracker/CVE-2013-0203

Please adjust the affected versions in the BTS as needed, for the
affected versions.

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698736: qemu-system: /usr/bin/kvm is a directory, should be a script

2013-01-22 Thread Gerardo Esteban Malazdrewicz 
Package: qemu-system
Version: 1.3.0+dfsg-3exp
Severity: grave
Justification: renders package unusable

Dear Maintainer,

Newest qemu-system absorbs old qemu-kvm functionality.
However, script to launch kvm is /usr/bin/kvm/kvm, where it is looked in 
/usr/bin/kvm, as shown below.

gerardo@envy17:/usr/bin$ dpkg -L qemu-system | grep kvm
/usr/bin/kvm
/usr/bin/kvm/kvm
/usr/share/qemu/kvmvapic.bin

Thanks,
Gerardo Malazdrewicz

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
x32

Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=es_AR.utf8, LC_CTYPE=es_AR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages qemu-system depends on:
ii  ipxe-qemu 1.0.0+git-20120202.f6840ba-3
ii  libaio1   0.3.109-3
ii  libasound21.0.26+git20121221-1
ii  libbluetooth3 4.101-1
ii  libbrlapi0.5  4.4-8
ii  libc6 2.16-0experimental1
ii  libcurl3-gnutls   7.28.1-1
ii  libfdt1   1.3.0-2
ii  libgl1-mesa-glx [libgl1]  9.1~git1211131112.fe2ef4-0
ii  libglib2.0-0  2.34.3-1
ii  libgnutls26   2.12.22-1
ii  libiscsi1 1.4.0-3
ii  libjpeg8  8d-1
ii  libncurses5   5.9-10
ii  libpixman-1-0 0.26.0-3
ii  libpng12-01.2.49-3
ii  libpulse0 3.0+20130121fixes-1
ii  libsasl2-22.1.25.dfsg1-4+b1.0.1-1
ii  libsdl1.2debian   1.2.15-5
ii  libseccomp1   1.0.1-1
ii  libspice-server1  0.12.2-0nocelt1exp
ii  libtinfo5 5.9-10
ii  libusbredirparser10.6-1
ii  libuuid1  2.20.1-5.3
ii  libvdeplug2   2.3.2-4
ii  libx11-6  2:1.5.0-1
ii  libxen-4.14.1.3-8
ii  libxenstore3.04.2.0-1
ii  openbios-ppc  1.0+svn1060-1
ii  openbios-sparc1.0+svn1060-1
ii  openhackware  0.4.1-6
ii  qemu-keymaps  1.3.0+dfsg-3exp
ii  seabios   1.7.2-1
ii  vgabios   0.7a-3
ii  zlib1g1:1.2.7.dfsg-13

Versions of packages qemu-system recommends:
ii  iproute 20121211-2
ii  qemu-utils  1.3.0+dfsg-3exp

Versions of packages qemu-system suggests:
ii  samba  2:3.6.10-1
ii  vde2   2.3.2-4

-- no debconf information

-- debsums errors found:
debsums: can't open qemu-system file /usr/bin/kvm/kvm (No es un directorio)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#661922: Can I get a debug log for this build ?

2013-01-22 Thread Thomas Vander Stichele 
Run the testsuite with RIP_DEBUG=5

I also think this is probably fixed in 0.2.0 and related to a bad
audioparsers plugin in GStreamer.

Thomas

-- 

- Are you OK ?
- Yes, I'm fine. The shaking's just a side effect of the fear.

Moovida - future TV today !
http://www.moovida.com/


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#689332: bind9 uses shipped file as statefile

2013-01-22 Thread Adam D. Barratt 
Hi,

I was looking at the bind9 -4 upload for a potential unblock and was
about to query some of the changes in this patch when I noticed that
Julien already did so a while ago.

On Mon, 2013-01-07 at 22:34 +0100, Julien Cristau wrote:
> On Tue, Oct 16, 2012 at 04:24:05 -0400, Michael Gilbert wrote:
> > Hi, I've attached a proposed patch that moves the state file to /var/lib.
> > 
> I'm not sure that patch really fixes anything.  Also it doesn't seem
> like the file is removed by any of the maintainer scripts on package
> removal, so if anything it'll make postrm fail to rmdir /var/lib/bind.

The changes included in the package remove the file on purge.

Looking more closely, it appears that the wheezy packages don't ship the
file in any case, which means that the original bug doesn't apply there
afaics.

This change:

 # no sumfile means you get the default
-[ -f /usr/share/bind9/bind9-default.md5sum ] || 
-echo "2cfcfb7bf1b99c7930fd475907e38be7  /etc/default/bind9" > 
/usr/share/bind9/bind9-default.md5sum
+[ -f /var/lib/bind/bind9-default.md5sum ] || 
+echo "2cfcfb7bf1b99c7930fd475907e38be7  /etc/default/bind9" > 
/var/lib/bind/bind9-default.md5sum

also means that the md5sum will always be recreated on the first upgrade
from any version of the package which uses the file from /usr,
potentially causing the check to produce the wrong result.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698189: marked as done (swath: Buffer Overflow with console args is possible.)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 21:32:04 +
with message-id 
and subject line Bug#698189: fixed in swath 0.4.0-4+squeeze1
has caused the Debian Bug report #698189,
regarding swath: Buffer Overflow with console args is possible.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698189: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698189
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: swath
Version: 0.4.0-4

Buffer overflow because of strcpy with possibility to inject shellcode:

swath mule -b [More than 20 to overflow and possibly inject shellcode.] <
emptyfile

proplematic lines are:

char stopstr[20];
  if (muleMode)
strcpy(stopstr,wbr);

Instead, you should change the size of stopstr according to wbr.
Even better would be simply to change the address of stopstr like

char stopstr[20];
  if (muleMode)
stopstr = wbr;

-- System Information:
Debian Release: 6.0.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages swath depends on:
ii  libc6 2.11.3-4   Embedded GNU C Library: Shared
lib
ii  libdatrie10.2.4-1Double-array trie library
ii  libgcc1   1:4.4.5-8  GCC support library
ii  libstdc++64.4.5-8The GNU Standard C++ Library v3

swath recommends no packages.

swath suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: swath
Source-Version: 0.4.0-4+squeeze1

We believe that the bug you reported is fixed in the latest version of
swath, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 698...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Theppitak Karoonboonyanan  (supplier of updated swath package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Mon, 21 Jan 2013 15:03:30 +0700
Source: swath
Binary: swath
Architecture: source amd64
Version: 0.4.0-4+squeeze1
Distribution: stable
Urgency: high
Maintainer: Theppitak Karoonboonyanan 
Changed-By: Theppitak Karoonboonyanan 
Description: 
 swath  - Thai word segmentation program
Closes: 698189
Changes: 
 swath (0.4.0-4+squeeze1) stable; urgency=high
 .
   * debian/patches/01_buffer-overflow.patch: backport patch from upstream
 to fix potential buffer overflow in Mule mode.
 Thanks Dominik Maier for the report. (Closes: #698189)
Checksums-Sha1: 
 c0cc8e595b0f51e9787d17a5cc1e3287c14297c3 1888 swath_0.4.0-4+squeeze1.dsc
 c70abff2d69991495a2db69a4339387efed219da 4811 
swath_0.4.0-4+squeeze1.debian.tar.gz
 ea2e637cdc697d61adf5ec5618481ac681e61a0c 224206 
swath_0.4.0-4+squeeze1_amd64.deb
Checksums-Sha256: 
 366a85ed486eede1168d4237fdefeb0e54a265cc719ce2f3c167f7136291feaf 1888 
swath_0.4.0-4+squeeze1.dsc
 3f2066be827c45abfd54f6c02405530a5136987955a62ab02e4247e47dbb2e05 4811 
swath_0.4.0-4+squeeze1.debian.tar.gz
 fdf629a8d4bd53aebd31bdf5ea7e2b4ed9027312122b52461daeb0dcb846c6d4 224206 
swath_0.4.0-4+squeeze1_amd64.deb
Files: 
 a3310d4a40a430d9e524348237093809 1888 text optional swath_0.4.0-4+squeeze1.dsc
 35be01e2ceee9d152503b123588190dd 4811 text optional 
swath_0.4.0-4+squeeze1.debian.tar.gz
 280c7b1fd76ef233f764ecd6c1f063bb 224206 text optional 
swath_0.4.0-4+squeeze1_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ/QqCAAoJEKLrrtG2+QJBUfMQAI5cc4Nnzg/ouGRf8kV+C0hU
tQG7ZB06o9M3hvkS+PWGHFG2FV192a1bxfw1TwFUWNGechyRn9NLQTjWPEuEfvIl
/+IWDSjgQWcEEsUgK1inbnfwOadkNfSkGmxuJTGDgGYQ+ZSgOXTeQ0NHz0GSSWWa
EyuxyvZkU19+dJtx9LiSl31OgLmGI1lHCtTAWzYvcHmjIHnM5KdAK1xMFVNUDzFG
1UK/X0xzQ2mbTq8sBtM+G8xiKu507Xz6116JcY0j5n/CKlXPrzTAevYk669Fa/1f
fN/oe1UIwepSQz2HfmrIIpQ66srl3WHcOb8+7dBv36nd3YBZPybYvmxwi3+4fLwL
fBkKM3Aqa0+2Fh5HuxZ3girRDwxtBOQG9+D9iRUbV3GuTrhnezeT2kOsxXCXV2fo
XTFbST8yW/n0lxxGxfnUYGLLLehDR2KxgNfDxDoZFrZl00EX94WW87xFGlE8POXh
SNadNJBkjCY2ts0HPOvt6v821/zF1Nj91+/S7yGvs/9yXU4bL7BotUdNYu4NuvMM
9qqPxCx0iqV91rGCXCFtNc2oPqYDGD76QATAaplmvjqhB2

Bug#697666: marked as done (movabletype-opensource: mt-upgrade.cgi vulnerability)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 21:32:04 +
with message-id 
and subject line Bug#697666: fixed in movabletype-opensource 
4.3.8+dfsg-0+squeeze3
has caused the Debian Bug report #697666,
regarding movabletype-opensource: mt-upgrade.cgi vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
697666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697666
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: movabletype-opensource
Version: 4.3.8+dfsg-0+squeeze2
Severity: grave
Justification: remote command execution
Tags: security patch

- Forwarded message from Takeshi Nick Osanai  -

Date: Tue, 8 Jan 2013 11:26:38 +0900
From: Takeshi Nick Osanai 
To: mtos-dev 
Subject: [Mtos-dev] Movable Type 4.38 patch to fix a known upgrading
security issue
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
version=3.3.1
X-Urchin-Spam-Score-Int: -18
X-Bogosity: Ham, tests=bogofilter, spamicity=0.00, version=1.2.2

Dear MT community members,

Six Apart has found a security issue and fixed it in Movable Type 4.2
and MT 4.3.
For those of you who use Movable Type 4.2 and 4.3, Six Apart strongly
recommends that you upgrade to the latest released version of Movable
Type or execute the steps  written in below entry.
This vulnerability does not exist in Movable Type versions 5.0 or
later, including the latest Movable Type, version 5.2.2.

For more detail information, please see the entry.

http://www.movabletype.org/2013/01/movable_type_438_patch.html



-- 

Takeshi "Nick" Osanai
Movable Type Product and Marketing Manager

Six Apart, Ltd.
tosa...@sixapart.com
http://www.movabletype.org
http://www.movabletype.jp

___
Mtos-dev mailing list
mtos-...@ml.sixapart.com
http://ml.sixapart.com/mailman/listinfo/mtos-dev

- End forwarded message -

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--- End Message ---
--- Begin Message ---
Source: movabletype-opensource
Source-Version: 4.3.8+dfsg-0+squeeze3

We believe that the bug you reported is fixed in the latest version of
movabletype-opensource, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves  (supplier of updated movabletype-opensource 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 20 Jan 2013 21:18:47 +
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core 
movabletype-plugin-zemanta
Architecture: source all
Version: 4.3.8+dfsg-0+squeeze3
Distribution: stable-security
Urgency: low
Maintainer: Dominic Hargreaves 
Changed-By: Dominic Hargreaves 
Description: 
 movabletype-opensource - A well-known blogging engine
 movabletype-plugin-core - Core Movable Type plugins
 movabletype-plugin-zemanta - Zemanta Movable Type plugin
Closes: 697666
Changes: 
 movabletype-opensource (4.3.8+dfsg-0+squeeze3) stable-security; urgency=low
 .
   * Include patch fixing remote execution and SQL injection
 vulnerability in mt-upgrade.cgi (closes: #697666)
Checksums-Sha1: 
 84077f7f480078b541a9367bea145632c002161f 1289 
movabletype-opensource_4.3.8+dfsg-0+squeeze3.dsc
 3ec3fd401226f54aa7c3336427f788e04cec48cb 27786 
movabletype-opensource_4.3.8+dfsg-0+squeeze3.diff.gz
 7e1f90db2cc666a389ffa11828b3a92a9ac0e452 2917350 
movabletype-opensource_4.3.8+dfsg-0+squeeze3_all.deb
 ca2952765aa9c5ceb87347fdec2e9dfabc65d614 172016 
movabletype-plugin-core_4.3.8+dfsg-0+squeeze3_all.deb
 0b0e62338171442560ed515d1fb1c03957db9fc5 14992 
movabletype-plugin-zemanta_4.3.8+dfsg-0+squeeze3_all.deb
Checksums-Sha256: 
 a0055942344a9fd669713b933db7f545bf2100be156b80e9854da74df5d88c90 1289 
movabletype-opensource_4.3.8+dfsg-0+squeeze3.dsc
 226cd31d211e586d6c3cdf9b3cbf27eec263dec718e1f654ac5d3f1fff38c4c1 27786 
movabletype-opensource_4.3.8+dfsg-0+squeeze3.diff.gz
 39eaf88166697e5d2f8985bc13f299

Processed (with 1 errors): Re: Bug#698385: lcl-utils-0.9.30.4: On upgrade, update-alternatives error

2013-01-22 Thread Debian Bug Tracking System 
Processing control commands:

> reopen 696075
Bug #696075 {Done: Abou Al Montacir } [lcl-utils] 
lcl-utils: directory vs. symlink mess after squeeze => wheezy upgrade: 
/etc/lazarus
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions lazarus/0.9.30.4-4.
> forcemerge 696075 -1
Bug #696075 [lcl-utils] lcl-utils: directory vs. symlink mess after squeeze => 
wheezy upgrade: /etc/lazarus
Unable to merge bugs because:
package of #698385 is 'lcl-utils-0.9.30.4' not 'lcl-utils'
Failed to forcibly merge 696075: Did not alter merged bugs
Debbugs::Control::set_merged('transcript', 'GLOB(0x255b100)', 
'requester', 'David Prévot ', 'request_addr', 
'698385-sub...@bugs.debian.org', 'request_msgid', 
'<50ff050c.2090...@tilapin.org>', 'request_subject', ...) called at 
/usr/local/lib/site_perl/Debbugs/Control/Service.pm line 552
eval {...} called at 
/usr/local/lib/site_perl/Debbugs/Control/Service.pm line 551
Debbugs::Control::Service::control_line('line', 'forcemerge 696075 -1', 
'clonebugs', 'HASH(0x257e360)', 'limit', 'HASH(0x257e588)', 
'common_control_options', 'ARRAY(0x257e660)', 'errors', ...) called at 
/usr/lib/debbugs/process line 1035


-- 
696075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696075
698385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697848: NMU of ace ?

2013-01-22 Thread Thomas Girard 
On 22/01/2013 21:40, Ralf Treinen wrote:
>> I'm more annoyed by #697848. The first two issues raised by Ansgar were
>> not yet discussed with upstream because I need a confirmation on what
>> is exactly the issue. If this is what I underlined in my reply then I
>> am afraid we will have no easy solution except for moving ace to
>> non-free.
> 
> I am afraid I agree with Ansgar that the licence is rife with problems,
> in particular the part where you are not allowed to remove functionality.
> This can be read as forbidding to rip part of the source code and reuse
> it in a different projet. Can it be DFSG-free if this is not allowed ? 

Agreed, but I believe Sun intent here was to ensure that
standardization and implementation efforts (IDL to C++ and IIOP
marshalling rules) do not get ruined by code modifications. Yes, I am
interpreting.

@Johnny: any opinion on this? See [1] for the context.

> Different parts of the source code are covered by different licences. The
> question for me was rather whether it is possible to keep a kernel ace
> package containing only source code that is not covered by problematic
> licences, and possibly move the rest into an ace-nonfree package. Are you
> saying that this is not possible, and that the only possible action 
> would be to move everything to non-free? I don't know anything about the
> structure of the ace package.

ace source package consists in the following software:
 - ACE, a C++ networking library
 - TAO, a CORBA ORB built on top of ACE

What is faulty here is TAO_IDL (idl to C++ mapping) and a piece of
marshalling code (again, for TAO). So ACE can remain in main, but TAO
has to go to non-free.

This means two repackaging: one for ACE and another for TAO (not
distributed stand-alone ATM) in non-free.

Thanks,
Regards,

Thomas

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697848#10


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#672524: [Pkg-bitcoin-devel] Bug#672524: Bug#672524: bitcoin: FTBFS[any-i386]: testsuite errors

2013-01-22 Thread Scott Howard 
On Mon, Jan 21, 2013 at 10:17 PM, Scott Howard  wrote:
> On Sat, Jan 19, 2013 at 3:52 PM, Petter Reinholdtsen  wrote:
>> [Christoph Egger]
>>>   We'll see as soon as it builds on the buildds I'd say.
>>
>> Still fail.  I am unable to understand why:

> I have a wild guess, but would appreciate feedback. script_tests.cpp
> calls boost:filesystem:current_path(), which essentially reads in $PWD
> from the environment. Is it possible that the i386 buildds cleared the
> PWD variable prior to build? If so, we can append PWD=$(CURDIR) before
> invoking the test_script command. [1,2] Or better yet, compile while
> defining TEST_DATA_DIR (see [3]) so it doesn't depend on
> current_path() at all.

Sorry, it looks like TEST_DATA_DIR is already defined properly. From
the build log:

g++ -c 
-DTEST_DATA_DIR=/build/buildd-bitcoin_0.7.2-2-i386-2MCUBL/bitcoin-0.7.2/src/test/data
-DBOOST_TEST_DYN_LINK -O2 -pthread -Wall -Wextra -Wformat
-Wformat-security -Wno-unused-parameter -g -DBOOST_SPIRIT_THREADSAFE
-I/build/buildd-bitcoin_0.7.2-2-i386-2MCUBL/bitcoin-0.7.2/src
-I/build/buildd-bitcoin_0.7.2-2-i386-2MCUBL/bitcoin-0.7.2/src/obj
-DUSE_UPNP=0 -DUSE_IPV6=1 -DHAVE_BUILD_INFO -fno-stack-protector
-fstack-protector-all -Wstack-protector -D_FORTIFY_SOURCE=2  -MMD -MF
obj-test/script_tests.d -o obj-test/script_tests.o
test/script_tests.cpp

And it is properly set in the makefile.unix:
TESTDEFS = -DTEST_DATA_DIR=$(abspath test/data)

So I'm back to being stumped, the files it can't find are the location
that is being passed. The location is correct. It can be built in
pbuilder but failing on the buildds.

~Scott


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#686650: marked as done (bcron: CVE-2012-6110: bcron file descriptors not closed)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 20:47:09 +
with message-id 
and subject line Bug#686650: fixed in bcron 0.09-11+squeeze1
has caused the Debian Bug report #686650,
regarding bcron: CVE-2012-6110: bcron file descriptors not closed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
686650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686650
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bcron
Version: 0.09-12
Severity: normal
Tags: upstream

Dear Maintainer,

I think I have found a security breach in bcron. Bcron-exec program does not 
close 
its file descriptors when does fork()/exec() to run scheduled jobs. When used 
in 
untrusted environment such as shared hosting, it is possible for one user to 
send
spam from neighbour user's accounts or read other's cron job stdout.

In deeper details. If any user's program runs through cron and generates some 
output to
stdout/stderr, cron must send its output to owner's e-mail. Bcron uses 
start_slot()
function to create a temp file, write e-mail message headers in there to prepare
this mail to be sent and then does fork/exec to run scheduled task and 
redirects 
its stdout/stderr to this particular file. After this task done its work,
bcron in end_slot() compares the length of temp file with stored length of empty
temp file with only headers filled in and if they differ, end_slot() runs 
sendmail
to deliver this message.

start_slot() calls forkexec_slot() to fork and forkexec_slot() calls exec_cmd() 
to exec corresponding task. But before calling execv() it must close all open 
fds
execpt stdin/stdout/stderr. Unfortunatelly, there is no such code in exec_cmd().

If one creates 2 tasks and runs them simultaneously using bcron, the following 
situation occurs:

1. First task (cron1.sh):

root@debian:~# lsof -p 14230
COMMANDPID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME
cron1.sh 14230 root  cwdDIR  254,0 4096   902 /root
cron1.sh 14230 root  rtdDIR  254,0 4096 2 /
cron1.sh 14230 root  txtREG  254,0   106920   624 /bin/dash
cron1.sh 14230 root  memREG  254,0  1583120   732 
/lib/x86_64-linux-gnu/libc-2.13.so
cron1.sh 14230 root  memREG  254,0   136936   977 
/lib/x86_64-linux-gnu/ld-2.13.so
cron1.sh 14230 root0u   CHR1,3  0t0  1199 /dev/null
cron1.sh 14230 root1u   REG   0,17   479453 22716 
/tmp/bcron.14096.1346752020.105007 (deleted)
cron1.sh 14230 root2u   REG   0,17   479453 22716 
/tmp/bcron.14096.1346752020.105007 (deleted)
cron1.sh 14230 root3r  FIFO0,8  0t0 55752 pipe
cron1.sh 14230 root   10r   REG  254,0   45   115 /root/cron1.sh

2. second task (cron2.sh):

root@debian:~# lsof -p 14231
COMMANDPID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME
cron2.sh 14231 root  cwdDIR  254,0 4096   902 /root
cron2.sh 14231 root  rtdDIR  254,0 4096 2 /
cron2.sh 14231 root  txtREG  254,0   106920   624 /bin/dash
cron2.sh 14231 root  memREG  254,0  1583120   732 
/lib/x86_64-linux-gnu/libc-2.13.so
cron2.sh 14231 root  memREG  254,0   136936   977 
/lib/x86_64-linux-gnu/ld-2.13.so
cron2.sh 14231 root0u   CHR1,3  0t0  1199 /dev/null
cron2.sh 14231 root1u   REG   0,17   316908 22717 
/tmp/bcron.14096.1346752020.105958 (deleted)
cron2.sh 14231 root2u   REG   0,17   316908 22717 
/tmp/bcron.14096.1346752020.105958 (deleted)
cron2.sh 14231 root3r  FIFO0,8  0t0 44757 pipe
cron2.sh 14231 root6u   REG   0,17   318938 22716 
/tmp/bcron.14096.1346752020.105007 (deleted)
cron2.sh 14231 root   10r   REG  254,0   45   112 /root/cron2.sh

Notice fd #6 is temp file created for gathering output of cron1.sh but cron2.sh 
has access to it and may overwrite it with its own content. And this message 
would be sent from cron1 while cron1 never generated it.

Speaking about shared hosting environment, it is possible for malicious user
to send spam without any traces showing this spam was sent from his/her account.

I'm going to attach path fixing this issue after it is tested and considered 
stable.


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bcron depends on:
ii  libbg1  1.106-1
ii  libc6   2.13-35

Versions of packages bcron recommends:
ii  bcron-run   0.09-12
ii  postfix [mail-transport-agent]  2.9.3-2.1
ii  runit

Bug#683584: marked as done (ganglia: [Debian RT] CVE-2012-3448: arbitrary script execution)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 20:47:05 +
with message-id 
and subject line Bug#683584: fixed in ganglia 3.1.7-1+squeeze1
has caused the Debian Bug report #683584,
regarding ganglia: [Debian RT] CVE-2012-3448: arbitrary script execution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
683584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683584
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ganglia
Severity: grave
Tags: security
Justification: user security hole

Hi,

recently released Ganglia Web fixes a remote script execution
vulnerability. It has been allocated CVE-2012-3348.

More info on http://ganglia.info/?p=549 and
https://bugzilla.redhat.com/show_bug.cgi?id=845124

Can you prepare packages with isolated fixes for Squeeze and unstable
(since we are in freeze)?

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: ganglia
Source-Version: 3.1.7-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
ganglia, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 683...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ganglia package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 19 Jan 2013 10:04:17 +0100
Source: ganglia
Binary: ganglia-monitor gmetad libganglia1 libganglia1-dev ganglia-webfrontend
Architecture: source all amd64
Version: 3.1.7-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Stuart Teasdale 
Changed-By: Salvatore Bonaccorso 
Description: 
 ganglia-monitor - cluster monitoring toolkit - node daemon
 ganglia-webfrontend - cluster monitoring toolkit - web front-end
 gmetad - cluster monitoring toolkit - Ganglia Meta-Daemon
 libganglia1 - cluster monitoring toolkit - shared libraries
 libganglia1-dev - cluster monitoring toolkit - development libraries
Closes: 683584
Changes: 
 ganglia (3.1.7-1+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix for path traversal issue when supplying name of a graph
 web/graph.php: Check for path traversal issues by making sure real path
 is actually in graphdir. Fixes CVE-2012-3448.
 Fix backported from ganglia 3.1.8. (Closes: #683584)
Checksums-Sha1: 
 2290ba128ab210741321cad251f4b92e97c1f020 1885 ganglia_3.1.7-1+squeeze1.dsc
 e234d64814af1c9f55f1cd039a5840039d175f85 1278023 ganglia_3.1.7.orig.tar.gz
 b4b08eb9fa601be74015c76e97a1d4e56928567b 46695 ganglia_3.1.7-1+squeeze1.diff.gz
 5a52ac3eebab113e5ae57c85a6acb3beaa0e22a3 112074 
ganglia-webfrontend_3.1.7-1+squeeze1_all.deb
 05475510eb0e007b0b2823642ec7c6b7a2773daa 59890 
ganglia-monitor_3.1.7-1+squeeze1_amd64.deb
 ecf312800807aecf3afa8c20b672edfb712fd9b6 32748 
gmetad_3.1.7-1+squeeze1_amd64.deb
 04f9f2bff6cb9cf5819c5279f05f7766ebf2b137 139724 
libganglia1_3.1.7-1+squeeze1_amd64.deb
 0334031631d65137aee62fbaa025fec0337b9882 45238 
libganglia1-dev_3.1.7-1+squeeze1_amd64.deb
Checksums-Sha256: 
 a0a84c993ebfec6956ce02db64997d7b5a08ba592f527cba4e26139c74960998 1885 
ganglia_3.1.7-1+squeeze1.dsc
 bb1a4953d72e7dace76010a30d6d332e4ac0991d1371dbbcbcc7b048e0a7e4bf 1278023 
ganglia_3.1.7.orig.tar.gz
 f76eddf43497a757a4b578d1dea15bafe76a0f4b9dd310f12baafa856b74d62e 46695 
ganglia_3.1.7-1+squeeze1.diff.gz
 4ac04256a2ed381f64c82ba156ade367ccda7a062706fd5a95dd9f59bae9676e 112074 
ganglia-webfrontend_3.1.7-1+squeeze1_all.deb
 be608229b61f94517638600f495388bf6b7d0e482ad39ec88deca45f0dcf9da1 59890 
ganglia-monitor_3.1.7-1+squeeze1_amd64.deb
 ed9a7527a0c8a479f6d8d3b2c12aa7edbc9fd057d72eab553ceae259eddf6442 32748 
gmetad_3.1.7-1+squeeze1_amd64.deb
 ec93fca0ae717dd040baa5125942506bc450e6aa41060d3ec9c35045c79bea87 139724 
libganglia1_3.1.7-1+squeeze1_amd64.deb
 a467dd94f95011339a0691af9204eb84585047fb410dd6ceb2183b532a

Bug#686650: bcron update for stable

2013-01-22 Thread Adam D. Barratt 
On Fri, 2013-01-18 at 20:28 +, Adam D. Barratt wrote:
> On Fri, 2013-01-18 at 14:57 +, Gerrit Pape wrote:
> 
> > as suggested by Jonathan below, I prepared a bcron package fixing
> > #686650 as candidate for the next squeeze point release.  A debdiff is
> > attached, the package ready for upload.
> 
> Please go ahead; thanks.

Flagged for acceptance in to p-u.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697848: NMU of ace ?

2013-01-22 Thread Ralf Treinen 
Hi,

On Tue, Jan 22, 2013 at 08:27:14PM +0100, Thomas Girard wrote:
> 
> Thanks for offering your help. I have requested a refresh on my updated
> GPG key but so far I got no news.
> 
> > In your opinion, which files would have to be dropped ? How would
> > dropping
> > parts of the source affect the packaging ?
> > 
> > Most of the files affected by these  two bug reports have been
> > acknowledged by upstream and a solution is already been approved but not
> > yet implemented. 
> 
> Regarding #697847, the files under bin/LabVIEW_RT can be removed.

yes, that one seems pretty easy (and has to be done even when the package 
moves to non-free).

> I'm more annoyed by #697848. The first two issues raised by Ansgar were
> not yet discussed with upstream because I need a confirmation on what
> is exactly the issue. If this is what I underlined in my reply then I
> am afraid we will have no easy solution except for moving ace to
> non-free.

I am afraid I agree with Ansgar that the licence is rife with problems,
in particular the part where you are not allowed to remove functionality.
This can be read as forbidding to rip part of the source code and reuse
it in a different projet. Can it be DFSG-free if this is not allowed ?

Different parts of the source code are covered by different licences. The
question for me was rather whether it is possible to keep a kernel ace
package containing only source code that is not covered by problematic
licences, and possibly move the rest into an ace-nonfree package. Are you
saying that this is not possible, and that the only possible action 
would be to move everything to non-free? I don't know anything about the
structure of the ace package.

Cheers -Ralf


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697847: Bug#697848: NMU of ace ?

2013-01-22 Thread Thomas Girard 
Hello,

On 22/01/2013 13:55, Pau Garcia i Quiles wrote:
> On Tue, Jan 22, 2013 at 9:10 AM, Ralf Treinen  > wrote:
> I may help with uploading an ace with a repackaged source if necessary. 

Thanks for offering your help. I have requested a refresh on my updated
GPG key but so far I got no news.

> In your opinion, which files would have to be dropped ? How would
> dropping
> parts of the source affect the packaging ?
> 
> Most of the files affected by these  two bug reports have been
> acknowledged by upstream and a solution is already been approved but not
> yet implemented. 

Regarding #697847, the files under bin/LabVIEW_RT can be removed.

I'm more annoyed by #697848. The first two issues raised by Ansgar were
not yet discussed with upstream because I need a confirmation on what
is exactly the issue. If this is what I underlined in my reply then I
am afraid we will have no easy solution except for moving ace to
non-free.

> Thomas: I can also upload 

The DM procedure has changed [1] and I'm afraid I will not be able to
give you the rights until my key gets refreshed.

Thanks,
Regards,

Thomas

[1] https://lists.debian.org/debian-devel-announce/2012/09/msg8.html


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698259: marked as done (guilt: Maintainer address does not accept mail)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 19:02:37 +
with message-id 
and subject line Bug#698259: fixed in guilt 0.35-1.1
has caused the Debian Bug report #698259,
regarding guilt: Maintainer address does not accept mail
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698259: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698259
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: guilt
Version: 0.35-1
Severity: serious
Justification: policy 3.3

Hi,

The address iul...@linux.com seems to be out of date.  Do you happen to
know a more recent one?

Thanks,
Jonathan
--- Begin Message ---
Delivery to the following recipient failed permanently:

 iul...@linux.com

Technical details of permanent failure: 
Google tried to deliver your message, but it was rejected by the recipient 
domain. We recommend contacting the other email provider for further 
information about the cause of this error. The error that the other server 
returned was: 550 550 5.1.1 : Recipient address rejected: 
User unknown in virtual alias table (state 13).

- Original message -

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=x-received:date:from:to:cc:subject:message-id:references
 :mime-version:content-type:content-disposition:in-reply-to
 :user-agent;
bh=5R77SXo5cl/kTRPyQ+w6XB9KL6CyQ3iNYS4jGh5viJI=;
b=sCTr9rFLYRw1/L0/c1tcb5qtrMYE/l9WJHx7ciNzSwpVx4ZUroI+HyL887JaTIh6AI
 KVH3FXascYIJkFgnHKxQIxcLSFEnQY5zwCMJ2P6UKUD9VMWp2iCJljuXRtqI6PdR4N7t
 MetjkGv2tbkxAOx/YU0M5rNFVkiPP5ovS0uyy/TB8UydlICHr7QUtI6EedYUdg7VrXac
 b+SGtfW3NXpQbcwiChYpeLU/1mx7dvcI4PWRUwH7/0dV4bYEdi+vvl2blMOLbRyBf8kq
 bfG5MEI+ijyReqNnRFoxUWvgpP2ZoFhlMdif5I5hodj8dInXZwBgLP0vupdL8e9kwvJT
 +uMw==
X-Received: by 10.68.226.71 with SMTP id rq7mr270522746pbc.60.1358303508667;
Tue, 15 Jan 2013 18:31:48 -0800 (PST)
Return-Path: 
Received: from google.com ([2620:0:1000:5b00:b6b5:2fff:fec3:b50d])
by mx.google.com with ESMTPS id gj1sm11299307pbc.11.2013.01.15.18.31.46
(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
Tue, 15 Jan 2013 18:31:47 -0800 (PST)
Date: Tue, 15 Jan 2013 18:31:44 -0800
From: Jonathan Nieder 
To: Josef 'Jeff' Sipek 
Cc: g...@vger.kernel.org, Per Cederqvist ,
Theodore Ts'o , Iulian Udrea ,
Axel Beckert 
Subject: [GUILT]  [PATCH 7/7] Drop unneeded git version check.
Message-ID: <20130116023144.gp12...@google.com>
References: <20130116022606.gi12...@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130116022606.gi12...@google.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

Git's compatibility record is pretty good, so there's no need to worry
that newer versions of git will break the "git config" command.

Without this change, guilt errors out for git 1.8.  With it, all tests
pass.

Signed-off-by: Jonathan Nieder 
---
Thanks for reading.

 guilt | 11 ---
 1 file changed, 11 deletions(-)

diff --git a/guilt b/guilt
index 66a671a..6cb43e3 100755
--- a/guilt
+++ b/guilt
@@ -26,17 +26,6 @@ SUBDIRECTORY_OK=1
 . "$(git --exec-path)/git-sh-setup"
 
 #
-# Git version check
-#
-gitver=`git --version | cut -d' ' -f3 | sed -e 's/^debian\.//'`
-case "$gitver" in
-   1.5.*)  ;; # git config
-   1.6.*)  ;; # git config
-   1.7.*)  ;; # git config
-   *)  die "Unsupported version of git ($gitver)" ;;
-esac
-
-#
 # Shell library
 #
 usage()
-- 
1.8.1

--- End Message ---
--- End Message ---
--- Begin Message ---
Source: guilt
Source-Version: 0.35-1.1

We believe that the bug you reported is fixed in the latest version of
guilt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 698...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire  (supplier of updated guilt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 20 Jan 2013 18:32:26 +
Source: guilt
Binary: guilt
Architecture: source all
Version: 0.35-1.1
Distribution: unstable
Urgency: low
Maintainer: Iulian Udrea 
Changed-By: Jonathan Wiltshire 
Descrip

Bug#695774: marked as done (redmine: fails to upgrade, says something about a pgsql_adapter)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 19:02:56 +
with message-id 
and subject line Bug#695774: fixed in redmine 1.4.4+dfsg1-2
has caused the Debian Bug report #695774,
regarding redmine: fails to upgrade, says something about a pgsql_adapter
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
695774: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: redmine
Version: 1.4.4+dfsg1-1.1
Severity: serious
Justification: Policy 4.2

Today’s dist-upgrade inside wheezy failed. Retrying yields:

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? 
Setting up redmine (1.4.4+dfsg1-1.1) ...
dbconfig-common: writing config to 
/etc/dbconfig-common/redmine/instances/default.conf

Creating config file /etc/redmine/default/database.yml.new with new version
dbconfig-common: flushing administrative password
Populating database for redmine instance "default".
This may take a while.
NOTE: Gem.source_index is deprecated, use Specification. It will be removed on 
or after 2011-11-01.
Gem.source_index called from 
/usr/share/redmine/vendor/rails/railties/lib/rails/gem_dependency.rb:21.
rake aborted!
Please install the pgsql adapter: `gem install activerecord-pgsql-adapter` 
(cannot load such file -- active_record/connection_adapters/pgsql_adapter)

Tasks: TOP => db:migrate => environment
(See full trace by running task with --trace)
Error when running rake db:migrate, check database configuration.
dpkg: error processing redmine (--configure):
 subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:
 redmine
E: Sub-process /usr/bin/dpkg returned an error code (1)



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static

Versions of packages redmine depends on:
ii  bundler   1.1.4-6
ii  dbconfig-common   1.8.47+nmu1
ii  debconf [debconf-2.0] 1.5.46
ii  redmine-pgsql 1.4.4+dfsg1-1.1
ii  ruby  4.9
ii  ruby-coderay  1.0.6-2
ii  ruby-fastercsv1.5.5-1
ii  ruby-net-ldap 0.3.1-2
ii  ruby-rack 1.4.1-2
ii  ruby-rails-2.32.3.14-4
ii  ruby1.9.1 [ruby-interpreter]  1.9.3.194-5

redmine recommends no packages.

Versions of packages redmine suggests:
pn  bzr   
pn  cvs   
pn  darcs 
ii  git   1:1.7.10.4-1+wheezy1
pn  mercurial 
pn  ruby-openid   
pn  ruby-rmagick  
ii  subversion1.6.17dfsg-4

-- debconf information:
  redmine/instances/default/password-confirm: (password omitted)
  redmine/instances/default/pgsql/admin-pass: (password omitted)
  redmine/instances/default/mysql/admin-pass: (password omitted)
  redmine/instances/default/app-password-confirm: (password omitted)
  redmine/instances/default/mysql/app-pass: (password omitted)
  redmine/instances/default/pgsql/app-pass: (password omitted)
  redmine/instances/default/db/app-user: redmine
  redmine/instances/default/passwords-do-not-match:
  redmine/instances/default/default-language: en
  redmine/instances/default/remote/newhost:
  redmine/instances/default/db/basepath:
  redmine/notify-migration:
  redmine/old-instances:
  redmine/instances/default/upgrade-error: abort
  redmine/instances/default/pgsql/changeconf: false
  redmine/instances/default/missing-db-package-error: abort
  redmine/instances/default/db/dbname: redmine_default
  redmine/instances/default/purge: false
  redmine/current-instances: default
  redmine/instances/default/remote/host:
  redmine/default-language: ${defaultLocale}
  redmine/instances/default/dbconfig-upgrade: true
  redmine/instances/default/pgsql/no-empty-passwords:
  redmine/instances/default/internal/reconfiguring: false
  redmine/instances/default/upgrade-backup: true
  redmine/instances/default/pgsql/method: unix socket
  redmine/instances/default/install-error: abort
  redmine/instances/default/mysql/admin-user: root
* redmine/instances/default/database-type: pgsql
  redmine/instances/default/pgsql/manualconf:
  redmine/instances/default/pgsql/authmethod-admin: ident
  redmine/instances/default/mysql/method: unix socket
  redmine/instances/default/interna

Bug#698490: marked as done (git-effort/git-changelog: predictable /tmp filenames)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 18:47:46 +
with message-id 
and subject line Bug#698490: fixed in git-extras 1.7.0-1.2
has caused the Debian Bug report #698490,
regarding git-effort/git-changelog: predictable /tmp filenames
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
698490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: git-extras
Version: 1.7.0-1.1
Severity: serious
Tags: security


The git-effort utility uses /tmp/.git-effort as the name of its
temporary filename. While this already prevents two users from using
this utility (due to not cleaning its temporary file) it also allows for
targeted symbolic link attacks. No guessing involved.

Helmut
--- End Message ---
--- Begin Message ---
Source: git-extras
Source-Version: 1.7.0-1.2

We believe that the bug you reported is fixed in the latest version of
git-extras, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 698...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire  (supplier of updated git-extras package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 20 Jan 2013 18:07:43 +
Source: git-extras
Binary: git-extras
Architecture: source all
Version: 1.7.0-1.2
Distribution: unstable
Urgency: medium
Maintainer: Jesús Espino 
Changed-By: Jonathan Wiltshire 
Description: 
 git-extras - Extra commands for git
Closes: 698490
Changes: 
 git-extras (1.7.0-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * git-changelog, git-effort: Correct unsafe temporary file usage
 (Closes: #698490)
Checksums-Sha1: 
 ccaa81a72466c390f505d66f75648d449536f3e3 1754 git-extras_1.7.0-1.2.dsc
 4160d13d88e70712bfe74930aca4bcf616f7acc6 4089 
git-extras_1.7.0-1.2.debian.tar.gz
 bc1e4570df7dae608c48bd8e3ca842618c167bb6 24074 git-extras_1.7.0-1.2_all.deb
Checksums-Sha256: 
 cdb2d824f02a6f6fbf40bd5ea695d35f24550c6904b31d23923bb8442d85f134 1754 
git-extras_1.7.0-1.2.dsc
 7c00fef94b51a6b6c9df8c744b87cab3c747229f7e74d77bbe9df2abed86ab6d 4089 
git-extras_1.7.0-1.2.debian.tar.gz
 cb65bff48647308d4487d619b4719d8776b4dbff16c36d2328e470743b06d1b5 24074 
git-extras_1.7.0-1.2_all.deb
Files: 
 296c98de75967e78cb26dffdd8112ec2 1754 vcs extra git-extras_1.7.0-1.2.dsc
 70aebda7995bcd02becb38c7872a6ff2 4089 vcs extra 
git-extras_1.7.0-1.2.debian.tar.gz
 fa8cdd4a255003718431fdeab4b8e333 24074 vcs extra git-extras_1.7.0-1.2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ/DVtAAoJEFC7AtTIpr9hjNoP/3V7uzkHO5gvvD6iGnAGk2+G
U7H6w8Mmktei325epxTGjDTQtdvKr8auZ+hD8lm8zIf0e111zoa14bGj2QezARl1
PUschwGuDFtUFbJ14Od9K2i0kTYKxD8FsD1bDmrwz/7+ftjyycLI/uMxT22WsDh8
djVwKQa0e5PIU/TX6ftzZKOLUi2t9/KgUo57gSITF9XCw5cRyBv5xNVlG0RNTNjj
bxHfRwaZ70TZuaPaleGfAh34bHHXfbFoeKzZG7IcDDUK77vfXDjIlX2BRLW/9e+d
U8FEzyGTlUvn3yWEjbhiHFz52bGpXEvrKw8DGss3Z+qLuuM1i4hDWKzDTVj5254c
96fDkCpmQdT9R4V41wGvnzcvyYLfEO7IEYO6EydNO6Y7yrM3H9Kg2RYqMRBUw13x
pgouiVNSNBQYhCrzeRt7hsMCQMtmJMXO2VyRYSEf1qtIIYr4c6XJkMdCYuCjr6tQ
qG0kwYV3yYmZ0PJ+fViCYegp++6LLcCijoI5vuhcbBkJW7DljEPvoqr9JRomurY0
XgugYUH06Qt0pnkN0rGT6ZEtn2iSNkuuRLx3nDSvEQEc/URmBL1xjO1qhpKACVic
hf2lBSGDPMySnMcSAcKGXI+ED6EOQaGmyfjzoiWcG6Xk0Kdl5lCLGzevmJtRYUzW
reXDfkx0Uq1gmbULepjW
=K+8i
-END PGP SIGNATURE End Message ---

Processed: forcibly merging 368297 658896

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forcemerge 368297 658896
Bug #368297 [libgcrypt11] sudo-ldap failes when you change uri to ldaps
Bug #545414 [libgcrypt11] sudo-ldap: sudo fails with "sudo: setreuid(ROOT_UID, 
user_uid): Operation not permitted" for ldap users
Bug #566351 [libgcrypt11] libgcrypt11: should not change user id as a side 
effect
Bug #579647 [libgcrypt11] nss-ldap changing uid due to using gcrypt somewhere...
Bug #601667 [libgcrypt11] libpam-smbpass migrate breaks su (squeeze)
Bug #628671 [libgcrypt11] passwd: Ordinary users can't change their passwords.
Bug #658896 [libgcrypt11] sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): 
Operation not permitted
Set Bug forwarded-to-address to 
'http://mid.gmane.org/20100123134725.ga3...@downhill.g.la'.
Severity set to 'normal' from 'serious'
Added indication that 658896 affects libnss-ldap
Marked as found in versions libgcrypt11/1.4.4-6.
Added tag(s) help.
Bug #628671 [libgcrypt11] passwd: Ordinary users can't change their passwords.
Added tag(s) d-i and patch.
Added tag(s) d-i and patch.
Added tag(s) d-i and patch.
Added tag(s) d-i and patch.
Added tag(s) d-i and patch.
Added tag(s) d-i and patch.
Bug #545414 [libgcrypt11] sudo-ldap: sudo fails with "sudo: setreuid(ROOT_UID, 
user_uid): Operation not permitted" for ldap users
Bug #566351 [libgcrypt11] libgcrypt11: should not change user id as a side 
effect
Bug #579647 [libgcrypt11] nss-ldap changing uid due to using gcrypt somewhere...
Bug #601667 [libgcrypt11] libpam-smbpass migrate breaks su (squeeze)
Merged 368297 545414 566351 579647 601667 628671 658896
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
368297: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368297
545414: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545414
566351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
579647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579647
601667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601667
628671: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628671
658896: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658896
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#677054: nut-client: prompting due to modified conffiles which were not modified by the user

2013-01-22 Thread gregor herrmann 
On Mon, 21 Jan 2013 21:09:31 +0100, Andreas Beckmann wrote:

> Followup-For: Bug #677054
> Hi,

Hi Andreas,

thanks for this additional information!
 
> start with lenny chroot:
> 
> installation in lenny:
> /etc/nut/ is empty
> distupgrade to squeeze:
> 331cca39153f451c2968f4b734c1cf3f  /etc/nut-l2s/nut.conf

> start with squeeze chroot:
> installation in squeeze:
> f9b571ae65952e3a761fac2202633478  /etc/nut-s/nut.conf

Now that's fancy that the file differs between those two cases ...
After staring a bit at the package, I think I found the reason:

The squeeze version has a nut.postinst that converts /etc/default/nut
to /etc/nut/nut.conf, so probably the fragments shown in your
lenny2squeeze file come from there; on a new squeeze install this
does not happen.

And now the nut-client.preinst in wheezy and sid [0] reverts some
mangling but only for an md5sum of f9b571ae65952e3a761fac2202633478,
i.e. for configs from fresh squeeze installs, and not for
upgraded-from-lenny files.

At least that's my guess now - maybe I got something wrong :)

Now, I'm not sure how to fix this in a sane way.


Cheers,
gregor


[0] this also indicates that the problem is present in 2.6.4-2.1,
since the preinst was last touched in -2.1
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Rolling Stones: Everyday


signature.asc
Description: Digital signature

Bug#698714: [gosa] Configuring GOsa failed

2013-01-22 Thread Csanyi Pal 
Package: gosa
Version: 2.7.4-4
Severity: grave

--- Please enter the report below this line. ---
Hi,

I'm trying to configure my Gosa installation following the
/usr/share/doc/gosa/README.Debian.

Pointing my Internet browser to the
http://localhost/gosa/setup.php?js=true

and running
$ sudo echo -n si3rj6ckpff4gf6jpgfh8328a4 > /tmp/gosa.auth

I can reach the step 4: LDAP connection setup.

Here I have:
* LDAP connection
Location name: default
Connection URI: ldap://localhost:389
TLS connection: No
Base: dc=nodomain
* Authentication
Administrator DN: an empty field
not checked --> Automatically append LDAP base to administrator DN 
Administrator password: an empty field
* Schema based settings
Use RFC 2307bis compliant groups: No
* Current status
Information: Anonymous bind to server 'ldap://localhost:389'
succeeded. Please specify user and password! 

When I installed slapd, I set it up with the followings:
Omit OpenLDAP server configuration? No
DNS domain name: nodomain
Organization name: nodomain
Administrator password: secret1
Database backend to use: HDB
Do you want the database to be removed when slapd is purged? No
Move old database? Yes
Allow LDAPv2 protocol? No

I want to use LDAP only on my desktop machine where I installed slapd.

Back to the Gosa Configuration.

Now, when I checked the 
Automatically append LDAP base to administrator DN

I get:
Administrator DN: an ampty field and at the and of the field:
',dc=nodomain' without quotes,
Administrator password: secret1
Current status
Information Bind as user ',dc=nodomain' failed!

I can't go further to configure Gosa.
What can I do now to solve this problem?

I expect this Configuration to works out of the box, but it doesn't
work. 


--- System information. ---
Architecture: amd64
Kernel:   Linux 3.2.0-4-amd64

Debian Release: 7.0
  500 unstablewww.deb-multimedia.org 
  500 unstableftp.debian.org 
  500 unstabledebian.scribus.net 
  500 testing www.deb-multimedia.org 
  500 testing ftp.debian.org 
  500 stable  dl.google.com 
1 experimentalftp.debian.org 

--- Package information. ---
Depends(Version) | Installed
-+-
php5 | 5.4.4-12
php5-cli | 5.4.4-12
apache2  | 
 OR lighttpd | 
 OR httpd| 
exim4| 4.80-7
 OR mail-transport-agent | 
php5-gd  | 5.4.4-12
php5-imap| 5.4.4-12
php5-ldap| 5.4.4-12
php5-mcrypt  | 5.4.4-12
php5-mysql   | 5.4.4-12
php5-imagick | 
 OR imagemagick  (>= 5.4.4.5-1)  | 8:6.7.7.10-5
 OR graphicsmagick-im-compat | 
libcrypt-smbhash-perl| 0.12-3
php5-recode  | 5.4.4-12
smarty3(>= 3.1.10-1) | 3.1.10-2
gettext  | 0.18.1.1-10
libapache2-mod-php5  | 5.4.4-12
 OR php5-cgi | 
php5-curl| 5.4.4-12
ttf-liberation   | 1.07.2-6


Package's Recommends field is empty.

Suggests (Version) | Installed
==-+-
gosa-si-server | 
cyrus21-imapd  (>= 2.1.11) | 
postfix-ldap   | 
slapd  | 2.4.31-1
gosa-schema| 2.7.4-4
php5-suhosin   | 
php-apc| 
php-fpdf   | 


-- 
Regards from Pal


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#662915: marked as done (cups: Asking for root password on localhost during an update of ppd files.)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 17:02:52 +
with message-id 
and subject line Bug#640939: fixed in cups 1.5.3-2.14
has caused the Debian Bug report #640939,
regarding cups: Asking for root password on localhost during an update of ppd 
files.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
640939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640939
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cups
Version: 1.5.2-6
Severity: normal

Hi,

I would like to report some unnecessary behaviour happened during updating cups 
package. 
During the update I was asked for root password for localhost for no reason 
appearently because
I was logged in as root. On the top of it, I don't really think it verify any 
password written there, because
first password, due to extraordinary question during update according to my 
experiencie, was just bunch of letters, but not password at all. Then I typed 
my real password for root, but it asked me again. So I typed something else and 
after that one more time and it continued to updating pdd files and 
successfully updated my system. It is weird at least to me, but there is lots 
of stuff weird to me. :)

Here is a relevant part of update:

Starting Common Unix Printing System: cupsd.
Updating PPD files for cups ...
Updating PPD files for cups-filters ...
Updating PPD files for foomatic-db-compressed-ppds ...
Updating PPD files for foomatic-db-engine ...
Updating PPD files for c2esp ...
Updating PPD files for escpr ...
Updating PPD files for foo2zjs ...
Updating PPD files for hpcups ...
Password for root on localhost?

And it is strange, that after first question to type the password, no more 
entries were made to /var/log/apt/term.log . Because the following were 
happening in terminal :


Starting Common Unix Printing System: cupsd.   
Updating PPD files for cups ...
Updating PPD files for cups-filters ...
Updating PPD files for foomatic-db-compressed-ppds ... 
Updating PPD files for foomatic-db-engine ... 
Updating PPD files for c2esp ...
Updating PPD files for escpr ...
Updating PPD files for foo2zjs ...  
Updating PPD files for hpcups ...   
Password for root on localhost? 
Updating PPD files for hpijs ...
Password for root on localhost? 
Password for root on localhost? 
Password for root on localhost? 
Password for root on localhost? 
Password for root on localhost? 
Updating PPD files for m2300w ...   
Updating PPD files for postscript-hp ...
Updating PPD files for ptouch ... 
Updating PPD files for pxljr ...  
Updating PPD files for sag-gdi ...
Updating PPD files for splix ... 

 and so on but with different packages 


I do hope it is a bug, but if not I am sorry for wasting your time. :)


I would like to say thank you very much for all your hard work and have a good 
day. 


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cups depends on:
ii  adduser3.113+nmu1
ii  bc 1.06.95-2+b1
ii  cups-client1.5.2-6
ii  cups-common1.5.2-6
ii  cups-filters   1.0.2-1
ii  cups-ppdc  1.5.2-6
ii  debconf [debconf-2.0]  1.5.41
ii  dpkg   1.16.1.2
ii  ghostscript9.05~dfsg-3
ii  libavahi-client3   0.6.31-1
ii  libavahi-common3   0.6.31-1
ii  libc6  2.13-27
ii  libcups2   1.5.2-6
ii  libcupscgi11.5.2-6
ii  libcupsimage2  1.5.2-6
ii  libcupsmime1   1.5.2-6
ii  libcupsppdc1   1.5.2-6
ii  libdbus-1-31.4.18-1
ii  libgcc11:4.6.3-1
ii  libgnutls262.12.16-1
ii  libgssapi-krb5-2   1.10+dfsg~beta1-2
ii  libkrb5-3  1.10+dfsg~beta1-2
ii  libldap-2.4-2  2.4.28-1.1
ii  libpam0g   1.1.3-7
ii  libpaper1  1.1.24+nmu1
ii  libslp11.2.1-9
ii  libstdc++6 4.6.3-1
ii  libusb-1.0-0   2:1.0.9~rc3-3
ii  lsb-base   3.2+Debian30
ii  poppler-utils  0.16.7-3
ii  procps 1:3.3.2-3
ii  ssl-cert   1.0.28

Versions of packages cups recommends:
ii  avahi-daemon0.6.31-1
ii  colord

Bug#640939: marked as done (hplip-cups: asks for root password when cups updates PPDs)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 17:02:52 +
with message-id 
and subject line Bug#640939: fixed in cups 1.5.3-2.14
has caused the Debian Bug report #640939,
regarding hplip-cups: asks for root password when cups updates PPDs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
640939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640939
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: hplip-cups
Version: 3.11.7-1
Severity: important

My server has hplip-cups installed.  Today, when I was trying to upgrade
some packages, the update stopped and printed "Password for root on
localhost?"  The prompt did not respond to Ctrl-C or Ctrl-\, but
pressing Enter made it continue.  There's really no reason to ask for
the root password since by definition an upgrade with apt is done as
root.  Also, my system does have a root password, but some are
sudo-only.

Partial Transcript:

  Preparing to replace poppler-data 0.4.4-1 (using 
.../poppler-data_0.4.5-1_all.deb) ...
  Unpacking replacement poppler-data ...
  Processing triggers for man-db ...
  Processing triggers for install-info ...
  Processing triggers for cups ...
  Starting Common Unix Printing System: cupsd.
  Updating PPD files for foomatic-db ...
  Updating PPD files for foomatic-db-engine ...
  Updating PPD files for hpijs ...
  Updating PPD files for hpijs-ppds ...
  Updating PPD files for hplip-cups ...
  Password for root on localhost? 
  Updating PPD files for openprinting-ppds ...
  Setting up libc6-i386 (2.13-19) ...

If this bug is in some other package, please feel free to reassign it
there.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-rc4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages hplip-cups depends on:
ii  cups 1.5.0-5
ii  cups-ppdc [cupsddk]  1.5.0-5
ii  cupsddk  1.5.0-5
ii  ghostscript-cups 9.02~dfsg-3
ii  libc62.13-19
ii  libcups2 1.5.0-5
ii  libcupsimage21.5.0-5
ii  libgcc1  1:4.6.1-9  
ii  libhpmud03.11.7-1   
ii  libjpeg8 8c-2   
ii  libssl1.0.0  1.0.0d-3   
ii  libstdc++6   4.6.1-9

hplip-cups recommends no packages.

Versions of packages hplip-cups suggests:
pn  hplip  3.11.7-1
pn  hplip-doc

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187


signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 1.5.3-2.14

We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 640...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud  (supplier of updated cups package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 20 Jan 2013 17:20:16 +0100
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsdriver1 libcupsmime1 
libcupsppdc1 cups cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev 
libcupsdriver1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common 
cups-ppdc cups-dbg cupsddk
Architecture: source all amd64
Version: 1.5.3-2.14
Distribution: unstable
Urgency: low
Maintainer: Debian Printing Team 
Changed-By: Didier Raboud 
Description: 
 cups   - Common UNIX Printing System(tm) - server
 cups-bsd   - Common UNIX Printing System(tm) - BSD commands
 cups-client - Common UNIX Printing System(tm) - client programs (SysV)
 cups-common - Common UNIX Printing System(tm) - common files
 cups-dbg   - Common UNIX Printing System(tm) - debugging symbols
 cups-ppdc  - Common UNIX Printing System(tm) - PPD manipulation utilities
 cupsddk- Common UNIX Printing System (transitional package)
 libcups2   - Common UNIX

Processed: severity of 696187 is grave

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> # Automatically generated email from bts, devscripts version 2.10.35lenny7
> severity 696187 grave
Bug #696187 [squid-cgi] CVE-2012-5643: cachemgr.cgi denial of service
Severity set to 'grave' from 'important'
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
696187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696187
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Processed: unarchiving 669382

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> unarchive 669382
Bug #669382 {Done: Norbert Preining } 
[latex209-base,latex209-bin] latex209-base: unowned file 
/usr/local/share/texmf/ls-R after purge (policy 6.8, 9.1.2)
Unarchived Bug 669382
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
669382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669382
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697930: [Pkg-nagios-devel] Bug#697930: Bug#697930: nagios3: CVE-2012-6096

2013-01-22 Thread Alexander Wirt 
On Tue, 22 Jan 2013, Jonathan Wiltshire wrote:

> On 2013-01-20 19:54, Alexander Wirt wrote:
> >On Sun, 20 Jan 2013, Moritz Mühlenhoff wrote:
> >
> >>On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
> >>> Control: found -1 3.2.1-2
> >>>
> >>> On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
> >>> >Package: nagios3
> >>> >Severity: grave
> >>> >Tags: security
> >>> >Justification: user security hole
> >>> >
> >>> >This was assigned CVE-2012-6096:
> >>> >
> >>> >http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html
> >>> >
> >>> >Fix:
> >>> >
> >>> >http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
> >>>
> >>> I tested against squeeze and reproduced the problem. We use nagios
> >>> at work so I'm happy to prepare DSA packages if required.
> >>
> >>Jonathan, can you prepare packages for stable-security now that
> >>we have
> >>a final patch?
> >We have? We have an icinga patch, its still on my list to check
> >the nagios
> >patch if it fixes really all problems...
> 
> I'm more than happy to test packages at work and write DSA text and
> so on but I don't have the knowledge of nagios to be able to do the
> patch preparation.
You can go ahead for icinga (I already attached the patch). I'll see about a
patch for nagios later in the evening.

Alex


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697930: [Pkg-nagios-devel] Bug#697930: nagios3: CVE-2012-6096

2013-01-22 Thread Jonathan Wiltshire 

On 2013-01-20 19:54, Alexander Wirt wrote:

On Sun, 20 Jan 2013, Moritz Mühlenhoff wrote:


On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote:
> Control: found -1 3.2.1-2
>
> On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
> >Package: nagios3
> >Severity: grave
> >Tags: security
> >Justification: user security hole
> >
> >This was assigned CVE-2012-6096:
> >
> 
>http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html

> >
> >Fix:
> >
> 
>http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547

>
> I tested against squeeze and reproduced the problem. We use nagios
> at work so I'm happy to prepare DSA packages if required.

Jonathan, can you prepare packages for stable-security now that we 
have

a final patch?
We have? We have an icinga patch, its still on my list to check the 
nagios

patch if it fixes really all problems...


I'm more than happy to test packages at work and write DSA text and so 
on but I don't have the knowledge of nagios to be able to do the patch 
preparation.


--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

 i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#694717: nut-server cannot start automatically on system boot

2013-01-22 Thread programmer11180 
Additional information.
Problems with automatic start on system boot may be caused by package 
"vhba-dkms" from https://launchpad.net/~cdemu/+archive/ppa


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#698490: CVE

2013-01-22 Thread Henri Salo 
CVE request http://www.openwall.com/lists/oss-security/2013/01/22/8

--
Henri Salo


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697848: [Pkg-ace-devel] Bug#697848: NMU of ace ?

2013-01-22 Thread Pau Garcia i Quiles 
On Tue, Jan 22, 2013 at 9:10 AM, Ralf Treinen  wrote:

> Hello,
>
> I may help with uploading an ace with a repackaged source if necessary.
> In your opinion, which files would have to be dropped ? How would dropping
> parts of the source affect the packaging ?
>

Most of the files affected by these  two bug reports have been acknowledged
by upstream and a solution is already been approved but not yet implemented.

Thomas: I can also upload

-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

Processed: update #696144

2013-01-22 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> severity 696144 grave
Bug #696144 [spamassassin] 20_head_tests.cf: regex for illegal IP address 
contains valid network 5/8
Severity set to 'grave' from 'important'
> tags 696144 patch
Bug #696144 [spamassassin] 20_head_tests.cf: regex for illegal IP address 
contains valid network 5/8
Added tag(s) patch.
> found 696144 3.3.1-1
Bug #696144 [spamassassin] 20_head_tests.cf: regex for illegal IP address 
contains valid network 5/8
Marked as found in versions spamassassin/3.3.1-1.
> notfound 696144 3.3.2-4
Bug #696144 [spamassassin] 20_head_tests.cf: regex for illegal IP address 
contains valid network 5/8
Ignoring request to alter found versions of bug #696144 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
696144: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696144
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#693263: marked as done (Please add support for disabling the PIC watchdog on TS-219p II)

2013-01-22 Thread Debian Bug Tracking System 
Your message dated Tue, 22 Jan 2013 08:47:29 +
with message-id 
and subject line Bug#693263: fixed in qcontrol 0.4.2-7+wheezy2
has caused the Debian Bug report #693263,
regarding Please add support for disabling the PIC watchdog on TS-219p II
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
693263: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693263
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Package: qcontrol
Version: 0.4.2+svn-r40-1
Serverity: wishlist
Tags: patch

Hello,

recently I bought a new Qnap device (TS-219p II, the one with the USB
3.0 ports) and tried to install Debian on it. (also see the thread [1]
on the debian-arm mailing list) The Debian installer couldn't
successfully finish it's job on the device because - as we found out -
the PIC on at least this hardware revision has a watchdog which resets
the device after 5 minutes if enabled.

The solution Qnap used to solve this is simply disabling the PIC
watchdog using their own drivers and a binary called "pic_raw". Since
qcontrol is the solution on Debian used to communicate with the PIC, I
added an option to disable the PIC watchdog.

I don't know if the watchdog also exists or is enabled by default in
other Qnap devices or hardware revisions but it would probably be a
good idea to disable it at boot time for at least this device. Please
find the patch for the added lines of code attached.

[1] http://lists.debian.org/debian-arm/2012/11/threads.html#00013

- --
Helmut Pozimski


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iJwEAQECAAYFAlCkCUoACgkQGPN+zM7FMNFiRgQAp7n+PDaHnh+zZupsTmcPwIyh
0DHlyJ1Uuc84ppFZs1DtbQmfFjRPWwLTbVr7OqM49vqgq8Icj+oEsIk7wPg7F3MU
zCD3yqEeOxTaPKfQD+qEeUNLnacz3ON25LLqF5j3E5MupdwHr3v60XkxBEjkTueA
L/mgjiqHN8TRroEqpIA=
=iPx8
-END PGP SIGNATURE-
diff --git a/ts219.c b/ts219.c
index b50d629..ec84925 100644
--- a/ts219.c
+++ b/ts219.c
@@ -315,6 +315,21 @@ static int ts219_autopower(int argc, const char **argv)
 	return 0;
 }
 
+static int ts219_wdt(int argc, const char **argv)
+{
+char code = 0;
+
+if (argc != 1)
+return -1;
+if (strcmp(argv[0], "off") == 0)
+code = 0x67;
+else
+return -1;
+
+return serial_write(&code, 1);
+return 0;
+}
+
 static int ts219_init(int argc, const char **argv UNUSED)
 {
 	int err;
@@ -361,6 +376,12 @@ static int ts219_init(int argc, const char **argv UNUSED)
 	   "Control the automatic power mechanism, options are:\n"
 	   "\ton\n\toff\n",
 	   ts219_autopower);
+err = register_command("watchdog",
+"Disable the PIC watchdog",
+"Watchdog options are:\n"
+"\toff",
+ts219_wdt);
+
 
 	return pthread_create(&ts219_thread, NULL, serial_poll, NULL);
 }
--- End Message ---
--- Begin Message ---
Source: qcontrol
Source-Version: 0.4.2-7+wheezy2

We believe that the bug you reported is fixed in the latest version of
qcontrol, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ian Campbell  (supplier of updated qcontrol package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 06 Jan 2013 17:25:22 +
Source: qcontrol
Binary: qcontrol qcontrol-udeb
Architecture: source armel
Version: 0.4.2-7+wheezy2
Distribution: wheezy
Urgency: low
Maintainer: Debian QA Group 
Changed-By: Ian Campbell 
Description: 
 qcontrol   - hardware control for QNAP Turbo Station devices
 qcontrol-udeb - hardware control for QNAP Turbo Station devices (udeb)
Closes: 693263
Changes: 
 qcontrol (0.4.2-7+wheezy2) testing; urgency=low
 .
   * Backport --direct support, this is needed by the watchdog fix in the
 previous release. (Closes: #693263)
Checksums-Sha1: 
 ac4bade76cbacb39af079ac91d264133b8eb7624 1962 qcontrol_0.4.2-7+wheezy2.dsc
 aa635d67d6c4b

Bug#697847: NMU of ace ?

2013-01-22 Thread Ralf Treinen 
Hello,

I may help with uploading an ace with a repackaged source if necessary.
In your opinion, which files would have to be dropped ? How would dropping
parts of the source affect the packaging ? 

-Ralf.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696026: bug#13505: Bug#696026: emacs24: file corruption on saving

2013-01-22 Thread Eli Zaretskii 
> Date: Tue, 22 Jan 2013 03:35:57 +0100
> From: Vincent Lefevre 
> Cc: r...@defaultvalue.org, ha...@gnu.org, 13...@debbugs.gnu.org,
>   696026-forwar...@bugs.debian.org, 696...@bugs.debian.org
> 
> > > > > | The original encoded form of the characters as found on disk at
> > > > > | visit time _cannot_ be recovered by saving with raw-text, because
> > > > > | that encoded form is lost without a trace when the file is _visited_
> > > > >   ^
> > > > > | and decoded into the internal representation.
> > > > > 
> > > > > This is what lossy is.
> > > > 
> > > > In that sense, every encoding except no-conversion is lossy.
> > > 
> > > Even 8-bit encodings such as latin-1?
> > 
> > Yes.  When latin-1 characters are decoded (as part of visiting a
> > file), they are converted to the internal representation, and cease to
> > be single 8-bit bytes.
> 
> Any example where saving the file without modifying it (see below)
> would modify the data (as a sequence of bytes on the disk)?

See above: I was talking about changes at file-visit time.

> > > > > On the opposite, the utf-8 encoding doesn't seem to be lossy: Emacs
> > > > > seems to handle files with invalid UTF-8 sequences without any loss.
> > > > > So, this encoding is safe, even if Emacs wrongly guess the encoding.
> > > > 
> > > > No, it isn't, although you could get away with it most of the time.
> > > 
> > > Could you give an example where one loses data with the utf-8 encoding?
> > 
> > E.g., in your test file, the byte whose value is 0x80 is converted to
> > 0x3fff80 when the file is read into a buffer.
> 
> No, there are no problems with this example:

Again, because we are talking about two different things.

> > Perhaps by "lossless" you mean "reversible", in the sense that saving
> > the same buffer will perform the reverse conversion.
> 
> Actually I don't mind what occurs internally. What I mean is things
> like: saved file = initial file if it hasn't been modified (as above)
> and with the default encoding(s) proposed by Emacs (when visiting and
> when saving).

That's reversibility.

> > In that case, even the in-is13194-devanagari-unix is reversible: if
> > you type this encoding when Emacs prompts you to select one of the
> > coding systems, then you get the same file on disk with no
> > corruption whatsoever.
> 
> Then this is what Emacs should propose by default on this example!

It can't easily do that.

There are 2 different use cases here:

 1) A file was visited and its encoding was found to be inconsistent.
Then it is being saved.  This is your use case.

 2) A file was modified by adding to it characters that cannot be
encoded by the original encoding.  For example, you visit a
Latin-1 encoded file, then add to it characters that are outside
the coverage of Latin-1.  Then you save the file.

What Emacs proposes is biased for the second use case, because it is
by far the most frequent one.  The other use case is supposed to be
treated by other means, those which I mentioned in my previous mail.

Giving instructions to both use cases is not a good idea, IMO, because
it will confuse users who do not necessarily understand what is going
on and in particular don't realize which of the two situations they
are in.

> I suppose that Emacs is able to remember the encoding used to visit
> the file, so that this should be possible...

It does remember.  It actually shows it in the "select safe coding
system" prompt.  The problem is that its use can do the wrong thing in
the second use case above.

> > > > > But Emacs should clearly tell the user what to do after C-x C-s and
> > > > > clearly say when there can be data loss.
> > > > 
> > > > At save time, "data loss" is wrt what's in the buffer.  In that sense,
> > > > the encodings Emacs suggested don't lose any data.
> > > 
> > > "data loss" is the difference between the original file and the saved
> > > file.
> > 
> > But what do you want Emacs to do with this?  When you save the buffer,
> > the original file might be different or no longer be available (or not
> > accessible even in principle, e.g. if the data came from a
> > subprocess).
> 
> The file may be different, but in general, the encoding should remain
> the same.

That's what Emacs does, as long as it can.  But in this case, that
encoding might produce inconsistently encoded file, so Emacs doesn't
want to do that silently.  It has no idea that the file was
inconsistently encoded in the first place, nor that you _want_ it to
continue being inconsistently encoded.

> This is particularly true when Emacs is used as the editor by some
> application: if the encoding of the file has been changed by Emacs,
> the application will be confused.

Again, that's what Emacs does normally, if that encoding can do the
job.  Producing inconsistent encoding will certainly confuse those
other programs.

> > These issues should be detected at file visit time, if at all, not
> > at buffer save t