Bug#672524: bitcoin: FTBFS[any-i386]: testsuite errors
[Scott Howard] > So I'm back to being stumped, the files it can't find are the > location that is being passed. The location is correct. It can be > built in pbuilder but failing on the buildds. The problem can not be reproduced when building manually. Many have tried. The best idea from IRC so far is that some strange bug in boost causes the wrong path to be used, and that an old boost version somehow is used. I am not sure how probably that is, but lets try to rule it out. I've fixed two lintian warnings in git, and added some debug output to try to figure out what is going on. Holger, can you upload, or should I? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: re: lsb ftbfs in wheezy, testsuite problems.
Processing commands for cont...@bugs.debian.org: > severity 699589 serious Bug #699589 [lsb] lsb ftbfs in wheezy, testsuite problems. Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 699589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699589 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#694717: nut-server cannot start automatically on system boot
Comrade Laurent Bigonville, I found that this problem caused by conflict vhba-dkms (VHBA virtual host bus adapter module) with nut 2.6.5-2 . vhba-dkms used by CDemu for disk emulation. If I comment the string with 'vhba' in /etc/modules, nut service on system boot started normally. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#687829: psmisc: pstree hangs on kfreebsd-amd64
On Wed, Jan 30, 2013 at 07:39:20PM +, Steven Chamberlain wrote: > The target suite must be "testing-proposed-updates" rather than > "unstable", and with the version number Adam requested in the #699308 > ticket. A debdiff of the whole thing (compared to 22.19-1) should be > shown to the release team and approved before you upload. (This part is > not mentioned in the docs unfortunately.) All done now. - Craig -- Craig Small VK2XLZ http://enc.com.au/ csmall at : enc.com.au Debian GNU/Linux http://www.debian.org/ csmall at : debian.org GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698837: Bug#695774 cloned and reopened to #698837
This went fine : (dist)upgrade from redmine 1.0.1-2 (squeeze) configured with a postgresql database, to version 1.4.4+dfsg1-1.1 (testing) then 1.4.4+dfsg1-2 (last upload in sid). I can obtain the same error message : cannot load such file -- active_record/connection_adapters/pgsql_adapter By setting manually in /etc/redmine/default/database.yml adapter: pgsql The right value being : adapter: postgresql The problem is to find how the wrong value has been set in that file. The postinst script is supposed to replace pgsql by postgresql after the database.yml file has been generated by dbconfig-common, and register that fact to ucf. It is probable something went wrong at that moment. So it would be nice to know : - do you have adater: pgsql in database.yml ? - was the file modified manually before the upgrade ? - are you able to reproduce the bug on another machine ? Jérémy. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#699351: linux-gd obsolete and lubupnp4
Processing commands for cont...@bugs.debian.org: > retitle 699351 linux-igd follows old UPnP IGD V1 spec Bug #699351 [linux-igd] linux-igd is obsolete, use a very old libpunnp version subject to numerous security bug Changed Bug title to 'linux-igd follows old UPnP IGD V1 spec' from 'linux-igd is obsolete, use a very old libpunnp version subject to numerous security bug' > thanks Stopping processing here. Please contact me if you need assistance. -- 699351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699351: linux-gd obsolete and lubupnp4
retitle 699351 linux-igd follows old UPnP IGD V1 spec thanks On Thu, Jan 31, 2013 at 3:32 AM, VALETTE Eric OLNC/OLPS wrote: > Look at the CVE that have been filled regarding libupnp6 and the associated > bugs. Thanks - they have been fixed in libupnp4 [1]. I've renamed the bug appropriately. I do not know enough about UPnP IGD V1 versus V2 [2] to have an opinion about whether this is an RC bug or not, so I'll leave that for the security team or someone more qualified. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699459 [2] http://upnp.org/sdcps-and-certification/standards/sdcps/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: virtuoso-opensource: remove armhf from mono archs
Processing control commands: > reopen -1 Bug #699380 {Done: Niels Thykier } [src:virtuoso-opensource] virtuoso-opensource: remove armhf from mono archs 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions virtuoso-opensource/6.1.4+dfsg1-4. -- 699380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699380: virtuoso-opensource: remove armhf from mono archs
Control: reopen -1 On 2013-02-01 22:16, Niels Thykier wrote: > Source: virtuoso-opensource > Source-Version: 6.1.4+dfsg1-4 > Control: not-fixed 695743 virtuoso-opensource/6.1.4+dfsg1-4 > > Correcting the typo in a bug number in the > virtuoso-opensource/6.1.4+dfsg1-4 upload. > > ~Niels > Unfortunately this was a bit premature - virtuoso-opensource now FTBFS on armhf because it still rely on/expect mono to be available: /usr/bin/make -C binsrc/VirtuosoClient.Net -f Makefile.mono make[1]: Entering directory `/build/buildd-virtuoso-opensource_6.1.4+dfsg1-4-armhf-7uyA60/virtuoso-opensource-6.1.4+dfsg1/binsrc/VirtuosoClient.Net' mono-csc [...] make[1]: mono-csc: Command not found make[1]: *** [OpenLink.Data.Virtuoso.dll] Error 127 ~Niels -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: severity of 699267 is important
Processing commands for cont...@bugs.debian.org: > severity 699267 important Bug #699267 [ircd-hybrid] ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Severity set to 'important' from 'grave' > thanks Stopping processing here. Please contact me if you need assistance. -- 699267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#699267: marked as done (ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask())
Processing commands for cont...@bugs.debian.org: > reopen 699267 Bug #699267 {Done: Henri Salo } [ircd-hybrid] ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() Bug reopened Ignoring request to alter fixed versions of bug #699267 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 699267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699267: marked as done (ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask())
reopen 699267 thanks On Fri, Feb 01, 2013 at 12:36:03PM +, Debian Bug Tracking System wrote: > Fixed in commit: > http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786 > Fixed in: ircd-hybrid 8.0.6 > All Debian packages tested not to be affected by this issue. I wonder who made > these changes to Debian packages code as she/he did not report these issues to > upstream (or didn't know about the problem). This source code change isn't in Debian, but we haven't worked out why the problem isn't reproducible. Until this is understood, the bug should remain open. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#665012: marked as done (CVE-2012-1570: maradns deleted domain record cache persistance flaw)
Your message dated Fri, 01 Feb 2013 22:32:04 + with message-id and subject line Bug#665012: fixed in maradns 1.4.03-1.1+squeeze1 has caused the Debian Bug report #665012, regarding CVE-2012-1570: maradns deleted domain record cache persistance flaw to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 665012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665012 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: maradns Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It was reported that MaraDNS suffers from a flaw where it is susceptible to spoofing attacks. Due to an error in the cache update policy, which does not properly handle revoked domain names, a remote attacker could keep a domain name resolvable after it has been deleted from the registration. This flaw is fixed in versions 1.3.0.7.15 and 1.4.12, and is reported to affect all prior versions. References: http://www.maradns.org/changelog.html https://secunia.com/advisories/48492/ https://bugzilla.redhat.com/show_bug.cgi?id=804770 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9q/sIACgkQNxpp46476arqDQCfSFeWlawN7py9L5lKIE+xR1ix ATIAn0DxeHe7ugtuET2C9uHbJcAkIwkz =Pu/Y -END PGP SIGNATURE- --- End Message --- --- Begin Message --- Source: maradns Source-Version: 1.4.03-1.1+squeeze1 We believe that the bug you reported is fixed in the latest version of maradns, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan Wiltshire (supplier of updated maradns package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 01 Feb 2013 16:31:00 + Source: maradns Binary: maradns Architecture: source amd64 Version: 1.4.03-1.1+squeeze1 Distribution: stable Urgency: low Maintainer: Kai Hendry Changed-By: Jonathan Wiltshire Description: maradns- Simple security-focused Domain Name Service server Closes: 665012 Changes: maradns (1.4.03-1.1+squeeze1) stable; urgency=low . * Non-maintainer upload. * Backport fix from upstream for CVE-2012-1570 (deleted domain record cache persistence flaw). Closes: #665012 Checksums-Sha1: 73daa5197e21d3904428d37e164810f3c711364b 1665 maradns_1.4.03-1.1+squeeze1.dsc 2dd254e3e9f205a2dfeaa4e76fe7d0328216224e 24282 maradns_1.4.03-1.1+squeeze1.diff.gz e7eef2eb1521ec952920c8269acceab0842e4fbb 1365414 maradns_1.4.03-1.1+squeeze1_amd64.deb Checksums-Sha256: eea0840a1b7d87a8c513dc987bb67dfa6c731fd3ee0658893defd47de79c9737 1665 maradns_1.4.03-1.1+squeeze1.dsc b80ac756314ee7976895479a1a73bdbcac70bb5afa41153404a955457abac805 24282 maradns_1.4.03-1.1+squeeze1.diff.gz f28827649c01015939669d1c69d4c1de0bfdffd5350e88063a7bb494df7a3935 1365414 maradns_1.4.03-1.1+squeeze1_amd64.deb Files: 8ac0f020b088d4be09d157682c6a03ae 1665 net extra maradns_1.4.03-1.1+squeeze1.dsc 4c096bd1b2acba2fb1ae0aee1256ba9f 24282 net extra maradns_1.4.03-1.1+squeeze1.diff.gz 79215f2d3fd8c81aa6c406c05b0b9c01 1365414 net extra maradns_1.4.03-1.1+squeeze1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRDAGRAAoJEFC7AtTIpr9hl3QP/R3yWBdD/Pth5VQkgADFfFPv bSvQ8oGldKZo6Bg0NaaRNRkd4G80FUJh+02eNubfQSXbDk1xVg/0SYawLDx17xIr wCMQGqo8DxTAr5dXCRmYiqgTWdbXW2VOi2khR5zN1zwqNfj2/DNwDOVwjCI4EO3P 9CU38LC7Bp5ymVarCVvvnawHTc4UZDzO/gml/Tao6GVNhYhx8/ERMhG3SgUzm1NS 1PK0KpJw7UYI+py0A1dELJ1Efkriq4CsZnvIYHWlwWKRpXQwNvhgLOnNBaay0NYU lO0QpQibbe78L5s996sQSrWg6EeRElg2ilmfrNiu69DJW36WoAcotb8ajAGY5S2B MT7xXmPu9ouXe7q9H8/0QF/tNeDV9LJXALAatRXlKwi1bzGSH5eNk+EDOBigE5T2 JyOWkvNo0V7ooyks29VKPcT5iYc0Z2FSklz0repC62iLfXf8cMe6rW1BaVHwefp3 SZIcF3vc5drqX38Yvvl6xmAjcI+1yrzc4QPOrLlE36NdYOFRM/1XKoSdRzt4F0tU aEYUm8JOi+/lzflUFfFH52pldxk9JoSIdoIG9yiMY70264Wrpu0TYYfcbe+O7lkU vzZgQQW6Ws7+77jFloC6EzglZoohXI27ys1djVNrpgI0A/k3Kr7IxVHpXUkk04Cs FsLNyI/6f40EhwUjVjMt =GekI -END PGP SIGNATURE End Message ---
Bug#699459: marked as done (libupnp4: Multiple stack buffer overflow vulnerabilities)
Your message dated Fri, 01 Feb 2013 22:17:45 + with message-id and subject line Bug#699459: fixed in libupnp4 1.8.0~svn20100507-1.2 has caused the Debian Bug report #699459, regarding libupnp4: Multiple stack buffer overflow vulnerabilities to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699459: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699459 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libupnp4 Severity: grave Tags: security More information is available at bug #699316 (including a patch). According to bug #699351, these security problems are also found in libupnp4. Here's the original posting by Salvatore Bonaccorso Hi, the following vulnerabilities were published for libupnp. CVE-2012-5958[0]: Stack buffer overflow of Tempbuf CVE-2012-5959[1]: Stack buffer overflow of Event->UDN CVE-2012-5960[2]: Stack buffer overflow of Event->UDN CVE-2012-5961[3]: Stack buffer overflow of Evt->UDN CVE-2012-5962[4]: Stack buffer overflow of Evt->DeviceType CVE-2012-5963[5]: Stack buffer overflow of Event->UDN CVE-2012-5964[6]: Stack buffer overflow of Event->DeviceType CVE-2012-5965[7]: Stack buffer overflow of Event->DeviceType Upstream changelog for 1.6.18 states: *** Version 1.6.18 *** 2012-12-06 Marcelo Roberto Jimenez Security fix for CERT issue VU#922681 This patch addresses three possible buffer overflows in function unique_service_name(). The three issues have the folowing CVE numbers: CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN Notice that the following issues have already been dealt by previous work: CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958 http://security-tracker.debian.org/tracker/CVE-2012-5958 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959 http://security-tracker.debian.org/tracker/CVE-2012-5959 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960 http://security-tracker.debian.org/tracker/CVE-2012-5960 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961 http://security-tracker.debian.org/tracker/CVE-2012-5961 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962 http://security-tracker.debian.org/tracker/CVE-2012-5962 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963 http://security-tracker.debian.org/tracker/CVE-2012-5963 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964 http://security-tracker.debian.org/tracker/CVE-2012-5964 [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965 http://security-tracker.debian.org/tracker/CVE-2012-5965 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libupnp4 Source-Version: 1.8.0~svn20100507-1.2 We believe that the bug you reported is fixed in the latest version of libupnp4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez (supplier of updated libupnp4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2013 22:53:13 +0100 Source: libupnp4 Binary: libupnp4 libupnp4-dev libupnp4-dbg libupnp4-doc Architecture: source amd64 all Version: 1.8.0~svn20100507-1.2 Distribution
Bug#697930: nagios3: CVE-2012-6096
On Sun, Jan 20, 2013 at 08:49:26PM +0100, Moritz Mühlenhoff wrote: > On Fri, Jan 11, 2013 at 03:56:25PM +, Jonathan Wiltshire wrote: > > Control: found -1 3.2.1-2 > > > > On 2013-01-11 13:50, Moritz Muehlenhoff wrote: > > >Package: nagios3 > > >Severity: grave > > >Tags: security > > >Justification: user security hole > > > > > >This was assigned CVE-2012-6096: > > > > > >http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html > > > > > >Fix: > > > > > >http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547 > > > > I tested against squeeze and reproduced the problem. We use nagios > > at work so I'm happy to prepare DSA packages if required. > > Jonathan, can you prepare packages for stable-security now that we have > a final patch? Ok, I now have tested packages for stable-security for nagios3, debdiff and DSA text attached. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 i have six years of solaris sysadmin experience, from 8->10. i am well qualified to say it is made from bonghits layered on top of bonghits diff -u nagios3-3.2.1/debian/changelog nagios3-3.2.1/debian/changelog --- nagios3-3.2.1/debian/changelog +++ nagios3-3.2.1/debian/changelog @@ -1,3 +1,11 @@ +nagios3 (3.2.1-2+squeeze1) squeeze-security; urgency=low + + * Non-maintainer upload. + * Backport 99_security_cve_2012_6096.dpatch for Squeeze, fixes +a buffer overflow crasher (Closes: #697930) CVE-2012-6096 + + -- Jonathan Wiltshire Fri, 01 Feb 2013 18:35:55 + + nagios3 (3.2.1-2) unstable; urgency=low * Fix "Missing conflict with nagios3 v3.0.6-4~lenny2 (/usr/lib/cgi- diff -u nagios3-3.2.1/debian/patches/00list nagios3-3.2.1/debian/patches/00list --- nagios3-3.2.1/debian/patches/00list +++ nagios3-3.2.1/debian/patches/00list @@ -8,0 +9 @@ +99_security_cve_2012_6096.dpatch only in patch2: unchanged: --- nagios3-3.2.1.orig/debian/patches/99_security_cve_2012_6096.dpatch +++ nagios3-3.2.1/debian/patches/99_security_cve_2012_6096.dpatch @@ -0,0 +1,128 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 99_securit_cve_2012_6096.dpatch by Alexander Wirt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix overflows in getcgi.c and history.cgi (CVE 2012-6096) +## DP: Debian Bug #697930 +## DP: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' nagios3-3.2.1~/cgi/getcgi.c nagios3-3.2.1/cgi/getcgi.c +--- nagios3-3.2.1~/cgi/getcgi.c2013-02-01 20:30:08.0 + nagios3-3.2.1/cgi/getcgi.c 2013-02-01 20:31:07.0 + +@@ -137,14 +137,15 @@ + /* check for NULL query string environment variable - 04/28/00 (Ludo Bosmans) */ + if(getenv("QUERY_STRING")==NULL){ + cgiinput=(char *)malloc(1); +- if(cgiinput==NULL){ +- printf("getcgivars(): Could not allocate memory for CGI input.\n"); +- exit(1); +- } +- cgiinput[0]='\x0'; ++ if(cgiinput != NULL) ++ cgiinput[0]='\x0'; + } + else + cgiinput=strdup(getenv("QUERY_STRING")); ++ if(cgiinput==NULL){ ++ printf("getcgivars(): Could not allocate memory for CGI input.\n"); ++ exit(1); ++ } + } + + else if(!strcmp(request_method,"POST") || !strcmp(request_method,"PUT")){ +@@ -220,7 +221,12 @@ + paircount=0; + nvpair=strtok(cgiinput,"&"); + while(nvpair){ +- pairlist[paircount++]=strdup(nvpair); ++ pairlist[paircount] = strdup(nvpair); ++ if( NULL == pairlist[paircount]) { ++ printf("getcgivars(): Could not allocate memory for name-value pair #%d.\n", paircount); ++ exit(1); ++ } ++ paircount++; + if(!(paircount%256)){ + pairlist=(char **)realloc(pairlist,(paircount+256)*sizeof(char **)); + if(pairlist==NULL){ +@@ -245,13 +251,29 @@ + /* get the variable name preceding the equal (=) sign */ + if((eqpos=strchr(pairlist[i],'='))!=NULL){ + *eqpos='\0'; +- unescape_cgi_input(cgivars[i*2+1]=strdup(eqpos+1)); ++ cgivars[i * 2 + 1] = strdup(eqpos + 1); ++ if( NULL == cgivars[ i * 2 + 1]) { ++ printf("getcgivars(): Could not all
Processed: found 699459 in 1.8.0~svn20100507-1
Processing commands for cont...@bugs.debian.org: > found 699459 1.8.0~svn20100507-1 Bug #699459 [libupnp4] libupnp4: Multiple stack buffer overflow vulnerabilities Marked as found in versions libupnp4/1.8.0~svn20100507-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 699459: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699459 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: found 699316 in 1:1.6.6-5
Processing commands for cont...@bugs.debian.org: > found 699316 1:1.6.6-5 Bug #699316 {Done: Yves-Alexis Perez } [libupnp] libupnp: Multiple stack buffer overflow vulnerabilities Bug #699342 {Done: Yves-Alexis Perez } [libupnp] libupnp6: Security problem in SSDP code widely publicized today There is no source info for the package 'libupnp' at version '1:1.6.6-5' with architecture '' Unable to make a source version for version '1:1.6.6-5' Marked as found in versions 1:1.6.6-5. Marked as found in versions 1:1.6.6-5. > thanks Stopping processing here. Please contact me if you need assistance. -- 699316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316 699342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699342 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699342: marked as done (libupnp6: Security problem in SSDP code widely publicized today)
Your message dated Fri, 01 Feb 2013 21:47:34 + with message-id and subject line Bug#699316: fixed in libupnp 1:1.6.17-1.2 has caused the Debian Bug report #699316, regarding libupnp6: Security problem in SSDP code widely publicized today to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libupnp6 Version: 1:1.6.17-1.1 Severity: grave Tags: security Justification: user security hole Dear Maintainer, http://www.zdnet.com/millions-of-pcs-exposed-through-network-bugs-security-researchers-find-710478/ Fixed in 1.6.18. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.7.5 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8) Shell: /bin/sh linked to /bin/bash Versions of packages libupnp6 depends on: ii libc6 2.17-0experimental0 ii multiarch-support 2.17-0experimental0 libupnp6 recommends no packages. libupnp6 suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: libupnp Source-Version: 1:1.6.17-1.2 We believe that the bug you reported is fixed in the latest version of libupnp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez (supplier of updated libupnp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2013 21:56:12 +0100 Source: libupnp Binary: libupnp6 libupnp6-dev libupnp-dev libupnp6-dbg libupnp6-doc Architecture: source amd64 all Version: 1:1.6.17-1.2 Distribution: unstable Urgency: high Maintainer: Nick Leverton Changed-By: Yves-Alexis Perez Description: libupnp-dev - Portable SDK for UPnP Devices (development files) libupnp6 - Portable SDK for UPnP Devices, version 1.6 (shared libraries) libupnp6-dbg - debugging symbols for libupnp6 libupnp6-dev - Portable SDK for UPnP Devices, version 1.6 (development files) libupnp6-doc - Documentation for the Portable SDK for UPnP Devices, version 1.6 Closes: 699316 Changes: libupnp (1:1.6.17-1.2) unstable; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix various stack-based buffer overflows in service_unique_name() function. This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316 Checksums-Sha1: ca9a154edcc4addfbcc73df97e7875a2ca47d422 1634 libupnp_1.6.17-1.2.dsc c6f946b9c04a14b5bd2efb6aa7d4cd664ed66b90 26686 libupnp_1.6.17-1.2.debian.tar.gz 8168ae3de4ef529de93ed68286497f4ec6fe5584 181164 libupnp6_1.6.17-1.2_amd64.deb de73a4afae7232bf6459cc7a208c9cb0b2c330ea 262286 libupnp6-dev_1.6.17-1.2_amd64.deb 99ca41f164f5c1e59af16ea3a44d0d52feb775c3 43042 libupnp-dev_1.6.17-1.2_all.deb 9b7dc6a7c6fac33765f33e6d29f07d0debcfa77e 393582 libupnp6-dbg_1.6.17-1.2_amd64.deb c702603c8a34834aa82da144e3dcdb3179adb0b6 13694894 libupnp6-doc_1.6.17-1.2_all.deb Checksums-Sha256: 599d9105883c3151fd8163c3a7349e492264dd14202682c8ce6ab7b5dcc9d32f 1634 libupnp_1.6.17-1.2.dsc 0f35fc257226a5bc84f48a0ac389eb6d397c6a34b4c6481115cf08a5041ba0c0 26686 libupnp_1.6.17-1.2.debian.tar.gz db75a2d1a6e81cbef7b190c5a82cc26e327c268c3a164b80a379ed9ce7137a26 181164 libupnp6_1.6.17-1.2_amd64.deb 62adf38507f9b9789cbbacb46b97f26b1413b7dd1503f5aee299846d3a439503 262286 libupnp6-dev_1.6.17-1.2_amd64.deb dcd68e41dfbcad93469314f2285d127c5954792aaa4747b766385e89529a1e42 43042 libupnp-dev_1.6.17-1.2_all.deb 4a67947bfee7f8b4a584c667b173219a9abccf196b846ad64d60b1d6919b38d4 393582 libupnp6-dbg_1.6.17-1.2_amd64.deb 317964711fcb5a0c98c3d629507a306de9e00abd9c041c041a5a785ada79 13694894 libupnp6-doc_1.6.17-1.2_all.deb Files: e1309ce825bb0dd470c9b08bada8b64a 1634 net extra libupnp_1.6.17-1.2.dsc 1d899280eee3070f5a2ca5479760bad0 26686 n
Bug#699316: marked as done (libupnp: Multiple stack buffer overflow vulnerabilities)
Your message dated Fri, 01 Feb 2013 21:47:34 + with message-id and subject line Bug#699316: fixed in libupnp 1:1.6.17-1.2 has caused the Debian Bug report #699316, regarding libupnp: Multiple stack buffer overflow vulnerabilities to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libupnp Severity: grave Tags: security Hi, the following vulnerabilities were published for libupnp. CVE-2012-5958[0]: Stack buffer overflow of Tempbuf CVE-2012-5959[1]: Stack buffer overflow of Event->UDN CVE-2012-5960[2]: Stack buffer overflow of Event->UDN CVE-2012-5961[3]: Stack buffer overflow of Evt->UDN CVE-2012-5962[4]: Stack buffer overflow of Evt->DeviceType CVE-2012-5963[5]: Stack buffer overflow of Event->UDN CVE-2012-5964[6]: Stack buffer overflow of Event->DeviceType CVE-2012-5965[7]: Stack buffer overflow of Event->DeviceType Upstream changelog for 1.6.18 states: *** Version 1.6.18 *** 2012-12-06 Marcelo Roberto Jimenez Security fix for CERT issue VU#922681 This patch addresses three possible buffer overflows in function unique_service_name(). The three issues have the folowing CVE numbers: CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN Notice that the following issues have already been dealt by previous work: CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958 http://security-tracker.debian.org/tracker/CVE-2012-5958 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959 http://security-tracker.debian.org/tracker/CVE-2012-5959 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960 http://security-tracker.debian.org/tracker/CVE-2012-5960 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961 http://security-tracker.debian.org/tracker/CVE-2012-5961 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962 http://security-tracker.debian.org/tracker/CVE-2012-5962 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963 http://security-tracker.debian.org/tracker/CVE-2012-5963 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964 http://security-tracker.debian.org/tracker/CVE-2012-5964 [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965 http://security-tracker.debian.org/tracker/CVE-2012-5965 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: libupnp Source-Version: 1:1.6.17-1.2 We believe that the bug you reported is fixed in the latest version of libupnp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez (supplier of updated libupnp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2013 21:56:12 +0100 Source: libupnp Binary: libupnp6 libupnp6-dev libupnp-dev libupnp6-dbg libupnp6-doc Architecture: source amd64 all Version: 1:1.6.17-1.2 Distribution: unstable Urgency: high Maintainer: Nick Leverton Changed-By: Yves-Alexis Perez Description: libupnp-dev - Portable SDK for UPnP Devices (development files) libupnp6 - Portable SDK for UPnP Devices, version 1.6 (sha
Processed: notfound 695743 in virtuoso-opensource/6.1.4+dfsg1-4
Processing commands for cont...@bugs.debian.org: > notfound 695743 virtuoso-opensource/6.1.4+dfsg1-4 Bug #695743 {Done: José Manuel Santamaría Lema } [libmono-2.0-dev] mono on armhf ? No longer marked as found in versions virtuoso-opensource/6.1.4+dfsg1-4. > thanks Stopping processing here. Please contact me if you need assistance. -- 695743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: notfixed 695743 in virtuoso-opensource/6.1.4+dfsg1-4
Processing commands for cont...@bugs.debian.org: > notfixed 695743 virtuoso-opensource/6.1.4+dfsg1-4 Bug #695743 {Done: José Manuel Santamaría Lema } [libmono-2.0-dev] mono on armhf ? Ignoring request to alter fixed versions of bug #695743 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 695743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699441: marked as done (owncloud: Multiple security issues in owncloud)
Your message dated Fri, 01 Feb 2013 21:18:07 + with message-id and subject line Bug#698737: fixed in owncloud 4.0.8debian-1.4 has caused the Debian Bug report #698737, regarding owncloud: Multiple security issues in owncloud to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698737 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: owncloud Version: 4.0.4debian2-3.2 Severity: grave Tags: security Justification: user security hole The version of owncloud in both testing and unstable contains security holes. http://owncloud.org/changelog/ has details. Upstream versions 4.0.11 and 4.5.6 fixed: * Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203 * Security: Removed remoteStorage app because of unfixed security problems. -- John -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Source: owncloud Source-Version: 4.0.8debian-1.4 We believe that the bug you reported is fixed in the latest version of owncloud, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated owncloud package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Jan 2013 21:36:15 +0100 Source: owncloud Binary: owncloud owncloud-mysql owncloud-sqlite Architecture: source all Version: 4.0.8debian-1.4 Distribution: unstable Urgency: high Maintainer: ownCloud for Debian maintainers Changed-By: Salvatore Bonaccorso Description: owncloud - cloud storage for files, music, contacts, calendars and many more owncloud-mysql - meta-package providing MySQL dependencies for ownCloud owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud Closes: 698737 Changes: owncloud (4.0.8debian-1.4) unstable; urgency=high . * Non-maintainer upload. * Add 12_oc-sa-2013-001.patch patch [SECURITY] CVE-2012-0201, CVE-2012-0202 and CVE-2012-0203: Fix multiple XSS vulnerabilities. (Closes: #698737) Checksums-Sha1: dceb345390ca8777860f2ee2eebf658f3e1b189d 2149 owncloud_4.0.8debian-1.4.dsc b69623f80189bc0fde04023caaea34f5e8cc069d 41908 owncloud_4.0.8debian-1.4.debian.tar.gz fd6acfff4fc190abb32f06459ebf5ef65d32d09c 2213106 owncloud_4.0.8debian-1.4_all.deb efd6ebc9a0f019e9a7530408e0a4c5500bea3cf4 29498 owncloud-mysql_4.0.8debian-1.4_all.deb cfce1b7d1f2e162f14aa25685047cd155fe11788 54930 owncloud-sqlite_4.0.8debian-1.4_all.deb Checksums-Sha256: a31ce348ec0b4302ebd21151883555d8083fa049f253096bdbebecc92a1616c5 2149 owncloud_4.0.8debian-1.4.dsc c8dc050d4f0ce9cd66c61c4a6a4eb07732a04547d3382cff0a8eeff6ac2cb125 41908 owncloud_4.0.8debian-1.4.debian.tar.gz 5f871ee16c2a23f7967e706a53c9af1205cf49f3c89e2e7741a2a6d82ccf5806 2213106 owncloud_4.0.8debian-1.4_all.deb cb17796ab02160bb7a045d7c77a00eb3b363f22a3661a0dce12803b0792f20f5 29498 owncloud-mysql_4.0.8debian-1.4_all.deb 9d12f07580f6f0aa30f1de20b2169f6e0bf51a17e1ae5a884f3979c638fb8f3c 54930 owncloud-sqlite_4.0.8debian-1.4_all.deb Files: f7f149bdd981fee8f16d225b467fdafd 2149 web extra owncloud_4.0.8debian-1.4.dsc d55aa52e5e3a6880d7ace9c491897779 41908 web extra owncloud_4.0.8debian-1.4.debian.tar.gz 924e26c29039af841a2693802433 2213106 web extra owncloud_4.0.8debian-1.4_all.deb c9b14f0ac72f864f614d2b5450e7b68e 29498 web extra owncloud-mysql_4.0.8debian-1.4_all.deb 1be13fbd6ee09a08579bba5031d6ed70 54930 web extra owncloud-sqlite_4.0.8debian-1.4_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRAu1MAAoJEHidbwV/2GP+qHAQAIB89xxEIuyQA0xYMVID44ZD iVg8UkLtFDiv2xLVby843eRw9/kZIuXfawB+1ibcbWKoIM9JEdeSdhJb/5YBrgkT zVRy0VSDERyNfzVERENLfiouwefkt9LkCjqF0niKoHVr2//qF0GTIgst0dxGy5/K i6Tsty3EXMnxDkeravxcbEINsqEAqtZqJrYZqSAgPWm53+GJMC+268pcZ/b7bA8/ Z+6Jw6nKjRigKE1SCB45
Bug#698737: marked as done (owncloud: Multiple XSS vulnerabilities (oC-SA-2013-001))
Your message dated Fri, 01 Feb 2013 21:18:07 + with message-id and subject line Bug#698737: fixed in owncloud 4.0.8debian-1.4 has caused the Debian Bug report #698737, regarding owncloud: Multiple XSS vulnerabilities (oC-SA-2013-001) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698737 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: owncloud Severity: grave Tags: security Hi The following announce on multiple XSS vulnerabilities in owncloud was done: [0] http://owncloud.org/about/security/advisories/oC-SA-2013-001/ If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [1] http://security-tracker.debian.org/tracker/CVE-2013-0201 [2] http://security-tracker.debian.org/tracker/CVE-2013-0202 [3] http://security-tracker.debian.org/tracker/CVE-2013-0203 Please adjust the affected versions in the BTS as needed, for the affected versions. Regards, Salvatore --- End Message --- --- Begin Message --- Source: owncloud Source-Version: 4.0.8debian-1.4 We believe that the bug you reported is fixed in the latest version of owncloud, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated owncloud package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 25 Jan 2013 21:36:15 +0100 Source: owncloud Binary: owncloud owncloud-mysql owncloud-sqlite Architecture: source all Version: 4.0.8debian-1.4 Distribution: unstable Urgency: high Maintainer: ownCloud for Debian maintainers Changed-By: Salvatore Bonaccorso Description: owncloud - cloud storage for files, music, contacts, calendars and many more owncloud-mysql - meta-package providing MySQL dependencies for ownCloud owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud Closes: 698737 Changes: owncloud (4.0.8debian-1.4) unstable; urgency=high . * Non-maintainer upload. * Add 12_oc-sa-2013-001.patch patch [SECURITY] CVE-2012-0201, CVE-2012-0202 and CVE-2012-0203: Fix multiple XSS vulnerabilities. (Closes: #698737) Checksums-Sha1: dceb345390ca8777860f2ee2eebf658f3e1b189d 2149 owncloud_4.0.8debian-1.4.dsc b69623f80189bc0fde04023caaea34f5e8cc069d 41908 owncloud_4.0.8debian-1.4.debian.tar.gz fd6acfff4fc190abb32f06459ebf5ef65d32d09c 2213106 owncloud_4.0.8debian-1.4_all.deb efd6ebc9a0f019e9a7530408e0a4c5500bea3cf4 29498 owncloud-mysql_4.0.8debian-1.4_all.deb cfce1b7d1f2e162f14aa25685047cd155fe11788 54930 owncloud-sqlite_4.0.8debian-1.4_all.deb Checksums-Sha256: a31ce348ec0b4302ebd21151883555d8083fa049f253096bdbebecc92a1616c5 2149 owncloud_4.0.8debian-1.4.dsc c8dc050d4f0ce9cd66c61c4a6a4eb07732a04547d3382cff0a8eeff6ac2cb125 41908 owncloud_4.0.8debian-1.4.debian.tar.gz 5f871ee16c2a23f7967e706a53c9af1205cf49f3c89e2e7741a2a6d82ccf5806 2213106 owncloud_4.0.8debian-1.4_all.deb cb17796ab02160bb7a045d7c77a00eb3b363f22a3661a0dce12803b0792f20f5 29498 owncloud-mysql_4.0.8debian-1.4_all.deb 9d12f07580f6f0aa30f1de20b2169f6e0bf51a17e1ae5a884f3979c638fb8f3c 54930 owncloud-sqlite_4.0.8debian-1.4_all.deb Files: f7f149bdd981fee8f16d225b467fdafd 2149 web extra owncloud_4.0.8debian-1.4.dsc d55aa52e5e3a6880d7ace9c491897779 41908 web extra owncloud_4.0.8debian-1.4.debian.tar.gz 924e26c29039af841a2693802433 2213106 web extra owncloud_4.0.8debian-1.4_all.deb c9b14f0ac72f864f614d2b5450e7b68e 29498 web extra owncloud-mysql_4.0.8debian-1.4_all.deb 1be13fbd6ee09a08579bba5031d6ed70 54930 web extra owncloud-sqlite_4.0.8debian-1.4_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRAu1MAAoJEHidbwV/2GP+qHAQAIB89xxEIuyQA0xYMVID44ZD iVg8UkLtFDiv2xLVby843eRw9/kZIuXfawB+1ibcbWKoIM9JEdeSdhJb/5YBrgkT zVRy0VSDERyNfzVERENLfiouwefkt9LkCjqF0niKoHVr2//qF0GTIgst0dxGy5/K i6Tsty3EXMnxDkeravxcbEINsqEAqtZqJrYZqSAgPWm53+GJMC+268pcZ/b7bA8/ Z+6Jw6nKjRigKE1SCB450NZU0Px2dJ+Rs7wzrQWC5dc76CTschaE/dbDxtXoCL5K N7koq81OhfxqpIaR+B4waUDs9VN0vc5K
Bug#699380: marked as done (virtuoso-opensource: remove armhf from mono archs)
Your message dated Fri, 01 Feb 2013 22:16:55 +0100 with message-id <510c30c7.5010...@thykier.net> and subject line Re: virtuoso-opensource: remove armhf from mono archs has caused the Debian Bug report #699380, regarding virtuoso-opensource: remove armhf from mono archs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: virtuoso-opensource Version: 6.1.4+dfsg1-1 Severity: serious mono packages are being removed on armhf, please update virtuoso-opensource to match. Cheers, Julien signature.asc Description: Digital signature --- End Message --- --- Begin Message --- Source: virtuoso-opensource Source-Version: 6.1.4+dfsg1-4 Control: not-fixed 695743 virtuoso-opensource/6.1.4+dfsg1-4 Correcting the typo in a bug number in the virtuoso-opensource/6.1.4+dfsg1-4 upload. ~Niels--- End Message ---
Bug#695743: virtuoso-opensource: remove armhf from mono archs
Source: virtuoso-opensource Source-Version: 6.1.4+dfsg1-4 Control: not-fixed 695743 virtuoso-opensource/6.1.4+dfsg1-4 Correcting the typo in a bug number in the virtuoso-opensource/6.1.4+dfsg1-4 upload. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699102: marked as done (python-greenlet: FTBFS on sparc)
Your message dated Fri, 01 Feb 2013 20:47:37 + with message-id and subject line Bug#699102: fixed in python-greenlet 0.3.1-2.3 has caused the Debian Bug report #699102, regarding python-greenlet: FTBFS on sparc to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python-greenlet Version: 0.3.1-2.2 Severity: serious Justification: FTBFS The FTBFS in sparc[0] in wheezy can be fixed by applying the attached patch [0] https://buildd.debian.org/status/fetch.php?pkg=python-greenlet&arch=sparc&ver=0.3.1-2.2&stamp=1359234024 Cheers, Javi Author: unixtool1192 Origin: https://github.com/python-greenlet/greenlet/commit/619ab917e3ab47be7642ced21c8cfd8e8182844b Description: add support for debian sparc and openbsd5-sparc64 --- a/platform/switch_sparc_sun_gcc.h +++ b/platform/switch_sparc_sun_gcc.h @@ -19,9 +19,9 @@ #ifdef SLP_EVAL -#include #define STACK_MAGIC 0 +#define ST_FLUSH_WINDOWS 3 static int slp_switch(void) --- a/slp_platformselect.h +++ b/slp_platformselect.h @@ -12,7 +12,7 @@ #include "platform/switch_ppc_unix.h" /* gcc on PowerPC */ #elif defined(__GNUC__) && defined(__ppc__) && defined(__APPLE__) #include "platform/switch_ppc_macosx.h" /* Apple MacOS X on PowerPC */ -#elif defined(__GNUC__) && defined(sparc) && defined(sun) +#elif defined(__GNUC__) && defined(sparc) #include "platform/switch_sparc_sun_gcc.h" /* SunOS sparc with gcc */ #elif defined(__GNUC__) && defined(__s390__) && defined(__linux__) #include "platform/switch_s390_unix.h" /* Linux/S390 */ --- End Message --- --- Begin Message --- Source: python-greenlet Source-Version: 0.3.1-2.3 We believe that the bug you reported is fixed in the latest version of python-greenlet, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Javi Merino (supplier of updated python-greenlet package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 27 Jan 2013 19:30:58 + Source: python-greenlet Binary: python-greenlet-dbg python-greenlet-doc python-greenlet-dev python-greenlet Architecture: source i386 all Version: 0.3.1-2.3 Distribution: wheezy-proposed-updates Urgency: low Maintainer: Örjan Persson Changed-By: Javi Merino Description: python-greenlet - Lightweight in-process concurrent programming python-greenlet-dbg - Lightweight in-process concurrent programming - debugging symbols python-greenlet-dev - Lightweight in-process concurrent programming - development files python-greenlet-doc - Lightweight in-process concurrent programming - documentation Closes: 665890 699102 Changes: python-greenlet (0.3.1-2.3) wheezy-proposed-updates; urgency=low . * Non-maintainer upload. * Fix FTBFS in mipsel by compiling with -O2 which optimizes out the buggy code (Closes: #665890) * Fix "FTBFS on sparc" by adding fix_sparc_support.patch from upstream (Closes: #699102) Checksums-Sha1: 3bea253730259689d301b7db907e6d96e9c7e844 1554 python-greenlet_0.3.1-2.3.dsc bf716180ce0a925bbdae3da4adcc6529c2d6d26b 4985 python-greenlet_0.3.1-2.3.debian.tar.gz 14eda295cc960f507d5821e11ad217d86d7e4285 79820 python-greenlet-dbg_0.3.1-2.3_i386.deb d9c7f639315cadacf47b2a88a5f317c3e17094e5 10354 python-greenlet-doc_0.3.1-2.3_all.deb 06cc17f2b5509e6293f51f4c88c8d7b72786981b 2354 python-greenlet-dev_0.3.1-2.3_i386.deb 8de9700127d905cf82e27451eab6d1d91d03395b 15550 python-greenlet_0.3.1-2.3_i386.deb Checksums-Sha256: 8569060f9b1e1049af3e0af4dd8a0c9725373529ece819ae9fc85cb8fa6e919d 1554 python-greenlet_0.3.1-2.3.dsc ec358cacdffdc7e63c836a256dcb4c15ac02cf5fb6ead3a437bf18d030e71ca9 4985 python-greenlet_0.3.1-2.3.debian.tar.gz dd4cdf0655d6c856324df67a5a54d84195872f8604e9c93fceb55eadb4f9ab9c 79820 python-greenlet-dbg_0.3.1-2.3_i386.deb 8b5dd2b3fc3f66ed160f862dcb184763df31dabd1b8df15e4c975438269bc8db 10354 python-greenlet-doc_0.3.1-2.3_all.deb 80847a4f05556f96cee607c6df2aa7133646d3a14ba4d95a00c133aa5ef5e158 2354 python-greenlet-dev_0.3.1-2.3_i386.deb 27195b
Bug#665890: marked as done (python-greenlet: FTBFS on mips*: "error: $fp cannot be used in asm here")
Your message dated Fri, 01 Feb 2013 20:47:37 + with message-id and subject line Bug#665890: fixed in python-greenlet 0.3.1-2.3 has caused the Debian Bug report #665890, regarding python-greenlet: FTBFS on mips*: "error: $fp cannot be used in asm here" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 665890: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665890 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: python-greenlet Version: 0.3.3-1 Severity: serious Hi, python-greenlet no longer builds on mips*. From the mipsel build log: creating build/temp.linux-mips-2.6-pydebug gcc -pthread -fno-strict-aliasing -g -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.6_d -c greenlet.c -o build/temp.linux-mips-2.6-pydebug/greenlet.o In file included from slp_platformselect.h:32:0, from greenlet.c:390: platform/switch_mips_unix.h: In function 'slp_switch': platform/switch_mips_unix.h:43:1: error: $fp cannot be used in asm here error: command 'gcc' failed with exit status 1 [33890 refs] dh_auto_build: python2.6-dbg setup.py build --force returned exit code 1 make[1]: *** [override_dh_auto_build] Error 1 make[1]: Leaving directory `/build/buildd-python-greenlet_0.3.3-1-mipsel-0dbmai/python-greenlet-0.3.3' make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 Full logs available via https://buildd.debian.org/status/package.php?p=python-greenlet Regards, Adam --- End Message --- --- Begin Message --- Source: python-greenlet Source-Version: 0.3.1-2.3 We believe that the bug you reported is fixed in the latest version of python-greenlet, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Javi Merino (supplier of updated python-greenlet package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sun, 27 Jan 2013 19:30:58 + Source: python-greenlet Binary: python-greenlet-dbg python-greenlet-doc python-greenlet-dev python-greenlet Architecture: source i386 all Version: 0.3.1-2.3 Distribution: wheezy-proposed-updates Urgency: low Maintainer: Örjan Persson Changed-By: Javi Merino Description: python-greenlet - Lightweight in-process concurrent programming python-greenlet-dbg - Lightweight in-process concurrent programming - debugging symbols python-greenlet-dev - Lightweight in-process concurrent programming - development files python-greenlet-doc - Lightweight in-process concurrent programming - documentation Closes: 665890 699102 Changes: python-greenlet (0.3.1-2.3) wheezy-proposed-updates; urgency=low . * Non-maintainer upload. * Fix FTBFS in mipsel by compiling with -O2 which optimizes out the buggy code (Closes: #665890) * Fix "FTBFS on sparc" by adding fix_sparc_support.patch from upstream (Closes: #699102) Checksums-Sha1: 3bea253730259689d301b7db907e6d96e9c7e844 1554 python-greenlet_0.3.1-2.3.dsc bf716180ce0a925bbdae3da4adcc6529c2d6d26b 4985 python-greenlet_0.3.1-2.3.debian.tar.gz 14eda295cc960f507d5821e11ad217d86d7e4285 79820 python-greenlet-dbg_0.3.1-2.3_i386.deb d9c7f639315cadacf47b2a88a5f317c3e17094e5 10354 python-greenlet-doc_0.3.1-2.3_all.deb 06cc17f2b5509e6293f51f4c88c8d7b72786981b 2354 python-greenlet-dev_0.3.1-2.3_i386.deb 8de9700127d905cf82e27451eab6d1d91d03395b 15550 python-greenlet_0.3.1-2.3_i386.deb Checksums-Sha256: 8569060f9b1e1049af3e0af4dd8a0c9725373529ece819ae9fc85cb8fa6e919d 1554 python-greenlet_0.3.1-2.3.dsc ec358cacdffdc7e63c836a256dcb4c15ac02cf5fb6ead3a437bf18d030e71ca9 4985 python-greenlet_0.3.1-2.3.debian.tar.gz dd4cdf0655d6c856324df67a5a54d84195872f8604e9c93fceb55eadb4f9ab9c 79820 python-greenlet-dbg_0.3.1-2.3_i386.deb 8b5dd2b3fc3f66ed160f862dcb184763df31dabd1b8df15e4c975438269bc8db 10354 python-greenlet-doc_0.3.1-2.3_all.deb 80847a4f05556f96cee607c6df2aa7133646d3a14ba4d95a00c133aa5ef5e158 2354 python-greenlet-dev_0.3.1-2.3_i386.deb 27195b2f244f53b46c8eaabe576047d34d3ea6bf041e66e737cc65b3f88786dc 15550 python-greenlet_0.3.1-2.3_i386.deb Files: 0246e0bc296e46f82e35a3a197974af8 1554 python extra python-
Bug#699564: [flush] Starting Flush failed:
Package: flush Version: 0.9.12-3 Severity: grave --- Please enter the report below this line. --- Hi, I just installed flush and want to run it, but get the message: Starting Flush failed: Creating Flush session failed. Can't get DBus session bus address. On the console from where I started flush, I get output: $ flush (flush:29648): GLib-WARNING **: /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/goption.c:2179: ignoring no-arg, optional-arg or filename flags (8) on option of arg-type 0 in entry main:version (flush:29648): GLib-WARNING **: /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/goption.c:2179: ignoring no-arg, optional-arg or filename flags (16) on option of arg-type 4 in entry main:config (flush:29648): GLib-WARNING **: /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/goption.c:2179: ignoring no-arg, optional-arg or filename flags (8) on option of arg-type 0 in entry main:only-pass W: Creating Flush session failed. Can't get DBus session bus address. csanyipal@debian-asztal:~$ flush (flush:29824): GLib-WARNING **: /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/goption.c:2179: ignoring no-arg, optional-arg or filename flags (8) on option of arg-type 0 in entry main:version (flush:29824): GLib-WARNING **: /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/goption.c:2179: ignoring no-arg, optional-arg or filename flags (16) on option of arg-type 4 in entry main:config (flush:29824): GLib-WARNING **: /tmp/buildd/glib2.0-2.33.12+really2.32.4/./glib/goption.c:2179: ignoring no-arg, optional-arg or filename flags (8) on option of arg-type 0 in entry main:only-pass W: Creating Flush session failed. Can't get DBus session bus address. Any hint to solve this problem? --- System information. --- Architecture: amd64 Kernel: Linux 3.2.0-4-amd64 Debian Release: 7.0 500 unstablewww.deb-multimedia.org 500 unstableftp.debian.org 500 unstabledebian.scribus.net 500 testing www.deb-multimedia.org 500 testing http.us.debian.org 500 testing ftp.debian.org 500 stable dl.google.com 1 experimentalftp.debian.org --- Package information. --- Depends (Version) | Installed ===-+-== libatkmm-1.6-1 (>= 2.22.1) | 2.22.6-1 libboost-filesystem1.49.0 (>= 1.49.0-1) | 1.49.0-3.1 libboost-signals1.49.0(>= 1.49.0-1) | 1.49.0-3.1 libboost-system1.49.0 (>= 1.49.0-1) | 1.49.0-3.1 libboost-thread1.49.0 (>= 1.49.0-1) | 1.49.0-3.1 libc6 (>= 2.4) | libconfig++9| libdbus-1-3 (>= 1.1.1) | libgcc1(>= 1:4.1.1) | libglademm-2.4-1c2a (>= 2.6.0) | libglib2.0-0(>= 2.16.0) | libglibmm-2.4-1c2a (>= 2.31.22) | libgtk2.0-0 (>= 2.8.0) | libgtkmm-2.4-1c2a (>= 1:2.24.0) | libnotify4 (>= 0.7.0) | libsigc++-2.0-0c2a (>= 2.0.2) | libssl1.0.0 (>= 1.0.0) | libstdc++6 (>= 4.6) | libtorrent-rasterbar6 (>= 0.15.10) | hicolor-icon-theme | Package's Recommends field is empty. Package's Suggests field is empty. -- Regards from Pal -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699561: djmount: multiple vulnerabilities in libupnp
Package: djmount Severity: grave Tags: security Justification: user security hole libupnp has multiple vulnerabilities in unique_service_name() function. djmount embeds libupnp (which is a bad thing per se, another bug is coming). As djmount is a “client” application I'm not sure it's really vulnerable to this, so please investigate and adjust the severity if needed. Regards, -- Yves-Alexis -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-grsec-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699470: [PATCH] crystalhd git.linuxtv.org kernel driver: FIX kernel unhandled paging request BUG triggered by multithreaded or faulty apps
This patch should pass the 3rd test case of this bug (kernel unhandled paging request) and maybe the PM resume issue, too: 21370-Feb 1 18:39:52 tom3 kernel: [59853.620636] crystalhd :03:00.0: Opening new user[0] handle 21371-Feb 1 18:39:52 tom3 kernel: [59853.875306] crystalhd :03:00.0: Closing user[0] handle with mode 21372-Feb 1 18:39:52 tom3 kernel: [59854.079584] crystalhd :03:00.0: Opening new user[0] handle 21373-Feb 1 18:39:52 tom3 kernel: [59854.079607] crystalhd :03:00.0: Opening new user[0] handle 21374-Feb 1 18:39:52 tom3 kernel: [59854.079633] crystalhd :03:00.0: Closing user[0] handle with mode 21375-Feb 1 18:39:52 tom3 kernel: [59854.080022] crystalhd :03:00.0: Opening new user[0] handle 21376:Feb 1 18:39:52 tom3 kernel: [59854.283228] BUG: unable to handle kernel paging request at 071e 21377-Feb 1 18:39:52 tom3 kernel: [59854.283358] IP: [<071e>] 0x71d 21378-Feb 1 18:39:52 tom3 kernel: [59854.283447] PGD 0 21379-Feb 1 18:39:52 tom3 kernel: [59854.283490] Oops: 0010 [#1] PREEMPT SMP 21380-Feb 1 18:39:52 tom3 kernel: [59854.283575] CPU 0 21381-Feb 1 18:39:52 tom3 kernel: [59854.283609] Modules linked in: crystalhd(O) nfs fscache uinput parport_pc ppdev lp parport bluetooth nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs acpi_cpufreq mperf cpufreq_powersave cpufreq_stats cpufreq_conservative cpufreq_performance cpufreq_ondemand freq_table fuse dm_mod ext3 jbd pciehp arc4 ath5k ath mac80211 snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_usb_audio snd_pcm_oss cfg80211 thinkpad_acpi snd_mixer_oss snd_hwdep snd_pcm snd_usbmidi_lib snd_seq_dummy snd_seq_oss rfkill snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer pcmcia snd_seq_device gspca_zc3xx gspca_main snd yenta_socket psmouse pcmcia_rsrc videodev tpm_tis tpm tpm_bios v4l2_compat_ioctl32 pcmcia_core i2c_i801 nvram pcspkr usb_storage soundcore serio_raw snd_page_alloc rtc_cmos wmi ac battery processor evdev nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_limit xt_tcpudp ipta ble_filte r ip_tables x_tables ext4 mbcach 21382-Feb 1 18:39:52 tom3 kernel: e jbd2 crc16 usbhid hid sg sr_mod sd_mod cdrom crc_t10dif ata_generic uhci_hcd ahci libahci xhci_hcd ata_piix libata ehci_hcd atkbd thermal e1000e usbcore usb_common [last unloaded: crystalhd] 21383-Feb 1 18:39:52 tom3 kernel: [59854.284016] 21384-Feb 1 18:39:52 tom3 kernel: [59854.284016] Pid: 12285, comm: matroskademux0: Tainted: G O 3.2.37-dirty #8 LENOVO 7735Y1T/7735Y1T 21385-Feb 1 18:39:52 tom3 kernel: [59854.284016] RIP: 0010:[<071e>] [<071e>] 0x71d 21386-Feb 1 18:39:52 tom3 kernel: [59854.284016] RSP: 0018:8800164d3b50 EFLAGS: 00010292 21387-Feb 1 18:39:52 tom3 kernel: [59854.284016] RAX: 007f RBX: 880004b9a400 RCX: 21388-Feb 1 18:39:52 tom3 kernel: [59854.284016] RDX: 0001 RSI: 0034 RDI: 88000f437400 21389-Feb 1 18:39:52 tom3 kernel: [59854.284016] RBP: 8800164d3b68 R08: 0001 R09: 21390-Feb 1 18:39:52 tom3 kernel: [59854.284016] R10: R11: 8800084d86c0 R12: 88007c256090 21391-Feb 1 18:39:52 tom3 kernel: [59854.284016] R13: 88000f437400 R14: 88000f4374d0 R15: a0489f20 21392-Feb 1 18:39:52 tom3 kernel: [59854.284016] FS: 7f70d559c700() GS:88007f40() knlGS: 21393-Feb 1 18:39:52 tom3 kernel: [59854.284016] CS: 0010 DS: ES: CR0: 80050033 21394-Feb 1 18:39:52 tom3 kernel: [59854.284016] CR2: 071e CR3: 339b1000 CR4: 06f0 21395-Feb 1 18:39:52 tom3 kernel: [59854.284016] DR0: DR1: DR2: 21396-Feb 1 18:39:52 tom3 kernel: [59854.284016] DR3: DR6: 0ff0 DR7: 0400 21397-Feb 1 18:39:52 tom3 kernel: [59854.284016] Process matroskademux0: (pid: 12285, threadinfo 8800164d2000, task 8800084d8000) 21398-Feb 1 18:39:52 tom3 kernel: [59854.284016] Stack: 21399-Feb 1 18:39:52 tom3 kernel: [59854.284016] a047df98 8800164d3b88 880004b9a400 8800164d3b88 21400-Feb 1 18:39:52 tom3 kernel: [59854.284016] a047e48b 880004b9a400 88007c256090 8800164d3bb8 21401-Feb 1 18:39:52 tom3 kernel: [59854.284016] a047c6fa 88000f4374c0 21402-Feb 1 18:39:52 tom3 kernel: [59854.284016] Call Trace: 21403-Feb 1 18:39:52 tom3 kernel: [59854.284016] [] ? crystalhd_link_soft_rst+0x28/0x80 [crystalhd] 21404-Feb 1 18:39:52 tom3 kernel: [59854.284016] [] crystalhd_link_start_device+0xcb/0x150 [crystalhd] 21405-Feb 1 18:39:52 tom3 kernel: [59854.284016] [] crystalhd_hw_open+0x23a/0x400 [crystalhd] 21406-Feb 1 18:39:52 tom3 kernel: [59854.284016] [] cry
Bug#694286: Bug#699349: tpu: fstrcmp 0.4.D001-1+deb7u1
On 2013-01-30 18:12, Andreas Beckmann wrote: > On 2013-01-30 17:47, Niels Thykier wrote: >> On 2013-01-30 15:29, Andreas Beckmann wrote: >>> I'd like to fix fstrcmp via t-p-u: >>> * fstrcmp: Add Breaks/Replaces: libfstrcmp-dev (<< 0.4). (Closes: >>> #694286) > >> Thanks for looking at this and please go ahead with the upload. > > Uploaded to DELAYED/2 > > Note: fstrcmp 0.4.* in testing does not have an .orig.tar.gz, so the > TPU-NMU also does not introduce one. (0.6.* in sid has .orig.tar.gz). > > Andreas > > Unblocked the TPU upload, thanks. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#698527: elmer: executable ElmerGUI.real links with both GPL-licensed and GPL-incompatible libraries
On Thu, 31 Jan 2013 15:12:13 +0200 Boris Pek wrote: > Hi, Hello Boris, > > I see you contacted with Open CASCADE S.A.S. using their contact form on web > site. Yes, my first attempt to get in touch with Open CASCADE S.A.S. used their web site contact form. And it was a successful attempt. > Have they replied? Sure, one employee replied to me shortly after. Since then, I went on talking with him and, later on, with a second employee, directly via e-mail. Unfortunately, they keep saying that the decision is being postponed (again and again and again...) and nothing seems to really progress on this front. Which is very frustrating! :-( > Did you try to send your messages directly to email > or another? No, I didn't. I am under the impression that OCE (OpenCASCADE Community Edition) is a project to enhance Open CASCADE Technology with external contributions not (yet) accepted by Open CASCADE S.A.S. into the official OCCT releases. It is my understanding that OCE is an unofficial project maintained and coordinated outside Open CASCADE S.A.S. Please correct me, if I am wrong. [...] > > I believe that discussion with Open CASCADE S.A.S. should be public but not > personal. Is there any public discussion already? I think there are plenty. For instance: http://opencascade.blogspot.it/2008/12/license-to-kill-license-to-use.html http://www.opencascade.org/org/forum/thread_15042/?forum=3 http://www.opencascade.org/org/forum/thread_15859/?forum=3 http://www.opencascade.org/org/forum/thread_20298/?forum=3 http://dev.opencascade.org/index.php?q=node/30 http://dev.opencascade.org/index.php?q=node/31 I see that you opened a new forum thread about the OCTPL: http://dev.opencascade.org/index.php?q=node/525 Thank you very much: any help is greatly appreciated (at least by me). > > Best regards, Bye and thanks for the time you're dedicating to this issue! -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgppvKnqCIHni.pgp Description: PGP signature
Bug#695743: marked as done (mono on armhf ?)
Your message dated Fri, 01 Feb 2013 18:18:31 + with message-id and subject line Bug#695743: fixed in virtuoso-opensource 6.1.4+dfsg1-4 has caused the Debian Bug report #695743, regarding mono on armhf ? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 695743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libmono-2.0-dev Severity: important It looks to me there is an inconsistencies in between: $ cat ./mono-2.10.8.1/debian/mono-archs.make | grep DEB_MONO_ARCHS DEB_MONO_ARCHS = amd64 armel armhf i386 ia64 kfreebsd-amd64 kfreebsd-i386 powerpc ppc64 s390x sparc while d/control only lists: $ cat ./mono-2.10.8.1/debian/control | grep -m 1 Arch Architecture: amd64 armel i386 ia64 kfreebsd-amd64 kfreebsd-i386 powerpc ppc64 s390x sparc Some of my package generates there d/control based on the DEB_MONO_ARCHS value... Thanks ! -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (200, 'testing'), (100, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-0.bpo.3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Source: virtuoso-opensource Source-Version: 6.1.4+dfsg1-4 We believe that the bug you reported is fixed in the latest version of virtuoso-opensource, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 695...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. José Manuel Santamaría Lema (supplier of updated virtuoso-opensource package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 01 Feb 2013 17:55:57 +0100 Source: virtuoso-opensource Binary: virtuoso-opensource virtuoso-server virtuoso-minimal virtuoso-opensource-6.1 virtuoso-opensource-6.1-common virtuoso-opensource-6.1-bin virtuoso-vsp-startpage virtuoso-vad-conductor virtuoso-vad-doc virtuoso-vad-demo virtuoso-vad-tutorial virtuoso-vad-rdfmappers virtuoso-vad-sparqldemo virtuoso-vad-syncml virtuoso-vad-bpel virtuoso-vad-isparql virtuoso-vad-ods libvirtodbc0 libvirtuoso5.5-cil Architecture: source all amd64 Version: 6.1.4+dfsg1-4 Distribution: unstable Urgency: low Maintainer: José Manuel Santamaría Lema Changed-By: José Manuel Santamaría Lema Description: libvirtodbc0 - high-performance database - ODBC libraries libvirtuoso5.5-cil - high-performance database - Mono assemblies virtuoso-minimal - high-performance database - core dependency package virtuoso-opensource - high-performance database virtuoso-opensource-6.1 - high-performance database - support files virtuoso-opensource-6.1-bin - high-performance database - binaries virtuoso-opensource-6.1-common - high-performance database - common files virtuoso-server - high-performance database - server dependency package virtuoso-vad-bpel - high-performance database - BPEL module virtuoso-vad-conductor - high-performance database - conductor module virtuoso-vad-demo - high-performance database - demo module virtuoso-vad-doc - high-performance database - documentation module virtuoso-vad-isparql - high-performance database - iSPARQL module virtuoso-vad-ods - high-performance database - Open Data Spaces module virtuoso-vad-rdfmappers - high-performance database - RDF mappers module virtuoso-vad-sparqldemo - high-performance database - SPARQL demo module virtuoso-vad-syncml - high-performance database - SyncML module virtuoso-vad-tutorial - high-performance database - tutorial module virtuoso-vsp-startpage - high-performance database - web interface files Closes: 695743 Changes: virtuoso-opensource (6.1.4+dfsg1-4) unstable; urgency=low . * Update mono architectures: remove arm and armfh. (Closes: 695743) Checksums-Sha1: f1fc521bf81b2b34ce0137e816775c14fb1012c0 3823 virtuoso-opensource_6.1.4+dfsg1-4.dsc a00757294178dee8eaf8f27f34ed2dcffcf996d5 80366 virtuoso-opensource_6.1.4+dfsg1-4.debian.tar.gz 6a59c31c05e7ad3e0f2c05dacdd4d7b862553fcb 84642 virtuoso-opensource_6.1.4+dfsg1-4_all.deb f1926741b2d8586f
Bug#694286: marked as done (fstrcmp: missing Breaks+Replaces: libfstrcmp-dev (<< 0.4))
Your message dated Fri, 01 Feb 2013 17:32:27 + with message-id and subject line Bug#694286: fixed in fstrcmp 0.4.D001-1+deb7u1 has caused the Debian Bug report #694286, regarding fstrcmp: missing Breaks+Replaces: libfstrcmp-dev (<< 0.4) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694286 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: fstrcmp Version: 0.4.D001-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze->wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package libfstrcmp0. (Reading database ... 6286 files and directories currently installed.) Unpacking libfstrcmp0 (from .../libfstrcmp0_0.3.D001-1_amd64.deb) ... Selecting previously deselected package libfstrcmp-dev. Unpacking libfstrcmp-dev (from .../libfstrcmp-dev_0.3.D001-1_amd64.deb) ... Setting up libfstrcmp0 (0.3.D001-1) ... Setting up libfstrcmp-dev (0.3.D001-1) ... Selecting previously deselected package fstrcmp. (Reading database ... 6369 files and directories currently installed.) Unpacking fstrcmp (from .../fstrcmp_0.4.D001-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/fstrcmp_0.4.D001-1_amd64.deb (--unpack): trying to overwrite '/usr/share/man/man3/fstrcoll.3.gz', which is also in package libfstrcmp-dev 0.3.D001-1 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze->wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/share/man/man3/fmemcmp.3.gz usr/share/man/man3/fmemcmpi.3.gz usr/share/man/man3/fstrcasecmp.3.gz usr/share/man/man3/fstrcasecmpi.3.gz usr/share/man/man3/fstrcmp.3.gz usr/share/man/man3/fstrcmpi.3.gz usr/share/man/man3/fstrcoll.3.gz usr/share/man/man3/fstrcolli.3.gz usr/share/man/man3/fwcscmp.3.gz usr/share/man/man3/fwcscmpi.3.gz The following relationships are currently defined: Package: fstrcmp Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: fstrcmp Breaks: libfstrcmp-dev (<< 0.4) Replaces: libfstrcmp-dev (<< 0.4) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. libfstrcmp-dev=0.3.D001-1_fstrcmp=0.4.D001-1.log.gz Description: GNU Zip compressed data --- End Message --- --- Begin Message --- Source: fstrcmp Source-Version: 0.4.D001-1+deb7u1 We believe that the bug you reported is fixed in the latest version of fstrcmp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann (supplier of updated fstrcmp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 30 Jan 2013 15:12:45 +0100 Source: fstrcmp Binary: fstrcmp libfstrcmp0 libfstrcmp0-dbg libfstrcmp-dev Architecture: source amd64 Version: 0.4.D001-1+deb7u1 Distribution: testing Urgency: low Maintainer: Peter Miller Changed-By: Andreas Beckmann Description: fstrcmp- fuzzy comparison of strings libfstrcmp-dev - library of fuzzy string comparison functions - development files libfstrcmp0 -
Bug#699459: [rt.debian.org #4133] Patch for libupnp4
And here's the intended debdiff against libupnp4. It's exactly the same patch. Regards, -- Yves-Alexis diff -u libupnp4-1.8.0~svn20100507/debian/changelog libupnp4-1.8.0~svn20100507/debian/changelog --- libupnp4-1.8.0~svn20100507/debian/changelog +++ libupnp4-1.8.0~svn20100507/debian/changelog @@ -1,3 +1,13 @@ +libupnp4 (1.8.0~svn20100507-1+squeeze1) UNRELEASED; urgency=high + + * Non-maintainer upload by the Security Team. + * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix +various stack-based buffer overflows in service_unique_name() function. +This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, +CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699459 + + -- Yves-Alexis Perez Fri, 01 Feb 2013 17:36:39 +0100 + libupnp4 (1.8.0~svn20100507-1) unstable; urgency=low * New pull from upstream subversion diff -u libupnp4-1.8.0~svn20100507/debian/patches/series libupnp4-1.8.0~svn20100507/debian/patches/series --- libupnp4-1.8.0~svn20100507/debian/patches/series +++ libupnp4-1.8.0~svn20100507/debian/patches/series @@ -12,0 +13 @@ +0001-Security-fix-for-CERT-issue-VU-922681.patch only in patch2: unchanged: --- libupnp4-1.8.0~svn20100507.orig/debian/patches/0001-Security-fix-for-CERT-issue-VU-922681.patch +++ libupnp4-1.8.0~svn20100507/debian/patches/0001-Security-fix-for-CERT-issue-VU-922681.patch @@ -0,0 +1,105 @@ +Fix for VU#922681 + +This includes fix for various CVEs by more or less backporting the whole unique_service_name() function from 1.6.18. + +CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN +CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf +CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType +CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN +CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN +CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN +CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType +CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType + +--- a/upnp/src/ssdp/ssdp_server.c b/upnp/src/ssdp/ssdp_server.c +@@ -416,7 +416,7 @@ int unique_service_name(IN char *cmd, IN + char *ptr2 = NULL; + char *ptr3 = NULL; + int CommandFound = 0; +-int length = 0; ++size_t n = (size_t)0; + + if( ( TempPtr = strstr( cmd, "uuid:schemas" ) ) != NULL ) { + ptr1 = strstr( cmd, ":device" ); +@@ -433,16 +433,23 @@ int unique_service_name(IN char *cmd, IN + } + + if( ptr3 != NULL ) { +-sprintf( Evt->UDN, "uuid:%s", ptr3 + 1 ); ++if (strlen("uuid:") + strlen(ptr3 + 1) >= sizeof Evt->UDN) ++return -1; ++snprintf(Evt->UDN, sizeof Evt->UDN, "uuid:%s", ptr3 + 1); + } else { + return -1; + } + + ptr1 = strstr( cmd, ":" ); + if( ptr1 != NULL ) { +-strncpy( TempBuf, ptr1, ptr3 - ptr1 ); +-TempBuf[ptr3 - ptr1] = '\0'; +-sprintf( Evt->DeviceType, "urn%s", TempBuf ); ++n = (size_t)ptr3 - (size_t)ptr1; ++n = n >= sizeof TempBuf ? sizeof TempBuf - 1 : n; ++strncpy(TempBuf, ptr1, n); ++TempBuf[n] = '\0'; ++if (strlen("urn") + strlen(TempBuf) >= sizeof(Evt->DeviceType)) ++return -1; ++snprintf(Evt->DeviceType, sizeof(Evt->DeviceType), ++"urn%s", TempBuf); + } else { + return -1; + } +@@ -451,10 +458,13 @@ int unique_service_name(IN char *cmd, IN + + if( ( TempPtr = strstr( cmd, "uuid" ) ) != NULL ) { + if( ( Ptr = strstr( cmd, "::" ) ) != NULL ) { +-strncpy( Evt->UDN, TempPtr, Ptr - TempPtr ); +-Evt->UDN[Ptr - TempPtr] = '\0'; ++n = (size_t)Ptr - (size_t)TempPtr; ++n = n >= sizeof Evt->UDN ? sizeof Evt->UDN - 1 : n; ++strncpy(Evt->UDN, TempPtr, n); ++Evt->UDN[n] = '\0'; + } else { +-strcpy( Evt->UDN, TempPtr ); ++memset(Evt->UDN, 0, sizeof(Evt->UDN)); ++strncpy(Evt->UDN, TempPtr, sizeof Evt->UDN - 1); + } + CommandFound = 1; + } +@@ -462,7 +472,9 @@ int unique_service_name(IN char *cmd, IN + if( strstr( cmd, "urn:" ) != NULL + && strstr( cmd, ":service:" ) != NULL ) { + if( ( TempPtr = strstr( cmd, "urn" ) ) != NULL ) { +-strcpy( Evt->ServiceType, TempPtr ); ++memset(Evt->ServiceType, 0, sizeof Evt->ServiceType); ++strncpy(Evt->ServiceType, TempPtr, ++sizeof Evt->ServiceType - 1); + CommandFound = 1; + } + } +@@ -470,7 +482,9 @@ int unique_service_name(IN char *cmd, IN + if( strstr( cmd, "urn:" ) != NULL + && strstr( cmd, ":device:" ) != NULL ) { + if( ( TempPtr = strstr( cmd, "urn" ) ) != NULL ) { +-strcpy( Evt->DeviceType, TempPtr ); ++memset(Evt->DeviceType, 0, size
Bug#699253: marked as done (libcitygml: FTBFS: dh_install: openscenegraph-plugin-citygml-shared missing files (usr/lib/osgPlugins-*/*.so), aborting)
Your message dated Fri, 01 Feb 2013 16:47:31 + with message-id and subject line Bug#699253: fixed in libcitygml 0.14+svn128-1+3p0p1+4 has caused the Debian Bug report #699253, regarding libcitygml: FTBFS: dh_install: openscenegraph-plugin-citygml-shared missing files (usr/lib/osgPlugins-*/*.so), aborting to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699253 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libcitygml Version: 0.14+svn128-1+3p0p1 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20130129 qa-ftbfs Justification: FTBFS in wheezy on amd64 Hi, During a rebuild of all packages in *wheezy*, your package failed to build on amd64. Relevant part: > make[2]: Entering directory > `/«BUILDDIR»/libcitygml-0.14+svn128/obj-x86_64-linux-gnu' > make[2]: Nothing to be done for `preinstall'. > make[2]: Leaving directory > `/«BUILDDIR»/libcitygml-0.14+svn128/obj-x86_64-linux-gnu' > Install the project... > /usr/bin/cmake -P cmake_install.cmake > -- Install configuration: "" > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.so.0.0.0 > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.so.0 > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.so > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.a > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/include/citygml.h > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/include/vecs.h > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/lib/x86_64-linux-gnu/pkgconfig/citygml.pc > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/bin/citygml2vrml > -- Removed runtime path from > "/«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/bin/citygml2vrml" > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/bin/citygmltest > -- Removed runtime path from > "/«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/bin/citygmltest" > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/usr/lib/osgPlugins-3.0.1/ReaderWriterCityGML.so > -- Removed runtime path from > "/«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/usr/lib/osgPlugins-3.0.1/ReaderWriterCityGML.so" > -- Installing: > /«BUILDDIR»/libcitygml-0.14+svn128/debian/tmp/usr/usr/lib/osgPlugins-3.0.1/ReaderWriterCityGML.a > make[1]: Leaving directory > `/«BUILDDIR»/libcitygml-0.14+svn128/obj-x86_64-linux-gnu' > cd /«BUILDDIR»/libcitygml-0.14+svn128 >dh_install > install -d debian/libcitygml0//usr/lib/x86_64-linux-gnu > cp -a debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.so.0 > debian/libcitygml0//usr/lib/x86_64-linux-gnu/ > cp -a debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.so.0.0.0 > debian/libcitygml0//usr/lib/x86_64-linux-gnu/ > install -d debian/libcitygml0-dev//usr/include > cp -a debian/tmp/usr/include/citygml.h > debian/libcitygml0-dev//usr/include/ > cp -a debian/tmp/usr/include/vecs.h debian/libcitygml0-dev//usr/include/ > install -d debian/libcitygml0-dev//usr/lib/x86_64-linux-gnu > cp -a debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.a > debian/libcitygml0-dev//usr/lib/x86_64-linux-gnu/ > cp -a debian/tmp/usr/lib/x86_64-linux-gnu/libcitygml.so > debian/libcitygml0-dev//usr/lib/x86_64-linux-gnu/ > install -d debian/libcitygml0-dev//usr/lib/x86_64-linux-gnu/pkgconfig > cp -a debian/tmp/usr/lib/x86_64-linux-gnu/pkgconfig/citygml.pc > debian/libcitygml0-dev//usr/lib/x86_64-linux-gnu/pkgconfig/ > install -d debian/libcitygml0-bin//usr/bin > cp -a debian/tmp/usr/bin/citygml2vrml debian/libcitygml0-bin//usr/bin/ > cp -a debian/tmp/usr/bin/citygmltest debian/libcitygml0-bin//usr/bin/ > dh_install: openscenegraph-plugin-citygml-shared missing files > (usr/lib/osgPlugins-*/*.so), aborting > make: *** [binary] Error 255 The full build log is available from: http://people.debian.org/~lucas/logs/2013/01/29/libcitygml_0.14+svn128-1+3p0p1_wheezy.log A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on EC2 VM instances from Amazon Web Services, using a clean, minimal and up-to-date chroot. Every failed build was retried once to eliminate random fai
Bug#681147: marking for classification by piuparts-analyze
On Wed, Oct 10, 2012 at 15:55:43 +0200, Andreas Beckmann wrote: > Control: found -1 diffmon/20020222-2.5 > Control: found -1 kuvert/2.0.7 > Control: found -1 mcron/1.0.6-1 > > Marking this bug as found in some package/version combinations where it > is detected by piuparts to allow automatic classification by > piuparts-analyze. These packages depend on mail-transport-agent, and > because there exist non-buggy packages that provide this dependency, > piuparts-master lets the slave check this package, but during the test > the buggy sendmail mail-transport-agent will be used ... making this bug > show up elsewhere. > Please don't abuse the BTS for private piuparts purposes. Use usertags if you like, but 'found' doesn't mean what you say above... Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: block 699542 with 699380
Processing commands for cont...@bugs.debian.org: > block 699542 with 699380 Bug #699542 [ftp.debian.org] RM: virtuoso-opensource [armhf] -- RoQA; B-D on missing mono/armhf 699542 was not blocked by any bugs. 699542 was not blocking any bugs. Added blocking bug(s) of 699542: 699380 > thanks Stopping processing here. Please contact me if you need assistance. -- 699542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699542 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed (with 1 errors): block 699380 with 699380, unblock 699380 with 697190
Processing commands for cont...@bugs.debian.org: > # Silly me; using the wrong bug id > block 699380 with 699380 Bug #699380 [src:virtuoso-opensource] virtuoso-opensource: remove armhf from mono archs Failed to set blocking bugs of 699380: It is nonsensical for a bug to block itself (or a merged partner): 699380 Debbugs::Control::set_blocks('transcript', 'GLOB(0x282d580)', 'requester', 'Niels Thykier ', 'request_addr', 'cont...@bugs.debian.org', 'request_msgid', '<1359735401-3353-bts-ni...@thykier.net>', 'request_subject', ...) called at /usr/local/lib/site_perl/Debbugs/Control/Service.pm line 501 eval {...} called at /usr/local/lib/site_perl/Debbugs/Control/Service.pm line 500 Debbugs::Control::Service::control_line('line', undef, 'clonebugs', 'HASH(0x27a7160)', 'limit', 'HASH(0x27a6b48)', 'common_control_options', 'ARRAY(0x27a6b90)', 'errors', ...) called at /usr/lib/debbugs/service line 474 > unblock 699380 with 697190 Bug #699380 [src:virtuoso-opensource] virtuoso-opensource: remove armhf from mono archs 699380 was blocked by: 697190 699380 was not blocking any bugs. Removed blocking bug(s) of 699380: 697190 > thanks Stopping processing here. Please contact me if you need assistance. -- 699380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: block 699380 with 697190
Processing commands for cont...@bugs.debian.org: > block 699380 with 697190 Bug #699380 [src:virtuoso-opensource] virtuoso-opensource: remove armhf from mono archs 699380 was not blocked by any bugs. 699380 was not blocking any bugs. Added blocking bug(s) of 699380: 697190 > thanks Stopping processing here. Please contact me if you need assistance. -- 699380: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699380 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699541: Maintainer address bounces
* Luca Falavigna [Fri, 01 Feb 2013 15:33:37 +0100], wrote: > Package: sisu,sisu-markup-samples > Version: sisu/3.3.2-1 > Version: sisu-markup-samples/4.0.0-1 > Severity: serious > Tags: sid > > > Maintainer address bounces with the following error: > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) failed: > > s...@lists.sisudoc.org > retry timeout exceeded > ra...@amissah.com > retry timeout exceeded > It will be fixed within a few days (a week or so). (Had hoped to wait for updates for Wheezy, a bit, recursive). I do get bug related mail here for the time being, and am fairly responsive. signature.asc Description: Digital signature
Bug#699543: FTBFS: circular dependencies w/ xemacs21 source package
Package: xemacs21-packages Version: 2009.02.17.dfsg.1 Severity: serious Hi, at the moment it is impossible to compile packages in a clean wheezy environment (eg. pbuilder) because circular deps between this and xemacs21 packages. >From my pbuilder log: The following packages have unmet dependencies: xemacs21-mule : Depends: xemacs21-mulesupport (>= 2003.04.23-1) which is a virtual package. Depends: xemacs21-basesupport (>= 2003.04.23-1) which is a virtual package. (I'd like to compile just because mulesupport and basesupport aren't currently in wheezy and I need an xemacs) Thank you, cheers -- System Information: Debian Release: 7.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699541: Maintainer address bounces
Package: sisu,sisu-markup-samples Version: sisu/3.3.2-1 Version: sisu-markup-samples/4.0.0-1 Severity: serious Tags: sid Maintainer address bounces with the following error: A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: s...@lists.sisudoc.org retry timeout exceeded ra...@amissah.com retry timeout exceeded -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699316: [rt.debian.org #4133] Re: libupnp security update?
On jeu., 2013-01-31 at 22:25 +0100, Salvatore Bonaccorso wrote: > > Nick, sorry for not putting you in the loop sooner. Can you prepare > an > > update for stable or do you want us to handle it? > > Okay thanks for the followup, and for adding Nick to the loop. > > In case there is still open work until monday evening I can try to > start helping there then again. Here's a debdiff against stable, more or less backporting the function and minimizing the diff. I don't have a working UPnP setup so if someone can test it to make sure it doesn't break anything, it'd be nice. Regards, -- Yves-Alexis diff -u libupnp-1.6.6/debian/changelog libupnp-1.6.6/debian/changelog --- libupnp-1.6.6/debian/changelog +++ libupnp-1.6.6/debian/changelog @@ -1,3 +1,14 @@ +libupnp (1:1.6.6-5+squeeze1) UNRELEASED; urgency=high + + * Non-maintainer upload by the Security Team. + * debian/patches: +- debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix + various stack-based buffer overflows in service_unique_name() function. + This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, + CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, and CVE-2012-5965. + + -- Yves-Alexis Perez Fri, 01 Feb 2013 14:22:39 +0100 + libupnp (1:1.6.6-5) unstable; urgency=low * Fixes to BSD build issues (Closes: #573319, FTBFS on Gnu/kFreeBSD) diff -u libupnp-1.6.6/debian/patches/series libupnp-1.6.6/debian/patches/series --- libupnp-1.6.6/debian/patches/series +++ libupnp-1.6.6/debian/patches/series @@ -17,0 +18 @@ +0001-Security-fix-for-CERT-issue-VU-922681.patch only in patch2: unchanged: --- libupnp-1.6.6.orig/debian/patches/0001-Security-fix-for-CERT-issue-VU-922681.patch +++ libupnp-1.6.6/debian/patches/0001-Security-fix-for-CERT-issue-VU-922681.patch @@ -0,0 +1,105 @@ +Fix for VU#922681 + +This includes fix for various CVEs by more or less backporting the whole unique_service_name() function from 1.6.18. + +CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN +CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf +CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType +CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN +CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN +CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN +CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType +CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType + +--- a/upnp/src/ssdp/ssdp_server.c b/upnp/src/ssdp/ssdp_server.c +@@ -412,7 +412,7 @@ int unique_service_name(IN char *cmd, IN + char *ptr2 = NULL; + char *ptr3 = NULL; + int CommandFound = 0; +-int length = 0; ++size_t n = (size_t)0; + + if( ( TempPtr = strstr( cmd, "uuid:schemas" ) ) != NULL ) { + ptr1 = strstr( cmd, ":device" ); +@@ -429,16 +429,23 @@ int unique_service_name(IN char *cmd, IN + } + + if( ptr3 != NULL ) { +-sprintf( Evt->UDN, "uuid:%s", ptr3 + 1 ); ++if (strlen("uuid:") + strlen(ptr3 + 1) >= sizeof Evt->UDN) ++return -1; ++snprintf(Evt->UDN, sizeof Evt->UDN, "uuid:%s", ptr3 + 1); + } else { + return -1; + } + + ptr1 = strstr( cmd, ":" ); + if( ptr1 != NULL ) { +-strncpy( TempBuf, ptr1, ptr3 - ptr1 ); +-TempBuf[ptr3 - ptr1] = '\0'; +-sprintf( Evt->DeviceType, "urn%s", TempBuf ); ++n = (size_t)ptr3 - (size_t)ptr1; ++n = n >= sizeof TempBuf ? sizeof TempBuf - 1 : n; ++strncpy(TempBuf, ptr1, n); ++TempBuf[n] = '\0'; ++if (strlen("urn") + strlen(TempBuf) >= sizeof(Evt->DeviceType)) ++return -1; ++snprintf(Evt->DeviceType, sizeof(Evt->DeviceType), ++"urn%s", TempBuf); + } else { + return -1; + } +@@ -447,10 +454,13 @@ int unique_service_name(IN char *cmd, IN + + if( ( TempPtr = strstr( cmd, "uuid" ) ) != NULL ) { + if( ( Ptr = strstr( cmd, "::" ) ) != NULL ) { +-strncpy( Evt->UDN, TempPtr, Ptr - TempPtr ); +-Evt->UDN[Ptr - TempPtr] = '\0'; ++n = (size_t)Ptr - (size_t)TempPtr; ++n = n >= sizeof Evt->UDN ? sizeof Evt->UDN - 1 : n; ++strncpy(Evt->UDN, TempPtr, n); ++Evt->UDN[n] = '\0'; + } else { +-strcpy( Evt->UDN, TempPtr ); ++memset(Evt->UDN, 0, sizeof(Evt->UDN)); ++strncpy(Evt->UDN, TempPtr, sizeof Evt->UDN - 1); + } + CommandFound = 1; + } +@@ -458,7 +468,9 @@ int unique_service_name(IN char *cmd, IN + if( strstr( cmd, "urn:" ) != NULL + && strstr( cmd, ":service:" ) != NULL ) { + if( ( TempPtr = strstr( cmd, "urn" ) ) != NULL ) { +-strcpy( Evt->ServiceType, TempPtr ); ++memset(Evt->ServiceType, 0, sizeof Evt->ServiceType); ++strncpy(Evt->ServiceType, TempPtr, ++
Bug#699267: marked as done (ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask())
Your message dated Fri, 1 Feb 2013 14:33:45 +0200 with message-id <20130201123345.gm21...@kludge.henri.nerv.fi> and subject line tested has caused the Debian Bug report #699267, regarding ircd-hybrid: CVE-2013-0238 Denial of service vulnerability in hostmask.c:try_parse_v4_netmask() to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ircd-hybrid Version: 1:7.2.2.dfsg.2-6.2 Severity: grave Tags: security Mr. Bob Nomnomnom from Torland reported a denial of service security vulnerability in ircd-hybrid. Function hostmask.c:try_parse_v4_netmask() is using strtoul to parse masks. Documentation says strtoul can parse "-number" as well. Validation of input does not catch evil bits. I can give proof of concept if needed. Fixed in commit: http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786 Fixed in: ircd-hybrid 8.0.6 I have requested CVE identifier for this vulnerability. Program received signal SIGSEGV, Segmentation fault. 0x0041c799 in try_parse_v4_netmask (text=, addr=0x113e270, b=0x113e2f8) at hostmask.c:229 229 addb[bits / 8] &= ~((1 << (8 - bits % 8)) - 1); (gdb) bt #0 0x0041c799 in try_parse_v4_netmask (text=, addr=0x113e270, b=0x113e2f8) at hostmask.c:229 #1 parse_netmask (text=, addr=0x113e270, b=0x113e2f8) at hostmask.c:255 #2 0x0040c4ab in add_id (client_p=0x77f9a058, chptr=0x11264e8, banid=, type=) at channel_mode.c:233 #3 0x0040cd28 in chm_ban (client_p=0x77f9a058, source_p=0x77f9a058, chptr=0x11264e8, parc=, parn=0x77565580, parv=0x2f, errors=0x7fffdd08, alev=2, dir=1, c=98 'b', d=0x0, chname=0x1126774 "#foo") at channel_mode.c:803 #4 0x0040baac in set_channel_mode (client_p=, source_p=, chptr=, member=, parc=2, parv=0x8ed410, chname=0x1126774 "#foo") at channel_mode.c:1785 #5 0x7fffee7655a4 in m_mode (client_p=0x77f9a058, source_p=0x77f9a058, parc=4, parv=0x8ed400) at m_mode.c:115 #6 0x00422d9f in parse_client_queued (client_p=0x77f9a058) at packet.c:216 #7 0x00422ee5 in read_packet (fd=0x10faa18, data=) at packet.c:359 #8 0x00423ead in comm_select () at s_bsd_epoll.c:204 #9 0x0041f7f8 in io_loop (argc=0, argv=0x7fffe588) at ircd.c:237 #10 main (argc=0, argv=0x7fffe588) at ircd.c:670 -- Henri Salo --- End Message --- --- Begin Message --- All Debian packages tested not to be affected by this issue. I wonder who made these changes to Debian packages code as she/he did not report these issues to upstream (or didn't know about the problem). -- Henri Salo--- End Message ---
Bug#699328: libavutil51: relocation error after upgrade
Am 30.01.2013 17:04, schrieb Reinhard Tartler: Maybe we should add a Breaks relationship to the affected libavcodec package? nah, that's really the ftp-masters job. But then those of us who already have that faulty package installed won't get rid of it merely because ftp-masters finally remove it from mirrors. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: extlinux fail to boot (error loading ldlinux.c32)
Processing commands for cont...@bugs.debian.org: > severity 699382 serious Bug #699382 [extlinux] extlinux fail to boot (error loading ldlinux.c32) Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 699382: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699382 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#677795:
Ah ok, didn't check it that much. Thanks! -- =Do- N.AND 2013/2/1 Timo Jyrinki : > Note that it's already prepared [1] and in NEW queue [2]. There's also > the associated php5-midgard2 [3] that builds against the new package > name. So I believe - unless it's not enough to address the rc bug - this > is mainly about logistics, ie. the NEW queue package essentially > depending on simultaneous [3] that is only in mentors etc. > > [1] http://mentors.debian.net/package/midgard2-core > [2] http://ftp-master.debian.org/new.html > [3] http://mentors.debian.net/package/php5-midgard2 > > -Timo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#685469: ekg2: missing copyright file - after upgrading from squeeze-backports to wheezy
On Wed, Jan 30, 2013 at 10:49:18PM +0100, Julien Cristau wrote: > On Wed, Jan 30, 2013 at 12:10:46 +0100, Andreas Beckmann wrote: > > > Followup-For: Bug #685469 > > Control: found -1 1:0.3.1-2 > > > > Hi, > > > > the missing copyright file persists after upgrading from > > squeeze+squeeze-backports with ekg2 from backports installed to wheezy. > > > > That probably means the package also does not properly cleanup when > > upgrading from an older snapshot of testing to the current testing. > > > In that case it's no longer RC... We support upgrades from a stable > release to the next, anything else is not critical. I was also under the impression that backports are unsupported. Moreover, while technically a violation of policy, this bug is not such a big deal for users for two reasons: 1) ekg2 is a metapackage that contains just one filesystem entry: the /usr/share/doc/ekg2 symlink. While that is broken after upgrade to 1:0.3.1-2, it depends on ekg2-core, so a user would be able to see the ekg2-core directory next to ekg2 and find the copyright file. 2) when you just "aptitude install ekg2" 1:0.3.1-1~bpo60+1 (squeeze) then ekg2 will disappear during this installation, as its only sign of existence (the symlink) will get overwritten by the directory from ekg2-core. Then when you upgrade to wheezy, /usr/share/doc/ekg2 will disappear as ekg2-core is upgraded, and if you install ekg2 afterwards, all will be back to normal. However if you reinstall ekg2 before the upgrade, this bug will not auto-heal on upgrade, so I would like to get a fix out. I've prepared a fix for squeeze and I could upload it if I get release-team's blessing. Interdiff below. I think that putting a fix into squeeze is preferrable to doing one in squeeze-backports, because: 1) IIRC backports only accept package versions which are already in testing, which is frozen. 2) even if I do upload a fix to backports somehow, but a user does not upgrade to that fixed backports version, but straight to squeeze, then they will never pick up a fix please let me know what you think diff -Nru ekg2-0.3.1/debian/changelog ekg2-0.3.1/debian/changelog --- ekg2-0.3.1/debian/changelog 2012-08-21 22:01:07.0 +0100 +++ ekg2-0.3.1/debian/changelog 2013-01-30 22:06:12.0 + @@ -1,3 +1,11 @@ +ekg2 (1:0.3.1-3) unstable; urgency=medium + + * RC-bugfix upload aimed at testing + * [64d17bb] Add doc directory bug cleanup steps to postinsts. +(Closes: #685469) + + -- Marcin Owsiany Wed, 30 Jan 2013 21:45:34 + + ekg2 (1:0.3.1-2) unstable; urgency=medium * RC-bugfix upload aimed at testing diff -Nru ekg2-0.3.1/debian/ekg2-core.postinst ekg2-0.3.1/debian/ekg2-core.postinst --- ekg2-0.3.1/debian/ekg2-core.postinst1970-01-01 01:00:00.0 +0100 +++ ekg2-0.3.1/debian/ekg2-core.postinst2013-01-30 22:06:12.0 + @@ -0,0 +1,8 @@ +#!/bin/sh +set -e +# Clean up after #685469. +DOCDIR=/usr/share/doc/ekg2 +if [ -d $DOCDIR ] && [ ! -L $DOCDIR ] ; then + rmdir $DOCDIR +fi +#DEBHELPER# diff -Nru ekg2-0.3.1/debian/ekg2.postinst ekg2-0.3.1/debian/ekg2.postinst --- ekg2-0.3.1/debian/ekg2.postinst 1970-01-01 01:00:00.0 +0100 +++ ekg2-0.3.1/debian/ekg2.postinst 2013-01-30 22:06:12.0 + @@ -0,0 +1,8 @@ +#!/bin/sh +set -e +# Clean up after #685469. +DOCDIR=/usr/share/doc/ekg2 +if [ ! -e $DOCDIR ] ; then + ln -s ekg2-core $DOCDIR +fi +#DEBHELPER# -- Marcin Owsiany http://marcin.owsiany.pl/ GnuPG: 2048R/02F946FC 35E9 1344 9F77 5F43 13DD 6423 DBF4 80C6 02F9 46FC -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699519: marked as done (chef-solr: Ships dangerous chef-solr-installer binary, breaks installation when used)
Your message dated Fri, 01 Feb 2013 09:47:31 + with message-id and subject line Bug#699519: fixed in chef-solr 10.12.0+dfsg-2 has caused the Debian Bug report #699519, regarding chef-solr: Ships dangerous chef-solr-installer binary, breaks installation when used to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699519 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: chef-solr Version: 10.12.0+dfsg-1 Severity: normal chef-solr ships a binary, chef-solr-installer, whose purpose on upstream chef is to blow away all files relating to the chef-solr installation from /var and redeploy from a solr.tar.gz pristine image. This image does not ship on Debian, so running chef-solr-installer completely breaks solr until the package is reinstalled. -- System Information: Debian Release: wheezy/sid APT prefers quantal-updates APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500, 'quantal'), (100, 'quantal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Source: chef-solr Source-Version: 10.12.0+dfsg-2 We believe that the bug you reported is fixed in the latest version of chef-solr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tollef Fog Heen (supplier of updated chef-solr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 01 Feb 2013 09:17:32 +0100 Source: chef-solr Binary: chef-solr Architecture: source all Version: 10.12.0+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers Changed-By: Tollef Fog Heen Description: chef-solr - manager for search indexes of Chef node attributes using Solr Closes: 684374 685578 687554 687707 687720 687721 687819 688051 688155 688422 689039 689461 699519 Changes: chef-solr (10.12.0+dfsg-2) unstable; urgency=high . [ Tollef Fog Heen ] * Fix path to WEB-INF directory. Closes: #684374 * Stop installing chef-solr-installer again, not sure why that fix got dropped. Closes: #699519 . [ Christian Perrier ] * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Closes: #685578 * [Debconf translation updates] * Polish (Michał Kułach). Closes: #687554 * Portuguese (Rui Branco). Closes: #687707 * Czech (Michal Simunek). Closes: #687720 * French (David Prévot). Closes: #687721 * Danish (Joe Hansen). Closes: #687819 * Russian (Yuri Kozlov). Closes: #688051 * German (Chris Leick). Closes: #688155 * Swedish (Martin Bagge / brother). Closes: #688422 * Italian (Beatrice Torracca). Closes: #689039 * Spanish; (# traductor (campo Last-Translator) y ponga en copia a la lista de Matías Bellone). Closes: #689461 Checksums-Sha1: 44bbcced43a021a74a3e508af53b525588699b31 1931 chef-solr_10.12.0+dfsg-2.dsc 4cacdd856283ca5f9579c579d4b1ca4462920945 21410 chef-solr_10.12.0+dfsg-2.debian.tar.gz e125d3edafa280f618259d11c21e74ff7f2ea54f 36146 chef-solr_10.12.0+dfsg-2_all.deb Checksums-Sha256: 9e302d7602758f8d3c2ea8cda9985f1a081b57c83d28708d48a71d390ca6 1931 chef-solr_10.12.0+dfsg-2.dsc 6015be736b01216a000944c597464dbe7d81fed23002df20073df6d35b2a59c0 21410 chef-solr_10.12.0+dfsg-2.debian.tar.gz a0da4f0d5ce56236fc21a7137bb50c09c102b2788696e4e31592d61f4da71aa3 36146 chef-solr_10.12.0+dfsg-2_all.deb Files: f9f362e56e62dc4369b69fef0e4aa3b3 1931 ruby optional chef-solr_10.12.0+dfsg-2.dsc 6155eb27d5563dafc8a6290c33145fc5 21410 ruby optional chef-solr_10.12.0+dfsg-2.debian.tar.gz 4d95b3ae940e16f43f4329c772d048eb 36146 ruby optional chef-solr_10.12.0+dfsg-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRC4vaAAoJELZaSHHKGdcXr7YQAJrNhTS/ANM/lKvWY9DXGXYC v/hepE/fQs/RdRWs1bnpZ39MQD97f+vfhnfNlypKBI4OuoN+gEZON4QLMsMH9hwA 9hRY/
Bug#684374: marked as done (chef-solr: Broken symlinks prevent Solr from starting properly.)
Your message dated Fri, 01 Feb 2013 09:47:31 + with message-id and subject line Bug#684374: fixed in chef-solr 10.12.0+dfsg-2 has caused the Debian Bug report #684374, regarding chef-solr: Broken symlinks prevent Solr from starting properly. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 684374: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684374 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: chef-solr Version: 10.12.0+dfsg-1 Severity: important Dear Maintainer, Because of broken symlinks Solr servlet fails to start. This causes Chef server answer with error 503 on all search requests. Proposed fix: --- chef-solr.links.orig2012-06-20 23:20:40.0 +0400 +++ chef-solr.links 2012-08-09 12:12:28.440154146 +0400 @@ -4,8 +4,8 @@ /var/log/jetty/ /var/lib/chef/solr/solr-jetty/logs /usr/share/jetty/start.jar /var/lib/chef/solr/solr-jetty/start.jar /usr/share/jetty/webapps/root/ /var/lib/chef/solr/solr-jetty/webapps/root -/usr/share/solr/admin /var/lib/chef/solr/solr-jetty/webapps/solr/admin +/usr/share/solr/web/admin /var/lib/chef/solr/solr-jetty/webapps/solr/admin /etc/solr/conf /var/lib/chef/solr/solr-jetty/webapps/solr/conf /usr/share/solr/scripts /var/lib/chef/solr/solr-jetty/webapps/solr/scripts -/usr/share/solr/WEB-INF/lib/ /var/lib/chef/solr/solr-jetty/webapps/solr/WEB-INF/lib +/usr/share/solr/web/WEB-INF/lib/ /var/lib/chef/solr/solr-jetty/webapps/solr/WEB-INF/lib /etc/solr/web.xml /var/lib/chef/solr/solr-jetty/webapps/solr/WEB-INF/web.xml -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages chef-solr depends on: ii adduser 3.113+nmu3 ii chef 10.12.0-1 ii debconf [debconf-2.0]1.5.44 ii default-jre-headless [java6-runtime-headless]1:1.6-47 ii openjdk-6-jre-headless [java6-runtime-headless] 6b24-1.11.3-2 ii rabbitmq-server 2.8.4-1 ii ruby-json1.7.3-2 ii ruby-libxml 2.3.2-1 ii ruby1.8 [ruby-interpreter] 1.8.7.358-4 ii ruby1.9.1 [ruby-interpreter] 1.9.3.194-1 ii solr-jetty 3.6.0+dfsg-1 ii ucf 3.0025+nmu3 chef-solr recommends no packages. chef-solr suggests no packages. -- debconf information excluded --- End Message --- --- Begin Message --- Source: chef-solr Source-Version: 10.12.0+dfsg-2 We believe that the bug you reported is fixed in the latest version of chef-solr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 684...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tollef Fog Heen (supplier of updated chef-solr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 01 Feb 2013 09:17:32 +0100 Source: chef-solr Binary: chef-solr Architecture: source all Version: 10.12.0+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian Ruby Extras Maintainers Changed-By: Tollef Fog Heen Description: chef-solr - manager for search indexes of Chef node attributes using Solr Closes: 684374 685578 687554 687707 687720 687721 687819 688051 688155 688422 689039 689461 699519 Changes: chef-solr (10.12.0+dfsg-2) unstable; urgency=high . [ Tollef Fog Heen ] * Fix path to WEB-INF directory. Closes: #684374 * Stop installing chef-solr-installer again, not sure why that fix got dropped. Closes: #699519 . [ Christian Perrier ] * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Closes: #685578 * [Debconf translation updates] * Polish (Michał Kułach). Closes: #687554 * Portuguese (Ru
Processed: severity of 699519 is serious
Processing commands for cont...@bugs.debian.org: > severity 699519 serious Bug #699519 [chef-solr] chef-solr: Ships dangerous chef-solr-installer binary, breaks installation when used Severity set to 'serious' from 'normal' > thanks Stopping processing here. Please contact me if you need assistance. -- 699519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699519 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processed: severity of 684374 is serious
Processing commands for cont...@bugs.debian.org: > severity 684374 serious Bug #684374 [chef-solr] chef-solr: Broken symlinks prevent Solr from starting properly. Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 684374: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684374 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#677795: (no subject)
Note that it's already prepared [1] and in NEW queue [2]. There's also the associated php5-midgard2 [3] that builds against the new package name. So I believe - unless it's not enough to address the rc bug - this is mainly about logistics, ie. the NEW queue package essentially depending on simultaneous [3] that is only in mentors etc. [1] http://mentors.debian.net/package/midgard2-core [2] http://ftp-master.debian.org/new.html [3] http://mentors.debian.net/package/php5-midgard2 -Timo -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org