Bug#764162: Regression with kernel 3.16.7-ckt2-1
Dear Ian, First of all, thank you very much for the reply. I wasn't able to reply earlier due to end of year activities, but now I will try to be as speedy as feasible. On Dec 31 2014, Ian Campbell wrote: On Wed, 2014-12-31 at 06:08 -0200, Rogério Brito wrote: I have a Kurobox Pro that I use as a NAS and I was affected by the network corruption when the TSO was enabled in versions 3.16 before the version with the workaround on the mv643xx_eth (not having seen the code, from a user's perspective, this workaround was more like a fix than a dirty hack). The workaround was just turning off the feature. Exactly. This is what I did with ethtool. Please can you clarify which of these kernels did/didn't work (or for which you have no data): * 3.16.7-1 (has the bug) I had the bug with this and I even put the last 3.14 that I had available here on hold and, I was running all the time , | flash-kernel --force 3.14-2-orion5x ` To prevent problems in the case of a power outage here and my wife booting the NAS, as there are some educative programs that my little son watches every day. I even thought that the days of that device were counted, given that some newer userspace is likely to require newer kernel versions and that this device's live would be cut short (before I knew what the problem was---I was only seeing the symptoms). I did not report the problem because I thought that I would have little success in explaining the problem (and doing git bisects on this thing would be seriously would take so many weeks). I was so happy that I wasn't the only person seeing corruption with the 3.16.7-1 kernel! * 3.16.7-2 (with the hack/workaround of disabling TSO by default) With this, I had *no* problems and I was relieved that things went back to work just fine, without data corruption. (I also use this NAS as a way to backup some of my data---if there is silent data corruption, then I would be in trouble). * 3.16.7-ckt2-1 (with the supposed proper fix, 2c2a9cb from upstream, backported via the -ckt tree) This brought me back the problematic situation of the 3.16.7-1. To avoid forcing flash-kernel with the command above, I tried to turn TSO off and I see no signs of corruption. FWIW I am running 3.16.7-ckt2-1 on my kirkwood based ts-419 right now and it seems fine. It's possible that your system has a separate issue or is somehow more susceptible to the original (Which IIRC was cache based, so could affect different platforms differently). I have not read the code of the commit nor the context of fix, unfortunately. Please can you also confirm that flash-kernel has been run and is picking up the correct kernel image, i.e. it hasn't installed an old kernel for you or something like that. uname -v includes the actual running version. Sure. Here you go: ,[ uname -a ] | Linux lattes 3.16.0-4-orion5x #1 Debian 3.16.7-ckt2-1 (2014-12-08) armv5tel GNU/Linux ` Can we get a fix for this in time for jessie? If one can be found of course we will try and apply it. Thank you very much for being open to this possibility. Since I can't reproduce it would be useful if you could take this issue to the upstream developers who were involved in the original bug report and work with them directly to find a cure. I may try, but I am not confident that I will have any success. :( If we can't find one then I suppose we will fall back to just disabling TSO by default on these systems. Yes. In absence of further data, between data corruption an a performance hit, the choice is quite easy. Thanks, -- Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFC http://cynic.cc/blog/ : github.com/rbrito : profiles.google.com/rbrito DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774493: wheezy-jessie: trigger loop gconf2 - initramfs-tools
Package: upgrade-reports Severity: serious Heya, I've just upgraded a family laptop from wheezy to jessie. The general experience has been very good and quick, with no noticeable breakages. The only problem is that the first apt-get dist-upgrade (after an apt-get upgrade, as recommended by the release notes) failed due to a trigger loop. Here are the details (messages translated to English by hand, as the upgraded laptop had an Italian locale) : configuring libdevmapper1.02.1:amd64 (2:1.02.90-2) trigger loop detected potentially responsible packages: gconf2 - initramfs-tools awaiting triggers that might be non resolvable libc-bin: ldconfig initramfs-tools: update-initramfs gconf2: /usr/share/gconf/schemas dpkg: error while processing libc-bin (--configure): trigger loop, giving up (If needed, I have a picture of the tty console on my phone, which I can provide.) After a few dpkg --configure --pending / apt-get -f install the problem went away and I managed to succesfully complete apt-get dist-upgrade. Cheers. -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774493: wheezy-jessie: trigger loop gconf2 - initramfs-tools
Control: tags -1 confirmed On Sat, 03 Jan 2015 14:11:05 +0100 Stefano Zacchiroli z...@debian.org wrote: Package: upgrade-reports Severity: serious Heya, I've just upgraded a family laptop from wheezy to jessie. The general experience has been very good and quick, with no noticeable breakages. The only problem is that the first apt-get dist-upgrade (after an apt-get upgrade, as recommended by the release notes) failed due to a trigger loop. Here are the details (messages translated to English by hand, as the upgraded laptop had an Italian locale) : configuring libdevmapper1.02.1:amd64 (2:1.02.90-2) trigger loop detected potentially responsible packages: gconf2 - initramfs-tools awaiting triggers that might be non resolvable libc-bin: ldconfig initramfs-tools: update-initramfs gconf2: /usr/share/gconf/schemas dpkg: error while processing libc-bin (--configure): trigger loop, giving up (If needed, I have a picture of the tty console on my phone, which I can provide.) After a few dpkg --configure --pending / apt-get -f install the problem went away and I managed to succesfully complete apt-get dist-upgrade. Cheers. [...] Seems to be #771730, so it should disappear once the new dpkg migrates. Would be possible for you to re-try the upgrade where you upgrade into the dpkg from sid instead of the Jessie version? ~Niels -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774493: wheezy-jessie: trigger loop gconf2 - initramfs-tools
On Sat, Jan 03, 2015 at 02:24:43PM +0100, Niels Thykier wrote: Seems to be #771730, so it should disappear once the new dpkg migrates. Thanks. I've looked into the bug reports of the mentioned packages for duplicates, but didn't look into dpkg itself. Would be possible for you to re-try the upgrade where you upgrade into the dpkg from sid instead of the Jessie version? Unfortunately not :-/, as the laptop has been upgraded now, and I don't have handy another laptop with a similar/identical configuration. Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: wheezy-jessie: trigger loop gconf2 - initramfs-tools
Processing control commands: tags -1 confirmed Bug #774493 [upgrade-reports] wheezy-jessie: trigger loop gconf2 - initramfs-tools Added tag(s) confirmed. -- 774493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#772815: marked as done (pyyaml: CVE-2014-9130)
Your message dated Sat, 03 Jan 2015 17:03:34 + with message-id e1y7s6w-0004jj...@franck.debian.org and subject line Bug#772815: fixed in pyyaml 3.09-5+deb6u1 has caused the Debian Bug report #772815, regarding pyyaml: CVE-2014-9130 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: pyyaml Severity: grave Tags: security Hi, CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short reproducer. Cheers, Moritz import yaml import codecs with codecs.open('CVE-2014-9130.yaml', 'r') as stream: foo = yaml.load(stream) for key, value in foo.items(): setattr(self, key, value) abc: def: 'xxx ' ghi: 'yyy'---End Message--- ---BeginMessage--- Source: pyyaml Source-Version: 3.09-5+deb6u1 We believe that the bug you reported is fixed in the latest version of pyyaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz deb...@alteholz.de (supplier of updated pyyaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Jan 2015 16:00:21 +0100 Source: pyyaml Binary: python-yaml python-yaml-dbg python3-yaml python3-yaml-dbg Architecture: source i386 Version: 3.09-5+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Debian Python Modules Team python-modules-t...@lists.alioth.debian.org Changed-By: Thorsten Alteholz deb...@alteholz.de Description: python-yaml - YAML parser and emitter for Python python-yaml-dbg - YAML parser and emitter for Python python3-yaml - YAML parser and emitter for Python3 python3-yaml-dbg - YAML parser and emitter for Python3 Closes: 772815 Changes: pyyaml (3.09-5+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * Add CVE-2014-9130.patch. CVE-2014-9130: assert failure when processing wrapped strings. (Closes: #772815) Checksums-Sha1: 80921e2de47698b41d8995adbbe53ec066db0c86 2154 pyyaml_3.09-5+deb6u1.dsc 6131d6a42bbd3e88d7efa3784d69395a136267be 238383 pyyaml_3.09.orig.tar.gz 58d947f79936e770ecaadd87bea9955c418b7c24 4045 pyyaml_3.09-5+deb6u1.diff.gz baa2dca48b760631a37dda66e7bf5ac5a88da9ce 165114 python-yaml_3.09-5+deb6u1_i386.deb 01018f4278468ad59143d7ce966b84b4bc415359 155984 python-yaml-dbg_3.09-5+deb6u1_i386.deb 2ac2a59df1d27b548a044d6d591923e45676701d 96162 python3-yaml_3.09-5+deb6u1_i386.deb 8a2b2a494729bda5c4b5f2b6ca647941b8af9d39 80648 python3-yaml-dbg_3.09-5+deb6u1_i386.deb Checksums-Sha256: 420b308f16c99c07815404ff7350b423487545884e26f77daa8501c365a4 2154 pyyaml_3.09-5+deb6u1.dsc 30076d51387cca35d461c8b36408de189d31f17e44d45cd2200bbd2d02f555c1 238383 pyyaml_3.09.orig.tar.gz a10a388cb139fcc681a04775f44d4333d12b1a799024a301fe2018f4ba534589 4045 pyyaml_3.09-5+deb6u1.diff.gz 1e0f61e46f20de78cf3107dd15ec0a19bdb963a0c2d3f028f0007f834481bde6 165114 python-yaml_3.09-5+deb6u1_i386.deb 89f923ccef63a6e423f04e77e472ac520793fd4d3ea8c6cf70f018b8a450b874 155984 python-yaml-dbg_3.09-5+deb6u1_i386.deb d36aba653fe597b4e7e5a7d6ef2e6291e2c202a4e4aa6ffbc04b6ad5c45b7873 96162 python3-yaml_3.09-5+deb6u1_i386.deb 56e562774f06e0dbab27adf96245ad2941ff67fa6a65f52b2144a77e10ffd33e 80648 python3-yaml-dbg_3.09-5+deb6u1_i386.deb Files: 9f68b6d97c3195efa33cf56be67912ba 2154 python optional pyyaml_3.09-5+deb6u1.dsc f219af2361e87fdc5e85e95b84c11d87 238383 python optional pyyaml_3.09.orig.tar.gz c8d4ea18218ee20c342d4b50dcc4b45c 4045 python optional pyyaml_3.09-5+deb6u1.diff.gz a30457db031e8ba46a819d9cc35d4112 165114 python optional python-yaml_3.09-5+deb6u1_i386.deb 41e69069de1e19208105b0587d09ca99 155984 debug extra python-yaml-dbg_3.09-5+deb6u1_i386.deb ede48a150d9fa32690bece2cde0aa855 96162 python optional python3-yaml_3.09-5+deb6u1_i386.deb 6985bde51e948f94df57892f4fe71857 80648 debug extra python3-yaml-dbg_3.09-5+deb6u1_i386.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJUqBy9XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
Bug#774242: marked as done (libical1 1.0-1.2 breaks kalarm)
Your message dated Sat, 03 Jan 2015 17:00:07 + with message-id e1y7s3b-0004as...@franck.debian.org and subject line Bug#774242: fixed in libical 1.0-1.3 has caused the Debian Bug report #774242, regarding libical1 1.0-1.2 breaks kalarm to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 774242: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libical1 Version: 1.0-1.1 Severity: critical Justification: breaks unrelated software Dear Maintainer, after updating libical1 to 1.0-1.2 kalarm does not work anymore. Manual downgrading libical1 back to 1.0-1.1 fixes this. Setting high bug priority to prevent migration to jessie at this point of release. If you need any more input let me know. Bye Thilo -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (400, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libical1 depends on: ii libc6 2.19-13 ii tzdata 2014j-1 libical1 recommends no packages. libical1 suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: libical Source-Version: 1.0-1.3 We believe that the bug you reported is fixed in the latest version of libical, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 774...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ivo De Decker iv...@debian.org (supplier of updated libical package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 03 Jan 2015 14:58:46 +0100 Source: libical Binary: libical-dev libical1a libical-dbg Architecture: source amd64 Version: 1.0-1.3 Distribution: unstable Urgency: medium Maintainer: Fathi Boudra f...@debian.org Changed-By: Ivo De Decker iv...@debian.org Description: libical-dbg - debugging symbols for libical libical-dev - iCalendar library implementation in C (development) libical1a - iCalendar library implementation in C (runtime) Closes: 774242 Changes: libical (1.0-1.3) unstable; urgency=medium . * Non-maintainer upload. * Rename libical1 to libical1a because the change introduced in the previous upload breaks compatibility. (Closes: #774242) Checksums-Sha1: 0c63656af97e30133136701a628f66c9952e13a3 1828 libical_1.0-1.3.dsc dfa5082c4fb39e144d6590a3e521091bbc9a7639 18796 libical_1.0-1.3.debian.tar.xz 379052b4331fb24c7a896371d9d97a9762348826 204482 libical-dev_1.0-1.3_amd64.deb e0b759f0693f131753ede46a4a423c36bd8caeb7 183412 libical1a_1.0-1.3_amd64.deb 973594f895b0b60a5f144fd867dabc16343ec218 383790 libical-dbg_1.0-1.3_amd64.deb Checksums-Sha256: 9050cc3b9ed683290a505f064a503b4191e45a62095698def4859ab6cb2e330b 1828 libical_1.0-1.3.dsc c303e2e9c37470a5ff0da245e6e5279b777435371ad3f452a11ba46f2ab7f26f 18796 libical_1.0-1.3.debian.tar.xz 3a05dd5520efd2c3459f5583b4ca5336fc7ddc90ae19fd2d5cf892cc6d2f 204482 libical-dev_1.0-1.3_amd64.deb 5c49cf565cdcfef62e00ba77c0f9f8f0ed00387b8f77c4d757c5ca358ee03411 183412 libical1a_1.0-1.3_amd64.deb ec7dd6d72cd9d3365e95a4e2b69dea1ce52bae71abb76da39ed3a4df2e364ce2 383790 libical-dbg_1.0-1.3_amd64.deb Files: 0aecb0c670613fb7c5aa14bd97f2a5cf 1828 libs optional libical_1.0-1.3.dsc 795a0507a038fbd4a516f9ef6fd8ab1a 18796 libs optional libical_1.0-1.3.debian.tar.xz a27b6d4b735dec7bffae14e5830024d0 204482 libdevel optional libical-dev_1.0-1.3_amd64.deb db4c8ca2b4cbc48450d7ddbb276ecafd 183412 libs optional libical1a_1.0-1.3_amd64.deb c4f0cc72a936e360ba65c16531d5f037 383790 debug extra libical-dbg_1.0-1.3_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJUqA4YAAoJEKxAu1iXBOr8tIEP/14ukzQe1loUeoFBCQjG2ms8 9XiAm+C6Wl0RscQ0IXGZZfWSziBDOWem9g1Pzo+z6iwaH0UcTOBOU59pq+gYSjk9 zYx8+ElrBPRMnIa5pXPI12KUr2XCur8ggMgSeToNUujnwWvPHzken5hhpUcxF8iJ /Tb5ApSp9IoGJ+Nea+ETXeXWrG6l36wiEYL4rPd6gQ0FPhrnQGS0JqqFE8TSmjNW s/xQ607Q8zZhNZUNu0M49Z7bSrqMgY/KCzhXgFFY30i4+k9BJpYR1Ff44RWoDeDu
Bug#771496: dpkg-cross follow-up
summary 771496 If anything you are doing would fail after the removal of dpkg-cross, you're doing it wrong. It's going away, whether you want it to or not. thanks Just a follow-up on dpkg-cross, for the benefit of anyone reviewing the list of RC bugs. You are missing an important aspect here: dpkg-cross is currently the only way to build a cross compiler from src:gcc-4.9. Sorry, I did not miss that aspect: your statement is incorrect. Clean pbuilder sid chroot: # dpkg --add-architecture armhf # apt-get -qq update # apt-get build-dep cross-gcc-4.9-armhf Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: autoconf autoconf2.64 autogen autotools-dev binutils-arm-linux-gnueabihf bison bsdmainutils chrpath cross-gcc-dev debhelper diffstat expect file flex gawk gcc-4.9-base:armhf gcc-4.9-source gdb gettext gettext-base groff-base guile-2.0-libs intltool-debian libasprintf0c2 libbison-dev libc6:armhf libc6-dev:armhf libcloog-isl-dev libcroco3 libexpat1 libffi6 libfl-dev libgc1c2 libgcc1:armhf libglib2.0-0 libgmp-dev libisl-dev libltdl7 libmagic1 libmpc-dev libmpfr-dev libopts25 libopts25-dev libpipeline1 libpython-stdlib libpython2.7 libpython2.7-minimal libpython2.7-stdlib libsigsegv2 libssl1.0.0 libtcl8.6 libtool libunistring0 libxml2 linux-libc-dev:armhf m4 man-db mime-support netbase patchutils po-debconf python python-minimal python2.7 python2.7-minimal quilt realpath sharutils systemtap-sdt-dev tcl-expect zip zlib1g-dev dpkg-cross is not mentioned in that list. Not only is it not the only way to build a cross compiler from src:gcc-4.9, it is not even the default way to build a cross-compiler from src:gcc-4.9. Nothing about building a cross-compiler or using a cross-compiler on Debian unstable has to have anything at all to do with dpkg-cross - except that some packages need data from those config files. Even that can be patched in locally if someone has need. Such steps are a lot less work than has been required to get packages to cross-build previously. It is a shame that cross-gcc-4.9-armhf couldn't get into Jessie but then, ever since the Wheezy release, cross-building in Jessie has been a case of downgrading to Wheezy (or Squeeze) or upgrading to unstable (or experimental) anyway. In many ways, it is only fitting that dpkg-cross gets removed from Jessie as it makes it clear about the status of cross-building in Jessie - absent. You may want to (re)discuss this with the gcc maintainer: He does not seem to be aware of this deprecation and declares dpkg-cross supported. Matthias is aware of my personal feelings towards dpkg-cross and the horrors that it spawned (apt-cross and xapt) - I've spoken to him at length, face-to-face, a couple of times. He knows that I have been trying to kill dpkg-cross for at least two release cycles already. If it had been possible, I would have removed dpkg-cross when apt-cross had to be removed - instead I needed to write xapt, a program I bitterly regret needing to create. Yes, there is no formal deprecation notice in the dpkg-cross manpage but that is due to the following reasons: 0: lack of support maintenance is one reason for deprecating it - no upload for 8 months. 1: the replacement toolchains never made it into Jessie, so there was no time to upload dpkg-cross with such changes and get those changes into Jessie once the replacements were shown to be working. There is no way that a deprecation notice in dpkg-cross would meet the Freeze Policy. 2: the problems of cross-building on jessie have been well known since the wheezy release and all the work went into trying to get the correct methods working. My personal feeling is that dpkg-cross never deserved to be in the main archive - it should have stayed in the Emdebian toolchain repositories - but I was not involved in dpkg-cross at that time, I had to work with it where was. As I've already said, it was never possible for dpkg-cross to be Policy compliant. It is designed to break Policy. The irony is that it will finally be removed from testing for doing explicitly what it was designed to do. That is fine by me, I wanted it gone a long time ago. -- Neil Williams = http://www.linux.codehelp.co.uk/ pgpzcQxp_boWe.pgp Description: OpenPGP digital signature
Processed (with 1 errors): dpkg-cross follow-up
Processing commands for cont...@bugs.debian.org: summary 771496 If anything you are doing would fail after the removal of dpkg-cross, Summary recorded from message bug 771496 message you're doing it wrong. It's going away, whether you want it to or not. Unknown command or malformed arguments to command. thanks Stopping processing here. Please contact me if you need assistance. -- 771496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771496 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773085: Regression in escaped url handling with patch applied for #773085
Control: reopen -1 Hi Mike I played around today for checking the xdg-open issue also for wheezy, and noticed that the approach introduces a regression. Steps for reproducing the issue: $ xdg-mime default chromium.desktop x-scheme-handler/http $ xdg-mime query default x-scheme-handler/http chromium.desktop $ DE='generic' XDG_CURRENT_DESKTOP= xdg-open 'http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=xdg-utilsrepeatmerged=no' Without the patch applied, the page correctly is opened. If doing so the same with the applied patch chromium get passed as argument '$sed_escaped_url', and xdg-open executes /usr/bin/chromium '$sed_escaped_url'. I have not checked yet, but it might be that upstream had some additional commits in the surrounding code for handling the arguments differently. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774047: [Pkg-nagios-devel] Bug#774047: pnp4nagios FTBFS on arm64, outdated config.sub/guess
Control: -1 tags + pending On So, 2014-12-28 at 00:11 +, peter green wrote: Your package FTBFS on arm64 due to outdated config.sub/guess. This is a regression and arm64 is now a release architecture hence the serious severity. Version 0.6.19-1 was the last to build successfully on arm64, Versions 0.6.24+dfsg1-3 was the first to fail on arm64, the intervening versions were not built on arm64 due to bug 769696. Thanks for noticing. Patch pending in GIT, will do some work on the package this week, then upload. -- Markus Frosch lazyfro...@debian.org / mar...@lazyfrosch.de http://www.lazyfrosch.de signature.asc Description: This is a digitally signed message part
Processed: Regression in escaped url handling with patch applied for #773085
Processing control commands: reopen -1 Bug #773085 {Done: Michael Gilbert mgilb...@debian.org} [src:xdg-utils] xdg-utils: command injection vulnerability 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions xdg-utils/1.1.0~rc1+git20111210-7.2. -- 773085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773085 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759824: Fwd: [pyfltk:bugs] #24 FTBFS: ./python/fltk_wrap.cpp:5241:35: error: format not a string literal and no format arguments [-Werror=format-security]
Control: tags -1 fixed-upstream Forwarded Message Subject: [pyfltk:bugs] #24 FTBFS: ./python/fltk_wrap.cpp:5241:35: error: format not a string literal and no format arguments [-Werror=format-security] Date: Sat, 03 Jan 2015 10:37:08 + From: Andreas Held andreash...@users.sf.net Reply-To: [pyfltk:bugs] 2...@bugs.pyfltk.p.re.sf.net To: [pyfltk:bugs] 2...@bugs.pyfltk.p.re.sf.net - **status**: pending -- open-fixed - **Comment**: Fixed in release V1.3.3 signature.asc Description: OpenPGP digital signature
Processed: Fwd: [pyfltk:bugs] #24 FTBFS: ./python/fltk_wrap.cpp:5241:35: error: format not a string literal and no format arguments [-Werror=format-security]
Processing control commands: tags -1 fixed-upstream Bug #759824 [src:pyfltk] pyfltk: FTBFS: ./python/fltk_wrap.cpp:5241:35: error: format not a string literal and no format arguments [-Werror=format-security] Added tag(s) fixed-upstream. -- 759824: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759824 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 774047
Processing commands for cont...@bugs.debian.org: tags 774047 + pending Bug #774047 [pnp4nagios] pnp4nagios FTBFS on arm64, outdated config.sub/guess Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 774047: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774047 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#773720: marked as done (sox: CVE-2014-8145)
Your message dated Sat, 03 Jan 2015 18:52:17 + with message-id e1y7to9-0002uq...@franck.debian.org and subject line Bug#773720: fixed in sox 14.3.1-1+deb6u1 has caused the Debian Bug report #773720, regarding sox: CVE-2014-8145 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773720: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: sox Version: 14.3.1-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for sox. CVE-2014-8145[0]: two heap-based buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8145 [1] http://www.ocert.org/advisories/ocert-2014-010.html Patches are not yet attached/referenced in the advisory, but should be referenced in upstream git repository soon. Regards, Salvatore ---End Message--- ---BeginMessage--- Source: sox Source-Version: 14.3.1-1+deb6u1 We believe that the bug you reported is fixed in the latest version of sox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz deb...@alteholz.de (supplier of updated sox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Dec 2015 19:33:00 +0100 Source: sox Binary: sox libsox1b libsox-fmt-base libsox-fmt-alsa libsox-fmt-ao libsox-fmt-ffmpeg libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsox-fmt-all libsox-dev Architecture: source i386 Version: 14.3.1-1+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Pascal Giard pas...@debian.org Changed-By: Thorsten Alteholz deb...@alteholz.de Description: libsox-dev - Development files for the SoX library libsox-fmt-all - All SoX format libraries libsox-fmt-alsa - SoX alsa format I/O library libsox-fmt-ao - SoX Libao format I/O library libsox-fmt-base - Minimal set of SoX format libraries libsox-fmt-ffmpeg - SoX ffmpeg format library libsox-fmt-mp3 - SoX MP3 format library libsox-fmt-oss - SoX OSS format I/O library libsox-fmt-pulse - SoX PulseAudio format I/O library libsox1b - SoX library of audio effects and processing sox- Swiss army knife of sound processing Closes: 773720 Changes: sox (14.3.1-1+deb6u1) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS Team. * Patches to fix memory corruptions on the heap, CVE-2014-8145 (closes: #773720): + 0001-Check-for-minimum-size-sphere-headers.patch + 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch Checksums-Sha1: 9a623a8e184a1517688899d31a5886d9f737f32e 2276 sox_14.3.1-1+deb6u1.dsc 2e43e00f11a939189ad4b821e34d0d184c595fcd 1042658 sox_14.3.1.orig.tar.gz 4b8e42843912f79ae72574c06b81956aa556cfbd 12159 sox_14.3.1-1+deb6u1.diff.gz 3acc3718eae2cda80ed13bfe0c9bb9d154ae91e5 132218 sox_14.3.1-1+deb6u1_i386.deb 80edaf2ed5c572a87f969436ccb6a235d0788ef9 285968 libsox1b_14.3.1-1+deb6u1_i386.deb 070b80813398108b85c288637aeb0620b82b5c68 56878 libsox-fmt-base_14.3.1-1+deb6u1_i386.deb f66c392b3a9877f15b7d1bec1402a123cda69d0b 46448 libsox-fmt-alsa_14.3.1-1+deb6u1_i386.deb 8e85bc90b0d8e7528213954b68300e3015b499b7 43496 libsox-fmt-ao_14.3.1-1+deb6u1_i386.deb ed7de9ae0cbf2ad0799e0d6c0a32cbd81af85b6b 45674 libsox-fmt-ffmpeg_14.3.1-1+deb6u1_i386.deb 9bb03905e314440358a7bce313b13c8297f7b3c4 47418 libsox-fmt-mp3_14.3.1-1+deb6u1_i386.deb 02a7a4e4afcda4a78c8564dad97784851cbe98c2 43924 libsox-fmt-oss_14.3.1-1+deb6u1_i386.deb 06ada38c2db42c6fff6046b4fd3591845d39c6fc 43310 libsox-fmt-pulse_14.3.1-1+deb6u1_i386.deb bc0223d088098653527243f2912449cebe8d 40474 libsox-fmt-all_14.3.1-1+deb6u1_i386.deb d3a65f5cd07b3179e2865e792db21d6a4e78c3f2 376024 libsox-dev_14.3.1-1+deb6u1_i386.deb Checksums-Sha256: 6f93822f7f6ab9987fd4ffbd1582fbaccac8c52e5eb871225b3cd5c191791447 2276 sox_14.3.1-1+deb6u1.dsc ffa6c8beff7d9ca42996db34f479521e342288695a2f93cdc59d95d95f89b3fd 1042658 sox_14.3.1.orig.tar.gz
Bug#773085: Regression in escaped url handling with patch applied for #773085
❦ 3 janvier 2015 17:31 +0100, Salvatore Bonaccorso car...@debian.org : Steps for reproducing the issue: $ xdg-mime default chromium.desktop x-scheme-handler/http $ xdg-mime query default x-scheme-handler/http chromium.desktop $ DE='generic' XDG_CURRENT_DESKTOP= xdg-open 'http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=xdg-utilsrepeatmerged=no' Without the patch applied, the page correctly is opened. If doing so the same with the applied patch chromium get passed as argument '$sed_escaped_url', and xdg-open executes /usr/bin/chromium '$sed_escaped_url'. I don't understand how the proposed patch would work. $arg_one (or $sed_escaped_url) is singly quoted and therefore cannot be expanded. If I modify the first chunk of the patch, it works as expected: arguments_exec=$(echo $arguments | sed -e 's*%[fFuU]*'$sed_escaped_url'*g') (this is not like the initial chunk, I don't quote the argument. xdg-open 'http://www.example.com/$(xterm)' works as expected. However, the whole stuff is quite fragile. I can't say for sure if spaces would do something good or bad, but a star would not work. Here is an improved version which is easier to understand. #+begin_src sh file=/usr/share/applications/chromium.desktop # Safe quoting. We just enclose into single quotes the given argument # and escape single quotes. quote() { printf %s\\n $1 | sed s/'/'''/g;1s/^/'/;\$s/\$/'/ } arg=$1 set -- $(sed -n 's/^Exec\(\[[^]]*\]\)\{0,1\}=//p' $file) cmd=$(which $1 2 /dev/null) [ -n $cmd ] || exit 2 shift args= while [ $# -gt 0 ]; do case $1 in %[fFuU]) args=$args $(quote $arg) ;; *) args=$args $(quote $1) ;; esac shift done $cmd $args #+end_src The set is just here to let the shell do the quoting. If no replacement was needed, we could just $cmd $@ after the first shift and be done. Unfortunately, with just a POSIX shell, the replacement of the positional argument is difficult. Instead, we build the list of args by quoting correctly each of them. Then, it can be executed. Using bash would be more straightforward since we could stack our arguments into an array and modify this array to substitute %U and the like. -- The surest protection against temptation is cowardice. -- Mark Twain signature.asc Description: PGP signature
Bug#761619: marked as done (installation-reports: Disk scan hangs)
Your message dated Sat, 3 Jan 2015 22:33:28 +0100 with message-id cagfru9xj4asp7wtn66eawtclmm4k9rm9owytkpct_hp+ztd...@mail.gmail.com and subject line Re: installation-reports: Disk scan hangs has caused the Debian Bug report #761619, regarding installation-reports: Disk scan hangs to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 761619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761619 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: installation-reports Severity: grave Tags: d-i Justification: renders package unusable Dear Maintainer, I tried the b1 netinst ISO (debian-jessie-DI-b1-amd64-netinst.iso, MD5 8a386a16ab2939e00bfd5efa27007216.) The installer came up normally but the disk scan hung. This might be due to multiple btrfs filesystems or a bcache partition. -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'stable'), (190, 'testing'), (180, 'unstable'), (3, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- Fixed according to the bug reporter.---End Message---
Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr
On Tue, 30 Dec 2014, Moritz Muehlenhoff wrote: On Mon, Dec 08, 2014 at 01:45:12PM +0100, Vasyl Kaigorodov wrote: Hello, A buffer overflow was reported [1] in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer (discussion is at [1]; first fix in the GMP documentation is at [2]). This bug is present in the MPFR versions from 2.1.0 (adding mpfr_strtofr) to this one, and can be detected by running make check in a 32-bit ABI under GNU/Linux with alloca disabled (this is currently possible by using the --with-gmp-build configure option where alloca has been disabled in the GMP build). It is fixed by the strtofr patch [3]. Corresponding changeset in the 3.1 branch: 9110 [4]. [1]: https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html [2]: https://gmplib.org/repo/gmp-5.1/raw-rev/d19172622a74 [3]: http://www.mpfr.org/mpfr-3.1.2/patch11 [4]: https://gforge.inria.fr/scm/viewvc.php?view=revroot=mpfrrevision=9110 References: - https://bugzilla.redhat.com/show_bug.cgi?id=1171701 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 Can a CVE be assigned to this please? Use CVE-2014-9474. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
On 2015-01-03 11:25:14 -0800, Alex Goebel wrote: Seems to work ok with emacs24-nox. Emacs from emacs24-nox does not have GUI support, so that what you observe is the behavior of the text terminal. Perhaps using that would be a temporary workaround? But losing GUI support would be a major loss of feature. Note that this is quite a recent regression, as there was no such problem with Emacs 24.3 and before. A solution could be to find what caused the change of behavior and revert the broken patch. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: update
Processing commands for cont...@bugs.debian.org: summary 771496 If anything you are doing would fail after the removal of dpkg-cross, you're doing it wrong. Summary replaced with message bug 771496 message thanks Stopping processing here. Please contact me if you need assistance. -- 771496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771496 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: your mail
Processing commands for cont...@bugs.debian.org: found 774393 1.4-1 Bug #774393 [fssync] fssync: possible data corruption on destination side Marked as found in versions fssync/1.4-1. End of message, stopping processing here. Please contact me if you need assistance. -- 774393: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774393 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection
Seems to work ok with emacs24-nox. Perhaps using that would be a temporary workaround? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758389:
This should be fixed in the upstream git. Could someone please check that everything is working? https://github.com/dialelo/turses
Processed: forcibly merging 774436 774461 774526, severity of 774436 is serious
Processing commands for cont...@bugs.debian.org: forcemerge 774436 774461 774526 Bug #774436 [src:linux] linux-image-3.2.0-4-amd64: suspend to ram regression in 3.2.65-1 Bug #774526 [src:linux] linux-image-3.2.0-4-amd64: system crash with sudden reboot when hotplugging a CPU - suspend functionality broken Severity set to 'important' from 'normal' Bug #774461 [src:linux] linux-image-3.2.0-4-amd64: suspend triggers reboot Merged 774436 774461 774526 severity 774436 serious Bug #774436 [src:linux] linux-image-3.2.0-4-amd64: suspend to ram regression in 3.2.65-1 Bug #774461 [src:linux] linux-image-3.2.0-4-amd64: suspend triggers reboot Bug #774526 [src:linux] linux-image-3.2.0-4-amd64: system crash with sudden reboot when hotplugging a CPU - suspend functionality broken Severity set to 'serious' from 'important' Severity set to 'serious' from 'important' Severity set to 'serious' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 774436: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774436 774461: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774461 774526: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774526 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#755489: please add jitsi to wheezy-backports
Processing commands for cont...@bugs.debian.org: block 755489 by 729904 Bug #755489 [jitsi] please add jitsi to wheezy-backports 755489 was not blocked by any bugs. 755489 was not blocking any bugs. Added blocking bug(s) of 755489: 729904 block 755489 by 760853 Bug #755489 [jitsi] please add jitsi to wheezy-backports 755489 was blocked by: 729904 755489 was not blocking any bugs. Added blocking bug(s) of 755489: 760853 user cont...@itopie.ch Setting user to cont...@itopie.ch (was l...@pca.it). usertags 755489 + itopie.ch-installation There were no usertags set. Usertags are now: itopie.ch-installation. thanks Stopping processing here. Please contact me if you need assistance. -- 755489: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755489 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#718225: live-build should authenticate files it downloads
Processing control commands: severity -1 critical Bug #718225 [live-build] live-build should authenticate files it downloads Severity set to 'critical' from 'normal' -- 718225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749360: marked as done (lletters: FTBFS - Makefile:206: *** missing separator (did you mean TAB instead of 8 spaces?).)
Your message dated Sun, 04 Jan 2015 01:18:36 + with message-id e1y7zq0-0002t0...@franck.debian.org and subject line Bug#749360: fixed in lletters 0.1.95+gtk2-4 has caused the Debian Bug report #749360, regarding lletters: FTBFS - Makefile:206: *** missing separator (did you mean TAB instead of 8 spaces?). to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 749360: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749360 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: lletters Version: 0.1.95+gtk2-3.2 Usertags: goto-cc During a rebuild of all Debian packages in a clean sid chroot (using cowbuilder and pbuilder) the build failed with the following error. [...] Making all in intl make[3]: Entering directory '/srv/jenkins-slave/workspace/sid-goto-cc-lletters/lletters-0.1.95+gtk2/intl' Makefile:206: *** missing separator (did you mean TAB instead of 8 spaces?). Stop. make[3]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-lletters/lletters-0.1.95+gtk2/intl' Makefile:425: recipe for target 'all-recursive' failed make[2]: *** [all-recursive] Error 1 The full build log is attached. Best, Michael lletters-build-log.txt.gz Description: application/gunzip pgpDvh4b3k4vr.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: lletters Source-Version: 0.1.95+gtk2-4 We believe that the bug you reported is fixed in the latest version of lletters, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 749...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany a...@gambaru.de (supplier of updated lletters package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 23 Sep 2014 14:26:55 +0200 Source: lletters Binary: lletters Architecture: source Version: 0.1.95+gtk2-4 Distribution: unstable Urgency: medium Maintainer: Debian QA Group packa...@qa.debian.org Changed-By: Markus Koschany a...@gambaru.de Description: lletters - GTK letters-learning game for small children Closes: 538667 701852 712845 727450 749360 Changes: lletters (0.1.95+gtk2-4) unstable; urgency=medium . * QA upload. * Set maintainer address to Debian QA Group packa...@qa.debian.org. * Add ${misc:Depends} substvar. * Fix FTBFS because of missing separators in intl/Makefile.in. (Closes: #749360) * Build with autotools-dev and fix FTBFS on newer architectures due to outdated config.sub and config.guess files. (Closes: #727450, #538667) * Fix program stops responding while playing sound by replacing type long with uint32_t. Thanks q1we...@i.com.ua for the patch. (Closes: #701852) * Fix application terminates when clicking A, B or H. Thanks to Prathibha B for the report and patch. (Closes: #712845) * Use compat level 9 and require debhelper = 9. * Use source format 1.0 explicitly by adding a source directory and format file to the debian directory. * Remove superfluous postrm.debhelper and postinst.debhelper file. * Create a valid desktop file and add a comment in German. Checksums-Sha1: 5c34d4caaecbf8bd8e17254e5a43f377ad91fc85 1722 lletters_0.1.95+gtk2-4.dsc 3df1f2a410cd2a219426e9fdd84ff51649e72cf5 471155 lletters_0.1.95+gtk2-4.diff.gz Checksums-Sha256: df244b1f8de99528fb730587bd17bcb89854af73bde647976e50ad849e56aa8f 1722 lletters_0.1.95+gtk2-4.dsc 984eba195e52ca90f061683aa8469068b1e2f645693777bf9e3037af8db2103c 471155 lletters_0.1.95+gtk2-4.diff.gz Files: e513991ed276dde0787a9fbd9468cd33 1722 games extra lletters_0.1.95+gtk2-4.dsc 32c7452b70b98a4edd0e0c6767a05ed8 471155 games extra lletters_0.1.95+gtk2-4.diff.gz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUqJHyAAoJEI7tzBuqHzL//6oP/304ifWLbjZd2tcHo+Ip9L3n I53/VsCqzHikcsUbdf9aXra7ecXX79SjwihyFQeYtJQkxh/65w8EjqPqgyDjAcsL tgxJuCClH6Kng9B8/ZmuEpLy1Wg8i9JuRGiF7VknZBvSgTDTUent+RIimLEHu5Fp Bt8yVpg92nCC1w5WCjJoP8kAoqRVRCohDZjbfzqyuLyIZjYX8jJB4Bo7OVR6tV1z C6ty5xgf5E1ARSALFMzuhEsZD4Y8M6x06wlKC970SW4lU6R7IokIrr/TH7eIBQ7a C5WJkEuv1FY7a0pczsxWqE6HkvqJKeNBTQsJGHj/jP4JnYuSVRS4F29LuVDYyiJu CU9KN51VqSfqDMVrMpTntZraALI18OZcdfSG6ey1vPj40XFeE76PGmk3UDBQZvFX
Processed: Re: Bug#718225: live-build should authenticate files it downloads
Processing control commands: found -1 0.99-1 Bug #718225 [live-build] live-build should authenticate files it downloads There is no source info for the package 'live-build' at version '0.99-1' with architecture '' Unable to make a source version for version '0.99-1' Marked as found in versions 0.99-1. -- 718225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#718225: live-build should authenticate files it downloads
Control: found -1 0.99-1 This security issue stretches back all the way as far as git history goes, to 0.99-1. Attempting to update versions affected to update the record, possibly causing correct listing against debian releases in security trackers... -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: your mail
Processing commands for cont...@bugs.debian.org: notfound 718225 4.0~a20-1 Bug #718225 [live-build] live-build should authenticate files it downloads No longer marked as found in versions live-build/4.0~a20-1. End of message, stopping processing here. Please contact me if you need assistance. -- 718225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774090: 24.4; middle-click sometimes pastes data other than the PRIMARY selection
[Cc to the Debian bug] On 2014-12-30 12:45:12 +0200, Riku Saikkonen wrote: I tried to trace where the bug occurs, and got as far as this: mouse-drag-track contains the lines ;; Otherwise, run binding of terminating up-event. (deactivate-mark) (if do-multi-click (goto-char start-point) (unless moved-off-start (pop-mark))) (lines 858-863 of mouse.el in Emacs 24.4.1) [...] How about locally setting select-active-regions to nil for (deactivate-mark)? See attached patch, which seems to work for me, though I don't know all the consequences. It is inspired from the patch suggested at http://debbugs.gnu.org/cgi/bugreport.cgi?bug=6872#8 and the one that was really applied as 1c409d0b963ebdb1f48b90ddce85c56d989bee5f. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) diff --git a/lisp/mouse.el b/lisp/mouse.el index e267418..2afe313 100644 --- a/lisp/mouse.el +++ b/lisp/mouse.el @@ -856,7 +856,8 @@ DO-MOUSE-DRAG-REGION-POST-PROCESS should only be used by (copy-region-as-kill (mark) (point) ;; Otherwise, run binding of terminating up-event. - (deactivate-mark) + (let (select-active-regions) +(deactivate-mark)) (if do-multi-click (goto-char start-point) (unless moved-off-start
Processed: user debian-secur...@lists.debian.org, usertagging 772008 ...
Processing commands for cont...@bugs.debian.org: user debian-secur...@lists.debian.org Setting user to debian-secur...@lists.debian.org (was car...@debian.org). usertags 772008 + tracked Usertags were: tracked. Usertags are now: tracked. retitle 772008 libmpfr4: CVE-2014-9474: buffer overflow in mpfr_strtofr Bug #772008 {Done: Matthias Klose d...@debian.org} [libmpfr4] libmpfr4: buffer overflow in mpfr_strtofr Changed Bug title to 'libmpfr4: CVE-2014-9474: buffer overflow in mpfr_strtofr' from 'libmpfr4: buffer overflow in mpfr_strtofr' thanks Stopping processing here. Please contact me if you need assistance. -- 772008: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: user debian-secur...@lists.debian.org, usertagging 773134 ...
Processing commands for cont...@bugs.debian.org: user debian-secur...@lists.debian.org Setting user to debian-secur...@lists.debian.org (was car...@debian.org). usertags 773134 + tracked Usertags were: tracked. Usertags are now: tracked. retitle 773134 rabbitmq-server: CVE-2014-9494: rabbitmq_management incorrectly trusts 'X-Forwarded-For' header Bug #773134 {Done: Matt Kraai kr...@debian.org} [rabbitmq-server] rabbitmq_management incorrectly trusts 'X-Forwarded-For' header Changed Bug title to 'rabbitmq-server: CVE-2014-9494: rabbitmq_management incorrectly trusts 'X-Forwarded-For' header' from 'rabbitmq_management incorrectly trusts 'X-Forwarded-For' header' thanks Stopping processing here. Please contact me if you need assistance. -- 773134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773134 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: user debian-secur...@lists.debian.org, usertagging 773836 ...
Processing commands for cont...@bugs.debian.org: user debian-secur...@lists.debian.org Setting user to debian-secur...@lists.debian.org (was car...@debian.org). usertags 773836 + tracked Usertags were: tracked. Usertags are now: tracked. retitle 773836 glance: CVE-2014-9493: unrestricted path traversal flaw Bug #773836 {Done: Thomas Goirand z...@debian.org} [src:glance] glance: unrestricted path traversal flaw Changed Bug title to 'glance: CVE-2014-9493: unrestricted path traversal flaw' from 'glance: unrestricted path traversal flaw' thanks Stopping processing here. Please contact me if you need assistance. -- 773836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773836 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: #761539
Processing commands for cont...@bugs.debian.org: unmerge 761539 Bug #761539 [src:libgit2] libgit2: FTBFS: Tests failures Bug #761170 [src:libgit2] libgit2: FTBFS on multiple architectures Disconnected #761539 from all other report(s). # this is to help isolate the buildd bugs for the jessie release. So # that a fix can be proposed that won't require a version change. End of message, stopping processing here. Please contact me if you need assistance. -- 761170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761170 761539: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761539 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: user debian-secur...@lists.debian.org, usertagging 774090, tagging 774090 ...
Processing commands for cont...@bugs.debian.org: user debian-secur...@lists.debian.org Setting user to debian-secur...@lists.debian.org (was car...@debian.org). usertags 774090 + tracked Usertags were: tracked. Usertags are now: tracked. tags 774090 + upstream Bug #774090 [emacs24] emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection Added tag(s) upstream. retitle 774090 emacs24: CVE-2014-9483: a left-click in Emacs sometimes modifies the PRIMARY selection Bug #774090 [emacs24] emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection Changed Bug title to 'emacs24: CVE-2014-9483: a left-click in Emacs sometimes modifies the PRIMARY selection' from 'emacs24: a left-click in Emacs sometimes modifies the PRIMARY selection' thanks Stopping processing here. Please contact me if you need assistance. -- 774090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Fixed in
Processing commands for cont...@bugs.debian.org: fixed #773772 5.4.7 Bug #773772 {Done: Matt Grant m...@mattgrant.net.nz} [netscript-2.4] netscript-2.4: Interace names with '-' in them cannot be set up, and network configuration fails. Bug #773773 {Done: Matt Grant m...@mattgrant.net.nz} [netscript-2.4] netscript-2.4: Interace names with '-' in them cannot be set up, network configuration fails. There is no source info for the package 'netscript-2.4' at version '5.4.7' with architecture '' Unable to make a source version for version '5.4.7' Marked as fixed in versions 5.4.7. Marked as fixed in versions 5.4.7. fixed #773773 5.4.7 Bug #773773 {Done: Matt Grant m...@mattgrant.net.nz} [netscript-2.4] netscript-2.4: Interace names with '-' in them cannot be set up, network configuration fails. Bug #773772 {Done: Matt Grant m...@mattgrant.net.nz} [netscript-2.4] netscript-2.4: Interace names with '-' in them cannot be set up, and network configuration fails. There is no source info for the package 'netscript-2.4' at version '5.4.7' with architecture '' Unable to make a source version for version '5.4.7' Ignoring request to alter fixed versions of bug #773773 to the same values previously set Ignoring request to alter fixed versions of bug #773772 to the same values previously set End of message, stopping processing here. Please contact me if you need assistance. -- 773772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773772 773773: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773773 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org